
ToS;DR — TL;DR for Terms of Service and Privacy Policy - hugoroy
http://www.tos-dr.info
======
pilif
I'd be very careful counting the requirements for cookies as a bad thing (as
seen in the github section):

First-Party session cookies are a totally valid use of cookies and actually
help improving the security in that a session-id in a cookie will never be
copy & pasted by accident (it happens to URL-based session-id's at times) and
cookies can be marked as both httponly and secure, making it more difficult to
impossible (depending on browser) to XSS the session-id away.

As such I would actually go as far as to _prefer_ a site that requires (first-
party session) cookies to one that doesn't.

~~~
hugoroy
Thanks for your feedback. The whole explanation can be found about cookies can
be found here. Tell us what you think!

<http://tos-dr.info/topics.html#cookies>

> 5 GitHub requires cookies

5: means it's a low score. So it's considered bad, but it doesn't influence
very much the whole class of GitHub.

> GitHub requires cookies to work and misleads you to

> believe that you remain anonymous while cookies contain

> “unique identifiers”. However, only session cookies are

> used, not persistant cookies.

The whole discussion is here
[https://groups.google.com/d/topic/tosdr/gyMiAkV5ZG0/discussi...](https://groups.google.com/d/topic/tosdr/gyMiAkV5ZG0/discussion)

Do you agree/disagree? We welcome contributions!

~~~
bierko
Not to be a stickler, just trying to help, but persistant is misspelled
(persistent).

~~~
hugoroy
Not at all ;) thanks (not a native English speaker)

------
aresant
Great concept and smart execution.

A suggestion - rather than rating "A" through "E" why not change to the more
recognizable (for US audience at least) scale of "A through F" (A/B/C/D/F)
which we're all mercilessly trained to recognize through years of school
grades?

"E" as your worst rating confused me at first glance - could be interpreted as
"Excellent"

~~~
lovskogen
I vouch for a more international 5-star system.

~~~
TazeTSchnitzel
Yep. Especially since A/B/C/D/F is confusing to non-Americans. Here in Britain
there's the Scottish and English systems, with different A-F or A-G scales.

------
lhnz
An API and chrome addon would be very nice. I wouldn't check the site, but I
would like warnings when I accessed the registration page of a bad website.

~~~
benatkin
I noticed that it's under the AGPL. That might be an issue for developing a
Chrome plugin.

~~~
hugoroy
AGPL is our JS+HTML+CSS code. The data itself (JSON) is CC-BY-SA.

~~~
altarelli
would it be possible to add ixquick and webchat.freenode you suggest?

~~~
hugoroy
What do you mean?

~~~
altarelli
To have ixquick privacy policies reviewed next to duckduck, and _contact us
via IRC (the #tosdr irc channel on freenode)_ ->

    
    
      <a href="http://webchat.freenode.net/?channels=#tosdr>#tosdr irc channel on freenode</a>
    

thanks!

------
rmc
Suggestion: Include a "Under EU Data Protection law: all/some/none" category.

Companies in the EU, are required to do various things under EU data
protection law. E.g. they are legally required to protect your personal data,
they can only use the personal data for things you agreed to, they must tell
you what data they keep on you if you ask, if they are wrong and you tell
them, they are legally required to update the data, there is a national body
that is legally empowered to tell a company to stop doing a thing/delete data
if they are in breech of data protection law, if they suffer a data breech
they are legally required to inform users, etc. All of these things are good
for users.

Some companies (e.g. those entirely in the USA) are not bound by these. Some
companies (e.g. those entirely in the EU) are bound by this. Some companies
(e.g. Facebook) say "If you're in the US or Canada, you're under US law, if
you're anyone else, you're under EU law".

~~~
hugoroy
Yes. Differences between legislations is one thing that's making the task
harder. I think it's better to focus to what the terms actually state. But I
always keep in mind the jurisdiction under which the company operates as it
can influence the meaning of the terms.

However I'd fear to get to the other extreme and to end up making a rating
system saying which legislation is better than the other. It's not the scope.

One other thing: we think the terms should be self-explanatory. I don't think
services should expect their users to know the EU data protection law. So it
would seem smart for me that the services makes a statement about them in
their terms (just like they state details about their security practices for
instance).

~~~
Flimm
Shouldn't "Defending your privacy in US Congress" be out of scope as well,
then? It certainly isn't part of a website's terms and conditions. Plus, it's
hard to judge how well those activities are going, and how committed the
company is in pursuing those activities in the future.

~~~
hugoroy
You're right. I was actually unsure at the time. The data comes from the EFF.

------
jasonkester
Seems a bit biased in places. One of the example sites has a big scary red X
next to "Deleted images are not really deleted", despite that being an
important feature for any site that lets users delete their own content.

It's one of those tradeoffs you make where you trade a tiny fraction of risk
(e.g., that somebody might break into your system and steal the exact cat
photo that one high profile blogger was embarrassed to have uploaded) so that
you can have an easy fix for the dozens of emails you get each month from
people who accidentally deleted the wrong photo and can't believe you deleted
it even though I told you to and I'll sue you because that's ILLEGAL!

Definitely not worthy of a big red X against your site, since it's the only
sensible choice.

~~~
simonbrown
They could let you delete deleted items permanently, like Dropbox does.
Storing data you uploaded with no way to delete it does have privacy
implications, since it may be looked at by people working there and could be a
lot more sensitive than a cat photo.

I'd say a term that is more unfairly given a thumbs down is giving them a
license to user content, since it's impractical to operate a user-generated
content site without this.

~~~
hugoroy
I agree. But sometimes the copyright license conceded by the user goes way
beyond what's needed for the service. Why do you give rights to sublicense and
to transfer to Facebook or Twitter?

Details: <http://tos-dr.info/topics.html#copyright-scope>

~~~
SoftwareMaven
So the developers who built apps that read your FB/Twitter stream are also
licensed to show the content.

~~~
hugoroy
Not necessary (see SoundCloud for instance). The whole problem is that the
copyright license is just overbroad and not limited at all.

~~~
SoftwareMaven
Partially necessary. And I completely agree with you. The licenses they demand
are far broader than what they need, but that goes to the imbalance inherent
in the relationship: big company with lots of money for lawyers versus some
person just wanting to tell his friends what he had for lunch.

------
sp332
Some of these are a bit _too_ terse. e.g. 500px says "Ownership". What does
that mean? And why is it less worrying than twitpic's "Takes credit for your
content"? (And how does that make sense? Twitpic puts the username of the
uploader on each page, no?)

~~~
hugoroy
Yeah "Ownership" is meant as a category rather than a title. I guess I forgot
to give this one a proper title. Will fix this soon.

~~~
hugoroy
The category is explained <http://tos-dr.info/topics.html#ownership> also, see
<http://tos-dr.info/topics.html#copyright-scope>

------
kibwen
It seems idealistic, but a service like this would be incredibly insightful. I
only "read" (read: skim) the TOS of a select few companies (Apple, for one),
so the high-level summaries shown on this landing page are immensely valuable
(though the scoring system seems obtuse). Of course, now one has to worry
about the objectivity of the summarizers.

~~~
hugoroy
Yes, trust is one problem. I think we're being objective (at least we are
trying, with building a scoring system that's automatic). But for sure, we are
not being neutral. We do think that tracking should always be opt-in, not opt-
out.

At least, we're working in total transparency and it's an open process. I hope
that helps.

~~~
kibwen
Re: neutrality, I'm delighted to see that your perspectives align with mine.
Dubious legal terms deserve to be called out. And the transparency is nice,
but... well, if I'm too lazy to read a 50-page legal document, I hope I don't
have to sift through a 50-page mailing list thread just to establish
confidence in the summary of the document itself. :)

~~~
chrismonsanto
Shouldn't be much of a problem if the summaries quote relevant passages. You
can just Ctrl-F and see if your intuition agrees with theirs.

------
beernutz
This seems like a VERY good idea! Even when i take the time to read the TOS on
sites (granted, it is rare), i come away unsure that i really understand it.

This seems like an excellent way to deal with this issue too!

Thanks ToS;DR!

~~~
bezaorj
Brilliant idea!

------
milesskorpen
Fantastic to have. It is really hard for companies to offer simply legal
terms, since any simplification starts to undermine the actual detailed terms.
Awesome to have this from a third party.

I imagine this would be particularly valuable as a browser extension.

~~~
jancborchardt
Good news: a first version of the Chrome/Chromium extension works! If you’d
like to try it out you have to install it yourself at the moment, it’s pretty
easy though: [https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-76...](https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-7665593)

------
BobPalmer
Given the purpose of the site and it's broad potential reach (and the fact
that it's not a domain that requires pushing the envelope in terms of rich
user experience), I was pretty suprised to see that the entire 'Rated
Services' section was a giant white block in Internet Explorer 9.

I could understand lack of support for IE7 (or perhaps crappy formatting),
would raise an eyebrow at lack of support for IE8 (given the nature of the
domain and that there's no compelling reason for a lack of graceful fallback
in this case), but lack of IE9 support is a bit... suprising.

I certainly hope the team plans on addressing this, otherwise you're cutting a
large chunk of browser users out of the picture for (from what I can see) no
compelling reason related to the technical requirements of the kind of content
you are delivering.

~~~
michielbdejong
that's my fault, and was definitely not intended, sorry. thanks for reporting
it, i'll make sure it gets fixed somehow.

~~~
michielbdejong
it should be fixed now hopefully

------
Flimm
I understand that the project welcomes contributions, but who has the final
say on the rating of a website? Are there any gate-keepers, and who are they?

~~~
hugoroy
For the moment: Anyone who can push to the 5apps.com git master branch. That
is people at <http://unhosted.org>

We would be happy to get th umbrella of a non profit org like Mozilla or the
EFF.

Any way, if you don't like our decision: you can get involved. Or you can fork
it.

~~~
Flimm
If this site gets big, its neutrality will be questioned, and you've got to be
ready with answers. I don't want to see good efforts like these go to waste.

------
ldayley
I attempted a similar feat in 2010 with the now defunct tosgrok.com. This is a
very needed service!

Edit: Take the domain and put it to good use, I no longer own it and it beats
tos;dr!

~~~
thetabyte
To be fair, neither is exactly terminology familiar with the average user, who
I think they're trying to reach out to here. Both are clever, but known mostly
by avid Internet users or nerds.

~~~
ldayley
Certainly. But I think people who care what provisions the TOS of a service
contain are the exception and not the average person.

~~~
thetabyte
I think one of the goals with providing brief, easy to read summaries can (and
should) be expanding the number of people who care what is in the TOS.

------
danso
For those who have decent experience in machine learning (and NLP) and its
theoretical foundations...isn't there enough examples of TOS and conventions
of the "art" that a classifier could be built to determine restrictiveness and
such? Not completely accurate, but even something that's 60% right would be a
huge help to services like the OP's

~~~
hugoroy
check out commonterms.net ;)

~~~
reustle
Clickable: <http://commonterms.net>

------
biftek
I haven't read through all the comments but standardized and unbiased copy
writing would really benefit the site. "Promise to inform about data requests"
gets a plus while "No transparency on law enforcement requests" get a minus.

Both labels could be changed to "Notification of data requests", and a user
would have the benefit of knowing you were comparing the same thing across
multiple sites.

As it stands it's hard to compare a sites rating.

Another (possibly more prominent) example: Github has "You don't grant any
copyright license to github", right below that SoundCloud has "You stay in
control of your copyright", and below that 500px simply has "Ownership".

Assuming those all refer to the same thing (owning your data/copyright), a
simple, "Copyright ownership" would be much clearer and unbiased copy.

------
kno
Gravatar: No Right to leave the service. Really?

~~~
borlak
random gripe: if you use a different email on gravatar than on github, your
gravatar wont show up on github.

it's becoming pretty standard, especially among techies, to have a unique
email per site, so you can easily tell if a site is selling your address (or
is a victim of a hack, like dropbox was).

I emailed them about it -- too bad!

~~~
Flimm
You could register your different email again with Gravatar.

------
allardschip
Great initiative. Can the mere length of a TOS and it's complexity be a factor
in the rating too? The crowd here may be able to somewhat grasp the legalese
in a TOS. It's not fair to expect that from any normal visitor.

------
maxko87
This is a very convenient service for the users, but it might raise some
issues if any of these terms are ever argued in court. Defending that you read
the ToS;DR and not the terms of service might not hold much water.

~~~
breckinloggins
I think the main value here is not in court, it's giving people a better
"bird's eye view" of how a service treats you and your data. From this point,
you might decide:

\- To cancel the service

\- To not join in the first place

\- To raise a collective stink about something onerous in the terms

Any of these things, in high numbers, could force a service provider to update
their TOS to be more friendly. That's a pretty good outcome even if saying
"but the ToS;DR said!!!" would never hold up in court or anywhere else.

------
grabeh
This has the potential to be a great educational tool and hopefully in time
will reach a wide audience.

If enough people are aware of the terms it will exert pressure on providers to
be more open and reasonable with their terms.

Of course whilst many free services might argue they have more leeway in
imposing stricter terms, this still doesn't justify certain treatment of
users.

Providing a summary of terms in a standardised manner will also make it much
clearer where one particular service deviates in an unreasonable fashion.

In particular, user data and usage of third party cookies would be two
categories where it would be good to get visibility.

------
chrismonsanto
Given how open source projects are increasingly using GitHub as the canonical
repository, I'm a bit disappointed that they can refuse you service for any
reason at all. I want to believe that the GH guys are good people and were
just lazy here.

So, +1 for tos-dr for letting me know, and a potential extra +1 if they help
us get GH to change this policy. I'm going to let them know this matters to
me, I hope others here will as well.

~~~
a3_nm
> I'm a bit disappointed that they can refuse you service for any reason at
> all.

This is actually a problem with the methodology (I think): most probably, none
of the service providers pledge to provide service to you, so they can all
refuse service for any reason. Github should probably get credit because at
least they are honest about it.

~~~
hugoroy
That's a fair point. You can discuss this at
[https://groups.google.com/d/topic/tosdr/hI5Too_uDVk/discussi...](https://groups.google.com/d/topic/tosdr/hI5Too_uDVk/discussion)

I'll be happy to reply over there :) (if we spread the discussion too much, it
will be lost)

------
shock3naw
I like the idea and the layout is nice.

That being said, use the same categories for each company, don't re-write the
description based on how good/bad it is. It would be far more useful for
creating a table (which would also be a great way to organize this
information, businesses looking to improve the transparency of their ToS would
need only look at top scored candidates to find inspiration).

------
brador
I love the color coding, makes it easy to see at a glance.

What's the plan as terms of service change over time? Some greens might become
redundant.

~~~
hugoroy
The plan is to work with the EFF's tosback <https://github.com/pde/tosback2>
(they need contributors too BTW) and track changes over time so we can notify
people when something wrong is going on (they'd be able to subscribe to a list
of services' ToS;DR)

~~~
ldng
They should use V8 to fetch TOS so that Facebook don't get away with its
latest TOS change.

<http://www.tosback.org/diff.php?vid=1740>

Yes, it's in Javascript so not crawlable by TOSBack. The TOS is obfuscated to
... protect its privacy ? So ironic coming from those who claim privacy is
dead.

~~~
hugoroy
tosback.org is no longer updated.

Yes, the facebook TOS are difficult to archive:
[http://wayback.archive.org/web/*/http://www.facebook.com/leg...](http://wayback.archive.org/web/*/http://www.facebook.com/legal/privacy)
issue on GH if you have a solution:
<https://github.com/pde/tosback2-data/issues/1>

------
joeblau
This is awesome! It would be cool if this could be turned into a browser
plugin so you could see what class site you're visiting.

~~~
jancborchardt
A first version of the Chrome extension is ready to try out. Feel free to
install it and let us know what you think! :)
[https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-76...](https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-7665593)

------
ajhai
I have been thinking about doing something similar for quite sometime now.
Specifically I wanted to build a browser extension that highlights only the
important parts of agreement. And the important points will in turn be decided
by the community of users with the system keeping track of different versions
of agreements and data of interest in it.

~~~
baseh
This is a great idea. The extension can be something like DIIGO does -
highlight parts of the agreements that are deemed important or critical to
consumer + provide snapshots of the TOS/Privacy policy whenever there are
changes.

~~~
jancborchardt
Heads up – we have a first version of the Chrome extension ready to try out:
[https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-76...](https://github.com/unhosted/ToS-
DR/issues/11#issuecomment-7665593)

------
XiZhao
Great idea - similar to my website that got frontpaged a few weeks ago
(www.tldrlegal.com). Very well done; I will definitely be using this in the
future.

~~~
cloudsteam
you have a good site, shame this one came out too (for you!)

------
tomrod
This is a side topic related (so sorry for the threadjack!):

Does anyone else think TL;DR is a terrible replacement for "Abriged:" or
"Summary:"?

------
jonny_eh
While checking this out I wondered whether there exists a service for
generating ToS. Does that exist?

~~~
hugoroy
Yes. <https://github.com/flamsmark/privacy-policy-template> &
[http://blog.docracy.com/post/27931026976/an-open-source-
priv...](http://blog.docracy.com/post/27931026976/an-open-source-privacy-
policy-for-mobile-apps)

------
elmindreda
Yay! This I have been waiting for.

------
kmfrk
Would love an extension that showed a summary of a site's ToS on the sign-up
page.

------
ringe
This is awesome.

------
wildtype
Too long introduction; didn't Read

------
alpine
My preferred ToS:

Be nice.

------
solsenNet
Still don't want to read it.

