How much privacy would you give up for a useful app?

Recently I booked a virtual meeting with an entrepreneur in Silicon Valley. We were going back and forth on email, trying to find a suitable time. Then in stepped someone called Fin, who said he’d “be happy to find a time that works.” He offered a couple of suggestions and I emailed back the one that suited me.

I didn’t realise it at first, but I wasn’t communicating with a ‘he’ – but an ‘it’. Fin was an app.

At this point my friend jumped back into the email exchange and told Fin to “please schedule us for the week after next.” Fin emailed back and confirmed the meeting. A calendar invitation turned up shortly after.

This is a very useful app, I thought to myself.

On its website, Fin is described as a personal assistant. But there’s an interesting twist: it uses automated machine intelligence combined with human assistants. So unlike better known personal assistant software, like Apple’s Siri or Amazon’s Alexa, Fin unashamedly uses human intervention when the software cannot adequately fulfil a request.

Fin co-founder Andrew Kortina calls the product a “hybrid intelligence system.” In a blog post, he admitted that the human assistants are “the main reason Fin is able to handle such a wide breadth of tasks.” For example, Siri cannot automate a restaurant reservation for you – mainly because it doesn’t have programmatic access to every restaurant in your city.

However, human assistants can do it all. “We can use the public internet, we can email or text anyone, or we can pickup the phone and call people to get things done for you,” wrote Kortina.

Mixing Internet technology with human labour is nothing new, of course – Uber is the prime example these days. The strategy is clearly working for Fin too, as it’s much more effective than Siri and Alexa as a personal assistant.

I decided to try Fin out for myself. However, I soon discovered there’s a price to pay for its usefulness.

At the beginning of the signup process, I was asked to connect my Google email account. This would give Fin access to read and write emails on my behalf.

I hesitated. I don’t want anyone – machine or human – to have read and write access to my personal email account. To compromise, I signed up to Fin with a brand new Google account that I’d created recently for a new blogging project.

I was glad I did that, because after I’d approved my secondary email account, I was shown this message:

“When you agree, information from your calendar, address book, and email will be shared with Fin and added to Fin’s collaborative knowledge base.”

So my private information will be added to this startup’s database and random human employees will have access to it? That would have been useful to know before I’d connected up my Gmail account.

Okay then, what else is in the fine print. I scanned the Terms of Service and soon found another detail I wish I’d known before connecting my email:

“In order to use Fin, you will need to sign up for an account, and provide Fin with a valid credit card, debit card, or other Fin-approved payment method.”

So not only does Fin have full access to your emails, you’ll also need to hand over your credit card. The cost is $1 “for each effective minute used,” which sounded vague.

I bailed from the signup process at this point and hastily disconnected my email from Fin. While I realize that Fin needs this level of access to your email and calendar in order to do its job, it’s asking you to place an awful lot of trust in a company you know little about.

What worried me the most was that Fin can read messages that do not even invoke the Fin assistant. This is from its privacy policy:

“Whenever you send or receive a Communication, Fin will treat that Communication just like any other Information it collects from you. This means, among other things, that Fin may read or listen to the Communication.”

Fin defines “Communication(s)” as emails, text messages, calls, and other communications that “you send to and receive from other people and businesses.” Nowhere in that definition does it state that Fin must be involved in the communication in order for it to read it. Which means this company can potentially read everything in your email and add it all to their “collaborative knowledge base.”

I’m not for a moment suggesting that Fin is doing anything nefarious with its users’ data. I know that my friend in Silicon Valley, who is a savvy entrepreneur, would not be using Fin if he thought his privacy was being compromised.

What I am saying is that I, personally, do not feel comfortable giving a relatively unknown company read/write access to my email account.

Yes, Fin is an amazing personal assistant. But the privacy price is simply too high.