Grammarly Fixed a Security Vulnerability, but It Still Can’t Fix Our Writing

Screenshot from Grammarly advertisement.
Words may be “humankind’s most powerful tool,” but Grammarly isn’t doing much to help.

If you spend enough time online—and if you’re reading this, you almost certainly do—you’ve probably been exposed to the ubiquitous advertising for a product called Grammarly. In a video that’s been viewed almost 300 million times on YouTube, the company promises that its app and browser extension can help you identify “errors that other spelling and grammar checkers just can’t catch.” In a more recent spot (“Write The [sic] Future”), Grammarly shows off some of its advanced capabilities, promising that it will help you avoid accidental plagiarism, use semicolons properly, and improve your word choice.

But if all that promotion convinced you to try out the company’s products, there’s a chance you’ve been exposed to something much more serious along the way. Last week, Google security researcher Tavis Ormandy identified a bug in Grammarly’s Chrome extension that threatened to let “any website … login to as you and access all your documents, history, logs, and all other data.” To its credit, Grammarly quickly responded to the report and closed the hole.

While some early reporting on the bug suggested that it could compromise anything users typed on the internet, the actual problem seems to have been less sweeping. As Gizmodo clarified, the bug affected “user documents created and saved within the Grammarly Editor interface, which is available only when a user is logged in at” In other words, it doesn’t look like hackers could have captured the text of your private Facebook posts or compromising emails, though the problem is no less troubling for its relatively small scope.

As someone who had been testing out Grammarly’s services for a few months, I was both disquieted by Ormandy’s discovery and gratified by the company’s willingness to deploy a quick fix. Ultimately, however, nothing the company does could allay its true underlying problem: Its services just aren’t that good.

I first began running Grammarly through its paces thanks to a tweet storm in which Slate’s Yascha Mounk noted that many of the “fixes” in Grammarly’s advertisements are either unhelpful or actively wrong. For example, in the sentence, “Let’s suppose you’re writing a really important email to a colleague,” the program proposes a variety of alternatives to the phrase “really important.” While blanket injunctions are almost always absurd, the impulse here is understandable (weak modifiers such as really sometimes feel out of place in formal prose), but Grammarly goes even farther than the strictest writing instructor ever would. Like the grammar checker in Microsoft Word, Grammarly offers “suggested enhancements” including imperative and paramount that would actually render the construction nonsensical in the interest of unnecessary overcorrection.

Strangely, when I rewrote the sentence in Grammarly’s browser-based word processor, it declined to flag “really important” as a problem. Instead, it tantalizingly informed me that there was an “advanced issue” in the sentence, but I’d have to upgrade to a paid subscription ($29.95 per month, unless I committed to a full year, at which point it would drop to $11.66 per month) to find out what it was. If I understand right, then, Grammarly is saving its worst advice for its actual paying customers.

Even Grammarly’s most basic suggestions can still lead users astray. Take this sentence from an article I recently published in Slate: “No matter what he’s wearing, he almost always opts for long sleeves—here in an Apple Store uniform (just one of the team!), there in a plain sport shirt.” Grammarly identifies three possible problems. First, seemingly thrown by syntactical complexity, it suggests that I should replace “there in a” with “there is a,” a change that would be ungrammatical, but that still leaves me questioning my own stylistic choices. Second, it proposes substituting “sports shirt” for “sport shirt,” an acceptable, if uncalled for, alternative. Third, and worst of all, it declares, “The word plain doesn’t seem to fit in this context,” and informs me that I should change it to “plaid.” While switching things up might be good for your sartorial style, it’s only going to make your prose more baffling. This is an instance of what I’m tempted to call the algorithmic uncanny valley, that point at which a program is astute enough to recognize that humans often pair shirt with plaid but not enough to understand that they also do so with plain.

This example is particularly galling, because it’s clearly the sort of thing “that other spelling and grammar checkers just can’t catch.” Whatever its faults, Grammarly’s Chrome extension isn’t completely useless. It’s saved me from some basic typos in hastily composed tweets and emails, and when I ran a draft of this article through it, it noticed a missing word that I (probably) would have caught on review. Nevertheless, the company’s ostensibly advanced tools are more likely to degrade our writing than improve it, if only because they don’t reflect the ways we really write.