Jump to content
Liagala

Concerns about Coil data collection

Recommended Posts

24 minutes ago, pascales said:

Please don’t fall onto the sensationalism trap.

The fact that you use an email when opening an account does not give them access to your emails. The fact that you use your Facebook profile doesn’t give them all info on your friends (unless you are explicitly asked for it and give explicit consent).

The use cases for advertising will all come from third parties that Coil could share data with

- Email > uploaded to platforms such as Facebook or Google AdWords. It’s then matched to the internal emails on F/G, so they can leverage their internal IDs for as targeting.

Coil’s revenue model is still not fully clear. If they go through the route of taking a commission per transaction (which they should), advertising shouldn’t be a focus for them, and hence most use cases they implicitly cover themselves for on their T&C shouldn’t happen in practice.

I am not being sensational, in fact I'd say you seem gullible. A browser extension can parse the body of the page you are reading and record your browsing history. If it detects you are using an email service it could report home about your emails. It has a lot of access. Read this quote from their terms:

Quote

Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.

I'm assuming the extension is not blatant spyware and you must opt-in to such data harvesting. If it is actual spyware then I'm not paying for it.

Just to be clear on the kind of access a browser extension has (1st Google hit):

https://www.kaspersky.com/blog/browser-extensions-security/20886/

Edited by spondulix

Share this post


Link to post
Share on other sites
2 minutes ago, spondulix said:

'm assuming the extension is not blatant spyware and you must opt-in to such data harvesting. If it is actual spyware then I'm not paying for it.

This. 

Share this post


Link to post
Share on other sites
30 minutes ago, spondulix said:

A browser extension can parse the body of the page you are reading and record your browsing history. If it detects you are using an email service it could report home about your emails.

Fair enough - it’s true that most extensions currently can read urls and collect cookies.

On the emails that’d require parsing the full page and not merely the url, but it’s a risk that still exists if you give full permissions to the extension.

https://www.popularmechanics.com/technology/security/amp16741/browser-extension-security/

I guess the key question remains is what (detailed) data they will collect and to which purpose: BI? Advertising? Reselling...?

Share this post


Link to post
Share on other sites
I went and read through the Terms and Conditions given when you sign up for Coil.  Most of it seemed to be pretty straightforward (generic legal crap, the "we can't control third parties" stuff, etc).  Toward the end I found these bits that concerned me a little (all bolded emphasis is mine):
 
 
11. Service Features.
A. Wireless Features.
The Service may offer features that are available to you via your wireless Device including the ability to access the Service’s features and upload content to the Service (collectively, “Wireless Features”). By using the Service, you agree that Coil may collect information related to your use of the Wireless Features as described in our Privacy Policy, and may change, alter, or modify the settings or configurations on your Device in order to allow for or optimize your use of the Service. Data rates and other carrier fees may apply.
B. Location-Based Features.
If you have location-based features on your wireless Device, you acknowledge that your Device location will be tracked and shared consistent with the Privacy Policy. You can terminate location tracking by us by adjusting the permissions in your Device or uninstalling our app. Location-based features are used at your own risk and location data may not be accurate.
 
 
So I went and looked at their privacy policy

 
 
Profile Data. We collect your username, interests, favorites, and other profile and social media data.
Contacts. We collect data about your contacts, including online and social media addresses, in order to fulfill a request by you, such as finding your contacts on the Service or inviting your contacts to join the Service.
Content. We collect the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide to customer support. We also collect the content of your communications as necessary to provide you with the services you use. For example, if you chat with another user through the Service, we need to collect the content of that chat to display it to you and the other user as you direct.
Resume Data. We collect data as necessary to consider you for a job opening if you submit an application to us, such as your employment history, transcript, writing samples, and references.
Surfing Data. We collect data concerning the websites and webpages that you may visit.
 
B. Information Collected Automatically.
We automatically collect information about your device and how your device interacts with our Service. We may use Service Providers to collect this information. Some examples of information we collect include the following:
Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.
Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).
 
 
Okay... so this service is meant to let us control our own data by paying for the sites we visit.  Yet they collect everything we do at all times?  Why is my location required information for them to run their service?  Why do they need to know the e-mails I read?  And of course all this data is being used to market to us, because that's what they always do with it.

 
 
4. Sharing of Information.
We share information about you as follows:
Service Providers. We may share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as payment processing, data analytics, marketing and promotional services, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.
Affiliates. We may share your information with our related entities including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, and technical operations.
Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities. For example, we may share information about you with a retailer for purposes of providing you with product support.
 
 
So uh... I thought they were supposed to be the good guys.  Why do I feel like I'm paying them to collect more information about me than Facebook does?  Can someone reassure me a little here?
I think this is a very broad policy. Just to be covered. I'm sure all other tech companies have the same kind of clauses. But yeah it's crappy that you have to give consent to that.

Share this post


Link to post
Share on other sites
You pay a subscription directly to Coil, by credit card.  They then pay the sites you visit (if said sites have arranged an agreement with Coil for this service), based on the time you spend on each site.  Currently the only subscription available is a $5/month one, but there will likely be other levels of service in the future.
Seems like I misunderstood coil. I don't see the use of it.

Share this post


Link to post
Share on other sites

My thought is that in order to provide for integration with data handlers like Discord, Reddit and Twitter, it is necessary to have parallel terms of service and privacy policies that will allow interoperability without misrepresenting how connected services may use your data.

Could it be that Coil had to adopt the lowest common denominator as to terms in order to be interoperable with social networking connectors?

Share this post


Link to post
Share on other sites
2 minutes ago, jag216 said:

Could it be that Coil had to adopt the lowest common denominator as to terms in order to be interoperable with social networking connectors?

That's possible, but it seems a little doubtful given how many times their TOS mentions that third party services aren't their problem, and will have their own sets of rules and such.

Share this post


Link to post
Share on other sites

I have to say I find this all extremely disappointing. I hadn't signed up for Coil yet nor downloaded the extension and at this point I'm glad I haven't. As others have said, I thought the whole point of this was to give power back to individual users and to break the advertising revenue model addiction.

I can understand Coil wanting to collect certain usage data, not only to provide the service but also to improve the service, but the ability to collect nearly everything we do online and have permission to share that with others including advertisers seems like a massive step in the wrong direction. 

It may well be that this is simple legal butt-covering but it still requires us to give explicit permission for those activities therefore giving them legal rights. If this is only a 'cut-and-paste' T&C then I'd invite Coil to create a new one instead that makes more sense for what we're all trying to achieve.

Share this post


Link to post
Share on other sites

I was enthusiastic about Coil, even if doubtful about how many people would actually stump up real money to access content that formerly appeared to be free. But these T&Cs are totally unacceptable. I will just continue using an ad-blocker. In fact, I'd be prepared to pay for a really good one - perhaps that's the way forward?

Share this post


Link to post
Share on other sites
11 hours ago, Liagala said:

Okay... so this service is meant to let us control our own data by paying for the sites we visit.  Yet they collect everything we do at all times?  Why is my location required information for them to run their service?  Why do they need to know the e-mails I read?  And of course all this data is being used to market to us, because that's what they always do with it.

So uh... I thought they were supposed to be the good guys.  Why do I feel like I'm paying them to collect more information about me than Facebook does?  Can someone reassure me a little here?

While those terms do look invasive at first glance, they're not that different than those of Amazon or others.

Since Coil is, by definition a browser add-on, I'm assuming that their lawyers told them "everything that a browser can do - whether it's Chrome or Firefox, or the other old ones where you use your Polyfills - you have to assume that you can access the same data that those browsers collect."   I"m just guessing this is but one of many reasons for those statements in the privacy policy.  But I'm not a lawyer - however we have them here on XRP Chat. 

In addition, I'm also guessing that they run into this because they're trying to bootstrap the adoption by handling the monetization part of it for websites and YouTubers. Otherwise, each person would need to run an ILP node and moneyd.

Since Coil is doing this for websites and accounts, temporarily or otherwise, they need some way to examine what sites a Coil-enabled browser is viewing.  They wouldn't have to do this if they required each content creator to run their own ILP node and moneyd. 

And that's where you run into what appears to be very invasive monitoring, at least at the starting of their service. Perhaps there's a long-term plan for stepping back from this (requiring each content creator to run their own ILP node and moneyd, in an easily-deployed app of some kind) . Then they wouldn't need to track user's viewing  - they would, in theory, just pay when the browser bumps into a site that is monetized.

Again, the above is all my conjecture; we'd need somebody from Coil to comment directly.

Share this post


Link to post
Share on other sites
5 hours ago, Kaidan said:

I sent them an email after I sign up;

This is how to positively handle it - thanks for communicating with them directly @Kaidan
 

Quote

 

I stated I would, even though I do not like my data being collected, my desire to help XRP grow is more important to me. Important enough that I will not boycott your new service and allow you time to review TOS and ask yourselves some questions about what you are trying to achieve. I want to pay for my one on one user experience because in part, it should give me my privacy back. 

Let’s keep in mind it’s this kind of nonsense that the fudsters will use against XRP and this use case. 

 

Nicely done. 

Share this post


Link to post
Share on other sites
Guest
3 minutes ago, Hodor said:

While those terms do look invasive at first glance, they're not that different than those of Amazon or others.

Since Coil is, by definition a browser add-on, I'm assuming that their lawyers told them "everything that a browser can do - whether it's Chrome or Firefox, or the other old ones where you use your Polyfills - you have to assume that you can access the same data that those browsers collect."   I"m just guessing this is but one of many reasons for those statements in the privacy policy.  But I'm not a lawyer - however we have them here on XRP Chat. 

In addition, I'm also guessing that they run into this because they're trying to bootstrap the adoption by handling the monetization part of it for websites and YouTubers. Otherwise, each person would need to run an ILP node and moneyd.

Since Coil is doing this for websites and accounts, temporarily or otherwise, they need some way to examine what sites a Coil-enabled browser is viewing.  They wouldn't have to do this if they required each content creator to run their own ILP node and moneyd. 

And that's where you run into what appears to be very invasive monitoring, at least at the starting of their service. Perhaps there's a long-term plan for stepping back from this (requiring each content creator to run their own ILP node and moneyd, in an easily-deployed app of some kind) . Then they wouldn't need to track user's viewing  - they would, in theory, just pay when the browser bumps into a site that is monetized.

Again, the above is all my conjecture; we'd need somebody from Coil to comment directly.

This is a good point. Since Coil is acting as the intermediary between the content provider and consumer the ToS would need to be broad and lay out the terms for both the provider and consumer. There is a possibility that some instances of data collection and usage may be that of only the provider and that of only the consumer. 

Share this post


Link to post
Share on other sites
Guest
On 8/31/2018 at 2:05 AM, LordVetinari said:

Fair enough. I'm asking about who specifically "keeps" the funds. I see in the ToS it just refers to third parties. I've emailed them to see if they will provide a more granular distribution information. How much Coil keeps, how much third-party get, etc.

@Liagala I've got a reply. My original email was perhaps too vague. I was hoping for greater detail. Another member participating in this thread has sent a more thorough email and I'm certain Mr. Thomas is aware of this discussion. So I will wait for more information before I try to contact him again. 

Quote

 

Thanks for reaching out! Coil is a flatrate subscription, so it does not matter how much you use the service. You can consume $8 worth of content if you like! We don't think it would be a very good experience if you had to constantly watch your budget and could even run out of funds.

- Stefan

 

Edited by Guest

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...