[maxltv]

A Grammarly team member but posting own thoughts to clarify some things.

First, Grammarly has nothing to do with this suspension and does not have any problem with the videos in question, just as mentioned in the official HackerOne response.

Second, this is not a hack or even a flaw. It is an attempt to use Grammarly for a NON-INTENDED purpose, that predictably did not work. Grammarly is not meant for anti-plagiarism policy enforcement. Grammarly aims to help users avoid accidental or unintentional plagiarism by highlighting parts that may need to be cited. So it does not attempt to deal with any plagiarism enforcement countermeasures. If someone is deliberately masking plagiarism with these countermeasures, it's definitely NOT unintentional or accidental and a whole different issue altogether, so Grammarly does not get involved with this, by design. Bypassing the tool that is designed to HELP YOU avoid getting in trouble with accidental plagiarism is not a hack but more like "bypassing" your wifi by putting your own router in a microwave - defeating the purpose rather than defeating security. So Grammarly does not care about these videos (although I think presenting this as a hack or a flaw is a little unfair).

Finally, Youtube's automated (I'm guessing) blocking often does strange things. My account was once blocked for supposedly violating Sony's video game copyright. The video in question was me driving a car on a race track, in real life. It got unblocked within a week or two, though.

[manquer]

The product that he is talking about it specifically their plagiarism checker[1]

Their own documentation says the product is also for teachers to enforce rules.

This poster keeps making the same incorrect claims in multiple places in this thread, even after the original author clarifed it to him.

[1] https://www.grammarly.com/plagiarism-checker

[maxltv]

There is no separate product - it is a feature of the main product. Please point out where documentation says it's for enforcement because that will need to be corrected. It can help teachers educate students about plagiarism but it's not meant for enforcement. It's a student tool.

Here is the text from the linked landing page describing the plagiarism checker feature (emphasis mine):

Our free plagiarism check will tell you whether or not your text contains duplicate content. Our Premium plagiarism check highlights passages that require citations and gives you the resources you need to properly credit your sources.

This makes it quite clear that is an authoring tool, not policing tool. Plagiarism masking is not addressed by design. It's a trivial thing to code if there was a need but the company made a decision to stay out of plagiarism enforcement (at least for now).

[manquer]

From the page linked

> "Who Benefits from Grammarly’s Plagiarism Checker? Whether you’re a student writing an essay, a teacher grading papers, or a writer working on original content for the web, a plagiarism scan will not only save you time, but also help you avoid writing mistakes." ( emphasis mine)

Grammarly Sales has always sold it to academic institutions and teachers, it is must be news to them it is not meant for policing.

The four customers highlighted (Arizona State University, University of Phoenix, California State University, Ashford University ) on the page are all education institutions who most certainly use it for policing.

Also it is product and not feature because it is sold standalone and does not depend on license to their more well known grammar checking product to work.

[maxltv]

Universities license Grammarly primarily for their students, but instructors also can use it as an aid to educate students about the importance of citing sources. The plagiarism checker is a feature of the main product and cannot be licensed without the main product. These are verifiable facts.

In any case, Grammarly does not include a number of plagiarism policy enforcement features intentionally and by design, due to its focus on supporting authors rather than policing. Any insinuation of otherwise is false.

Please stop pretending to know more about the plans and intentions of a company than the company itself and posting falsehoods.

[evilksandr]

Thanks for your detailed answer. Let me post my thoughts:

1. 3 years ago I conducted research on almost all online tools which check for plagiarism with free access or using a trial account. Tool, located with URL https://www.grammarly.com/plagiarism-checker was one of them because "Grammarly’s plagiarism checker can detect plagiarism from billions of web pages as well as from ProQuest’s academic databases."

2. I repeat research half a year ago and discovered, that at least 3 plagiarism checkers already have fixed the issue I described in my report, but not Grammarly.

3. I posted a case on HackerOne https://hackerone.com/reports/1282282 with the weakness type "Business Logic Errors", and did not mention "security" or "privacy".

4. Please, read again (and also look between the lines) everything that is described in the section "Impact" and my answer about the impact of the reported behavior.

5. You already have a software reviews company in your customers (I didn't know it while published my report). Imagine, that they will decide to automate plagiarism checking for all the reviews, and somebody starts to use the method I described. I will not continue this topic.

6. I posted a case to HackerOne with the intent to warn against this behavior.

7. After your team decided not to track this report as a security or major product issue, I asked permission to publish my report and got it.

8. My videos about it were on youtube for 4 months, but on Jan 5 youtube changed their ToS and on Jan 7 my channel was suspended.

So, I will try to appeal again to @TeamYouTube about my channel using your answer "Grammarly does not have any problem with the videos in question, just as mentioned in the official HackerOne response.", but think it will be a hard process.

[maxltv]

Yes, please feel free to mention that to Youtube. If it helps, I can get the company (Grammarly) to officially confirm that the videos are not a problem if Youtube needs a confirmation.

But I am absolutely certain this is by design, and that's why there was no change. It's not a policing tool but an authoring tool. What you described in #5 is not an intended use of the product and is a violation of TOS.

[evilksandr]

For the whole picture, please show where in the Grammarly's ToS it is forbidden to use Grammarly as a policing tool And what about checking student papers for plagiarism by teachers as part of the https://www.grammarly.com/edu product? I found an article that clearly describes how to use Gramarly to check student work for plagiarism https://rasmussen.libanswers.com/faculty/faq/270050 It looks like a policing tool, isn't it? Is this a violation of ToS?

[maxltv]

It's not forbidden, but it will not work for this purpose as well as a purpose-built enforcement tool. For example, if two students submit the same paper, Grammarly will not flag it, also by design. Faculty still benefits a lot from this because a lot of plagiarism is unintentional or "lazy" - as in students not citing sources, due to ignorance or laziness, rather than students intentionally committing academic dishonesty.

[evilksandr]

If you don't mind, it would be great if Grammarly's official Twitter account would confirm for @teamyoutube your words in my post, as they stopped noticing my messages to them...

Your explanation of how you position this tool clears up our dispute. My case (in which the possible impact was described) is relevant if your clients use it as a policing tool.

[maxltv]

What tweet do you need Grammarly to respond to with the confirmation?

[evilksandr]

Exactly what you wrote, with some context, something like "We officially confirm that these videos are not a problem for Grammarly, not about hacking and demonstrated behavior not affect the security and privacy of our product", nothing else. Thanks!

[maxltv]

I do not think just tweeting at Youtube out of nowhere will work or is even appropriate (it would spam the feeds of a massive number of people). If you have a Twitter conversation with Youtube, I can probably have Grammarly chime in with a confirmation that it's not hacking. So please give me a link to such a conversation.

[evilksandr]

Once again. It would be great if you confirm from Grammarly's twitter account that my videos are not a problem. If this is the only reason for the suspension of my channel I hope it helps to reinstate the channel.

[XCSme]

I agree with you, I don't think the bug report was a security issue or even a bug. It's like telling Google that searching for bananas returns pictures of apples and reporting it as a vulnerability because self-driving cars might use the Google results as training data.

[omegalulw]

I'm assuming plagiarism checks are do ne serverside - do you save any logs/information about plagiarism check results for a user, possibly under a TTL?