select all

The Controversy Is a Good Reminder That Tech Companies and Consumers Don’t Understand Each Other

Photo: Jan Stromme/Getty Images

The controversy over, a service that scanned users’ email accounts in order to help them unsubscribe from junk mail (and also to sell their anonymized email data to customers, in particular Uber) is a nice object lesson in two important truths about the relationship between technology companies and their consumers.

The first truth is that users are dumb. They will sign up for free services without reading the terms and conditions, and never wonder why the service is free. Then they’ll be furious when they’re told that their data is being collected and sold. Giving a service the ability to comb through your email is a Faustian bargain if there ever was one; a free service with access to your communications is never truly free.

The second truth is that tech companies are also very dumb. Writing a thick, unreadable terms-of-service document and assuming that, because it covers your ass legally, it will cover your ass morally is a recipe for outrage. Obfuscating your business model, and hiding what’s actually done with customer data deep within the terms of service, isn’t exactly a model of ethics and transparency. And yet, when the New York Times reported on’s business as a minor detail in its profile of Travis Kalanick, the company appeared unprepared for the surprise.’s founders were surprised to learn that its users were mad that the service scanned their email in order to sell bundled anonymized data to companies like Uber.

This is a Silicon Valley tale as old as time. Company offers free service; users sign up; it’s revealed that company is harvesting and selling data; users get mad; company defends itself by saying something like, “It was in the terms of service.”

This is most recently being enacted in a cringeworthy defense of by its co-founder Perri Chase, posted yesterday on — where else? — Medium. Chase’s overall point is that obviously is a business, and needs to make money somehow. But that’s not really obvious at all. The web is filled with services and programs provided for free, not for a profit but because of ethical commitments or the satisfaction of producing something. Even if users are aware that is a profit-seeking business doesn’t mean they know what the actual business is: The standard start-up model is to traipse along unprofitably, build up a user base, and then figure out how to make money off of it.

But, of course, Chase’s real argument is, Did you read the Terms of Service?

Look, respectfully, you have clearly been living under a rock because if you look at the entire tech ecosystem — It’s fucking gross. It starts at the top with the character quality and priorities of the investment community which, btw is not to be nice to the users it is (shocking) to make money!!! I encourage you to go read the Terms of Service of every app you opt in to in order to see what rights they have over your data. This is not new. Is it good? Is it bad? Is that the point? You optin for an awesome free product that clearly states the following and you are offended and surprised? Really?

Setting aside Chase’s clear disdain for anyone outside of the tech industry, the assertion that “clearly states” how it makes money just doesn’t hold up. Chase isn’t referring to’s home page or FAQ section, both of which lack any information on what data retains or how it is used — she’s referring to the service’s privacy policy, under a section called “Our Collection and Use of Non-Personal Information.” Written in small font in a large block of legalese, the site murmurs:

We also collect non-personal information — data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, sell, and disclose non-personal information for any purpose. For example, when you use our services, we may collect data from and about the “commercial electronic mail messages” and “transactional or relationship messages” (as such terms are defined in the CAN-SPAM Act (15 U.S.C. 7702 et. seq.) that are sent to your email accounts. We collect such commercial transactional messages so that we can better understand the behavior of the senders of such messages, and better understand our customer behavior and improve our products, services, and advertising. We may disclose, distribute, transfer, and sell such messages and the data that we collect from or in connection with such messages; provided, however, if we do disclose such messages or data, all personal information contained in such messages will be removed prior to any such disclosure.

That is hardly a “clear” statement, and any privacy policy that requires its reader to search out sections of the U.S. Code in order to understand what a “transactional or relationship message” is (I’ll save you some time: It’s usually a receipt) isn’t really trying to be up-front with users. requires users to agree to this policy when signing up, and to affirmatively consent with a click.

Both software users and developers know that nobody reads these things. The legal dubiousness of this universal practice, known as “clickwrapping,” is practically as old as the web itself, and has been the subject of court cases for years. It is technically legal, but both sides of the equation know that they’re cutting corners. Companies use lengthy terms of service to cover their asses, and consumers see terms of service as a minor hindrance standing between them and a cool app, privacy be damned.

Needless to say, this is a bad foundation for an industry. Both developers and users have settled into a predictable rhythm regarding, quote, unquote, “free” services. Should users read terms of service, and be more generally aware of how their data is being collected and used? Of course! Absolutely! But pretending that we live in a world where that’s the case doesn’t make it so. Frictionless onboarding processes from developers notify users that there are terms of service, but never demand that users actually understand them. Sooner or later, as learned, it can all come crashing down. Until the tech industry accepts that legal ass-covering and ethical ass-covering are not equivalent, this is going to happen over and over again.’s Lesson: Legal Ass-Covering Isn’t Enough