Terms of Service; Didn’t Read
tosdr.orgOn the first day of a university course, several hundred students asked to line up and sign a two page agreement in order to access computing resources necessary for the course. When my turn came, I asked where I could read it without holding up the entire line. They were shocked that anyone would ask such a question, though they provided me a space to read over the document.
If blindly signing a contract one of the first things that computer science students encounter, I'm not surprised that they simply put up those ToS without the expectation that they will be read.
It's absolutely astounding to me how many folks blindly sign legal documents. Especially employment related. Whenever I've pushed back on an employment contract, NDA, or similar it's always met with sudden confusion - as though this has never happened before. In fairness, it's almost never met with negatively. But it shows that no one else has ever bothered to question it. And when I talk to colleagues I definitely get the sense that no one ever really reads these things or questions them.
The problem arises especially when the document is written in legalese. I also feel like I'm not really qualified to understand these documents - they are generally written for people who have the appropriate qualifications.
For example when buying a property in the UK, the soliciter will be the one parses the legal documents. It's crazy to think that normal people are expected to fully understand these, and it doesn't surpise me when they just blindly sign them. At the end of the day they want the thing and carry on with their lives - throwing caution to the wind.
I feel this is one of the major problems with most TOSs...
You generally don't have a lawyer around to explain every TOS you come across, so people ignore them and hope for the best.
Hmm - I wonder if there would be a niche for a website that explains specific, common TOSs in easy to understand terms?
We've all been hearing about machine learning algorithms that can parse legalese and pull out the important bits given parameters of interest. So certainly a possibility.
HN make it so!
Does that mean we'll sprout a generation of "Legal SEO" lawyers that try to game the algorithms ? :-P
https://tosdr.org/en/frontpage
https://www.thewindowsclub.com/summary-of-terms-and-conditio...
And elsewhere in this discussion is a list of prior such discussions that might mention others (you could Ctrl+F for my username here to find it, I replied to the list).
Also possibly of interest, though I haven't even read their site carefully: https://stonecutters.law/
They say "Stonecutters publishes legal forms and clauses for other legal craftsmen to incorporate by reference."
Tbh I don't find tos very hard to understand. They are akin to programming for the law. And generally speaking they just tell you what you should already know about the terms under which you use the service, so that you can't sue the service for absurd things.
For the sake of demonstration, I just went and read the first seven sections of Personal Capital's TOU. Not a single surprise in there, so far. To give one example, section 5 just says that for the sake of displaying the information you are agreeing that personal capital can retrieve on your behalf, personal capital has your authorization to act legally on your behalf. This is to prevent some idiot from suing them for fetching account info that said idiot inputted into personal capital. Another section says, hey, we aren't responsible for mistakes you make with your investments, even if you base your decisions on the information we show to you. Which is a perfectly reasonable thing as well -- you literally could not run a service like this otherwise.
Reminds me of a recent change in the privacy policy of my bank, it spends pages and pages talking about "getting my consent to use my private information" in all sorts of contexts strongly implying they will ask me before selling off my information, then later, in a different part it defines my "usage of the service" as consent for them to use said info.
Well that's when you get a lawyer to review it for you. I realize there is a cost involved here, but when you're talking about something like this it's usually well worth it - if only to know exactly what you are agreeing to.
> throwing caution to the wind
If people were regularly burned by these legal documents then maybe, but I expect that literally nobody or their friends ever had any issues, so most people will accept that that applies for them too.
That's why documents written in legalese always define the words used before they start using them. At least in the U.S.
In Germany it is even considered another language, kind of.
https://de.wikipedia.org/wiki/Verwaltungssprache
Which kind of translates into Officialese as per Wikipedia.
Defining words is not enough, the grammar and sentence formulation are also very convoluted in regards to the common language.
Simply from my own experience in dealing with U.S. legal documents, specifically U.S. law, it is usually enough to Google the terms and understand the meaning. If the phrasing is convoluted to the point of needing Academics explain it, then it's usually defined by a court ruling on its meaning.
Terms of service is generally easier to read because it's more simplified and typically doesn't use Latin or existing legal language that is uncommon to the layperson.
Of course, this is still in the context of U.S. law and the English/Latin language.
Unfortunately it isn't that simple, that only works for very basic documents, imagine a 50 A4 page contract written that way.
Can you provide me with an example?
A car sales, or a house rental contract.
Both can be around 20 - 50 pages long, all of it written in such language.
I meant a literal one. A link to an existing document. I cannot seem to find any.
Happens in doctors offices too. Now I try to request all paperwork in advance so I can read. At one (where I thought highly of the doctor who seemed very kind and competent), 2 people in the front office insisted to me that the "other document" to which the main one referred and said I was also agreeing was the same document that had the reference. After I refused to sign, one left and the other made a phone call to find the real "other" doc.
I think (though am not an attorney, so not sure what a really honest, articulate, kind one would say) that if attorneys who wrote these long, difficult agreements applied honesty and the Golden Rule, they would start reading them themselves more often in general life, and they would word them so that their target audience would have an easy time understanding them, etc etc. But the executives have other things on their minds I suppose, and don't push for this (or care...?). (maybe this is one of my pet peeves--sometimes I wonder if it just makes life harder for honest people). But I still think being honest and kind is totally worth it in the long run. Wrote more elsewhere on that.
Last time I went to urgent care/the ER, I was told to sign an electronic pad repeatedly, and no document was provided at all, on paper or screen. It was just verbal, sign for this, sign for that.
Yeah. Maybe they get used to the majority of patients who don't want to read things, and systems even reflect that. I watch the displayed fine print just in case it actually says something, but maybe I should ask more questions.
Once when at a nearby hospital to just get a blood sample drawn, the documents to sign including those by reference were ~11 pages. Fortunately they weren't busy, & I tried to apologize for taking so long & explained I felt it was a matter of honesty to know what I was agreeing to, and they printed things for me and let me cross some of it out. But I found that another nearby hospital system (a regional nonprofit w/ good reputation) had a 2-page agreement, and I go there now even though it is slightly farther for us. (It unfortunately seems like on medical stuff, it helps to get as much as possible covered before the visit, also for financial questions, making sure everyone is in-network etc etc, so I am now trying to remember to ask for everything in advance sometimes.)
I think part of it is coming from a country where any ‘unreasonable’ or ‘unfair’ conditions will almost certainly be considered nonapplicable in court (if it ever came to that).
Same. I’ve never seen anyone balk. If anything it shows attention to detail.
When I have pushed back on the same topic, it usually is met with negativity. I believe recruiting and hiring staff have some incentives to treat you like you’re crazy if you want special provisions or need clarification on complex terms.
In my career, I’ve negotiated
- a severance package in my offer letter from a company that said, “we don’t offer severance packages as a matter of policy.”
- a sign on bonus from a company that said, “we don’t offer sign-on bonuses as a matter of policy.”
- a longer expiration period for startup options, as well as partial acceleration of vesting in the case of a significant liquidity event, from a company that said, “we can’t modify our standard equity agreement papers.”
- immediate full vesting of matched 401(k) contributions from a company that said, “our policy is that matched contributions only vest after 1 year.”
- ability to expense my own Linux workstation, which I could keep, in the offer letter, from a company that said employees are only allowed to be issued Mac laptops.
- explicit extra section in the offer letter stating that any IP created by me using only my personal equipment and personal time was my sole property and was explicitly not subject to any part of the employee handbook dealing with ownership of IP.
In all these cases, the conversation usually started out with me being gaslit about all this being impossible or my expectations being crazy. But after sticking to my requirements, eventually it normalized out into a sincere discussion.
I should add, all these examples came from very large companies except for the case of the options expiry and acceleration.
I also gave a hard “no” to many companies over the years that wouldn’t negotiate on topics like these, and I can say I don’t regret it one bit. There’s never been a case where I said no to a job offer over inflexibility on all these topics and then later regretted it.
How did you do this without scaring the hiring manager? Assuming the hiring manager has to vouch for you to their bosses to get the negotiated terms, you must have a very sought after skill set?
Or is this purely negotiating with HR and/or legal for contract terms concessions without hiring manager as it doesn't come from their budget?
The first thing you have to realize is that the hiring apparatus in the company is bureaucratic. They aren’t scared, mad, judgmental, whatever. They are going to be thinking more about what’s for lunch and whether they can cut out early next Friday than about your candidate profile or negotiation.
As long as you are polite but firm, they aren’t likely to think anything. They’ll just figure they either like your profile and want to work with you, or they’ll figure they know they can’t meet your requests.
Always present flexibility even if you aren’t actually flexible. In theory, if they cannot give a severance package, maybe they can give a much higher sign on bonus, or something else you want. Let them know what’s important to you, but that if there are other ways to address what you’re looking for, you’re open to hear it and think about it.
Once you’re at the stage of making concrete requests, don’t be vague and don’t accept vague alternatives. Always ask for concrete alternatives and once it is stated, always take time to think about it offline, always. That way if you decide you’re not actually flexible, you have breathing room to process your decision and respond.
You should also project confidence about your worth and why you are asking for something.
For example, for negotiating a severance package, you should be very clear about it. In my case, that mattered to me because I was relocating to a new area and at the same time I was switching from individual contributor to manager. I felt the risk of the local job market for an inexperienced manager was high, so if the company I was joining would have restructuring or sudden cuts and I am laid off, the money to float myself in the new region would be high. To feel comfortable about this, I just wanted to know for sure if that kind of change was coming, I would have X months of salary as a cushion.
If a recruiter or hiring manager is too immature to appreciate this as a sincere concern / request of a candidate, and would punish me just for asking either by acting like severance is a taboo way to protect insecurities of being fired or acting like I’m a prima donna, well that makes the decision to walk away pretty obvious for me.
The main thing is just remember they don’t owe you any special features in a job offer and they absolutely won’t offer them unless you ask and make it clear it matters to you.
But you also don’t owe them anything either, certainly not any expectation about being “too fussy” or “scaring” them. Nobody’s going to look out for what you want as a candidate except you.
As long as you’re polite but firm, and you make clear asks and require clear commitments, you should feel completely confident asking for anything you want. Whether you’re willing to compromise or you need to say “no,” you’ll be doing yourself a big favor.
Do you mind if I ask what you do exactly? It would be interesting to know whether:
- you have a specific skillset and experience that give you a negotiating position not enjoyed by most, or
- most developers are significantly underestimating their negotiating position
Some of those negotiations seem like a pretty hard bargain (can they give different 401k vesting terms to some employees and not others?), but your position when you've got an offer is pretty strong.
They've invested a significant amount of time finding you, and assuming you're good at what you do, it's going to take a lot to find another acceptable candidate.
Nobody wants to have to report that the candidate didn't start because of something relatively minor, so restart the hiring machine.
Just out of curiosity, what happened if you declined to sign? You flunk out of the course? Reading the TOS is pointless anyways, when declining them is very problematic for you.
I really don't know what would have happened. There was nothing worth objecting to, though it was certainly worth reading to understand the boundaries while accessing their system (i.e. it was for course use). Even if there was anything objectionable, the student may have to drop the course (rather than flunk it).
Overall, I view blindly signing ToS as the foundation for the situation we see today: these agreements exist in cases where they probably should not or include terms that are increasingly detrimental to the recipient. There is a bit of a difference between outlining the rules for accessing a service and granting a service the right to sell your data or stripping away avenues for legal recourse.
In university, I was involved in a situation that still haunts me. We had a couple Linux servers allocated to our multi-year project design team. I ended up as de facto systems admin.
One of the younger team members asked me if he could use one of the machines to compile homework for another course. Given that the machine wasn't critical, I said certainly! (Applauding his initiative)
A week later, the department sys admin sends me an email, noting our server pegged cpu and men utilization briefly and asking if we required additional resources.
I responded, laid out exactly what happened (omitting the student's name), thank him for the attention, and tell him we don't need anything.
At which point he drops me from the email chain, writes to the professor in charge of our group (a guy doing some really interesting stuff in AUUVs, and only teaching undergrads out of the kindness of his heart), and launches into a tirade about students abusing system resources, unfair advantages, violations of the honor code, academic integrity cases, etc.
After discussing it with my professor, I send the admin an email apologizing for the misunderstanding, will make sure it won't happen again, and would appreciate if he raised concerns with me first next time.
To which professor receives another email about "not letting students contact him about faculty matters." My prof told me to stop emailing him, which I wisely listened to. The student's name was never shared, and no actions were taken.
But my takeaway was that kid almost had his academic career (and potentially his future) trashed, because someone decided to get a bee in their bonnet over an interpretation of rules.
... As a happy ending, I happened to know the BOFH in social circles outside of academia (doubt he linked me to my school self) and subsequent to this interaction his marriage collapsed, he moved to his farm, and eventually left university and took up an in depth study of the copious and frequent application of alcohol. Couldn't have happened to a nicer guy...
> To which professor receives another email about "not letting students contact him about faculty matters."
This is the part of the story where I really did a double take. This sys admin originally emailed you about cpu utilization, right? It's not like you didn't have their email or hadn't been in contact before.
What you are describing is a contact of adhesion. https://www.law.cornell.edu/wex/adhesion_contract_%28contrac...
I don't think reading it is pointless, even if you are very likely to accept all but the most draconian of terms. You still need to know the rules, otherwise, you may inadvertently break them, which could have very harmful consequences.
Yeah, too many times you don't get to read the TOS of something until after you've already signed up/paid.
I'm sure you could bring up legal action, but everyone knows that's cost prohibitive...
I had a quiz in middle school where the end of the directions said to ignore everything and put down your pencil. Really wish all schools taught this.
It’s good training for test taking in general. Read every question before starting. Then solve the ones you find easy first.
Many people are “bad at tests” because they get stuck on something, panic, waste all their time and then blow the test.
I used to do the opposite, start from the back where the bigger/harder questions where when I was still fresh, and work backwards(?) to the easier questions with fewer points. Agree that leaving a question half finished with enough space to come back to it and finish it is also a good idea, instead of getting stuck and demoralised.
In any case, I think it's fair to say that reading all of the test, thinking about how you want to approach it, and not just blindly following the ordering provided is going to be better than a naive approach - no matter what ordering is chosen.
Indeed - just make sure you read it all first and then solve whatever you find most comfortable solving.
For me I found that doing the ones I knew immediately how to solve first and then going back to the ones I didn’t quite get at first made those easier when revisiting. I think maybe getting my brain into context made referencing that information possible and possibly by reading them and moving on, it gave my brain some time to begin processing them. No idea though.
Same idea applies to IKEA assembly. Read all the directions first.
I had a similar quiz. I never really liked them because it always bothered me why I was expected to follow the last instruction first, regardless of what it said. Even if it said to ignore the previous instructions, I would only be following it once I reached it, which would mean all other instructions had been followed. Nothing in the initial rules that said to read all instructions gave any indication that one should pick and choose which instructions to follow or that you should do them in reverse order.
Perhaps this was the moment when I first started the path to being a programmer.
> I never really liked them because it always bothered me why I was expected to follow the last instruction first, regardless of what it said.
Well then you should be bothered by lots of legal documents/terms of service, many of which say...
"blah blah blah. if you live in california you have specific rights"
A friend told me of a lawyer he knew that would cross out the binding arbitration clause in all legal documents he signed. In california you have the right to opt-out of binding arbitration.
So the last bit of many documents frequently nullifies other things above.
> I never really liked them because it always bothered me why I was expected to follow the last instruction first, regardless of what it said.
I had a similar one, in fairness it started with something along the lines of: "read these instructions completely before you start".
Yes, but you still start with the first instruction.
It is like a function that changes behavior after the first time in executes. The first execution will still do what it says. You have to explicitly call out that you want the last step that modifies the previous steps to be ran first.
It is like when I help someone learning to code and they question why their statement on line 30 doesn't change what is happening on line 15.
It's the same thing with leases and technology.
This apartment has smart home things (hub, A/C, smart lock) that's controlled through a mobile app. The lease says you're responsible for supplying the internet for the devices and calling the company when the app or devices are not working, but the apartment complex insists they take care of it (they really do, they didn't lie). But there were no solid answers on why this section was in the lease and it was completely false as I haven't had to support or provide internet for any of the devices.
This led to: "I don't want to support it, I'd rather remove them and just use a physical key" but they weren't able to remove them, nor remove the section from the lease.
I get it, they aren't lawyers, but it's weird when you read it and realize how different things are in the real world compared to some of the agreements we all sign (completely the opposite, in this case). If it came to it, I have no doubt I'd still be held to the terms of the lease though.
When I went into sing my Mortgage Loan, the officer pointed at the X's and said "sign here, here, and initial here, here, and here"
I then turned to page one and started reading.
The conversation that ensued, where they tried to get me to sign without "wasting their time" was amazing. I get I'm unusual for wanted to read what I'm signing, but I can't have been the only one. I do suspect I was one of the rare ones that they couldn't bully into signing quickly.
I do the same kinds of things, but sometimes it helps warn them in a friendly way before scheduling the appointment. :) Often, I try to request the papers etc in advance, to make it easier on all of us, then I can take my time, ask questions, etc.
As I said, it was a bizarre conversation. I did ask if I could reschedule if time was tight right now. I totally get it if they had an appointment, even something not work related, that I'm putting at risk.
They were having none of it. It's possible I just got a jerk.
Yah, it is hard. Sometimes I thought afterward that I was a jerk (or someone else was). Live, learn, practice as we go sometimes. Frankly I applaud you for efforts at being honest and reasonable at the same time -- it is not a skill we are born with, it would seem...?
My instinct in that situation was to talk to the person about what I was reading when I felt they were getting impatient. Not let them have a conversation about hurrying up.
A mortgage is a lot of money, how can so many people not be reading them?
They are worried they won't be lent the money and the purchase will fall though.
I was kind of hoping that this was going to end along the lines of “I was actually studying law and the professor then called us out on the importance of reading contracts that you sign, and proceeded to list all the ridiculous things we had just agreed to”.
Too bad.
I knew a pleasant fellow, a FLOSS maintainer somewhat well known at least in his niche, who provided wifi to neighbors, but they had to click through an agreement first. Only one read it. Buried in the text, experimentally, it said they had to give him all their possessions upon request. (He isn't the type to do it, but wanted to know who read it.)
What about objecting and still participating?
If a website knows I didn't really read a contract, can they claim I am bound by it?
I like to hope that the time-spent-reading is logged somewhere. Should it come up in court, Website.com would be required to disclose their logs which would show that I spent all of 1.35s reading their terms and conditions, most of which was spent scrolling.
Another puerile hack of mine is to sign a document with the name "I do not agree" and then press accept, and see if they agreed to let me use the service anyway.
This is why they’re non enforceable in a real court. If I put the rights to your inheritance in a tos no judge is actually going to enforce that, because no one would reasonably sign that away for access to a website.
In reality only things which you would reasonably expect to be in a tos or privacy policy could be enforced, given 99% of users don’t read them, or understand them.
Luckily they don't end up in real courts, because corporations go for mandatory arbitration nowadays.
IANAL, but it seems like I have read multiple times (incl. on HN discussions, maybe by a lawyer) that such agreements are in fact enforceable in real courts, at least in the USA. I read many years ago that in the 9th circuit one provision was struck down, that the user was bound by any changes posted online w/o notice, but I don't know the status of that anywhere now.
That sounds like how you wish the works worked vs how it does. Are you aware of a single court case where a judge dismissed it on those grounds?
I don't know about US law but at least in Germany it's really like pointed out.
There is a law governing TOS terms, and it says among other things that the TOS can't contain unexpected und unrelated terms.
So if you write for example into the TOS governing your website something like that every visitor owes you 1000 bucks that won't be enforceable.
The TOS related legislation is nothing new. It was there already in the analog age to prevent companies form tricking people into signing inappropriate contracts.
I don’t think time spent would matter if someone took the deliberate action of clicking “Accept.” It’s like arguing that you didn’t read a contract before you signed. You still signed.
I’m not arguing in favor of TOS. I just don’t buy this.
The “I do not agree,” method reminds me of the tactics of “sovereign citizens.” They try to game things via highly specific language. People think they can loophole the system, but still get snared. SCs still go to jail.
My take is that if one party to a contract does not have a reasonable expectation that the contract was read by the other party, the contract should be invalid.
People need to know what they’re signing. Imagine if a celebrity was signing a bunch of autographs for fans, and someone surreptitiously stuck a contract under their hand. We can agree that wouldn’t be valid, right?
You deliberately chose not to read it. Why should you then be allowed to use the service AND claim not being bound by the terms?
(And yes, I think german law has the right principle there: clauses which are "unexpected" to an average consumer are invalid with consumers (different in B2B context), thus risk as consumer is low when blindly accepting)
>Why should you then be allowed to use the service AND claim not being bound by the terms?
It is like a child signing a contract. The child isn't bound to it, but the other party is. In this case, a corporation attempted to use an extreme disparity in knowledge and power to take advantage of a much weaker party. The disparity is larger than that between an average adult and an average child. As a consequence of this, it seems just as fair as in the case of contracts signed by children.
>It's like a child signing a contract.
I don't know if I'd go that far. There's a whole class of laws around protecting children (two quick examples here in the US: age of consent; being tried as a minor vs tried as an adult) because the reality is that, in general, children are easier than adults to exploit. I mean, I convinced my nephew over the holiday that eating all his broccoli was like doing extra credit for Santa Claus, so it would cancel out the naughty action of eating one of the cookies he put out for Santa.
Saying that an adult agreeing to an unread ToS is unenforceable because we don't hold children accountable for signed contracts is plain nonsense.
Our current law makes a sharp divide between children and adults, but I think when you ignore the current law and instead look at the reasoning and the data we have, the comparison is pretty sound. The gap in knowledge and domain specific reasoning ability between the average child and adult is smaller than the gap between the average adult and a corporate team of lawyers. While I think that is already a sign the issue needs to be considered, we have corporations exploiting this knowledge gap to their advantage. There are also many countries have recognized this as a problem and have developed different attempted solutions, such as creating limits on what sort of contracts can be enforced.
So I do not see how the overall idea can be dismissed as nonsense.
That's fair, I'll concede that.
The Child is assumed to be unable to sign a legal contract.
You are able and chose not to. (Unless maybe you have a mental disability and then some caretaker)
Serious contracts are witnessed or, better, notarised. These witnesses attest to the good faith involved in the signing ceremony.
Accept button clicking is not witnessed. Any contract so-signed should be good for all of $10 worth of dispute. No more.
Assuming that became a law: I now need to get witnesses to me checking a box to use some software? What’s to stop me from just being my own witness under a fake name? I get the explosion of TOS contracts are stupid and need to be fixed, but we can’t just be crazy with fixing it.</rant>
Why should you need to sign a TOS in order to use some consumer software? No, what would happen is TOS's would go away for everything but high-level professional software.
Websites with accounts all have TOS because they need some legal recourse to boot you from their platform. The TOS lays out what you are allowed to do on the site (in addition to other things). That’s not changing no matter what you (or I) wish would happen without a massive change in how the legal system works in America.
I just don’t think this is a real problem. Restaurants and theaters can kick me out be being disruptive. Websites can ban ip’s used in DDOS attacks even if the user never actually visited the site and thus could not have seen a ToS.
Without ToS’s companies might have to spend some small amount of money on court proceedings they would prefer to avoid. A portion of those lawsuits may be worthwhile.
Actually signing a contract doesn't begin and end at a signature. It requires a meeting of the minds, which the signature is meant to represent. A contract without a meeting of the minds - such as a contract presented in a context coercing the counterparty not to have an attorney parse it for them - is invalid, signature or no.
time spent doesn't work because it's only loosely correlated to the actual behavior they're trying to track, which is to read the tos. reading is not even perfectly correlated with understanding the tos, which is what we're really after.
this type of mistaken logic (loose correlations taken as tight ones) is everywhere. it's so common to look for secondary characteristics that can stand in for the desired one. and that's often how we get unintended consequences.
> You still signed
Prove it was me that signed. Prove it was me that clicked accept.
In order to access the service you need to register. The registration form would not allow you to register without accepting it. They only need to prove that you indeed access the service. That doesn't seem too hard to prove for most services out there, or at least the most popular ones.
It's not really that cut and dry.
- They need to prove that "you" accessed the service, not somebody claiming to be you, somebody with the same full name and rough location as you, etc.
- Websites are often pretty bad at actually requiring ToS acceptance to register. The fact that you've accessed the service doesn't necessarily imply you've accepted anything.
- Even if registration is ironclad, accessing the service won't prove you agreed to any particular version of the ToS. The ever popular amend-at-will clauses never hold up in court, so you really do need to know which version was agreed to.
- ToS are often presented coercively. Maybe you've already signed a lease and moved in, but to actually pay your rent you need to accept an additional one or more third-party ToS because the landlord doesn't accept cash or checks. Maybe you've already paid for your vehicle registration, and after the cash is removed from your account you're presented with additional terms that need to be agreed to in order to receive your tags. Even if you've agreed to some specific contract, that kind of coercion can invalidate the additional terms, even though the party whose ToS you agreed to might not have known about the coercion.
I think you missed the point. They can't prove it was him actually filling out the registration form, only someone from some IP address at a specific time. They can't prove the person who logs in using that registered username/password is the same one that accepted the TOS.
ToSes are mostly useless. They generally contain a line that indicates the terms can change at any time and you accept them by continuing to use the service.
I guess you'll need to convince the judge that there's reasonable doubt that you did not create the Facebook account that you use and that you were unaware of the ToS and not acting in bad faith. Not saying it's impossible, but it's not as difficult to enforce the ToS as it has been suggested. They are certainly not useless.
They are useless in that reading them is pointless since they can be modified and/or enforced arbitrarily. If you violate the ToS, the site might kick you off. If you do something the site doesn't like, they can change the ToS and kick you off anyway.
I often don't even read what's written on the button? Am I lefally accepting something even if I'm just cliking buttons randomly to make anything useful happen in your app?
If you randomly clicked the accept button before you realized that is was asking you to agree to TOS, can you get back to the terms? I just realized that 99% of the sites that have TOS do not send me a copy of what I just agreed to or have anyway to get back to that screen. In most other circumstances, both sides of the agreement receive a signed copy for their records.
actually, this is a great detriment to every form of established contract law as we've trivialized what it means to establish a legal contract. Easy com, easy go.
A contract requires consideration, and a meeting of the minds. If you can't even request a change to the terms for your agreement, it isn't a spiritually valid contract. It's the difference between actually being prepared to negotiate, and making an ultimatum. ToS's are often presented in the forms of ultimatum's with no alternatives. That I do not accept.
This will depend on your specific jurisdiction but just to give you an example of the law in Germany (which I expect to be similar in other places, especially in Europe where a EU-regulation was created on the basis of the German law):
Terms of services ("Allgemeine Geschäftsbedingungen" (AGB)) are pre-formulated clauses that one party introduces into the contract without giving the other party the possibility to object to or at least negotiate these clauses.
The ToS are part of your legal contract with the other party, regardless of whether you read them. One example of ToS could also be the house rules in your local gym, which possibly weren't even handed out to you but instead they are up on a wall somewhere near the front desk. The important thing is that you need to have the _possibility_ to read them (if you are blind they will need to make sure there is a workaround). Depending on the circumstances the obligation to make sure that you are aware of the ToS can be more strict.
The important caveat to using terms of services as a company is a strict content control. § 307-309 of the german civil law define certain things that you cannot possibly put in your ToS. And if a company still does it, a Court will not try to interpret the rule in a favorable way for them, they will strike it out completely. (no "geltungserhaltende Reduktion")
Examples of content control include that when buying something it is impossible to sign away (some of) your rights as a consumer for a faulty product. But there are also some "catch-all" clauses in there that will check whether parts of the ToS placed an unfair burden on you as a consumer.
ToS can also be void if they are unclearly written.
Edit: Signing with "I do not agree" is an interesting approach and sometimes these "hacks" can actually work in Court. That being said, it would probably not hold up. Pressing on "accept" is not somehow invalid just because you said so somewhere else.
Off topic but an interesting example of a similar hack is this case of a man changing a pre formulated contract with his bank which they send to him first and then signed it when he had send it back to him. https://www.themoscowtimes.com/2013/08/14/man-who-outwitted-...
Thank you. This was fascinating.
Re: I do not agree: the only way my sophomoric hack might ever actually work would be if I argued that clearly the website’s didn’t bother reading my contract response — if they had they would have correctly interpreted my actions as meaning I didn’t agree to the terms.
But then I went ahead and used the site anyway. Someone who didn’t agree to the terms would never do such a thing. It is a very silly idea of mine.
This article is about a plug-in that recognizes TOS agreements and summarizes them for you. I've often wondered if it's feasible to create a plug-in that recognizes TOS agreements and clicks the Accept button for you.
It should also make a record showing that you never saw the agreement and did not click the button. Maybe it could aggregate these records to show that for a given website there are thousands of users who have never seen the TOS.
Given that most people seem to think these click-through agreements are already pretty weak from a legal standpoint, I wonder how much more it would take to make them completely worthless.
For those reading, be aware that while signing "I do not agree" is borderline fraudulent, at least it's not clear user impersonation ie identity theft.
There are people who do similar things but sign "Daffy Duck" or even "Barack Obama". Someday they'll be in for a surprise visit.
Not true at all. No one is coming for a visit ever.
You could be known as Daffy Duck or Obama or call yourself that. There is no legal requirement to use a legal name.
What sites do if a legal name is required is to require a credit card and get the info from there.
Clicking,I do not agree is not borderline fraud. Turning off javascript and not getting a tos prompt is not fraud either.
I think disabling javascript could be considered hacking the software.
Intent might matter a little. I wouldn't be surprised if disabling JS for the purpose of bypassing an access control falls afoul of the CFAA but intentionally browsing the web without JS (e.g. via lynx) does not. If that were the case, they'd have to prove that you intentionally circumvented their access controls.
Moreover: signing as “do not agree” and then using the service anyway is about as clear-cut as an abuse-of-service can be.
Aka “wire fraud”, if you’re a DA.
The best thing to do is to send them by snail mail a printed copy of their ToS with the changes highlighted that you'd like to suggest, accompanied by a friendly letter stating that they are free to send you back their suggestions for further negotiation and that no further action on their behalf is needed if they accept the suggested changes.
But would this hold up in a court?
It should be fairly easy to do this with something like Hotjar. Although I'm not sure if it is legally feasible to do it without the user's consent, especially in Europe.
You'd just have to agree to the agreement to be tracked first.
Though, GDPR stipulates that if it's a legal requirement for the service to work (which is the case) then it's not required to log visitor approval.
The way website.com will start dealing with that, is to block end users to spend legally minimum amount of time on ToS.
That won't work. The real answer is to make it 100 words or less.
Then they will lose users, though.
Would’ve been my thought too. Yet look at what happened to EU GDPR cookie rollouts.
Those only take a few seconds. We're talking about at minimum a solid five minute blockade—and I would posit it really needs to be a couple of hours or more, given the length of these agreements.
If a TOS is important enough to a company that they're willing to impose a two hour waiting period on customers, I'd say that's their prerogative. It would likely be effective in getting many users to read the agreements.
Here's a case between Uber and a blind person [0].
TLDR:
- Someone is suing Uber for discrimination because drivers didn't allow the person's guide dog in the car.
- Uber's terms state users can't sue Uber and must go through Uber's arbitration process
- Uber's terms were presented in the "By continuing you agree to these terms" fashion
- Person claimed they never agreed to arbitration and that they should be allowed to sue Uber, and a state court agreed
> But the broader impact of the ruling is to put companies on notice that they can't bind users to restrictive terms merely by linking to those terms somewhere in a site or app's registration process. In order to create a legally binding contract, a tech company has actually put the terms in front of the user and get them to affirmatively agree to them.
[0] https://arstechnica.com/tech-policy/2021/01/court-says-uber-...
California allows you to opt-out of binding arbitration at the time of signing or for a period after signing.
That’s actually part of the Federal Arbitration Act; It’s not specific to California. However, California’s labor laws do have some restrictions on arbitration in the workplace.
Yes, as long as they make it a required step. It's your fault if you choose to not read it.
Too bad the parent was down-voted. IANAL but I think from other reading that it is correct at least in the USA. I think if one does not read & agree, it is dishonest to say you did.
I am curious if there is any legal doctrine on this in any part of the world.
In most EU countries ToS are pretty much void anyway because they tend to contain frivolous or illegal clauses. For example, a ToS is void in the EU that limits the consumer's rights for legal action in any way.
Here is a list of unfair contract terms that will likely cause an EULA or ToS to have no legal binding at all:
https://europa.eu/youreurope/citizens/consumers/unfair-treat...
In Turkey the precedent is that not only ToS'es and any kind of pre-written contracts have to be fair by law (ie punitive measures for the customer while there is none for the firm will simply be thrown out by the court) and not include any unexpected conditions. Some time ago, the higher court ruled in favor of a guy who simply claimed he didn't read the long contract and the unexpected conditions shouldn't have been enforceable.
Also all consumer disputes below a certain amount have to be resolved by consumer referees, so no binding arbitration clauses here either.
You could skip steps on some systems, put in null values, click yes get the next link and remove approval.
There is no legal requirement you agree to use the service. The system may prevent access but that's not a legal requirement.
Previous discussions:
– https://news.ycombinator.com/item?id=15031020 (2017)
– https://news.ycombinator.com/item?id=9678357 (2015)
– https://news.ycombinator.com/item?id=8394144 (2014)
Thanks. Also it seems: https://news.ycombinator.com/item?id=16885000 (2018)
Ages ago I installed a shareware product. And it also had a scrollable "terms and condition" screen (about 2 pages long) when starting it for the first time. When you clicked the "I Agree" button too quickly it would ask you "Do you really agree to the terms you read in only 0.76 seconds?"
If there is an acceptance screen anyway, is there a reason not to tie this to actually reading the terms? Please consider the following idea:
The installer presents the end-user license agreement (EULA). Immediately following it, it presents a multiple-choice quiz that asks questions about core parts of the EULA, such as permissible use, cancellation, refunds, jurisdiction/arbitration.
The installer then contains all the files to be installed. They are encrypted with a key that is composed of a hash value of the correct answers to the above quiz.
In this way, you could tie together whether someone reads the EULA with the possibility of performing the installation at all. This, in turn, causes successful installation to act as implicit proof of having read the terms. The order of the values must be randomized to prevent transmission of correct answers by index number only.
Let me try translating this into a different scenario:
You are at home, and want to go shopping.
Your door only lets you out if you correctly answer some questions about the most recent changes in the law of your state.
Are you not a lawyer? Well tough luck, order your groceries trough Amazon then..
“The door refused to open. It said, “Five cents, please.” He searched his pockets. No more coins; nothing. “I’ll pay you tomorrow,” he told the door. Again he tried the knob. Again it remained locked tight. “What I pay you,” he informed it, “is in the nature of a gratuity; I don’t have to pay you.” “I think otherwise,” the door said. “Look in the purchase contract you signed when you bought this conapt.” In his desk drawer he found the contract; since signing it he had found it necessary to refer to the document many times. Sure enough; payment to his door for opening and shutting constituted a mandatory fee. Not a tip. “You discover I’m right,” the door said. It sounded smug. From the drawer beside the sink Joe Chip got a stainless steel knife; with it he began systematically to unscrew the bolt assembly of his apt’s money-gulping door. “I’ll sue you,” the door said as the first screw fell out. Joe Chip said, “I’ve never been sued by a door. But I guess I can live through it.”
― Philip K. Dick, Ubik
The idea behind a checkbox is that it’s an affirmative. You are stating that you did read them. And as long as that checkbox was unchecked when you opened the page, that’s enough.
However, your idea of an installer is novel. The problem is that it adds friction to the install process than would turn many users away.
My favourites are the boxed games that comes with "If you break the seal you agree to our terms that you can read inside the box" style of agreements. Those are ofcourse not valid though so not a problem.
I have seen a few that forced you to at least scroll down before unlocking the accept button or included a thirty second countdown to keep you from clicking through.
The problem is more that every single piece of software and website and such did this and required you actually read it you would get nothing done all day but read agreements. I think the issue is the very need for all these agreements to begin with, we all know almost no one reads them.
I did for a while in the beginning but now its just too much.
That’s indeed a fun implementation. Most of my shareware memories consist of dark patterns and purple gorillas.
I think we need some universal standards for ToS. The same way we have some visual rating signs for movies and video games. Most of it should be regular and easy to categories. And there should be a separate rating for how many irregular terms are in there.
I’ve been chewing on an idea for a while around programmatically handling license agreements, basically each clause is checked atomically, with flow logic as necessary. You could have a personal profile, possibly multiple, of things you’ve decided to accept or reject beforehand, and the anomalous clauses would be presented as a list to review. Providers would have an incentive to reduce the friction by limiting scope to what’s actually required, not just what they want.
With wide enough support, a couple of benefits would be nefarious and malicious components would get highlighted quickly, and it could serve as a feedback channel from consumers to suppliers on why an agreement was rejected.
Ultimately, the power dynamic needs to be recalibrated.
So the idea is a form with a checklist?
That’s one major function it would provide if clauses were included which weren’t covered by the pre-populated profile.
A core component would be standardising clauses so they could be handled individually and automatically. If you’ve already answered the clause, and the parameters (time spans, quantities) were within the range you’d set, it would be ‘green’ and could be hidden. Clauses which you had answered but are outside your criteria would be ‘amber’, and unanswered clauses would be ‘red’. As you process more agreements, your can save answers to your profile so the process becomes more optimised over time.
Ahh, okay. That part didn't stand out to me in the initial description. So, like, a Common Application for ToS agreements, right? One ToS to rule them all, and one ToS to (legally) bind them.
One concern I'd have is that the level of access I'm willing to give websites isn't always universal, even within the same category. On the other hand, there's some things I really just don't care about and whatever website can help themselves. Just something to consider.
I’d see the option to maintain multiple profiles if you so desire, choose what level you’re comfortable with per instance. The key is that the clauses are subject to individual scrutiny.
Another component would be the ability to rigorously diff agreements as they change, only those components that change or are in some way dependant are presented for attention.
We tried that for Privacy Policies with P3P (https://www.w3.org/P3P/) and we failed.
This is fascinating, I didn't realize there was a spec for this for the web.
But this begs the question: Apple Privacy Labels "caught on" because Apple has unilateral control to enforce them in the App Store. If ostensibly the same idea for the WWW did not catch on, is the problem (1) the lack of enforcement/economic incentive mechanisms on the decentralized web or (2) that consumers really didn't care/know enough to create/enforce such free market incentives?
I would say both, and a bit more besides. I would say that the big players are actively disincentivized from supporting something like this.
Did it fail on its own or was it helped that way? I can’t imagine any of the big players that drive a lot of the standardisation would be too keen on this ...
Yeah let the lawyers argue over what the pictures mean and let us normals just have little pictures.
Yes, this is great. Similar to how app permissions work on iOs.
A centralised service that tracks all your tos agreements and changes would also be great. It would make things easier for developers as wel
It's all farcical, but it's pervasive because of the lawyers I guess. Even a supposedly design-first-consumer-friendly company like Apple has walls of tiny text to scroll through.
If only Terms of Services could be upgraded to:
1. A simple, plain English/local language explanation in bullet points of what the software will be doing. Like how you would explain it to your parents.
2. A link to the legalese, so that covers the legal requirements?
If I recall correctly, Stripe is one company whereby the Terms of Service tries to explain things to you clearly. That's certainly a start, but this would be an interesting thing to improve on and solve. Maybe a GPT-2/GPT-3 application? Tell me simply what this block of text means?
> Even a supposedly design-first-consumer-friendly company like Apple
The company that actively misled consumers about the EU wide minimum two year warranty, sold it separately as extended warranty and finally placed the court mandated correction on its home page just a bit out of sight.
If so called "consumer friendly" companies had to write a honest guide to social interactions it would start of with a chapter on the benefits of rape and pillaging.
The problem is the entire point is to hide all the nefarious things they can do with your data. Plenty of open source software has really straight forward agreements based on common terms but they can do that because they aren't working out scary ways to utilise your data to make money from you.
Yes, like we do with Creative Commons or FLOSS licenses, so you don't have any reason to read them more than once or occasionally. Whether somebody. Maybe something like the uniform commercial code, in the USA. That would be a nice contribution by some organization.
Even if only some sections are standardized and others not, that would be a comparative win. Maybe an "exceptions/additions" part.
Edit: also, there are some few sites I recall that summarized terms and/or pointed out problematic parts, to help someone who cared but didn't want to read them all. I might be able to hunt up (a) link(s) if desired.
What I do currently is read them once, mentally note the date displayed, save them, and when they change, use a short script to make it easy to see differences (uses fmt to make lines to shorter first, and get sometimes fewer differences that way). Sometimes I have pushed back and contacted the organization, or just not used them. I wrote a bunch of complaints about this kind of thing, at my site -- it takes us further down the slippery slope of saying things we don't mean to each other, habitually, which is sadly dishonest IMO.
For reference in case useful, though I haven't even read their site carefully: https://stonecutters.law/
They say "Stonecutters publishes legal forms and clauses for other legal craftsmen to incorporate by reference."
Yes, this is a big problem. In fact, in May 2019, I mad a semi-serious post about it (https://notdaily.com/blog/2019/05/05/you-are-a-liar-yes-you/)
My major concern is the normalization of lying: the craziness of "I have read and accept..." makes liars out of all of us.
So I applaud the tosdr effort, but I don't believe it is addressing the real problem.
I remember reading my bank's ToS at the time I was just out of the school. I read the whole piece, printed in font size 4 and the conclusion was like this: no matter what happens, it's my fault.
It doesn't matter what the TOCs are if they are presented at a gun point: a lot of services don't have alternatives and as much as I wouldn't cry for losing access to Reddit or YouTube,for some that would be the case.
Thought experiment: can we have a standard TOS for centralized services?
Building the next Facebook? Legally bind yourself that you'll always provide API access and this right cannot ever be taken away to the extent permitted by the law.
Maybe we need a standardization for centralized service TOS like MIT/GPL etc are for OSS. So people can decide more easily which centralized services to use.
I was thinking something similar the other day, but rather than a fully standard TOS, where I get to is that we need standard atomic pieces of contracts and TOS docs. For instance in the language in the definitions part about who the customer is, who the business is should be {common:customer-is-you, common:business-is-mybusinessname} or a part that talks about not using other customer's login information. Etc. Why should we have to read every single line when it's mostly the same? DRY the TOS.
Looks like someone actually started doing some of this already: is https://stonecutters.law/
The team recently did an AMA on reddit: https://www.reddit.com/r/privacy/comments/kogsuw/we_are_term...
I think the compromise to TOS type things is they can only be limited to a list of house rules that you can enforce with or without an agreement, kind of like booting off a rowdy customer off of the property of your retail store. Like, ‘here are the rules’ and that is about it.
Their scored system seems flawed. For example, both Facebook and Reddit have the same "E" score, while Facebook requires you to disclose your real identity and to link your phone, and Reddit doesn't. They are worlds away with regard to privacy.
Sidenote: This is how you properly deal with massive load on your site: https://imgur.com/a/zKMh5zg
The "checkout our twitter" thing is especially cool.
Educational settings are one of the worst places where insidious terms crop up. You often simply don't have a choice.
I'm a volunteer firefighter and was registered by my department to take a course with a government-run institution to upgrade my certification.
A while back that institution began using Blackboard - a Netherlands company - for all learning materials, whose ToS [1] includes a clause where I must agree to defend and indemnify Blackboard from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees) arising from my use of and access to their product, as well as any other party's access and use of the product with my username or password (which I contemplate could occur if Blackboard or the institution were to suffer a data breach).
To read the textbook (only available online) there was a similar ToS from yet another third party. You can't access any of the material without explicitly agreeing to both contracts.
I was uncomfortable with the clause. For one, I didn't understand why my interaction with my local government institution required me to indemnify two foreign companies with whom I have zero relation (and didn't want any). Before "cloud services", the institution would have contracted with the vendors themselves to buy the platform, then presented their own contract to me (which is the right way to do this, and which I'd be fine with).
I deferred accepting, and reached out to the institution to find out if there was some alternative way to obtain the materials (e.g. in hardcopy). I spent months trying to find alternative arrangements, but the bottom line was nobody cared.
I showed it to a commercial lawyer in the department who agreed the clause is nonsensical and he expressed some choice words for the institution foisting this upon its students.
I give of my own time and volition do firefighting and rescue (and love doing so!). Nobody was paying me to take this course.
In the end I wound up hitting the Accept button, with a deep feeling of having effectively been bullied into it.
Compared to some of the other ToS's I've seen out there this one was comparatively mild. I can only imagine how parents must feel when such garbage finds its way into their kids' learning environments.
[1] https://help.blackboard.com/Terms_of_Use and https://tosdr.org/en/service/2230
Here's a graph showing how long it would take to read the ToS of some prominent companies: https://i.redd.it/j6cd57dbrga61.png
Are there any examples of minimal human-friendly Terms Of Service texts that one could use or adopt to their own projects?
I tried to make some for onemodel.org (in github, there is the file LICENSE, and CONTRIBUTING). But I did not have them reviewed by an attorney yet. But my offering is not an online service (yet); I have other thoughts stored away on that. But I've also read that attorneys can always find holes in things written by non-attorneys, so there's that.
I frequently get mails from banks and other service providers with subject lines like 'changes to our agreement'. I don't read those either. Mind you, it might be fun to send a few unilateral changes back their way, detailed in a suitably upbeat or condescending letter.
A few contracts I have done in the past I got the terms through and had serious issues with so just ended up blacking out and initially it or adding in an appendix. I don't think I have ever seen a company say a thing about a unilateral change to the contract I just made without negotiation, they like most simply people sign it and accept it without reading it.
One one contract I asked for some changes. The company said that they've dealt with hundreds of companies who agreed with the contract and didn't see why it should change.
I pointed out that the contract had several places where it referred to other documents I must agree to, referenced by URL, and the linked-to documents didn't exist.
I have seen contracts that made the work I was meant to do for them impossible, that type of work wasn't allowed under the contract.
The classic example is a company wanting me to work on some open source software and potentially put in patches on it but having a clause in their contract that assigns all rights to the software I produce to them.
They don't often read them themselves to see if they are sensible or correct before sending them. The entire situation is really dumb, no one anywhere in the process seems to read them.
Then the second biggest lie is:
We use cookies to give you the best experience on our website. If you continue to use this site we will assume you are happy with it. [Ok] [No] [Privacy Policy]
Actual text from the www.gdpr.eu cookie consent pop-up. =)
I always thought "We value your privacy" was the biggest lie on the internet.
They value it. Here's how much:
https://www.cnbc.com/2019/02/11/reddit-users-are-the-least-v...
or the most cynical statement
The biggest confusion I have with the modern web is why these cookie agreements never remember that Ive agreed to them before.
I wouldn't mind being tracked so much if... they could identify that I've agreed to being tracked on the 7 websites I visit 1000 times before.
If this was being handled honestly and straight forwardly this would just be a preference set in the browser they complied with. Then someone who was never accept could just be that way, someone else could always accept and others could choose once for each site. But then we had that with headers and such and we all know they just ignored it, because the entire point is to steal the data as often as they can.
But a lot of people think that it’s supposed to be all or nothing with cookies (not: required (login cookies) and non required (ads)). So if you opt out, people think they’re not allowed to store a cookie saying you opted out.
No, no, no. They pretend to not know this, because they want to make it as inconvenient as possible for people who click “No”.
Reputable source who goes over Instagrams latest, quick 10 min:
>Yep, we use cookies as well and we have to show it to you as we are based in Germany, sorry folks!
Following one law and breaking another by not having a No button (only a link to duckduckgo.com under "get my out of here"). Not sure I trust someone to explain me Terms if they don't understand it themselves.
Sorry for the confusion, the cookie notice was a fast implementation. Now, cookies will only be stored once you click the accept button. "No" will hide it for the on the current page.