For years now, people have been letting Unroll.me read the contents of their email inboxes, to help them unsubscribe from email spam. The service was endorsed by our sister site Lifehacker in 2011 for its effectiveness in finding and cleaning out unwanted subscriptions (and Gizmodo wrote about its iOS app release last year).
But a New York Times profile of Uber this weekend revealed, in passing, that Unroll.me, which is owned by a company called Slice Intelligence, isn’t just in the business of tidying up customers’ inboxes. Slice makes money by scanning its users’ email for receipts, then packaging that information into intel reports on consumer habits. Uber, for example, was paying Slice to find users’ Lyft receipts, so it could see how much they were spending each month, “as a proxy for the health of Lyft’s business.”
On its website, Slice brags that it has access to 4.2 million people’s inboxes, where it quietly sits looking at receipts from “hundreds of thousands of retailers.” Many Unroll.me users have been quite upset to learn about the extent of the data collection, which the service’s CEO, Jojo Hedaya, wrote in a blog post yesterday is “heartbreaking.”
“[W]hile we try our best to be open about our business model, recent customer feedback tells me we weren’t explicit enough,” Hedaya wrote.
How open was Unroll.me about what it does? When you sign up, this is how you’re informed about the service’s plan to read all your email and monetize the receipts:
Um, no, I wouldn’t call that an “explicit” explanation of the Unroll.me business model. The pop-up window doesn’t even include a scroll-through box of the text you’re agreeing to; it simply offers an extra link to click if you’re motivated enough to go find it.
Maybe some users of Unroll.me don’t mind this monetization of their information. Everything that comes free online has a privacy price, after all. We’re used to our data being the currency of the internet.
But people invited Unroll.me into their inboxes for the sake of managing their bulk email subscriptions. The natural assumption would have been that if Unroll.me was collecting and selling user data, it would be data related to that service—say, information about subscription retention rates, for companies interested in effective bulk mailing.
Instead, in the gray print, it claimed the power to gather data “for any purpose” by reading any commercial emails you might have received. If you’re disturbed by that, it’s a reminder of the dangers of giving any app access to your inbox, probably the most sensitive collection of information you have. When you sign up for any service and it asks for these kinds of permissions...
... watch out. It means the company is reading your email and might do things with it you don’t like.
To see if you’ve granted any services access to your Gmail, check your Google permissions. In Outlook, go to settings and “Manage Integrations.” In Yahoo, go to your account security page. And if you use Unroll.me, and you’re not down with this monetization strategy, you might want to go delete your account. You just have to sign in, go to settings, and then click the little link at the bottom of this page.
Yeah, that gray-on-gray one at the bottom that you have to scroll down to see.