Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Terms of Service, Didn't Read (tosdr.org)
251 points by hunglee2 on June 8, 2015 | hide | past | favorite | 60 comments

This site pops up here about once a year, and if I recall correctly, I often hear the sentiment of frustration with the whole way TOS works on the web. Here are 3 other past discussions HN has had about the site for anyone curious:




Including in the last year [1], which makes this a dupe [2].

1. https://news.ycombinator.com/item?id=8394144

2. https://news.ycombinator.com/newsfaq.html

We could really need help from people who want to get involved, and just people who want to rate one site.

Find out how to contribute here: https://tosdr.org/contribute.html Thanks! :)

Even those that are rated best, I doubt anyone can really explain the scope of the contract or each party's responsibilities without going into further details of my country's contract law, EU contract law, consumer protection laws, precedence and a few years of legal studies.

For example, when kolab says they should be, "To the extent permitted by the law", be excluded from any liability and be completely indemnify from all and everything, what does that actually mean? What does that mean for fit-for-purpose, or quality assurance, or to use a Swedish contract law: fairness in the contractual terms?

Here we got a Class A contract which I have no clue what, if anything, each party has agreed on. The only part I could reasonable figure as a contracted responsibility is that they will provide 30 days for customers to agree to the new terms if they decide to change prices. Also, customers are required by the contract to make private backups, which is quite an odd contractual responsibility to demand from customers. I doubt Kolab intended to be a contractual responsibility, but rather letting customers know whose responsibility it is to make backups if the customer wants that.

Most contracts aren't meant to be read be you, but by a lawyer. This is because it's almost impossible in normal language to accurately express the intention without opening tons of legal loopholes that can be abused in a court case. By the time you have written an exact specification that is 100% unambiguous, you have ended up with a contract that only lawyers can read.

To draw a comparison, let's take a random HTML tutorial on the Internet. Pretty easy to read and lets you understand the gist of HTML. But it's too vague and ambiguous if you want to write a browser engine. So you need the formal HTML spec, which only experts can read.

Writing a browser = court case. Formal HTML spec = contract.

The problem is that we allow for consent to a contract to be valid. There are people who cannot afford lawyers for all the contracts they sign going about their daily lives. When I go to the doctor, when I buy insurance, when I get a phone... I am in effect being forced to agree to contracts that I cannot understand (doctor is a medical need, insurance is mandated under penalty of law, cellphone is a want, but it is really close to a need if you are trying to do a lot of things like getting a job).

Either uninformed consent counts or courts need to start saying these contracts were not given informed consent.

That's why some jurisdictions, e.g. certain civil law countries, limit the amount of stuff you can do in a contract in a business-to-consumer context. For example, in the Netherlands, all business-to-consumer contracts must follow the principle of "reasonableness & fairness". I can't give you an exact definition, but a "gut definition" is that if the judge looks at it and his gut feeling is "this is bullshit", then the contract is probably not legally binding. For example, as a consumer, you cannot agree that you have to sell your house to the other party for $10 if you fail to pay for the $30 service within 20 days. That would be an unreasonable claim.

Business-to-business transactions are however not subject to such protections. You can put anything you want in a contract (including unreasonable clauses) as long as it doesn't violate any laws.

The US is a common law country and as far as I know doesn't have this "reasonableness & fairness" principle for business-to-consumer contracts. In contrast to civil law countries, where judges tend to look at the spirit of the contract, common law country judges look at the letter of the contract. That's why old ladies can sue McDonalds when they burn their tongue on hot coffee. "Hey it's not written anywhere that I should be careful with hot coffee". And that's why US businesses have to put literally everything in contracts.

I agree with the spirit of what you're saying /grin but incidentally, you might want to read the details on the McDonalds coffee case: http://www.lectlaw.com/files/cur78.htm

Technically, a contract requires a "meeting of minds." If you don't understand it, it is not a valid contract. Now, practically, this argument will only go so far with a judge. the presumption is that you read and understood it before you signed it. It can act as a defense, however, in cases where a person can be argued to be mentally "deficient" (mentally ill, low-IQ, a child, et cetera), and possibly also in cases where a contract is excessively or deliberately hard to understand.

I don't tend to worry too much about TOS as it is questionable whether I have truly entered into a contract in the first place. Most of the more egregious clauses would never be enforceable (you can't sign away your rights no matter what the contract says), and most companies are smart enough not to test it in a court of law. Finally, if it all comes to a head, the worst likely consequence is that I will simply have the service cut-off.

In common law, the idea of "reasonableness & fairness" is there, too. It is simply not codified because it doesn't need to be.

The problem is that for many areas of the contract, the average person does not understand it. Ask someone what arbitration is. Ask someone what acceleration of payments due is.

> The US is a common law country

With the exception of Louisiana, which is a civil law state.

> cellphone is a want, but it is really close to a need

I'd actually argue it's a need in certain circumstances. At the very least, a phone in general is a need, since it's required for quite a bit of functionality government-wise, and for many people (i.e. homeless persons), a cellular phone is probably the most affordable option.

I personally don't even like the want/need distinction. To me, needs don't really exist, there are just a ranking of wants, with biological drives generally dominating the top of the list.

But it would often obscure my general point to add in this nitpick so I avoid saying at first and only add it as a follow up.

> Most contracts aren't meant to be read be you, but by a lawyer.

Then this pulls the rug out from under the oft-made claim, "It's in the ToS, so it's acceptable", doesn't it?[0]

In any case, in the US it's common in the medical field to be required to provide plain-English[1] summaries of any contract that are at a certain maximum reading level (oftentimes 4th grade). These summaries are not legally binding per se, but if they do not accurately reflect the contracts and policies they summarize, there can be serious consequences. The same is also often true for government programs or private contractors which receive local or federal government funds for providing services to the public.

I would love to see this catch on for privacy policies and terms of services, though it may take legal fiat for this to happen (as it did in the medical and public sectors). Hopefully we can address this problem as an industry before it comes to that.

[0] This claim is not valid for a number of reasons, one of which being that ToS may contain clauses that are not even legally enforceable, or which may violate other laws.

[1] And depending on where in the country you live, you may be required to provide these in more than one language.

Having glanced at the formal specs for IPsec, I am glad I never have to provide a signature to the fact that I fully understand it. RFC's and similar document has often ambiguous cases and errors to the point where experts in the field often reach different interpretation to the same text.

But contracts are intended to be understood and signed by ordinary people, on the assumption that one can understand it. Contract law itself, and in particular for civil law, the underlying theory is that a contract is a meeting of the mind where both parties understand what kind of responsibility and obligation there is. It seems only in recent time that this concept has been thrown under the table and contracts are written by lawyers, for the court, and people are just expected to sign it on blind faith that it all is fair.

tosdr goal seems to be fixing this, but I don't see how it ever could reach it. If the best contract in the market can't be understood, can't be read, then what can we do except ignoring the TOS and instead rate companies in how they behave regarding privacy, copyright, and QoS?

I find being a programmer helps me with reading law. A lot of the time it's just a bunch of if this than that statements.

>A lot of the time it's just a bunch of if this than that statements.

Until you get to corporate and contract law, then it's just a bunch of if this then that statements with subtle unstated implications.

You could almost say that the entire point of corporate and contract law is for one party to disguise intent, forcing the other party to hire a lawyer to try to divine the intent.

Not all consumer terms-of-service are quite so devious, because sometimes the intent is simple minimisation of risk and legal ass covering to avoid opportunistic sue-age.

But in high powered negotiations you'd better believe the other party doesn't necessarily have your best interests at heart, and a naive reading of terms can do you a lot of damage.

Thanks for the insight.

Would you say that VC term sheets fall into this category?

Often yes. You need someone with experience and insight to go through them and point out what the terms really mean.

The problem is the function calls to the poorly documented API and some weird redefinitions of commons words. My go to example is affirming an appeal, which actually means rejecting an appeal, even though in normal language affirm and reject are basically opposites.

This has been around for a long while. It's in need of much love from online communities.

Reaching the frontpage of /r/all yesterday should help that part.

Yes please – for info on how to get involved please check https://tosdr.org/contribute.html – thanks!

    Copy Right       .... Creative Commons
    Terms of Service .... ?
Innovators, please fill that gap

Creative Commons licenses have simple tags communicating the modalities of each license quite clearly, and I believe the same can be done for Terms of Service. However, there are significant hurdles.

I think a ToS Commons labeling scheme could be successful in providing TL;DR information for consumers, as an expression of intent followed up by the inevitable multitude of kilobytes expressing the same thing in legalese. This is also where the tosdr.org falls short as far as I can tell: instead of providing a list of tags that describe what the ToS in question mean, they apparently only rate them. That is not enough information to go on.

This website is a walking, talking advert for open source. If they have to foist a metric shit-ton of legalese onto you to grace you with the ability to use their offering, walk nay run away, find a freer alternative. Software wants to be free as in free from eulas ndas and tos!

Have you ever read through the entirety of GPLv3? It's pretty damn long: http://www.gnu.org/licenses/gpl-3.0.en.html

Length doesn't really say anything about scope. I can take MIT license, one of the smallest and most permissive license out there, and add a single word which would make it incompatible with every other license in the world including itself.

The only saving grace with FLOSS licenses is that they are not contracts, and only impacts those who seeks additional permission to distribute copies of a copyrighted word. If someone feel they don't understand the conditions which the license automatically grants permissions, they can always go directly to the author and ask them.

Yeah, but the GPL is a pretty standard license and as such has many summarizations and tl;drs floating on the web.

With company legalese, everyone has its own...

An end-user of software licensed under the GPLv3 doesn't ever have to read the license until they decide to modify and share it.

At that point they should be well-versed in reading licensing agreements because they're touching others' source code.

Fair point, but in that case free/open source is irrelevant: one could equally well build a closed-source app without a ToS, or an open source app with one.

I agree completely. I don't know what the OP was getting at.

As laudable as the goal is, I always have the same reservations about this kind of site.

Firstly, contracts and licence agreements can be complicated, and there is a real risk that "dumbing them down" in this way will misrepresent either what they actually say or their real impact given actual laws that are relevant. Of course these things can themselves vary significantly from one jurisdiction to the next.

Secondly, there is always a risk that the information on the summary site becomes out of date.

Thirdly, the choice of which points to highlight and whether to present them as positive or negative often seems rather arbitrary and perhaps guided by the preferences of the TOSDR operators.

An example of being out of date would be the Steam entry, which says "No refund policy" despite this being changed a few days ago.

As an example of the final point about subjectivity, several sites are given a thumbs down for claiming varying degrees of rights to content you upload, yet Wikipedia is given a thumbs up for publishing your content under a free licence. Given actual laws with regard to giving credit/claiming authorship (moral rights/author's right/your local equivalent if you have one) that exist in many jurisdictions in addition to the usual copyright provisions, I'm not sure I see a big difference here in practice.

Several of the points raised, sometimes repeatedly, as negatives are also routine in B2C contracts and indeed probably necessary for the services to provide their intended functions -- the ability to change terms, for example, or transferring users' data in the event of an exit. In many jurisdictions there are legal safeguards that would allow for challenging unreasonable TOS changes or disclosures regardless of what any terms say, but the idea that any commercial service is going to fix its terms for all eternity with no mechanism for changing them even with notice is just silly (not to mention legally impossible almost everywhere), as is the idea that a business will promise not to transfer data about its users to any new owner.

“I have read and agree to the Terms” is the biggest lie on the web

"not just the web" ;)

There's also this similar website which seems to be mainly used for software licenses


When you pirate the software to begin with, license agreements are kind of moot.

Well, that and using open source software. Most of those dictates decide what to do if you want to use their code.

As an open source user, I'm always baffled when I run a proprietary application and I start to read this big box of confusing, useless text before realizing it's a EULA.

That's where I sit most of the time. I prefer using Linux as my desktop, as well as my server OS. I'm looking into combining my machines under Mesos, but that'll take some figuring out (as opposed to Kubernetes and friends).

My degree calls for, unfortunately, very vertical programs that I cannot afford (3d design - Autodesk Inventor, Cateia, Solidworks). So I resort to piracy for my learning. I still feel wrong to make profit on pirated works.

However, I'm also learning FreeCAD as well how they develop it. This is what I use when I make money on 3d designs. I'd much rather it win out than things like Inventor anyday.

I know at least Autodesk lets you download their entire suite (inventor included) if you can provide them a .edu email address, for the purpose of learning, your exact use case. I can't speak for the others.

They do.

Inventor is a 3d parametric editor. You can make a simple gear, or you can make an engine and apply constrained motion as it would work in real life. We call this an assembly.

I have quite a few drawings that have over 100 parts in them. No big deal, so far? The problem is Autodesk Inventor wants to put a nag screen on everything you open, proclaiming "THIS IS EDUCATIONAL". That's fine for me so far...

Until you realize that it opens up the "THIS IS EDUCATIONAL" for every part, and including the assembly file itself. 101 dialogs? No. It crashes after 70 or so.

So, I went and downloaded a pirate copy. And l and behold, the pirate copy works better than the 'legit' one.

(Solidworks is $175 for student, and Catia has no student option. Creo or ProE just stinks.)

Are you baffled when you run an open source application and the GPL pops up?

I don't think I've ever seen this happen. It's not something end users need to agree to, so why would an application show it to end users?

I've seen it on MS platforms when someone packs a GPL program using Windows installers.

It's assumed that if you develop for Windows, it's going to be proprietary and a restrictive license. So the packagers have a click-continue EULA boilerplate.

And then the open source packager copy-pastes the GPL in the EULA screen.

It's annoying, but I have seen it rarely. Thank goodness that Apt doesnt do this.

Probably means I accidentally typed "warranty" somewhere to find I have no warranty.


Similar -> Uses Baysean classifier to classify privacy policies vs rely on humans maintaining. More coverage.

Previous discussion https://news.ycombinator.com/item?id=3222334

That says "They do not sell your private information" for every site I tried - Google, Facebook, Pebble, etc. This includes "transunion.com", the credit reporting company whose business is selling your private information.

Their classifier is fooled by legalese which starts with a general statement and then adds exceptions.

This is great. This link is here today because of a reedit.com/r/showerthoughts post wishijg for such a site, and tosdr got linked in the comments. Then someone reposted it to /r/internetisbeautiful. Both posts made reedit front page, and then an HNer reposted here.

You have the much-maligned reedit frontpage community to thank for this.

Even though there are concrete bullet points for nearly all of these, more than half are "No Class Yet".

Sadly I must note that Pebble is not included. The last time I mentioned their ToS here on HN [1], Pebble changed them in less than 24 hours to leganese.

[1] https://news.ycombinator.com/item?id=9615240

Please do contribute :) https://tosdr.org/contribute.html

That's bad, especially since it collects so much data about you.

Do not attempt to remove the loyalty bracelet.

surprisingly Stackoverflow isn't listed there yet... :P

Would be nice to have ways to show similar services side by side showing their rating so user can decide which of the lesser evils to pick to use.

Anyone else notice that it ranks the terms of service for the chrome add on page as a C? Thought that was funny...

Slightly bizarre and unhelpful that the site links to its discussions on Google Groups.

This project has been going on for three years now, and they've still not gotten to Facebook, Apple, Amazon, or Yahoo. Okay.

I would have expected hundreds of assessments at this point. Not twelve.

There are way more than 12 on their site. It does have Facebook.

Facebook: "NO CLASS YET. We haven't sufficiently reviewed the terms yet. Please contribute to our group: Get involved."

This is what you mean?

So far as I can tell there are exactly twelve assessments since 2012.

*Edit. Let me be tougher.

There have only been two new assessments in the past two years.

There have only been five new assessments since the first Wayback Machine snapshot of the page (October 2012).

We are an open source effort and all our main folks have other things to do. Despite the popularity the project gets and however much people like it, there’s not a big influx of community contributors.

If you want to get involved, please see https://tosdr.org/contribute.html – thank you!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact