What the latest email spying scandal means for user privacy

Share this page

On Monday, Vice’s Motherboard broke yet another story revealing the extent to which companies are monetizing their users.

Reporter Joseph Cox’s investigation revealed how Edison, an email productivity app, is scraping users’ personal inboxes for purchase receipts and shipment tracking updates.

Using this data, the company can create “detailed behavior patterns” for its users, selling information about what its users bought and how much they paid for it — extremely valuable information for e-commerce or travel sites, which purchase this data from Edison.

This tracks closely along the contours of previous scandals involving free email apps. In July, The New York Times reported on the email-monitoring practices of Superhuman, another pro-sumer app that has access to your personal inbox. The invasion of users’ privacy is integral to the products themselves, while also being something the companies would like to downplay.

In the latest article, Cox relies on documents obtained from JP Morgan that show several companies buying data from Edison that was sourced from personal inboxes. Although the data is allegedly anonymized, true anonymization is an extremely high standard that companies don’t always live up to.

Moreover, it wasn’t clear to many Edison users that this data scraping was even happening. The company’s privacy policy does state that it “accesses and processes email messages in any email accounts you have connected and data collected from other Internet accounts you connect.” But Cox interviewed one Edison user who said the marketing surrounding the product seemed deliberately misleading: “Their website is all like ‘No Ads’ and ‘Privacy First.’”

Screenshot of Edison’s section explaining “How We Use Data”

Edison is hardly the only offender. Several other free email services also serve as data mines for corporate clients.

Cleanfox, an app that organizes and cleans out your inbox, was found scraping and selling data to consulting companies like Bain & Company and McKinsey & Company, according to a confidential presentation obtained by Motherboard.

Similarly, Rakuten’s Slice, an app that scans your inbox for recent purchases so you can track your shipments and receive refunds, creates detailed records of what you buy and how much you paid. Companies will pay upwards of $100,000 to get access to Rakuten’s data on one product category, according to emails obtained by Motherboard.

The promise of privacy

The late 2010s will go down in history as the period when we realized the true cost of giving so much personal information to tech companies. This culminated in 2018 with the Cambridge-Analytica election hacking scandal and subsequent fallout, which affected every player in the ad tech industry.

Sensing a public relations crisis, many companies began to “pivot to privacy.” Edison has followed this trend, repeatedly emphasizing its implementation of “privacy by design” and being ad free (they have a blog post on the subject). Whatever the truth of these claims, the lack of total transparency and public relations spin seems to have misled users in their expectations of privacy.

This prevents users from making informed decisions. While privacy online has undoubtedly improved over the last few years, the business model of monetizing users remains incompatible with privacy.

How Proton Mail treats your inbox

We recognized in 2014 what true privacy requires: a different business model.

Starting from our crowdfunding campaign, we have depended primarily on community support to fund our operations, so that our interests are aligned with our users. This allows us to see our users as people, not data producers. We believe everyone has a right to freedom, privacy, and security, and our mission is to increase global access to these rights.

Although we offer paid plans with additional features, like extra storage and multiple email addresses, we will always offer a Free plan. Our Free plans are supported by those who upgrade to paid subscriptions, so we do not need to collect and sell personal data.

Our products themselves are designed to put you in control of your personal information. With end-to-end encryption, only you have the key to your inbox. And our zero-access encryption ensures that even messages between Proton Mail and non-Proton Mail accounts are not accessible on our servers.

Because we have EU users and fall under the General Data Protection Regulation (GDPR), we are legally bound by our privacy claims, and these are explicitly detailed in our privacy policy.

We’re building a safe Internet that respects your personal life. If you believe in this mission, sign up today. Thank you for your support.

UPDATE March 9, 2020: We updated this article to clarify some aspects of Edison’s policies about the use of data.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support.

Join the Proton ecosystem
Create a free account

Share this page

Related articles

For years, Apple watched Google and Meta make billions by collecting every scrap of people’s data to target them with ads. Now it appears it was just taking notes. Apple’s advertising operation follows the surveillance capitalism model of its rivals
When we launched Proton Drive two months ago, we wanted to create a truly private and secure cloud storage service. An encrypted cloud that allows anyone on the internet to safely store, access, and share their files without worrying about unauthoriz
From our initial crowdfunding campaign to the recent launch of our encrypted cloud storage service Proton Drive, Proton has always been supported by the community. Your feedback tells us what new features to develop and which we should improve.  For