On the protection of your data: secure in-browser text checkers
February 2018. Tomas Ormandy, a Security researcher from Google, revealed a bug in Grammarly browser extension through which user data was probably flowing to third-parties.
This fact arose awareness among 20M of Chrome and 645K of Firefox users running content, personal emails and docs through Grammarly.
The bug was resolved in a couple of hours. But users still have security concerns regarding Grammarly and its peers bringing them up on Quora, Reddit and misc forums.
Here are just a few of recent reviews about Grammarly on Chrome and Firefox stores:
“This extension [Grammarly] logs everything you type. This includes any online banking and shopping, meaning they have a record of all information you type. This includes credit card numbers, SSN’s, answers to security questions and so on and so on.”
“It [Grammarly] sends all input data to the external server.”
“Grammarly are content thieves I chose this one [Language Tool].”
Although the provider fully discloses its security policy, data protection methods and customer data policy, the bullying keeps going.
Grammarly isn’t the only one who undergoes criticism. Microsoft Editor, a freshly-baked online spell-checker, and Ginger — were put in the hot seat.
“Send Data to Microsoft” option, it [Microsoft Editor] does NOT save this setting, so it is impossible to stop your person data from being sent to Microsoft. This need to be fixed immediately.”
“Unable to turn off “Automatically send data to help us improve our products”
Although Microsoft resolved the issue with version 1.0.2, users keep claiming they need to go back to the settings and enable this option.
In its Privacy Policy, Microsoft explains what data it collects and what for:
“Microsoft collects data from you, through our interactions with you and through our products …Many of our products require some personal data to provide you with a service”. And finally “When we ask you to provide personal data, you can decline.”
Maybe, users became more concerned about online privacy? Yes, Statista says that almost 50 percent of U.S. internet users were more concerned about online privacy in 2019 than they were in 2018.
So, online text checkers can’t help but adjust security practices to users’ demands.
Data protection standards
All in all, every proofreading service provider honestly admits that they can’t guarantee 100% data protection stored and processed in the cloud even though they follow all the industry standards related to data encryption and user authorization.
Grammarly explains its security measures in detail on a dedicated page on its website. For encryption, the provider uses TLS 1.2 protocols and AES-256 server-side encryption on the AWS data centres where the clients' data are kept. Also, Grammarly uses AWS Key Management Services for database encryption and secure key management.
ProWritingAid and LanguageTool process personal data in accordance with the European General Data Protection Regulation (GDPR): the text is sent to servers through an encrypted connection.
WebSpellChecker data security measures include TLS 1.2 protocols for encrypting the data in transit, internal security testing, static code analysis for both SaaS and on-premises versions. The on-premises version provides enhanced capabilities as a company has full control of data and can apply its security best practices.
Microsoft Editor deploys different encryption methods for each of its products: BitLocker and DM-Crypt, Azure Storage Service Encryption, Distributed Key Manager (DKM).
But is that enough for end-users let alone corporate clients dealing with sensitive data?
Cloud vs Server — what will you choose?
Certainly, there’s no absolute security anywhere. And some businesses may not need powerful safeguards, therefore the cloud is a real godsend for this cluster.
But what about vulnerable domains such as health-care or finance?
Can these companies rely on cloud text checkers in terms of data storage and collection?
Grammarly says its “data is stored on servers hosted by Amazon Web Services in the US” and “operates within Grammarly’s private network”.
But wasn’t it Amazon whose servers were targeted by the hacker group this spring?
Let’s look at the statistics. I love numbers since they give a full picture.
- As of 2019, around 48% of all corporate data is stored in the cloud comparing with 30% in 2015 {Statista};
- customer information and payment details are the most vulnerable types of data stored in the cloud {Statista};
- 60% of respondent IT practitioners stated their organization did not evaluate cloud providers for security capabilities because of the lack of resources {Statista};
- in 2019, 47% of US Internet users believe that their data and personal information online was somewhat vulnerable to hackers {Statista};
- for 39% of users, it’s important to be notified what data the provider collects about them and why it wants to collect it {Statista};
- 84% of cybersecurity components in U.S. healthcare organizations as of 2019 included workstations and servers {Statista}.
The more providers rely on the cloud, which for some may seem to be a security problem-solver, the more concerns the customer has.
For example, for a private health centre proofreading clinical records with in-browser text checker, having “no guarantees as to security of privacy of your information — {Sapling.AI}” is risky.
There’s hardly any organization operating on its own, almost everyone uses third-parties.
Here’s what Cisco, a prominent security solutions provider, says about the supply chain in its Cybersecurity Report:
“With services, hardware, and software coming from dozens or hundreds of different sources, organizations don’t stand a chance when it comes to exerting complete control over their security”
Is there a light at the end of the tunnel? How can you as a business owner/executive trust third-party proofreading solutions when it comes to data security?
Standalone on-premise software. This is the answer.
On-premise proofreading solutions
Yes, corporate servers are expensive, they require maintenance and staff training, but, anyway, they provide almost 100% security. Okay, only if one of your employees doesn’t decide he/she can use records for “personal agenda”.
Grammarly, Microsoft Editor and Linguix are totally cloud-based and work well for individual users and small teams without out-of-the-box security concerns.
If data security is your #1 priority, look at the server-based proofreading tools available on the market now.
It’s a powerful open-source text checker coming as an add-on and add-in for browsers and business software.
The proofreading software can be installed on a company’s premises, which makes it a great fit for clients with high-security demands.
Core features:
- proofreading in 20+ languages;
- personal dictionaries;
- custom rules;
- personalization options;
- blocklist of domains with enabled proofreading.
Target audience: students, authors, freelancers, agencies, companies, non-profit organizations, software companies and publishing houses.
Companies using Language Tool: Lokalise, MyPostcard, Audibene.
Price: starting from €31.24 per user per year. The min number of users — 100.
Being a B2B only proofreading services provider, WebSpellChecker has recently released a grammar- and spell-checker for browsers — WProofreader Business.
Its primary feature is an on-premise version enabling companies to run and control textual data on their servers.
Core features:
- multilingual spell- and grammar- checker with the auto-detector;
- integrations with business software (Gmail, Confluence, Jira, Slack, etc);
- specialized dictionaries (medical and legal);
- personalization options.
Target audience: small, mid- and large-sized companies from healthcare, legal, banking, computer software and government industries.
Price is flexible and depends on the customers’ needs. The price starts from $84 per user per year. The min number of users — 10.
ProWritingAid is a grammar and style editing tool. Although all its products are cloud-based, ProWritingAid has an option “standalone server-based tools” under Enterprise plan. Price is flexible and varies according to clients’ needs.
Core features:
- contextual spelling, grammar and punctuation checking and terminology manager;
- style suggestions to improve writing;
- integrations with browsers and office software;
- team user statistics and management;
- style guide custom rules;
- premium account management.
ProWritingAid clients: Amazon, Accenture, Microsoft, HomeServe, Growth Racket.
Price: varies between $25 — $30,000 plus maintenance and licensing costs. They charge either per call or per daily active user.
At the end of July, Sapling AI released a new version of their proofreading software designed specifically for clients with HIPAA or PCI compliance requirements.
The solution is available in beta to all customers that have At least 20 members on the team and a dedicated IT staff member responsible for helping with deployment.
Core features:
- grammar and spelling checking;
- autocomplete suggestions;
- team dictionaries;
- compatibility with browsers, business software and custom solutions (Zendesk, Salesforce, ServiceNow, Hubspot, LivePerson);
- searchable snippets (pieces of texts your team frequently uses);
- snippet tags and templates;
- chat suggestions;
- error reporting and efficiency analytics.
The team warns that the product may come with restricted access to early users due to limited onboarding bandwidth.
Sapling AI clients: TaskUs, TELUS International, Lionbridge
Price: $10 per user per month. The min number of users — 20.
Comparing self-hosted solutions
On a closing note
The global lockdown has shifted business communication to the online realm, which brought up extra demand for online writing assistants.
For businesses, there’s no better option than an in-browser automated tool checking emails, messages and docs for errors. Human editors cost way more and can’t handle the processing volumes as the software does.
However, there’s always a fly in the ointment. The majority of checkers are cloud-based and are not 100% secure. Companies don’t want to take a risk and become the next Marriott or Magellan Health, whose data breaches shocked the world.
Cyberattacks have become more sophisticated and the cloud isn’t a safe place for your data anymore.
The only place where your data is stored and processed under full control is your own server. Fortunately, some proofreading software providers understand the problem and offer security-focused solutions for teams and companies.
Today there are only a few options available on the market — LanguageTool, WProofreader by WebSpellChecker, ProWritingAid, and Sapling AI whose solutions are secure and protect your data.
If you need a cloud-based text checker, go and read my full review of each player on Medium.
