Security Policy: Specifying Applications

I wrote this for cybrary 0p3n last week

We use applications to make our lives easier. But how much access do we give them? First of all, considering what kind of access and the level you provide applications is an important question regarding privacy. But how about security? One of my favourite add-ons that I use in opera – but is written for Chrome – is Grammarly. Yet I would use another browser where Grammarly is not installed when I need to be sure my message is private. So for this case, we use Grammarly as the example.

What does it access?

Grammarly needs to write everything you write in order to see if the grammar is right within the given context. It functions with an online database. But basically, including this post, the whole context and the exact text and mistakes are sent through a server and back. That means that it would be possible to intercept everything that is checked. Insert scream emoji.

Honestly, I wouldn’t be likely to like the result of a deep packet inspection. So, Grammarly is perfect if you have nothing to hide. Stuff that everyone is allowed to see. For example this blog article. However, if I am about to compose an e-mail about company sensitive information, that is clearly not the case. Therefore, using these types of applications should be included in your security policy. Where is this allowed and where should we avoid at all costs?

But I do honestly still love the convince of it.