Are you being bombarded with ads from “Grammarly” that promises to fix everything wrong with your writing? If you are tempted to start using the tool, there are a few things you might want to know first.
Data Collection
- The Grammarly extension and App works by analyzing what you type, after all so essentially works as a key logger. It collects this data, processes it, and (presumably) deletes it when it’s done. While that sounds innocent on paper, and Grammarly swears by its privacy practices, that’s still a healthy dose of trust you’ve giving to a company you know nothing about.
- Consider that the tool could potentially keylog username/passwords, personal sensitive information on sites (e.g. if you are applying for a job DOB/Social security/Medical assistance etc), and anything else that doesnt need to be out there. It is not very clear what else will the tool log while keylogging.
- Their website states that they collect at a minimum the following information:
- Location information – For both Computer and Phones tied to IP
- Device information – Type of hardware and software (e.g. operating system, browser type), as well as unique device identifiers
- Log data – IP address, browser type & configuration, settings, date and time of use, language preferences, and cookie data
- Usage information – Data from third party partners, users accessing a specific page on the Site and which links they clicked on
- Information from other sources – Information about from third parties, such as marketing partners and researchers
Data Protection and Usage
- Grammarly is not HIPAA compliant so medical industries don’t use it to ensure data protection.
- However, many education institutes have started to use the tool under the assumption that it will help improve the grammar while not fully focussed on data protection.
- All their data is stored in United States which means that the data protection or sharing is determined by US laws and not your country’s local laws.
- As a user, you cannot get any legal protection if there is a data loss due to transmission losses or hacking attempts during transmission.
- Grammarly participates in the EU-US and Swiss-US Privacy Shield frameworks but does not rely on it.
- As a end user, you have no control over how the data is handled and there is no contract to enforce data policies or obfuscation of sensitive data.
Security concerns
- Last week, Google security researcher Tavis Ormandy identified a bug in Grammarly’s Chrome extension that threatened to let “any website login to grammarly.com as you and access all your documents, history, logs, and all other data.” Grammarly closed the hole when notified.
- Questions remain as to what other vulnerabilities does the tool have that haven’t been found?
- Why did Grammarly not find this hole themselves as part of their security setup?
- If they ever get hacked, all user documents that are with them are at a high risk of the loss which could compromise IP and privacy. Their website states that they will “make an attempt to notify you based on legal rights”.
- They also can share your information due to legal reasons, for mergers, bankruptcy, sale of assets, IPO or due diligence. You cannot request for all your data to be deleted and they can keep personal data as long as they feel it is necessary.
Tool efficacy
- The efficacy of the tool in making the right recommendation is also under scrutiny. Popular opinion is that Grammarly seems to work okay when English is not your first language however their suggesions are no better than the ones that Microsoft Word’s grammer plugin can make (minus the extra license cost).
- Their plagiarism checker often refers to online dictionaires which are in no way related to the content being created while there are much better tools in the market for doing the same checks.
If you found this article helpful, kindly drop a comment or follow us to keep reading such useful articles!