ToS;DR

ColinWright 289 points tosdr.org

−

serbuvlad

Gread idea. Odd first impression.

Wikipedia has 4 thumbs down 1 thumbs up and is grade B. Tor has 0 thumbs down 3 thumbs up and is grade C.

DuckDuckGo has only 1 thumbs down: "Instead of asking directly, this Service will assume your consent merely from your usage." and is grade B, presumably because of this. Startpage is grade A, has no thumbs down, but going on startpage does not prompt me to agree to anything either.

−

olivergregory

The grades are explained at the bottom of the page.

Regarding Startpage, It's not mandatory to show the cookie banner if you don't track. Startpage doesn't track you at all, so it's grade A.

Wikipedia has that all the bad things happen to your account except for the tracking, but you can still use Wikipedia without using an account. I agree that it's a B.

I'm not familiar enough with Tor to answer that grade.

−

danlitt

The grades are explained at the bottom of the page.

Are they? The table at the bottom page doesn't explain anything - in particular doesn't give any indication why Tor might be ranked below Wikipedia (for instance). How can a service with no mentioned negative qualities have a grade C?

−

IshKebab

Yeah the grades seem pretty biased. Wikipedia has 4 thumbs down and is grade B, Whatsapp has 2 and is grade D. One of them is even the same as Wikipedia's. Apparently just having "Any liability on behalf of the service is only limited to the fees you paid as a user" (which seems fairly reasonable to me) is enough to go from B to D?

−

RecycledEle

The twin purposes of ToS are (1) to provide jobs for lawyers and (2) to screw the customers.

If the ToS were understandable, neither of those would be accomplished.

−

hackernewsdhsu

Name.com just changed their "privacy policy". I leveraged an LLM to analyze the differences, and to identify which party benefitted from the change.

Surprise, surprise ... The people get 1 change, Name.com getall the rest; including making parts of it more ambiguous.

But it was easy to understand using the LLM analysis and it took longer to read than generate.

−

toasteros

If you haven't read it yourself how do you know that the LLM is correct?

−

tofof

If you haven't read it yourself how do you know...

This vacuous objection can be raised against every single piece of information any human has ever learned from elsewhere, recursively, back to the dawn of communication, regardless of the nature of the third party source of information.

Furthermore, LLM hallucination, particularly of reviewed documents, is not a problem I experience any longer with the models I use. For example, my LLM setup and the query I would use would cause the output to include quotes of the differences, which makes ctrl+f/f3 to spot check easy.

−

a2128

LLMs are not a third party source of information, they're prediction engines with known hallucination behaviors. If they're faced with a difficult or impossible challenge (e.g. if the user fails to provide a diff, or fail to provide anything to compare against), and if there is only one type of answer in its training data (there is very little text on the internet that's positive about a TOS change), the most likely outcome is that it'll just make something up that's similar to that type of answer. Yes sometimes they'll realize and ask for more info or maybe call out to a tool to make a diff, but it all depends on the user's setup and settings and the state of RNG that day

−

matheusmoreira

Those two purposes are one and the same. The biggest reason for corporations to hire lawyers is to figure out the exact amount of consumer screwing they can legally get away with.

Whenever people come across any "terms" document, they are well served by simply ignoring it entirely and assuming it contains the following statements:

you own nothing
the company owns everything
you have no rights
you promise not to try and exercise any right you think you have
if you ever convince yourself that you actually have rights, you agree to binding arbitration with the firm we pay
you cannot do anything the company doesn't like
the company can do literally anything it wants whether you like it or not
the company is not responsible for anything, ever
the company makes absolutely no guarantees about literally anything
you agree to indemnify us in all possible circumstances

−

jalk

And to protect the service provider from lawsuits.

−

amichal

Does a good job of showing how completely unparsable ToS are:

https://tosdr.org/en/service/1448 says both:

You maintain ownership of your data: This service does not claim ownership over user-generated content or materials, and the user * doesn't need to waive any moral rights* by posting owned content.

and

You waive your moral rights

Edit: I have no energy for figuring out which of these statements is more true.

−

Y_Y

I think in such a case (unless there was some context that clearly showed the difference between those two statements) then you as a user would benefit from contra proferentem. This legal principle (which is explicit law in some jurisdictions) says that the contract terms should be interpreted in favour of the party who did not write them.

https://en.wikipedia.org/wiki/Contra_proferentem

−

actionfromafar

Also not a thing possible to do, depending on jurisdiction.

−

dimava

Both is right I think

It's just one in coming from EU TOS^[1] and another comes from USA TOS^[2]

And the website doesn't support that

[1] https://www.tiktok.com/legal/page/eea/terms-of-service/en

[2] https://www.tiktok.com/legal/page/us/terms-of-service/en

−

timcobb

Sweet! One suggestion is to somehow normalize the requirements by company type? Like, for example, PayPal gets a thumbsdown for

You must provide your identifiable information

but that's reasonable for a company like PayPal?

−

amelius

We need browsers where the _user_ can specify their legal terms in the response headers. Let's make this two-sided.

−

skybrian

In a negotiation, either side can walk away. If the website can’t refuse then it’s not really a negotiation. So how would that work? If you set certain headers, the website blocks you? It doesn’t seem like that would be a popular feature.

It would make more sense as filtering criteria for a search engine.

−

amelius

Well, we could have organisations like the EFF compose a set of consumer-friendly clauses, which the user can then choose from.

If the website wants to block something the EFF deems a good and reasonable protection for the user, then maybe they should indeed block the request.

−

cluckindan

Some sites, like Facebook and YouTube are listed as being able to see your browser history. It doesn’t seem to be related to tracking scripts, so how exactly does that work?

−

TobTobXX

When you click on edit, you can see the specific section of the ToS: https://edit.tosdr.org/points/11339

Apparently this means that YT can acces the synced browser history if you're logged into Chrome.

−

bsimpson

I will forever remember how my parents, who insisted we should be honest in all situations, also taught us to just click the blue button whenever something wants to be installed.

−

basedrum

Why does Tor Browser get grade C when it only has green thumbs up?

−

Vinnl

Just checked with the team (I used to be involved), and apparently the reason is that Tor's policy is too short for the algorithm that turns policy annotations into a grade.

(This also kickstarted a discussion that maybe that warrants a change to the algorithm, so maybe later more.)

−

garyrob

I propose that it should use a Baysian prior where the background knowledge is assumed to be an A.

While it may be true that most ToS are onerous, suppose we look at a ToS document as a collection of terms of service. It's only the terms of service that cause a removal of rights that would otherwise be assumed. The more terms there are, and the more onerous each one is, the more rights can be removed. But before there are any terms, no rights are removed, so that situation should be an A. Diminished from there, depending on how many terms there are, and each one's onerousness.

−

j_bum

I’d love to see Kagi on here

−

Vinnl

ToS;dr is a collaborative effort! Folks can contribute for Kagi at https://edit.tosdr.org/services/11540/.

−

weare138

Ok this site lost me at Tor Browser. Why is Tor Browser listed on there as if it's a commercial product/service and rated as 'Grade C' without any supporting evidence? If they don't even know what Tor is then I don't know how qualified they are to weigh in on privacy issues.

I'll save everyone some time. In the year 2025, just assume any for profit corporation is stealing your data and you've waived all your rights as a consumer when you agreed to that ToS unless presented with compelling evidence to the contrary.

−

butz

Wasn't there some regulation in EU, which forces service owners to make ToS actually readable and understandable?

−

Puts

GDPR partly covers this since it's stated that the user must get information about how personal data is used in a clear and easy readable form. But I guess, there's some wiggle room how to interpret that. The law actually suggest that the industry could come up with symbols – like on food packaging. Your website could have a bunch of standardized icons in the footer to inform you how data is used, but since we don't have that it seems like the industry didn't like that idea of transparency.

−

piokoch

Wikipedia:

The service may use tracking pixels, web beacons, browser fingerprinting, and/or device fingerprinting on users.

Seriously? What for? People invest their time to provide free content and as a reward they are getting behavior typical for privacy invasive corpo from California?

−

synecdoche

ToS are highly unfair, because the company has had a group skilled in legalese draft them over enough time as deemed needed, whereas a layman is supposed to understand and base their next decision on something written in a language hardly understood by almost anyone.

For that reason ToS should be illegal unless, at least, written in layman terms.

−

osm3000

Why Tor is graded C, even though there are no downsides?

−

Vinnl

See the same question down this page: https://news.ycombinator.com/item?id=43534479

−

lionkor

The builtin rating is absolutely horseshit, that needs to go. If I want my TL;DR (summary) to contain opinions, I go read the news.

I don't understand how a website telling me that Facebook has a "Grade E" ToS is supposed to help me at all. Just give me a summary, the bullet points -- you don't need to try to assign each into "good/bad", and you certainly don't need to run an "algorithm" to show me if it's good or bad.

Chances are, if it says "sells all your data", I can figure out if I care about that, as a user, with freedom.

Maybe give me what you think (or your algorithm thinks) are the most important/controversial/impactful points, but don't rate them. This is akin to Wikipedia saying "Friday is the worst song ever created, wow it's so bad (thumbs down emoji)".

−

woadwarrior01

Tangentially related: FreeOutput^[1], which summarizes the copyright ownership of AI generated content from various LLM providers.

[1] https://news.ycombinator.com/item?id=43517585

−

ColinEberhardt

Great idea - although the website is struggling with comment SPAM https://edit.tosdr.org/points/10493

−

jameslk

This is more of a solved problem than not these days thanks to LLMs. You can plop an agreement into an LLM chat and ask some questions, which is a lot better than just checking a box because you didn’t have time to read it. I’ve been doing this myself regularly with pretty good results finding things to be concerned about, or not. LLMs hallucinate and aren’t equipped to be attorneys for us, but this is a big improvement over just having to accept everything blindly.