- Aug 17, 2017
- 1,491
Tech companies are taking more and more heat over other people’s software. An alarming story in The Wall Street Journal this week dove into the world of Gmail plugins, many of which have the power to scan through users’ entire inboxes. Some of that scanning is automated, but in other cases developers have combed through emails by hand, raising obvious privacy issues.
It was an ugly story for Google, not just for its immediate impact but for the difficult assumptions underneath. For decades, platforms have trusted users to make their own decisions about what programs to install and accept the consequences if they choose to install something scammy. After the Cambridge Analytica scandal, that trust is starting to look irresponsible. Facebook and Google are adjusting to the idea that, if they let something bad happen on their networks, they are going to catch the blame for it. After years of light-touch moderation, that means taking an entirely new look at third-party ecosystems -- and facing the hard question of whether it’s worth having them at all.
Is it time for platforms to ditch third-party apps altogether?
Under the old expectations, there’s nothing obviously scandalous about the Journal story. User emails were definitely exposed, but it all happened with the user’s permission. Apps need email access to work as a client, and Google is clear about the permissions when the app is installed, even if most people click through without thinking about it. Google didn’t make the apps or even promote them, and while it could be more strict about weeding out scammy plugins, it’s not clear what rules the offending apps had even broken. As one reporter put it: “if you give something access to your Gmail, it has access to your Gmail.”
But that may not be good enough anymore. Whether permissions were granted or not, Gmail users gave up incredibly sensitive information, sometimes without realizing what they were doing. In a post on Tuesday night, Google defended itself, reminding users of exactly what the permissions they clicked through looked like. “We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not,” the company said.
Full article: Will third-party plugins survive the tech backlash?
It was an ugly story for Google, not just for its immediate impact but for the difficult assumptions underneath. For decades, platforms have trusted users to make their own decisions about what programs to install and accept the consequences if they choose to install something scammy. After the Cambridge Analytica scandal, that trust is starting to look irresponsible. Facebook and Google are adjusting to the idea that, if they let something bad happen on their networks, they are going to catch the blame for it. After years of light-touch moderation, that means taking an entirely new look at third-party ecosystems -- and facing the hard question of whether it’s worth having them at all.
Is it time for platforms to ditch third-party apps altogether?
Under the old expectations, there’s nothing obviously scandalous about the Journal story. User emails were definitely exposed, but it all happened with the user’s permission. Apps need email access to work as a client, and Google is clear about the permissions when the app is installed, even if most people click through without thinking about it. Google didn’t make the apps or even promote them, and while it could be more strict about weeding out scammy plugins, it’s not clear what rules the offending apps had even broken. As one reporter put it: “if you give something access to your Gmail, it has access to your Gmail.”
But that may not be good enough anymore. Whether permissions were granted or not, Gmail users gave up incredibly sensitive information, sometimes without realizing what they were doing. In a post on Tuesday night, Google defended itself, reminding users of exactly what the permissions they clicked through looked like. “We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not,” the company said.
Full article: Will third-party plugins survive the tech backlash?