Imagine this: you’re spending a lovely afternoon at the park when you come across a booth promoting a free iPad giveaway. The woman at the table says that to enter the contest, you just need to agree to the terms and conditions…
Social experiment by Inside Edition
Sure, the events in the video were all part of a social experiment, but it goes to show the reality of the situation: practically no one (myself included, admittedly) takes the time to review those lengthy agreements before blindly clicking “Accept.”
It’s time for that to change. With GDPR now in effect over in Europe and data privacy concerns growing in America, internet users need to start taking terms and conditions seriously. After all, you’re not just agreeing to use a service, you’re signing a potentially legal-binding document.
You Did Read the Terms, Right?
In response to their huge data breach last year, Equifax offered affected users free enrollment in their TrustedID Premier monitoring service. But hidden within the terms of service was a clever piece of legal information: by accepting the terms, users waive their ability “to bring or participate in a class action, class arbitration, or other representative action.”
In other words, TrustedID Premier subscribers who agreed to the terms can’t launch a class-action lawsuit against the company if something goes wrong in the future. Which, if we’re being honest, is a valid concern.
Equifax isn’t the only company to include what’s called an arbitration clause in their terms of service. Major apps and services like Instagram, Netflix, and even Pokémon Go also include language in their conditions that restricts users from creating or joining class action lawsuits.
Navigating the Fine Print
If you actually read the terms and conditions and privacy policies of every website you visited in a year, it would take you almost 250 hours to get through them all. That’s nearly 30 full working days of reading endless legalese.
Luckily for us “lazy” Internet users, some clever people out there created a number of neat tools to help us understand exactly what we’re signing up for each time we mindlessly click an “Agree” button.
Created in 2012, Terms of Service; Didn’t Read (ToS;DR) is an online initiative that aims to interpret the terms of service and privacy policies of popular websites into more user-friendly language.
ToS;DR tries to make its reviewing process as transparent as possible. A voluntary team analyzes the policies of many popular websites and services, including Facebook, Spotify, Google, Amazon, and WordPress. Each policy is divided into sections based on topics such as cookie use, personal data, copyrights, and tracking.
Based on what they find within each section, the reviewers assign one of six color-coded ratings, called classifications, to each site or service:
While many of the changes TOSBack detects are simple formatting tweaks, it does capture times where important information was either added or deleted, as seen in the screenshot above for Xing.com.
TOSBack is currently in beta mode, so the information it provides might not be entirely accurate. Its developers suggest double-checking any of the crawler’s results “before relying on them for important legal or journalistic purposes.” Even so, TOSBack is still a handy tool.
Clickwrapped, “the web’s report card,” is another website-grading service in the same vein as ToS;DR. Using a point-based scoring system, Clickwrapped measures how well a website respects user rights as mandated in the user agreement or terms of service.
When reviewing a website’s legal documents, Clickwrapped breaks the content down into four main categories: Data Use, Data Disclosure, Amendment and Termination, and Miscellaneous.
Within each category, Clickwrapped checks if the terms or policies answer several specific questions:
What data does the site collect?
What can the site do with content you post?
Does the site get more rights to your content than it needs?
When can the site disclose your information to others?
Does it tell you if the government wants your data?
Is it transparent about government requests?
Amendment and Termination
Does the site give you notice when it changes its terms?
Under what circumstances can your account be terminated?
Does the site let you take your data to another service?
What else should you know about the site's legal agreements?
Clickwrapped awards up to 25 points per category, with the most trustworthy and user-centric sites earning up to 100 points. You can view each website’s detailed scoring information from the results page. So far, none of the websites Clickwrapped reviewed earned a perfect score.
Signing Out For Good
All the news about data abuse, user privacy, and other issues might have some people vowing to go off the grid, live in the woods, and never go online again. But if you want to reduce your online presence, you don’t have to take such extreme measures.
If you want to know all of your online accounts associated with a particular email address, check out Deseat.me. This free service uses the OAuth 2.0 protocol to retrieve your email account information without accessing your passwords or any other sensitive data. Deseat.me will generate a list of sites that have accounts associated with that email, along with direct links to the deletion options for each particular site.
In some cases, Deseat.me can’t provide a direct link to a deletion page. If that happens, check out AccountKiller, another deletion instruction aggregator. This site provides additional instructions and tips on how to permanently close online accounts for a number of websites.
Next time you’re signing up for a web service, make sure you do your homework before agreeing to the terms and conditions. After all, you could be signing up for anything.
This post originally appeared on Anura.