Hacker News new | past | comments | ask | show | jobs | submit login
Why Is Location Data No Longer Private? (krebsonsecurity.com)
378 points by lainon 11 months ago | hide | past | web | favorite | 143 comments

Because Facebook and Google have been guided by the principal: if it's not illegal, it's ethical. Just take a look at the language in UIs lately, it's gotten passive aggressive; instead of a polite "No thanks", our choices are now: "Maybe later". I thought 'no means no'? Silicon valley had a serious ethics problem; as much as they try to ride the white horse on 'I don't want Google partnering with the DOD", watch their eyes light up when you give them access to a middle class single mom's phone with a click through EULA.

On Android 5, every time you enable GPS, a popup comes up asking you to share location with Google. There is a checkbox "don't ask me again", but if you tick it, the button "Decline" becomes inactive [1]. So it is going to pop up every time you want to know your location unless you agree. This attitude is openly hostile to the user (and yes, that's why we need more regulation).

[1] https://android.stackexchange.com/questions/115944/in-lollip...

I'm on Android 8. I can toggle every service on my which settings without unlocking the phone (wifi, mobile data, Bluetooth, flashlight, airplane mode, screen rotation...) but if I want to turn off location services, I have to enter a security code. Turns right on, though, no passcode required.

Meanwhile high accuracy drains battery like a sieve. You can switch to low accuracy, but it will nag you to turn it back on high accuracy to use even the most mundane location curious app. And if you turn off location and turn it back on, it purposefully doesn't remember - back to high accuracy by default.

Can't you just track my every move with simple GPS, Google?

>but if I want to turn off location services, I have to enter a security code. Turns right on, though, no passcode required.

That is somewhat reasonable, though. It's a security feature, designed that way so that a thief can't keep you from locating your phone remotely.

Whether it's an effective feature is a different matter.

That’s horrible. I’ve seen some atrociously bad nag requests, but that has to take the cake.

Funnily enough, when it comes to USB devices, Android is completely opposite. They give you a pop up with a checkbox to remember the device, but it doesn’t actually remember it. Next time you plug in the same device, the same pop up recurs.

I have the same experience every time I "select a default app for this action." Without fail, I'll get the same pop-up next time I want to perform that action (any action). I just stopped checking the box.

Sounds like a bug, since this definitely does not happen on any of my android devices.

This will keep going as long as people buy these devices. The only way to stop this is to hit them in their wallet.

There's no plausible path for market forces to apply pressure on something like this. There are many other factors that are more obvious to people choosing a smartphone - screen size, storage size, price, familiarity, and so on. And you basically have two platforms to choose from: Android and iOS.

GDPR provides a timely example. The potential fines for companies storing private data and not complying are 'hitting them in their wallet' in a way that the choices of individual users can't.

Raising awareness on social media might also work.

This won't work because people who care about privacy are the minority. Neither Google nor Apple will care about minorities.

right people when buying a phone are going to ask - does this give you a way to stop sharing location data with google forever?

Well you might get burned once but not twice. I once got burned by Android’s carrier crapware and lack of updates. I am now a faithful iOS user.

And of course the website or salesperson offerring the device will know and answer accurately.


Samsung has been doing this since the g3. It offers "high accuracy". Bull, just use my GPS chip.

It's all down to the hyper-toxic idea that every company must now extract as much data from you as possible. Google and Facebook were two of the early pioneers of "here is a 'free' product in exchange for your data" that succeeded at serious scale.

Now, it's no longer even enough to simply pay for a product from just about any company. We must also consent to essentially being further exploited for the company's gain ever-after.

There is a lot of discussion about dark UI patterns here and it's true that they are pervasive these days. Much of it is spawned by this customer-hostile "dark business model".

Replace the word "nothing" with "something" in this "300" clip and it pretty much sums up many company attitudes these days: https://m.youtube.com/watch?v=uHxIssSROjk

Such a pet peeve of mine, weasel-worded buttons. I remember the first time something gave me the option to “Archive” a thing but not “Delete” it...I stopped using the service after that. Also, usually their least favorite options do not even look like options (random non-button-like text off to the side or whatever).

Another atrocity is an alert with a “don’t ask again” check box, especially in something that is unnecessarily-modal (read: developer was lazy). Pro tip: if you think the user won’t want to see your message ever again then you need to redesign your system to keep the message from appearing even the first time.

> Another atrocity is an alert with a “don’t ask again” check box, especially in something that is unnecessarily-modal (read: developer was lazy). Pro tip: if you think the user won’t want to see your message ever again then you need to redesign your system to keep the message from appearing even the first time.

That one I think is rather sensible for permission requests from apps. "Do you want to share your location with this app? - Yes/No; [] don't ask again", where the tickbox serves to store the preference forever. An alternative would be "Yes, always"/"Only now"/"Not now but ask again later"/"Never". Not sure which one I’d prefer.

One issue for me is that it’s easy to check a box and then have no idea how to uncheck it later (or forget that you even can).

On/off switches for permissions seem sort of reasonable until you imagine dozens of apps and dozens of different kinds of permissions. In iOS for example all you get is pages and pages of toggle switches for all apps to allow/disallow cellular data, which is annoying to manage and has no intelligence in its design. They should have better defaults, such as automatically allowing all apps using less than some reasonable amount of data and automatically inhibiting the data-firehosing apps when you’re roaming. There’s a lot they could do. Asking the user, in general, is a cheap way to just not think through the problem.

The ones that make me rage is where they say something along the lines of "Opt out of ad tracking" then have a disclaimer that says something like "you're still going to get a bunch of ads, they will just suck worse".

How about just offering me an option to pay you to get rid of tracking and advertising?

> Just take a look at the language in UIs lately, it's gotten passive aggressive; instead of a polite "No thanks", our choices are now: "Maybe later".

Since that's how the “No, thanks” option was usually treated in the past, it's just truth-in-UI.

Not only "maybe later", no-buttons like "Instead of subscribing to this free and great newsletter I would like to continue my life uninformed and at a disadvantage for now (but I will definitely have a look later)" in in-page popups with that as the only way to close the modal have recently caught on.

These things make me despise the website instantly and make me wish for a "fuck off"-button.

Try cancelling your wordpress subscription if you want to see dark patterns in ui

It should be illegal to not allow you to cancel a paid subscriptions through the same means you started it. Tons of companies force you to call their customer support, get put on hold, listen to to them try and sell you stuff, listen to them try and convince you to stay, then finally let you cancel it.

Ever tried to cancel a gym membership?

When did this ethical issue happen? Up until a few years ago, my feeling was that hackers had the high horse regarding ethics, considering free software movement, crypto movements, etc.

Did hackers lose their ethics when money was poured in?

The answer is that the "hacker ethos" is just a masquerade with SV in order to try to persuade other professionals and conditon them to approve of such behavior and participate. Sure there's money at play, but the hacker ethos espoused by many SV startups and companies is lip service to appeal to potential candidates and vocal members of a said community. It's marketing, and regrettably people eat it up while thinking they're above such chicanery and tricks.

"Hackers" lost their ethics after an openly anti-ethics VC appropriated the label and gave it to his followers.

> They're not Goody Two-Shoes type good. Morally, they care about getting the big questions right, but not about observing proprieties. That's why I'd use the word naughty rather than evil. They delight in breaking rules, but not rules that matter.

If that quote doesn't scare you, imagine it coming from the mouth of the head of whichever political party you like less. Or whatever position you see as a cartoon bad guy (e.g. Wall Street CEO).

SV parades the hacker ethics like some serial killer who wears the faces of their victims to show everyone how pretty they are now.

What Google, Facebook, etc. wear as hacker ethic is so divorced from some of the principles that it's just cruel.

There are hackers outside the bay area and venture capital space.

Hackers do have the high horse. People working at Google, Facebook, Microsoft et al are not hackers, they're workforce in a corporate environment.

I want to see where lawmakers are spending their time (especially in their off hours). There's probably plenty of fun stuff to discover in the data.

Honestly, a publically available real time map of the location of all lawmakers that haven’t pledged to fix this is probably the only way to fix it.

If that’s not enough, some simple data mining to list all their known associates, mistresses (etc), would probably get it fixed.

Sadly, they’d probably just make it illegal to publish data about the ruling class and not the rest of us.

> Honestly, a publically available real time map of the location of all lawmakers that haven’t pledged to fix this is probably the only way to fix it.

Restricting this to certain lawmakers based on political affiliation on positions is not the right way to go. If one party is more affected than another, they will turn it into a purely tribal issue. (Democrats are lawbreakers who are endangering Republican politicians by releasing sensitive location data! This shows that Democrats cannot be trusted! Why wasn't Clinton's location data released too? Fake liberal news, etc.. etc..) This is easy to spin, and will turn their base against reform.

If you do this, you have to include all lawmakers. This is actually more fair because regardless of who is paying lip service to privacy, the legislature collectively has failed to do anything about it. How do you know those who claim to support privacy really do at all behind closed doors?

It's not about party affiliation. It's about whether they care or not to support the overwhelming public interest.

What we want is a government scared of its citizens not the other way around.

most governments are perfectly afraid of their citizens, hence every decision being towards more control. in the face of being more afraid, they will tighten that control, and not loosen it.

Who gives a shit? Fuck this nuanced bullshit. Target them.

Here's a classic 2002 story about a Portland district attorney changing his tune on the privacy of garbage after a reporter reporting on the contents of the DA's garbage:


This is why the US has some extremely narrowly drafted bits of privacy law, such as https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

Crazy: they banned disclosure of video rental history just because a Supreme Court nominee was embarrassed by having it disclosed? Great moments in having principles!

Oh yea, the Supreme Court is generally just as crazy as the other two branches of government. Go read about a few of their decisions.

>Sadly, they’d probably just make it illegal to publish data about the ruling class and not the rest of us.

It might already be illegal, it sounds a little like blackmail.

it’s only blackmail when you have a demand.

the party that discloses the information does not need to have demands.

> publically available real time map of the location of all lawmakers that haven’t pledged to fix this

Sounds like an interesting project, let's collaborate.

Yes. Thats still my main problem with this whole post privacy thing - the big players know allmost everything about us, but we only know redegated informations about them.

I just heard (so no sure if true, but likely) Mark Zuckerberg bought all of the surrounding houses of his home to protect his privacy...

Information asymmetry - it’s always been a powerful tool in business, marketing, politics, etc. While the internet and mobile devices have given the masses much more information, they have given those in positions of power even more.

He also wanted a private meeting with the European Parliament...

It’s true. happened years ago.

he also bought 700 acres in Hawaiʻi.

Talk to your friendly local Repo men, they can track every bit of asset, and all they need is owners name. That includes tracking personal and car embedded cellphones, digging thru social media for close friends and family, scanning ANPR databases etc.

1000%! My repo buddy knows everywhere anyone goes anytime. Very scary stuff. Luckily(sic), he had a crappy childhood & came into maturity as a highly principaled individual(0 drink, 0 drugs). I suspect he is the exception to the norm in that space.

*He was in from out of town & borrowed another friend's workstation to run a trace a couple month's back. That mutual friend was agog at how much micro location data was pulled up. Frankly, I was, too.

Yep, mostly FBI agents waiting to arrest you for felony wiretapping charges

Are you implying it's illegal to do that? It seems like the whole point of the article is that this is entirely legal.

It sounds like congressmen and senators explicitly voted to prevent the FCC from making things like this illegal.

I'm implying that the FBI won't give a fuck if its legal or illegal and the onus is on you to prove that you are not a terrorist, which considering you have been monitoring high level government officials on a real time location basis... Good luck.

I think as a geek your life changes once you learn being right means nothing outside of your field of expertise.

And being a smartass means nothing outside of your social circle.

That doesn’t mean they won’t carve out exceptions for themselves though. Congress passed laws to allow them to trade on inside information, for example.

Wow thank you! :)

>is that this is entirely legal

For corporations and the government to be doing it. Not for activists to do it.

Activists can be jailed for doing even actually obviously legal things...

What other companies purchase phone geo tracking that provide it online. Would polling congressmen's public assessible location be ok if provided online?

Googling for "phone location ss7" returns some interesting results that may or may not work given some protocol upgrades:




A commercial provider for these services: https://www.pccwglobal.com/en/service-provider/products/mobi...

Wireshark screenshot of GSM packet with cell site info: https://resources.infosecinstitute.com/wp-content/uploads/05...

LocartionSmart isn’t SS7. They get the feeds and triangulation directly from the carrier (they purchase it).

Agreed. I was merely posting this for informational purposes. It looks like anyone can locate anyone if they pay $5000ish to get on an IPX connection to the SS7 network.

It also looks like there is a separate community run SS7 testnet. That could be an interesting thing to play around with...

The thing that scares me the most about the LocationSmart stuff is that I can't think of any workaround besides "don't use cellular data".

It works as long as your phone is turned on and within range of at least one cell tower.

Whether you have data turned on is irrelevant, along with phone type, OS, smart or dumb - This affects all cell users.

I always assumed on or off, as long as battery was in & had charge. Hence, the proliferation of SoC(exclusively) & non-removable batts(aka elegant design).

So what if we had a pool of "shared" 3/4G wifi hotspots with burner SIMs - kind of like bookcrossing - where you use one for a while then send it on to another member - a "sharing economy" of hotspots, "like Uber, but for cellular data".

Then you use them with a non-cellular equipped device (iPod Touch?) or perhaps trust airplane mode with Wi-Fi turned on - and use Signal/iMessage/Facetime/whatever...

I wonder how hard it'd be to route incoming calls to my phone (as in, the one with a SIM registered in my name) to a vpn-ed non-cellular device? You could probably make a very plausible looking "Gets up, goes to work, stops at a bar on the way home some days, gets back home, goes to sleep." routine while still being connected while you phone is on the desk at work of the coffee table at home. (or perhaps on the Roomba at home, so it still moves around a little...)

One of two things:

1) Someone uses it for nefarious purposes, everyone involved gets implicated and investigated (in no small part in an attempt to drive people away from this model), no one wants to use these things anymore.

2) It works reasonably well, becomes a business, and big business provides for a small fee (perhaps free except for watching ads and your location data....) those hotspots and decimate the critical mass needed for this into unusefulness. If you think that's far fetched, this has already happened: consider email - it used to be distributed. There is now a copy of ~90% of emails on a Google/Microsoft server because at least one of the senders/recipients uses a hosted account.

You can't really win an infrastructure game against established player using their own infrastructure; And the barrier to entry is so huge it's unlikely you'll be able to set up your own.

It is not productive to think up technological solutions where a political one is required. Legislate for stronger privacy. Disallow companies to collect/store this data.

You're probably right, and the EU are trying at least - but there's also an argument that once "the genie is out of the bottle", there's no way to stuff it back in.

A friend of mine makes a very persuasive argument that Facebook has demonstrated how to manipulate vast numbers of people at mass scale - so much so that shutting Facebook down would no longer make any difference - now that it's known to be possible, it's much easier for anybody else to copy what's public and work out how to make the "private" algorithms work.

A long-ish read, but a lot of that argument is here: https://meanjin.com.au/essays/the-last-days-of-reality/ and here: https://ukvid.net/video/mark-pesce-on-the-end-of-reality-fPA...

Airplane mode + WiFi + Signal? Covers 95% of my daily routine. Home-Work-Home-Work-Home-Work-Home-Work-Home-Work-Weekend-Weekend.

From the first thread on this issue[0], it appears that the GPS data transfer exchange is happening underneath the OS level.

I tried the locationsmart demo, after disabling the GPS on my phone, and all location services, my exact location was still be able to be pinpointed utilizing their GPS option.

[0]: https://news.ycombinator.com/item?id=17081684

It's using the cell tower location. If you don't connect to the cell tower (Airplane mode), there's no location.

>> From the first thread on this issue[0], it appears that the GPS data transfer exchange is happening underneath the OS level.

> It's using the cell tower location. If you don't connect to the cell tower (Airplane mode), there's no location.

So you're saying that person quite explicitly saying this is GPS data is explicitly wrong about this? (i.e. you have more information than that person, and it is explicitly to the contrary?)

FWIW the Kerbs article makes no mention of GPS, only nearby cell towers


That person was clearly claiming to have 'insider' information. I'm not sure why one would expect Krebs to have been privy to the same information.

It does AGPS, pointed to where exactly I was in my house.

Or it's being reported as part of the E911 data for emergency services.

This seems like the most likely explanation to me.

It looks like this is the creepiest of all the ways "they" get your location:


There are 3 operating systems running in any phone:

* iOS / Android * The SIM card JVM * The baseband RTOS

And Qualcomm is in most phones, running their RexOS, which Has that IzAt service, which has full access to memory, GPS, etc, and uses this access to send your location data to Qualcomm / the carrier.





While I’d love to believe that’s enough, you can’t really be certain the SIM isn’t uploading Location data that’s been stored while in airplane mode. Until SIM is open source (which is pretty unlikely) there’s no way to be sure outside of a device not having a cellular radio or gps capability.

Why would it? The SIM card itself has no real functionality, and cannot just randomly affect the radio components of the phone. It just stores its identity and keys, so the cell tower can identify and bill the right user.

The way the location tracking works is simply by logging what phone connected to the cell tower, at the tower itself. To be able to adjust the power the radio component needs to output (to get a good signal), it needs to know the distance to the tower. You get location by then correlating with multiple towers, because the phone has to choose which one it has the strongest reception to, and therefore has to gather data from all nearby towers.

In short: that’s not how a SIM card works.

Leaving aside the SIM card, there's no way to really know what the baseband is up to: https://www.extremetech.com/computing/170874-the-secret-seco...

SIM cards do run some sophisticated software, e.g. a. Java Card runtime.

Even with something running on it, that’s not automatically gonna give it access to any other hardware component in the phone. The phone itself is only interested in using it for identification.

> Even with something running on it, that’s not automatically gonna give it access to any other hardware component in the phone. The phone itself is only interested in using it for identification.

I can't tell if this is true or false, but it seems that in either case, access to the SIM can imply access location data:

> With the all-important (and till-now elusive) encryption key, Nohl could send a virus to the SIM card, which could then send premium text messages, collect location data, make premium calls or re-route calls.

[1] https://www.forbes.com/sites/parmyolson/2013/07/21/sim-cards...

AP MAC addresses, signal strengths and locations have been collected by Google for years to provide WiFi-based location services to Android users.

I wouldn't be surprised if other platforms/applications/companies are using that data, as well.

The solution is political, not technical.

Which is even harder because you have to convince the masses to care instead of just messing with some code to fix the problem for yourself

Then there's no solution at all.

Faraday bags work when you want devices offline - but it doesn’t make for a very useful device.

Do you have a source for that? Even without cellular data turned on, carriers know your rough location based on cell tower locations.

Yeah, oops, I meant "don't turn on your cellphone".

Except that they can just turn your phone back on remotely, should they want to.

There is no [citation needed] big enough for this incredible claim.

Not to imply that it can just be done easily to every phone, or without preparation or perhaps previous physical access, but this concept has come up more than once in the mainstream news in recent years. So this level of incredulity seems misplaced.



Honestly, I thought it was a well known thing by now. A quick search on google turns up multiple writeups.

> "Can anyone turn it on remotely if it's off?" Williams asked Snowden, referring to the "burner" smartphone Williams used for travel to Russia. "Can they turn on apps? Did anyone know or care that I Googled the final score of the Rangers-Canadiens game last night because I was traveling here?"

> "I would say yes to all of those," Snowden replied. "They can absolutely turn them on with the power turned off to the device."

Uh, what? That’s a pretty significant claim.

Use a faraday bag.

That breaks wifi (though wifi is enough to leak decent location data, unless you’re using a vpn, and somehow blocking location service).

I wonder how hard it is to open a modern iphone and cut the relevant antenna traces on the pcb.

There are youtube videos on iDevice wifi modifications. You can also use a wired ethernet adapter on iOS devices via the lightning port.

at that point, what's the point of using a phone?

There are many offline apps/data which can be synced via wired ethernet, including maps, audio, music, video, photos, books, notes, sound/light meters, compass and special purpose add-on devices.

exactly. i think the issue with cell with people is that it can track your movements and most people always have it on them and on.

Surgery: No GPS antenna, no GPS location.

Use a "proxy" phone number that forwards to your cell phone number and keep your real cell phone number private.

It's not the number that's a problem, devices are tracked and the data is sold by the cell provider. Even if it's not billed under your name, it's likely moving between your house and your work 5 days a week, that's enough to deduce who it's used by.

Love Krebs, and there is an important point here about location privacy, and the scandalous selling of it, but it really gets lost in trying to tie it to net neutrality, which really is largely a separate issue.

It's not tied because of Krebs. It's tied because Ajit Pai's FCC performed selective "deregulation" in the name of repealing "net neutrality" and further entrenched the telecom oligopoly by allowing them to abuse their market dominance in other verticals.

Net neutrality has in common with the selling of user data the same theme big company "rights" versus the customers/citizens rights, I don't thing "rights" is the best word there but I can't find other right now.

I might be wrong, but LocationSmart wouldn't be able to work under GDPR. So the correct title should be "Location data is no longer private in non-GDPR countries".

People must demand privacy protections similar to HIPAA for their digital lives. And to have ownership over location and contact details. If not, the corporate stalking and creepy targeting will continue.

I spent a while not carrying a phone with me at all. It was kind of a pain. I went back to carrying the dumbphone, turned off. I turn it on during my breaks to check if I missed anything.

Trying to imply that this has anything to do with the NN law is incredibly dishonest. The post doesn't explicitly claim it would have prevented this but shifts back and forth between several topics to create a clear implication.

The article talks about Ajit Pai and how he was promoted by Trump. This is a bit misleading as Pai was appointed originally by Obama and served in high level roles in the FCC, although Trump did place him in his current position.

The FCC has to have two opposition party commissioners. If it weren't Pai it would be someone else from the party sound the same things. Everything Pai is doing is 100% on the Republicans. If they were opposed they could easily stop him.

>The article talks about Ajit Pai and how he was promoted by Trump

>Trump did place him in his current position

So what's the misleading part?


Mobile carriers are selling your real time location to anyone willing to pay. The number of nefarious uses for real time location is immense

And meanwhile, the press is worked up about cambridge analytica accessing your facebook friend network.

It seems like someone ought to put a site with real time locations of our senators and congressmen. My guess is that will solve the problem quickly.

Pretty much the best idea to get action on this.

For congressman and senators. Not for peons, I assume.

All the mobile carriers in the US are shit at keeping your data secure, real time data has been leaked on one hand, comcast leaked home addresses and wifi router login details on the other, article is calling out Ajit Pai for trying to repeal 2015 privacy rules amongst said bullshit.

and im her in europe basking under the protective blanket of the GDPR (which sounds too similar to the DDR (Deutsche Demokratische Republik for my tastes))

German Democratic Peoples Republic ;-)

oh God, I knew I had heard it somewhere before

When Was Location Data Private?

For all practical purposes, about 35 years ago, unless you were under targeted surveillance.

When you were outside the US.

Australia checking in here.

Nope. Sorry... We're just as bad as the US.

Outside of Five Eyes countries then.

Kirov^W Russia reporting. You're wrong, tovarishch.

Seriously, our mobile telcos have location services as a consumer product providing similar functionality to Google Trusted Contacts but without need for a smartphone. E.g. Megafon has it branded as "Family Radar" - and they can locate other major networks' users, meaning that they all interoperate.

So is EU really the only place left where this intrusion is not happening / allowed? I'm sure EU networks also have this data, but selling it commercially would cause quite a scandal, and certainly is not allowed without opt-in under GDPR.

Please use a responsive theme.

It matters.

On iPhone, long press reader view, and click on the option to automatically use it for all sites.

Problem solved.

Holy shit! I love you!

On firefox, click on the paper like icon in the url bar to turn on readability mode

Isn’t the problem more about users of technology blindly agreeing to contracts that very few actually read? In some cases, there are actual breeches that expose private data to misuse, but most location data is obtained from users who quickly scroll through a long EULA without understanding what they’re agreeing to.

I would like to hear more from individuals that actually take the time to read every single EULA that gets thrown at them - and what their next course of action is after they do.

For some EULAs, it is possible to abstain using the service once you find something egregious in that agreement. I can avoid downloading an app or taking an Uber.

But when it comes to internet service providers - what are your options? Okay, you read through Comcast's EULA and found something alarming. So your next option is to... read AT&T's EULA and also be alarmed? Is the solution to forgo any cell/internet service?

Don't get me wrong but the issue is the monopolistic market. I trust my Internet provider and have no issue with their ToS (which I read) however I can choose from 10+ providers.

I also quote the Facebook TOS when people wonder why I am not there. Or pay more for my emailing to not have to deal with mailchimps ToS.

IMO there is a market for more privacy oriented people. And some companies know and use that fact.

> I would like to hear more from individuals that actually take the time to read every single EULA that gets thrown at them

No one actually does this. I read somewhere that it would take an estimated 71 days per year to read all of the EULAs and T&C documents and their updates that an average American is subject to.

I know someone who used to read most Ts&Cs when signing up for services. It wasn't so much about the possibility of declining, but more about knowing what you're getting into. There's also an argument that if you make yourself do this, you end up with fewer accounts that you don't really need.

Even if you do try to read them, they're generally written in vague legalese that I assume means "we can do whatever we like, and you have no right to complain". And if they haven't allowed something they later want to do, you'll get an email saying that they're "clarifying" their terms and conditions, and if you don't like it, you can stop using the service.

>Isn’t the problem more about users of technology blindly agreeing to contracts that very few actually read?

Isn't this problem more about purposefuly obfuscated legalese documents that are impossible for users to understand and that are constantly updated and constricted like "bait and switch" schemes?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact