Kinda chisels away at their official "We're not a keylogger!" argument:
> Is Grammarly a keylogger?
> No. A keylogger records every keystroke, sends data to a third party for the benefit of that party, and does so without the user’s knowledge. Grammarly’s product doesn’t fit any of these descriptions.
[0].
Certainly the data being sent must be primarily for their own benefit. Clearly if it was for the benefit of the user then they would have not need to make turning it off a premium feature. Maybe Grammarly will create an AI that makes their product better, but they're still using user data to make that product in the first place.
This is a new distinction to me. So a macOS program that can record everything except specific password fields (due to the OS protections) can’t be called a keylogger?
2. sends data to a third party for the benefit of that party
Again a weird distinction. Grammarly is a 3rd party to it’s users when they watch the interaction between those users and the web form they are using, and are they saying that they have no partnerships with other companies?
3. does so without the user’s knowledge
This might be the only one I agree with, but even then it’s with caveats. If I as an employer tell my employees that there is software installed to record every keystroke, does that exclude it from being called a keylogger? Probably not. If I do it regardless of informing them and do the same thing with the data, does it particularly matter whether they have knowledge of it? Morally I’d also say probably not.
Does it really “not fit any of these descriptions”? I’d say it does.
It’s an argument tactic that works on people who need precompiled opinions.
Redefine something in a very qualified way that maneuvers around the issue and that a non-thinking person wouldn’t notice and then say “see! A =! B” and the non-thinking person accepts that new fact and is now accepting of your broader argument.
People who use grammarly are commoditizing themselves and they’re too dumb to notice.
I use keyloggers on my own machines sometimes. I'm a first party, not third, and I've fully disclosed to myself that I'm using them. I've even obtained 100% informed consent for the activity.
Is Grammarly a third party when you interact with them or their product? And they don't actually record the data without the user's knowledge, do they?
They might not be a keylogger by their own definition, but everyone can design a definition like that: a thief steals stuff, gives it to a third party for the benefit of that party, and does so without the users's knowledge.
Grammarly is an extremely obvious intelligence cutout masquerading as a company. Their entire business model is getting employees insecure about their English skills to dump sensitive government and business documents into their service without their employer's knowledge. They were founded in and keep multinational offices in intelligence laundering hotspots so the Americans can claim to have received tips from the Germans and the Germans from the Ukrainians and so on.
That doesn’t make any sense. Everyone used it in high school and college, they’re very heavily targeted to education.
If anything, Microsoft Editor (which is on by default) would be an tool of intelligence because we already know Microsoft participated in PRISM, but that’s boring and too unstoppable
I think they cater mostly to people whose first language is not English. Maybe they are still keeping intelligence on those people, but there is a legitimate need there
Stipulating that this is a valid concern, the obvious judo move is to craft a bunch of subtle GPT inputs to feed disinformtzya to this alleged collector.
That is, such an intel conduit works well until the the subjects turn the tables.
Probably a high tech thriller plot in there somewhere.
I kinda hate this, but it also seems like the only way to keep Grammarly in business. I've paid them for a personal account since 2016, since ChatGPT's launch - my usage has fallen precipitously. I can write utter stream of consciousness garbage, paste it into GPT-4, and get out a professional looking piece of text.
I'd definitely pay for a private AI assisted writing experience - the biggest blocker I have with using Grammarly is my inability to use it at work.
Because of the step change in functionality, ChatGPT is not banned. However I am prohibited from using ChatGPT outputs in certain contexts. Unfortunately, Grammarly and ChatGPT are under different application classifications.
The difference is in the value returned. Punching queries into a third party search engine is also risky. If that search engine knew who you worked for, it could extract what you were working on and potentially how competent you were at it.
Now try telling engineers to not use google.
On the flip side, grammarly is often positioned by corporate security as a nice to have feature which can be replaced by offline spellcheck and internal web docs.
We offer a no data retention option for all teams. If a business wants to try us out for free I’m happy to set something up.
We also offer our application self-hosted/on-premise/cloud-premise. We have single-tenant (separate data) options as well. These options have a higher deployment cost so they may not make sense for teams under 10.
When it comes to our genAI features, we use Microsoft Azure as our LLM provider and don’t allow Azure, or any third party, to use our customers’ data to train their models—this is contractually mandated. For text analyzed by Grammarly to provide revision suggestions (like adjusting tone or making text more concise), we may retain randomly sampled, anonymized, and de-identified data to improve the product. This data is disassociated from user accounts and ONLY used in aggregate.
We’ve devoted a ton of time and resources to developing methods that ensure the training data is anonymized and de-identified. And any Grammarly user (Free, Premium, Business) can view the data associated with their account by requesting a personal data report from us.
Re: opt-out: When we go through a security review with a business, if requested, that business can completely opt out of Grammarly training on their de-identified and anonymized data—opt-out is not limited to a 500+ license size.
We don’t skimp on security or responsible data practices at Grammarly. We have strict enterprise-grade controls to protect customer data—restricted access, encryption, audit logging, and more. These are backed by industry-standard certifications like SOC 2 (Type 2), HIPAA, and ISO and verified and audited by industry-leading third parties.
I’m an individual user. Well, I was. Because you don’t give people like me a path to protect my personal information, not only did I successfully chargeback my yearly subscription, but I made sure to talk to people I evangelized Grammarly and ensure they stop using the app as well.
I really don’t understand why as an individual my privacy is unimportant.
Hey! I'm really sorry to hear this. Regardless of which type of user you are, we aren’t here to misuse your personal information. I work in security and am a Grammarly user. Your privacy, just like mine and any other person using Grammarly, is important. Period.
As I mentioned before, we go to great lengths to ensure that training data can’t be linked to your account or to you personally, and it’s de-identified and randomly sampled. If this doesn’t help, I know our Support team will also assist with the chargeback request.
Currently going through it around this and Zoom at my employer, who are a small team and seem to really not trust my experience in security and privacy. Definitely a losing battle and I’ll probably need to exit soon due to differences in direction.
Anyone hiring in the security field these days? Off to check the last who’s hiring post I guess.
> Is Grammarly a keylogger?
> No. A keylogger records every keystroke, sends data to a third party for the benefit of that party, and does so without the user’s knowledge. Grammarly’s product doesn’t fit any of these descriptions. [0].
Certainly the data being sent must be primarily for their own benefit. Clearly if it was for the benefit of the user then they would have not need to make turning it off a premium feature. Maybe Grammarly will create an AI that makes their product better, but they're still using user data to make that product in the first place.
[0]. https://support.grammarly.com/hc/en-us/articles/360003816032...