Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note that Grammarly is essentially a keylogger. The content you're typing gets sent to their servers. It doesn't work like your typical client-side spellchecker.

Their business model may be OK, it's just something that you need to be aware of (and a lot of people I've talked to aren't).

From the privacy policy:

---

We collect this information as you use the Site, Software, and/or Services:

- User Content. This consists of all text, documents, or other content or information uploaded, entered, or otherwise transmitted by you in connection with your use of the Services and/or Software. For more information about how we care for and protect your User Content, please see our User Trust Guidelines.



As an alternative there is LanguageTool[†], for which you can run your own server so the data isn't given to an extra party at all. We've been using it in [DayJob] for a while, and I use it at home too, and it does a decent job.

From my relatively experience of Grammarly (I had an account a couple of years ago) a self-hosted instance of LT is slightly better than Grammarly "free" but doesn't have the extra analysis offered by Grammarly's paid accounts.

[†] https://languagetool.org/


I do this too (running it in a docker container on my server to mutualise usage across several devices) and it suffice for catching the main errors and typos. Quite happy with it.

Can indeed be recommended as substitute to grammarly free.


They had a serious issue that would allow other sites to access your texts. Found by taviso from google project-zero.

I give them the credit that they fixed it within hours, but should the project-zero team fill in for their testing team ? :-) https://bugs.chromium.org/p/project-zero/issues/detail?id=15...


No need to install browser extension. You can go to app.grammarly.com paste your text and spell-check it. Works great.


No doubt it works great - but I'm not convinced this addresses the claim that it's "essentially a key logger". With your suggestion, they're still getting the data.


I hope everyone assumes this by default of any web forms. I always wince a little when a colleague uses some random website to pretty-print json or encode base64. Great way to leak company internal stuff.


I built a (diff) app that doesn't, but I have no idea how to promote that without making people even more suspicious.


People who care a lot about protecting their data probably won't use it anyway. Even if your intentions are pure, your implementation could have a security vulnerability. It makes a nice bullet point feature but I'm not sure it has much promotional value beyond that.


This is what holds me back. Thanks for helping other see this.


In case you miss my longer replay to the parent post:

You could try a locally self-hosted instance of https://languagetool.org/ to avoid sending all your online typing to an extra party.


It’s only self hosted when you have more then 250 users :(


There's the open source part of it: https://github.com/languagetool-org/languagetool

Not sure if it's missing any notable features of the SAAS product.


Oh thats awesome! i'll take a look, thanks




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: