How Did Unroll.me Get Users To Allow It To Sell Their Inbox Data?

For years now, people have been letting Unroll.me read the contents of their email inboxes, to help them unsubscribe from email spam. The service was previously endorsed by us for its effectiveness in finding and cleaning out unwanted subscriptions (and Gizmodo wrote about its iOS app release last year).

But a New York Times profile of Uber this weekend revealed, in passing, that Unroll.me, which is owned by a company called Slice Intelligence, isn’t just in the business of tidying up customers’ inboxes. Slice makes money by scanning its users’ email for receipts, then packaging that information into intel reports on consumer habits. Uber, for example, was paying Slice to find users’ Lyft receipts, so it could see how much they were spending each month, “as a proxy for the health of Lyft’s business.”

Image: Unroll.me/ Facebook

On its website, Slice brags that it has access to 4.2 million people’s inboxes, where it quietly sits looking at receipts from “hundreds of thousands of retailers.” Many Unroll.me users have been quite upset to learn about the extent of the data collection, which the service’s CEO, Jojo Hedaya, wrote in a blog post yesterday is “heartbreaking.”

“[W]hile we try our best to be open about our business model, recent customer feedback tells me we weren’t explicit enough,” Hedaya wrote.

How open was Unroll.me about what it does? When you sign up, this is how you’re informed about the service’s plan to read all your email and monetise the receipts:

Um, no, I wouldn’t call that an “explicit” explanation of the Unroll.me business model. The pop-up window doesn’t even include a scroll-through box of the text you’re agreeing to; it simply offers an extra link to click if you’re motivated enough to go find it.

If you do click through and go ahead and read the privacy policy, the text does tell you about the use of “non-personal information” to “build anonymous market research products and services,” but it’s in tiny light grey print against a lighter grey background. That’s a design choice that seems intended to get your eyes to glaze over what’s written, a classic “dark pattern,” which is when a website gives you information while trying to ensure you don’t absorb it:

Unroll.me didn’t need to make its privacy policy 50 shades of grey to keep people from reading it, because people already don’t read privacy policies. They are long. They are squirrelly. They contain non-specific legalese. To read all the privacy policies for all the services you use, you’d need to take a month off work every year. According to a 2014 study, half of all Americans don’t even know what a privacy policy is; they think a service having one means that it automatically keeps customer information confidential. They don’t realise that a privacy policy exists to tell you not how a company is going to keep your information safe but all the ways it plans to exploit it.

Maybe some users of Unroll.me don’t mind this monetisation of their information. Everything that comes free online has a privacy price, after all. We’re used to our data being the currency of the internet.

But people invited Unroll.me into their inboxes for the sake of managing their bulk email subscriptions. The natural assumption would have been that if Unroll.me was collecting and selling user data, it would be data related to that service — say, information about subscription retention rates, for companies interested in effective bulk mailing.

Instead, in the grey print, it claimed the power to gather data “for any purpose” by reading any commercial emails you might have received. If you’re disturbed by that, it’s a reminder of the dangers of giving any app access to your inbox, probably the most sensitive collection of information you have. When you sign up for any service and it asks for these kinds of permissions…

… watch out. It means the company is reading your email and might do things with it you don’t like.

To see if you’ve granted any services access to your Gmail, check your Google permissions. In Outlook, go to settings and “Manage Integrations.” In Yahoo, go to your account security page. And if you use Unroll.me, and you’re not down with this monetisation strategy, you might want to go delete your account. You just have to sign in, go to settings, and then click the little link at the bottom of this page.

Yeah, that grey-on-grey one at the bottom that you have to scroll down to see.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments