Unroll.Me reminds me how to quick-check my privacy
The folks at Unroll.Me are in hot water for selling user data to Uber this week – but as they are, I'm reminded to do a check. "Check yourself before your data gets sold to Uber" – that's as good credo for the modern digital person. While it does not appear that Unroll.Me really sold any personal data to Uber, the angry mob has spoken. If you're going to sell user data to 3rd-party companies, you need to make that clear in the user agreement nobody reads anyway!
The folks at Unroll.Me offer a fairly valuable service for users of email – basically everyone on earth. They organize emails that come from subscriptions into a single list. Instead of seeing a dozen emails each day, a user might only see one. In that one email, The Rollup, I might see briefings on what's happened on Facebook, and SlashGear, and Pinterest.
When I sign up for Unroll.Me, I do so with my Google Account. When I do this, I give permission for Unroll.Me to access my data. To attain The Rollup, I must allow Unroll to see my emails. Not necessarily humans, but software – software that organizes my email into a single list. Unroll (or Unroll.Me, if you prefer) is a "free" service, which means that whatever you're doing with or contributing to their service is, in turn, being monetized.
According to the CEO of Unroll, Jojo Hedaya, "it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service." He continued, "while we try our best to be open about our business model, recent customer feedback tells me we weren't explicit enough."
What they sold was anonymous, said Hedaya, and all data sold to Uber was "related to purchases only." Whenever I get an email congratulating me for purchasing a bag of cookies from Amazon, Unroll would know about it, and probably told Uber that "somebody bought a bag of cookies from Amazon."
Cut them all off
While it is not quite as easy on most other services, Google makes cutting off app permissions easy. All I need to do is head over to Google Account Permissions with a web browser in which I am logged in with my Google Account of choice. If I can see my Gmail in a web browser, I'm logged in.
OH GOD: Why is Pokemon GO on this list?
Inside this Permissions panel I'll see a list of apps – likely a list of apps that's a real mixed bag. Some of these apps I recognize and use regularly. Other apps I don't remember signing up for at all. This page shows app permissions for every app I have connected to Google, and have thereby given access to my Google Account.
This is not a list of evil apps. I use several of these apps and I know what they're capable of. Some of these apps access my Google Calendar to schedule events. An app like DocHub, for example, has access to my Google Drive so it can access files for me to sign inside Gmail. Each bit of access is listed on the right of the list.
If I want to remove access to any one of these services or want to know more, I tap the name of that service. Inside is a slightly more detailed list of what the app has access to. Also inside is the date I authorized the app as well as a REMOVE button.
It's a good idea to remove access to most apps every once in a while. Each app will simply ask for permission to gain access again, should I use it. Removing access every once in a while through this Permissions Panel can potentially deter malicious accounts that've somehow gotten access to my account without my knowledge. Removing a service from this list means it'll need to ask for permission again if it wants to gain access.
Wrap-up
It's debatable whether Unroll.Me deserves to be forgiven for selling data to Uber. What's not debatable is how all users need to remain vigilant when it comes to data theft. Cutting all services off from Google Services every once in a while is just one step. Also have a peek at a feature from last year that remains extremely relevant today: It's not paranoia to cover your laptop's webcam.