While I applaud the effort, in the end, it is mostly just a game played by lawyers who write ToS.
Terms of Service tries to be legally document, enforceable across borders. Its not related to copyright, so there aren't any treaties to unify each countries laws. Also, because it is not copyright, ToS get put into the all covering service/contract law. Where I live, Sweden, those laws was written in 1900, and is in my view 100% incompatible with ToS or EULA's.
To take one example, they require that the person providing a contract makes sure that the other party is fully informed of the contract, and that the other party is benefited from signing the contract in relation to the terms. Reading the history around it, they basically makes in unlawful to knowingly "trick" people to sign contracts that are one-sided.[1]
On the "trick people to sign" part, I am also slightly considering the fact that companies often know how long time someone spends reading an ToS/EULA. They know when, and how many people can't have human possible read the agreement before pressing OK. When MMORPG clients update a new agreement, people are logging in seconds after its possible. If you knowingly are going into a contract with someone who hasn't read and understood the terms, its hard to claim that the contract was made in good-faith (jfr BrB 9 kap 1 §).
All in all, ToS and EULA's just seems to me as an broken concept.
I believe the purpose of service is to raise awareness of your legal rights and what rights you sacrifice when using the service.
In Common Law jurisdictions, "I read and agree with ToS" is prima facie (on its surface) binding on the user. You cannot get away from a contract by simply not reading it - many people would repudiate their contracts if this was the case. I do not believe there is such a law in Common Law about "tricking people" to sign contracts. Whether a term is lawful depends on the circumstances of the case - this is why law is complex and must be cases must be litigated in order to determine lawfulness.
Many contracts we sign are one-sided. This is due to the respected bargaining power of the parties. The courts and the legislature have to balance between interfering with the freedom of contract and the notion of fairness. Some terms must be one-sided by nature- eg: banks can unilaterally change the interest rate on your property.
Since QoS/ToS is a primarly unenforceable contract meant for a global market, a service that points out the different kinds of unenforceable contracts is a praiseworthy service, but with somewhat limited use.
>You cannot get away from a contract by simply not reading it
Well, in Swedish law, quite a lot weight is given to the circumstances around the contract, and if it was made in good faith. Take people who sends out false bills, relying on people who do not read the letter fully and see that it actually was not a bill but an "offer of service". That is still fraud, and people who pay those bills without reading it can still get away from the "contract". This might be different in UK, Germany, any of the state laws in US and so on. Maybe some of the 27,000 pages of federal law has something about it, but I am not a US lawyer. The laws are so old that what exactly can nullify a contract in one country will likely be different from an other.
> The courts and the legislature have to balance between interfering with the freedom of contract and the notion of fairness.
This is an area where laws are likely to be very different between countries. It touches on consumer protection, as well as contract law. The Swedish law is very unspecific here, and just generically defines that unjust terms are grounds enough to nullify a contract either in parts or in full. The consumer protection laws goes a bit further, and declares that the party offering a service must make sure that the consumer is fully informed about the terms, and must also make sure that the consumer is benefited from agreeing to the contracts and all its terms. If not, then the consumer has a right to nullify the contract and get back any money already paid. For the bank example, this mean that the bank must make sure the consumer is aware of the costs involved before signing, and the the rates are within reasonable levels. If they tried to get someone to agree to a 1000% interest loan, the contract would be almost guaranteed to be nullified in court if challenged.
Interestingly, consumer protection aspect you talk about is very similar. Stronger protection is given to consumers through legislation - eg: Sales of Goods Act in UK. The word "reasonable" is ingrained into common law and a 1000% interest loan would certainly not be reasonable.
>You cannot get away from a contract by simply not reading it
All circumstances around the contract would be considered in common law. I believe the courts would rather void the term on the basis of unfairness rather than putting weight on the fact that the person did not read it.
Contract is binding even if you have not read the contract is a very important cornerstone of contract law. Almost everyone that signs the contract does not read the contract - even contract that exceeds billions of dollars. They turn to their lawyers to read and negotiate the terms. Complex and specific terms are required to specify the rights and obligation of each side. If we are forced to read the contract before we sign them, our society would not be able to operate and many disputes would arise over overly broad terms that can be interpreted in many different ways.
> a 1000% interest loan would certainly not be reasonable.
Some payday loans calculated APR is in the high hundreds of percentages (like 600%+). Lenders are often required by law to report the APR even though the terms of the loan may only be for a few weeks worth of time, causing the inflated APR.
Payday loans, however, are generally held to be enforceable contracts.
"You cannot get away from a contract by simply not reading it - many people would repudiate their contracts if this was the case."
This is one reason, I think, why contract signings are witnessed. In a dispute the witness can testify that you did in fact read, appear to understand, and willingly sign. And this is why online TOS are difficult to enforce: no way to prove that you even saw the contract or intended to click the "agree" button.
"banks can unilaterally change the interest rate on your property"
Say what? If I sign a 30 year note for 3% interest it's 3% for 30 years, and the bank is stuck with that.
>Say what? If I sign a 30 year note for 3% interest it's 3% for 30 years, and the bank is stuck with that.
Yes. if a bank would sign a contract with you then it is valid. I highly doubt that would be the case, the bank needs to borrows the money from someone else. They just merely make the difference in the interest rates. Taking a fixed interest rate would mean that they risk losing money if the money the borrow from somewhere else exceeds 3% in the next 30 years.
>why contract signings are witnessed. In a dispute the witness can testify that you did in fact read, appear to understand, and willingly sign. And this is why online TOS are difficult to enforce
This is not a problem at all.
In Common Law jurisdictions (US, UK), contracts do NOT have to be witnessed (with some exceptions like Wills). Contracts that is signed without any witness are perfectly valid. This would apply to your ToS, if it states the laws of US, UK would apply to this contract. All contracts would state the jurisdiction that applies and all (respectable) courts would honor that term.
"if a bank would sign a contract with you then it is valid."
I still don't understand - I think you might be confused about how mortgages work. Every loan is a contract. There is no such thing as the bank just giving you some money and then deciding on the interest rate later. Adjustable rate loans adjust according to a formula in the contract. Fixed rate loans are fixed, and the bank enters into the contract because they estimate that they will make a profit. If they don't, they are still stuck with it. It's a contract, they can't change it.
"contracts do NOT have to be witnessed"
I know; I never said they did. I just said that witnessing can help establish the validity of a contract if a dispute arises, and that TOS click-throughs lack this. I'm pretty sure that any serious contract, involving a lot of money, is witnessed. All of the house loans I've ever signed for have been witnessed, and I had to prove my identity as well.
Yes, if it is a contract, then it would be binding.
Laws may put more requirements than pressing a button. The normal standard in Sweden is to make a written paper and then let both sides sign that. Scrolling past a lot of text and then pressing OK does not pass that hurdle.
It is possible to do electronical contracts, but that would involve some sort of digital signatures.
>Laws may put more requirements than pressing a button. The normal standard in Sweden is to make a written paper and then let both sides sign that. Scrolling past a lot of text and then pressing OK does not pass that hurdle.
That would be an incorrect understanding of the law or at least common law. When you go out to purchase a drink from Starbucks, you have formed a contract with them. Signing is not essential to forming a contract.
We pretty much agree that it’s a broken concept. But that doesn’t keep companies from data retention, or using your content with their copyright, or or or …
One straightforward fix: A law that says an "I Agree" button only binds the user to the text that's actually visible on the screen. More text? More buttons!
That will drastically cut down on the boilerplate. Want to straitjacket your users with 60 pages of user agreement? No problem! You're only 60 button clicks away from complete lack of liability.
Is this not already common in certain industries? I've seen plenty of video game terms of service that make you scroll to the bottom before the 'accept' button can be clicked, making all the text at least temporarily visible on the screen. (I recall the World of Warcraft client doing this after every single patch update - no idea if it still does. I'm pretty sure every time I update my PS3 I go through this experience, too.)
I think what rossjudson means is that you're only accepting what's visibile on the screen at the time of clicking accept. So if you scrolled to the bottom, you would only be responsible for the text visible on the screen at the bottom of the page.
I think if the technical details with screen-size and tracking what was indeed visible at the time of acceptance are worked out, that this is a great idea and really would use market forces to naturally shorten TOSs. It has a very Libertarian Paternalism idea about it in that it's not limiting freedom but gives them a Nudge[1] in the more universally beneficial direction.
As a user who just wants to click accept and GTFO, this would initially be a burdon as all existing TOSs are aligned with this requirement. I don't want to accept 60 pages just to install WinRar (the trial of course, because I'm still not sold on it's benefits).
But as someone concerned with what I'm actually agreeing to, and someone who doesn't have the time to read the TOS for everything I come across, I'm fully behind that and would like to have some words with the lazier side of me about the importance of agreements.
As an aside, maybe there could be an article of the law that allows for a legally binding summary of terms which they could use to supplement the full terms. In that case, the user would be bound to the terms of the summary--in reference to the full terms--which were visible on the screen when they accepted. They would still be required to accept the full terms (likely with the same TL;RD scroll and accept).
I'm thinking that there's somewhat of a precedent to such summaries: ballots. When you vote on on a resolution at the ballot, you're reading a summary. But that summary has to be legally accurate to the content of the bill.
Some people have taller monitors than others. Some browse in different font sizes. There is no way, even in theory, of determining what was visible on screen.
edit: really, this is the exact same problem as "some people have taller screens than others", but some people have taller browser windows than others too. If I want to get some text off screen before clicking "I agree", it's fully within my power to do so.
I have been too successful muting my sarcasm. You are correct! My impractical idea is, indeed, impractical.
The point is that when we allow arbitrarily complex language to be buried under a single agreement action, a user has no idea what they are actually agreeing to. And everybody knows it. So we should just make such agreements null and void until the technology community (us) and the lawyers can come up with a way of breaking these user agreements down into digestible, understandable units.
So we should just make such agreements null and void until the technology community (us) and the lawyers can come up with a way of breaking these user agreements down into digestible, understandable units.
Which unfortunately destroys the Internet until that happens. Businesses typically don't enjoy the benefit of the doubt and consumer protection laws that their customers usually do when those customers sign up with a standard form contract where they have little if any power to negotiate. If a business offering a product or service isn't able to define reasonable terms to clarify what the deal is then that business can't transact with customers without accepting an absurd amount of risk or without negotiating individually with each customer at prohibitive cost.
When we did the terms for a UK business not so long ago, we were advised that things like hiding potentially unexpected terms away could weaken those terms if we ever tried to enforce them, while if certain terms that are reasonable but not necessarily obvious are emphasized then this can strengthen their enforceability. Also, there are some basic legal standards that any such contract would have to meet, e.g., where consumer protection laws say that certain kinds of term are completely prohibited.
This seems a reasonable fundamental policy: whoever is writing the terms can't rely on unreasonable conditions, and if there's something reasonable but possibly unexpected then it's in their interests to draw attention to it explicitly, but assuming they do those things their terms should be expected to stand up in court if necessary.
Null and void seems extreme to me. These sorts of agreements do serve a perfectly good purpose.
While I would not agree that users should be held liable by terms as either criminal or civil infractions of any sort, they certainly work well to advise the user of what services they will be provided, under what circumstances the provider will be justified in removing service, whether or not the customer will be refunded in those situations, etc.
As a declaration of intent of service, potentially usable defensively by the company should a user take umbrage against the service, they are excellent. As anything else, they're pretty worthless.
> There is no way, even in theory, of determining what was visible on screen.
There is - both in theory and in practice. Otherwise you'd get text drawn over other elements instead of scrollbars when you write too much text inside the edit box.
Doesn't the edit box's display logic run in the browser? If you get a POST request from me, how do you know I sent it through visiting your web page instead of from curl?
In general, you don't. A common method to ensure it comes from a web page is Cross Site Request Forgery (CSRF) protection, which you'll probably want to look up if you're interested. In short, it uses a hidden form field sent with the data, and usually duplicated in a cookie. When you submit the form, the hidden field data and the cookie data are compared, if they match it can be assumed you posted via the web page.
Sorry if that's not what you were asking, and note there are lots of different ways to do this, that's just one example.
Sure you can. The website author can check DOM properties to see the width and height of a particular element, and change the content (to add breaks and buttons) where appropriate.
I think it is more problematic of how to prove the user agreed to your TOS. Clicking a button and storing in a database some text is all fine and wonderful but it does not prove in court that when I clicked the "I agree" button (if you can even prove there was even such a button to click) it was in response to the text for which you are taking me to court.
I remember installing Windows Something (server 2003? can't recall) and the EULA was presented in a box four lines high, and progressing past that activated the license. I found the EULA later on and it was a 5000-word job. Yes, you were 'expected' to read 5000 words in a box 4 lines high. Sucks to be you if you need to cross-reference.
Be wary of installing this extension, and this is why:
It's not lost on the legal world that no one reads Terms of Service. As a result, TOS are rarely enforceable in court, except inasmuch as they comply with broad industry standards.
However, compliance requirements are much MORE strict for parties who demonstrably should be aware of their legal obligations. Lawyers, for example, can't really argue that they didn't read a legal document they executed because of the manner in which it was delivered (in an inscrutable TOS doc, at the entrance to an amusement park, etc).
If you install this extension, you might actually be making yourself MORE bound to crappy terms of service, since you will not be able to make the case that obviously you didn't read them terms and therefore should not be held to some non-standard provision.
The reviews/ratings provided by tosdr.org are awesome, and I hope you guys continue this project, but I, for one, will be covering my ass and not installing this extension.
> If you install this extension, you might actually be making yourself MORE bound to crappy terms of service, since you will not be able to make the case that obviously you didn't read them terms and therefore should not be held to some non-standard provision.
I estimate the likelihood of me ending up in court over a TOS violation extremely low. In the history of the Web, how many times has a consumer been the recipient of a lawsuit over a TOS violation?
However, the likelihood is very high that I will encounter TOS provisions on the Web that are objectionable to me. I would like to know what these provisions are, even if I am forced to click accept because I want to use the service anyway.
I am not a fan of maintaining ignorance for the sake of plausible deniability.
Does what you say have any legal merit? Sure, I can imagine a Judge saying "Eh, no one reads those things" because it is fun to think that way but I'm not sure I think this is right.
You need to put in the version / date of these ToS, otherwise it would be hard to update. I would also keep an archive of all the ToS on your servers since volunteers would like to use track changes as a new version is published rather than re-reading the ToS. It would be also interesting to see how the terms have changed through the years.
A great feature would be to categorize these services by category. Eg: for search engine: Bing, Google, DuckDuckGo. You could add a more comprehensive chart on the terms and how it compares across these services. Eg: Tracking: Google keeps ur data. DuckDuckGo does not track user data.
I also suggest that I can click into the brief description which will bring us to the exact term in question and highlight any other relevant terms. This may increase the chances of people reading the ToS and also increase participation. If I was reading a term on your site and I was referred to the actual term and realized that ToS;DR is incorrect, i would likely to correct it.
The service is great for what it is. TL;DR - Someone please read the legal mumbo jumbo for me. I'm not a lawyer either. I could spend 2 hours reading the fine print and making a best guess, or someone else could read it for all of us. Highly efficient, and not even an ironic "If you follow our advice you can't hold us liable" comment. :-)
Awesome idea. This is the first Chrome extension I have ever found worth installing. Thanks!
I think one issue with a service like this, is that your rating of TOS provisions might not match with my own. Which is why it's great that you link your rankings to discussions of provisions and their rating.
My friend and I created http://www.eulascan.com/ back in 2005 with this same concept in mind. We got some nice writeups, but it never really gained traction and we didn't have the time to upkeep the site; spam weeds have overgrown it at this point. My thought was that people still didn't care enough about EULAs to bother using it or reviewing it.
Generally, we got the most comments on companies that were unliked (Apple, Microsoft), and the reviews became another way to express disgust at a company.
Another thing to consider is the ever-changing terms in an EULA. Your site does not have a version concept, meaning you could be reading reviews on wording that does not exist in the existing EULA.
Old solution is to drop three words in the document pizza which are clearly out of context. When customer says he has read the tos, great, let's give him 60 seconds to tell which words didn't belong to the banana document. It's easy to give those word if you did read it, if you didn't then you're not clearly smart enough to use our service and your monkey account application has been refused. Thank you.
Btw. IBM cloud computing agreement was so ridiculously long, that I can signup and setup everything up and running with Linode or UpCloud before I have even finished reading their agreement.
Ah, interesting to know the reason for the CAPITAL LETTERS, thank you!
In perceptual psychology the problem that they are ignored is also known as »Banner Blindness«: https://en.wikipedia.org/wiki/Banner_blindness – »a phenomenon in web usability where visitors to a website consciously or subconsciously ignore banner-like information«.
This is a nice idea. I would love to see these kind of agreements get commoditized and standardized, so that a new service can just check a bunch of boxes to generate their terms, and we can even represent the agreement in a machine readable standard way.
Yes, we had some people ask us about that. It’s not really our core focus so we will probably not do it, but if anyone wants to build it our data is all open source and freely licensed: http://github.com/tosdr
As I understand it, some of the thinking in the Vendor Relationship Management space [1] flips the 'informed consent' equation on its head - you as an individual specify what standards a vendor has to sign up to when dealing with your data, and _they_ are the ones agreeing.
I don't know the degree to which this really fixes the CLICK ON ANY BUTTON IT TAKES TO GET ME INTO FACEBOOK approach of most users, but it's an interesting thought experiment at least.
Ironically, they didn't seem to take the time to summarize the terms of service for their own service. In fact, I can't figure out what the terms are for tosdr.org at all.
But there are no specific terms around the service we provide to you. The only thing is a disclaimer: "this is not legal advice" this is just our opinions.
It's like reading an article or a book. You don't need to accept ToS to do that ;-)
One other example would be to use Free Software. If you download and use, e.g. GNU/Linux, you are not accepting any ToS. (For instance, only modification and distribution of copies is regulated by the GNU GPL. Merely using the program is not).
I think you should assess and rate your own legal page using the same standards you apply everywhere else. If there is no ToS (as you point out here), you should say that.
If nothing else, it's a usability issue. I assume that tosdr.org has a good ToS, so if I want to see what an A-rated ToS looks like (according to your ratings) I should navigate to your page and your browser extension should tell me.
We tried integrating with TOSDR and similar services via their APIs at https://starthq.com, but it quickly became clear that the number of services they cover is too low for it to be useful. I do appreciate the effort though!
You're using our API? Please get in touch with us. We're a very small team and the project is very young. You can't really expect to use it like that without telling us and expect it to work well! (It's open data and free software, you don't legally have to tell us, but please do so).
The "About" button just says it's a project intended to fix something. It gives some WHO and WHEN info, but it doesn't say HOW it will fix it or WHAT it does.
Instead it asks me to take a large step of trust by installing executable code into my browser.
Sorry, the short »About« is a bit lower down on the page, before the ratings:
»We are a user rights initiative to rate and label website terms & privacy policies, from very good Class A to very bad Class E.
Terms of service are often too long to read, but it's important to understand what's in them. Your rights online depend on them. We hope that the ratings below can help you with that.«
Sorry for the confusion, we’re moving the short description a bit up and in general make it more clear what we do: Rate terms of service of websites. :)
I've been checking out the TOS a lot more often lately, be it before or after signing up. A surprising number of sites have converted to readable bulleted lists in a language mostly resembling English. Unfortunately, it's mostly smaller sites and services whose terms will likely never matter to the average user. For the bigger sites that want your important data, you still need a legal dictionary, a pen and paper, and a glass of wine to get through.
And in some cases of bigger sites summarizing their terms, it's straightforward incorrect, 500px for example: http://tosdr.org/#500px
That's why we think it's important for an independent non-profit to review all these services. And that's also why we chose the simple green-red main scale with a bulleted list, including details on how we arrived at that rating.
> “I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.
I deliberately worded it on my website as "By clicking the register button you are accepting the terms of service", under the assumption that the vast majority of people would assume it's normal and sane (whatever that means) and not read it, and therefore create an account honestly.
Please check the page again, we have the rating for Google since a few weeks.Facebook will follow very soon. Also we reorganized the sorting on the frontpage so rated services come first.
For the Chrome extension, you probably don't need to request permissions on tosdr.org. If you send CORS headers from that site, you will be able to make requests to it without the permissions.
My question is whether people will choose to not use a service because of its terms. I think that much like Andriod/iPhone app permissions, it doesnt matter much.
» Rating the websites and making these ratings easily available is only the first step. Raising people’s awareness of bad terms and then getting services to actually use proper terms is the actual goal.«
This is a fantastic idea. Of course, you need to be able to trust that the summaries cover the most important aspects but this seems like a good team to deliver.
What would be nice is if they included the summarized legal text under More Details. So I could click more details and actually see what the ToS says for that particular summary.
I was using it until it required additional rights for some reason. Then I suspected it to be making an online profile and selling it, so I uninstalled it.
Jan from ToS;DR here: I’m not sure why it required additional rights, but I can assure you that we’re not selling anything.
We are a fully non-profit and open project, if you still have doubts you can read the code to the extensions and install them manually via https://github.com/tosdr/tosdr-firefox (for Firefox) or https://github.com/tosdr/tosdr-chrome (for Chrome), and the other browser extensions are also there on Github.
TOS is like last peace of underwear in between you and girl's body.
No matter how it looks like you want to get rid of it with one click to reach for the juicy part.
No, I will not get on it. Comments like yours above are a big reason why women feel uncomfortable in our community. Hacker News is not a platform for perpetuating the ancient and ostracizing concept that hackers are a bunch of guys.
Maybe it should be. Contract law was written/established to govern negotiated agreements between comparably well-informed parties, not untold pages of labyrinthine jargon attached to every transaction that the consumer won't understand and doesn't have a chance to argue except by refusing to use the service. If you as a business (who has significantly greater resources and expertise, and therefore greater responsibility, than the customer) want a random person to sign a legal document with you, you should have to go to some reasonable effort to make sure they understand what they're signing, not just shove it at them and say "sign on the dotted line."
How would your proposed system work in the real world? In the civilized world, we expect people to handle grievances in a court of law and not just club each other when we are not happy, so how could your proposed system ever be workable in any real sense? Just asking.
I can't wait to wait in line at home depot while the sales register person explains in detail their various return policies, possible limits on liability due to you being an idiot with a snowblower, etc.
Terms of Service tries to be legally document, enforceable across borders. Its not related to copyright, so there aren't any treaties to unify each countries laws. Also, because it is not copyright, ToS get put into the all covering service/contract law. Where I live, Sweden, those laws was written in 1900, and is in my view 100% incompatible with ToS or EULA's.
To take one example, they require that the person providing a contract makes sure that the other party is fully informed of the contract, and that the other party is benefited from signing the contract in relation to the terms. Reading the history around it, they basically makes in unlawful to knowingly "trick" people to sign contracts that are one-sided.[1]
On the "trick people to sign" part, I am also slightly considering the fact that companies often know how long time someone spends reading an ToS/EULA. They know when, and how many people can't have human possible read the agreement before pressing OK. When MMORPG clients update a new agreement, people are logging in seconds after its possible. If you knowingly are going into a contract with someone who hasn't read and understood the terms, its hard to claim that the contract was made in good-faith (jfr BrB 9 kap 1 §).
All in all, ToS and EULA's just seems to me as an broken concept.
https://lagen.nu/1915:218 30§ and 36§