[ctennis1]

My previous role was at a public facing ecommerce site. One day I started noticing a lot of public traffic to internal administrative endpoints that were failing - likely bots, but also to URLs that bots would have never known existed. Urls that only someone internal to the company would even know existed, due to the complex way they were crafted. It was very concerning.

We spent a LOT of time tracking down, and finally realized that the "bot" traffic was coming about 30 minutes after one of our employees legitimated visited the site. We found that user was using grammarly. Once we deactivated grammarly, all of the bot traffic stopped.

As best as I could tell, every URL that particular person went to in their browsers, grammarly had a service about 30 minutes later that would try and hit the url directly and ascertain what was there.

Haven't been on the crusade against it ever since.

[dylan604]

Did something like grammarly attempt to correct your post here?

>Haven't been on the crusade against it ever since.

You have been or you haven't been? It sounds like a contradictory statement from the rest of your comment.

[fragmede]

Because of the proven URL visiting bot, they don't have to. Everyone understands it's not an idle threat that Grammarly snoops on everything you write.

[altdataseller]

Why is Grammarly keeping track of the urls you visit when it has nothing to do with checking your grammar?

[lozenge]

Are you writing blog posts or message board comments? Are you on social media? Writing to one person or many? Are you writing for financial, health, tourist industries, or for your academic qualifications? To entertain, persuade or inform? A screenshot of the page can be reviewed and classified later.

All to improve the service, of course. You know, what they say in the privacy policy.

(Note: I have no insider information)

[tobyjsullivan]

We can only speculate but I notice Grammarly has a feature for plagiarism detection[0].

> Ensure your work is fresh and original by checking it against 16 billion web pages.

How do they know what text is on 16B web pages? Presumably they have a web crawler of some sort.

[0] https://www.grammarly.com/plans

[NicoleJO]

>Presumably they have a web crawler of some sort.

Can confirm. Caught one of their bots on my site and called them out about it on Twitter.

They did not respond.

[drran]

> Ensure your work is fresh and original

The page linked doesn't contain the text.

[ZGDUwpqEWpUZ]

On a desktop browser, click the "Plagiarism detected" benefit under one of the plans - the text will show up as a tool tip.

That alone doesn't indicate they collected the 16 billion documents themselves, of course.

[BbzzbB]

I mostly wonder how? Is it an extension or program? I thought it was just a website where you can paste in a text-box for proof reading, and that sort of website shouldn't be able to track you everywhere afterwards, right?

[skellera]

It’s also a browser extension and extension for things like Microsoft Word.

I think it’s fine if you use the website with information you don’t mind sharing but their extensions are reading everything you write.

[bqmjjx0kac]

Perhaps another site that person visited frequently was stealing their Grammarly auth token with this bug? https://bugs.chromium.org/p/project-zero/issues/detail?id=15...

[chrisweekly]

> "Haven't been on the crusade against it ever since."

haven't -> have, right?

[quinndexter]

I believe they mean that the abuse was so blatantly obvious that they didn't have to argue the case anymore.