Visit ArabTopics.com

De-spamming service “Unroll” selling your inbox to Uber shows the importance of information hygiene, yet again

Medical team preparing equipment for surgery  in operation room

Privacy: It was a perfect service: sorting your mail and not just removing all spam for you, but also unsubscribing you from all of that spam garbage going forward. It kept your inbox perfectly clean. But behind the curtains, it also sold your inbox to the highest bidder.

Sometimes, you’re maliciously signed up to tens of thousands of mailing lists because somebody was annoyed with something you said, somewhere. The cost of doing so is low and it causes a ton of headache as you’re getting hundreds of spam per minute. Fortunately, most of those are double-opt-in confirmation mails — “click this link to confirm the subscription” — but maybe five percent are not, and those malicious signups will continue to clobber your inbox with noise.

Enter Unroll, which was the solution for this scenario: you gave it access to your mailbox, and it would not only detect and remove such unwanted spam, but also unsubscribe you from those tens of thousands of malicious subscriptions. Except, as it turns out, they also kept every single one of your mails, including those with passwords and other sensitive information, and sold them to the highest bidder.

It was just a short passage in an otherwise fascinating portrait of the Uber CEO made by New York Times:

New York Times quote

So, the service Unroll was bought by Slice Intelligence. This is the first red flag: even if the service you signed up for were honest, their buyer may not be. (According to a quoted person below, Slice Intelligence bought Unroll specifically because they had access to tons of private mailboxes.)

This highlights the importance of information hygiene.

Information hygiene means that you’re aware not of what somebody claims to do with your data, but that you understand what they are able to do. For example, if a service promises to sort your email for you, then it necessarily must also be able to read all that email, for the action of sorting requires observation – and consequently, they are also able to sell your private mails to others. This is an ability they hold regardless of what they promise to do, or more relevantly, appear to promise to do.

The act of sorting requires observation. Therefore, any service sorting your data must also be able to read all your data.

In a blog post about the revelation that they sell inbox data, Unroll CEO states that “it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service”. The comments are, predictably, furious: the top comment states that “this is a one-strike-I-leave-the-service kind of thing”.

That same top comment also states that it’s a big deal to give somebody access to their inbox. Doing so should always, always, be done with the awareness that they will at least read all of it (if nothing else, to determine which mails to read closer, to perform the promised service), and that any information, once read, cannot be unread – but can be processed, aggregated, sold, et cetera.

If you are providing your inbox to somebody else, and want privacy, you need to encrypt your mails, just like you’re encrypting your Internet connection to prevent others from eavesdropping on it.

At Hacker News, a person named Karl Katzke elaborates further:

I worked for a company that nearly acquired unroll.me. At the time, which was over three years ago, they had kept a copy of every single email of yours that you sent or received while a part of their service. Those emails were kept in a series of poorly secured S3 buckets. A large part of Slice buying unroll.me was for access to those email archives. Specifically, they wanted to look for keyword trends and for receipts from online purchases.

The founders of unroll.me were pretty dishonest, which is a large part of why the company I worked for declined to purchase the company. As an example, one of the problems was how the founders had valued and then diluted equity shares that employees held. To make a long story short, there weren’t any circumstances in which employees who held options or an equity stake would see any money.

I hope you weren’t emailed any legal documents or passwords written in the clear.

Take a moment to absorb that, and add to the fact that they had a useful service that many subscribed to, combined with that sloppiness (not to say bordering on malice) with people’s private data – and sprinkle the CEO’s “heartbrokedness” when users learned how they made money on top.

Last but not least, Unroll tries to deflect blame here by saying they’re only selling “anonymized” data. It must be remembered, that anonymization is hard. As in, really really really hard. Most data can be de-anonymized; strong anonymization is basically as hard as strong encryption, and most people doing anonymization are happy amateurs who do not understand the scope and difficulty of the task.

Privacy remains your own responsibility.

Syndicated Article
This article has previously been published at Private Internet Access.

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Source: 
Rick Falkvinge

Dear friends of this aggregator

  • Yes, I intentionally removed Newsbud from the aggregator on Mar 22.
  • Newsbud did not block the aggregator, although their editor blocked me on twitter after a comment I made to her
  • As far as I know, the only site that blocks this aggregator is Global Research. I have no idea why!!
  • Please stop recommending Newsbud and Global Research to be added to the aggregator.

Support this site

News Sources

Source Items
Please Stop the Ride 22
The Infectious Myth 21
Lockdown Skeptics 21
Sam Husseini 31
Dr. Andrew Kaufman 3
Swiss Propaganda Research 18
Off Guardian 69
Cory Morningstar 10
James Bovard 40
WWI Hidden History 51
Grayzone Project 424
Pass Blue 370
Dilyana Gaytandzhieva 17
John Pilger 425
The Real News 367
Scrutinised Minds 29
Need To Know News 3365
FEE 5412
Marine Le Pen 403
Francois Asselineau 25
Opassande 53
HAX on 5July 220
Henrik Alexandersson 1222
Mohamed Omar 404
Professors Blog 10
Arg Blatte Talar 40
Angry Foreigner 19
Fritte Fritzson 12
Teologiska rummet 32
Filosofiska rummet 143
Vetenskapsradion Historia 196
Snedtänkt (Kalle Lind) 261
Les Crises 3921
Richard Falk 220
Ian Sinclair 136
SpinWatch 61
Counter Currents 12609
Kafila 652
Gail Malone 45
Transnational Foundation 221
Rick Falkvinge 95
The Duran 11331
Vanessa Beeley 214
Nina Kouprianova 9
MintPress 6085
Paul Craig Roberts 2546
News Junkie Post 73
Nomi Prins 27
Kurt Nimmo 191
Strategic Culture 6126
Sir Ken Robinson 28
Stephan Kinsella 118
Liberty Blitzkrieg 884
Sami Bedouin 65
Consortium News 2685
21 Century Wire 4128
Burning Blogger 324
Stephen Gowans 102
David D. Friedman 165
Anarchist Standard 16
The BRICS Post 1541
Tom Dispatch 629
Levant Report 18
The Saker 5106
The Barnes Review 600
John Friend 535
Psyche Truth 160
Jonathan Cook 162
New Eastern Outlook 4892
School Sucks Project 1827
Giza Death Star 2178
Andrew Gavin Marshall 28
Red Ice Radio 684
GMWatch 2587
Robert Faurisson 150
Espionage History Archive 35
Jay's Analysis 1175
Le 4ème singe 91
Jacob Cohen 220
Agora Vox 19477
Cercle Des Volontaires 455
Panamza 2599
Fairewinds 121
Project Censored 1250
Spy Culture 626
Conspiracy Archive 84
Crystal Clark 11
Timothy Kelly 647
PINAC 1482
The Conscious Resistance 1054
Independent Science News 90
The Anti Media 6877
Positive News 820
Brandon Martinez 30
Steven Chovanec 61
Lionel 317
The Mind renewed 460
Natural Society 2627
Yanis Varoufakis 1140
Tragedy & Hope 122
Dr. Tim Ball 114
Web of Debt 166
Porkins Policy Review 456
Conspiracy Watch 174
Eva Bartlett 646
Libyan War Truth 373
DeadLine Live 1916
Kevin Ryan 68
BSNEWS 2127
Aaron Franz 269
Traces of Reality 166
Revelations Radio News 123
Dr. Bruce Levine 160
Peter B Collins 1789
Faux Capitalism 205
Dissident Voice 11949
Climate Audit 227
Donna Laframboise 509
Judith Curry 1191
Geneva Business Insider 40
Media Monarchy 2728
Syria Report 84
Human Rights Investigation 94
Intifada (Voice of Palestine) 1685
Down With Tyranny 13590
Laura Wells Solutions 50
Video Rebel's Blog 482
Revisionist Review 485
Aletho News 22926
ضد العولمة 27
Penny for your thoughts 3395
Northerntruthseeker 2886
كساريات 37
Color Revolutions and Geopolitics 27
Stop Nato 4881
AntiWar.com Blog 3414
AntiWar.com Original Content 7663
Corbett Report 2662
Stop Imperialism 491
Land Destroyer 1297
Webster Tarpley Website 1154

Compiled Feeds

Public Lists

Title Visibility
Funny Public