Nearly every website these days boasts a terms of service, but are they actually binding? Do we find ourselves selling our souls to the website owners for merely clicking a link from a search engine to read an article? Here we will talk about these terms, and we will discuss a major bottomless pitfall of which we are standing at the precipice.
Our legal system generally lacks codified law about the binding ability of website terms and conditions, usually placing them under the broad category of contract law. But a few cases have boiled to the top of the legal system that have just enough precedence to establish a few laws. These center on three basic elements: 1.) where the terms are posted, 2.) what the terms say, and 3.) how the end-user knows about them.
The two phrases we hear in discussing these terms are Click Wrap and Browse Wrap termsi. Browse Wrap means that the terms are simply posted on the site. They do not require a user to interact with the terms for them to be agreed upon. A Click Wrap is more active. The user must click a box that they agree to the terms, whether or not they actually read them. Legal teams have argued cases resulting in both ways of expressing your ToS being binding, and also being non-binding. Usually, the determination is where the ToS is located on the website.
In general, a browse-wrap ToS buried deep inside the bloated bowls of a website are deemed non-binding simply because of the hunt required to find them. An example of cases where a browse wrap was binding was on Register.com when their browser wrap agreement was right next to the whois search form. Usually, to be sure a website has a binding ToS, a click wrap is used while creating an account or interacting with the website.
Whether or not a ToS is binding on the end user depends on a lot of factors. But one of those factors does not assume that we have read the terms…only that we have had the opportunity to read them. Studies show older people are more likely to read the terms presented on a website, but even in that group, at most, only ten percent actually do read themii iii. As an April fool’s joke one year, a gaming company in the UK added a section in their only ToS that granted everyone who agreed (in a click-wrap agreement) to transfer their immortal soul to them. 7,500 people did in fact give their souls to that company on that dayiv.
But outside comical jokes, can the website terms actually do harm? I will argue yes, because you may well be agreeing to do things that can place you in a disadvantage for signing your agreement to terms. System1, as an example, lists in their privacy policy, that they will collect data you give them directly, data they collect while tracking you around the Internet, and data they buy from third parties they use to supplement your profilev.
Sadly, this is the advertising partner for Startpage!
Amazon’s KDP Select is a service offered to authors, and it contains terms I could never agree to. If an author gets excited to list a new ebook on Amazon, they may agree to the terms of this service without reading them. The KDP Select terms require the author to sell the eBook exclusively on Amazon, and Amazon can sue the author if they attempt to sell it anywhere else, including on a personal website.
Other common terms we agree to all the time is for the company to use our data in any way they want. Microsoft and Google love using our data for health and societal studies. They also share it with any partner they may have which can include a number of different companies and all their unknown subcontractors.
The bottom line, we rarely read the ToS of the websites we interact with, and the contracts we enter into without reading are often times one-sided, giving the company all rights while you retain none. And these contracts are not open for negotiation.
If we decide that we want to agree to the terms of a website to have a service, play a game, or make our lives easier, that is just fine. We are entering into a contact with a company or service with our free will intact. But what if we are forced?
Our society is adopting too many public-private partnerships under the guise of fiscal responsibility and convenience. These partnerships are forcing us to do business with massive companies for basic services. And the companies we are being forced to use, have onerous terms and conditions, of which we often have no choice but to agree. This all starts with the younger generations, because the goal is to train them to agree to everything as adults. When they have grown, the new adult generation will have near total compliance.
As such, education was one of the first sectors to start forcing people into third party companies. School systems around the company started getting in on forcing all the kids into Google accounts. Worse, the school system, and not the parents, set up the accounts, so the school passed Google all the information about the kids: Their full names, middle names, birthdates, genders. Some of these data points are optional, but the school jumped head-long and set up every kid, so now Google has a record of that child. They can use their data points to watch a child grow, learn what they search for, and how to develop, all without oversight or direct permission for the student or their parent.
Of course, the school computers, and even personal computers used by those kids are tied directly to Google servers on the DNS level, meaning every single query entered on that computer is directly tied to the student. I know this because a kid was mentoring at one point called me when he could not get on the Internet from home. I went over and examined his computer (a personal one purchased by him). The school IT locked all his DNS routes directly into the Google education servers. We only found out about this because on that day there was a widespread outage of the Google education server. Now Google has every data point required to track kids from first grade all the way up to adulthood…and they were forced into the Google account by the school district.
Of course, we also know now that Google has settled with over half the states in the USA over collecting data location on people using their servicesvi. How many kids got caught up in all this illegal location data harvesting scheme?
Kids are not the only ones forced into these terms. Young adults are also pulled into these services. We have driven our kids to believe that the only way to make it in the world is to go off to college. This is, of course, the age demographic that does not read ToS as a matter of practice, and they have been taught by the primary schools to click and agree to every button they are presented and to fill out every form that crosses their screen. In college, they are often forced to purchase an online home solution by their professor. As a person who used to sell these systems, I can say that the model is brilliant! We need to convince one person: the professor, to adopt the service, and we have made a sale to every student taking that course. Once the student in the class signs into the required online homework tool, they are presented with a click-wrap to agree to the terms. To be clear, most of those services are not harvesting a lot of data, but to say they have no data collection at all would be misleading. Worse, many people in these third-party companies may have access to data including names, emails, addresses, and academic material that is protected under laws. But the students have signed their academic rights away to the company they were forced, and required to pay, to do business with.
During the pandemic, students were forced to give up even more. Many colleges required the students to use online proctoring services. Usually the school footed the bill for these, but the companies created a gig economy of weirdos who were charged with validating the identity of the person taking the exam. This required the student showing their whole desk spacevii, and even to show valid photo ID to the random strangers on the other end of the cameraviii. Worse, many of these companies were also using AI-driven biometrics, which earned the company a class action lawsuit in Illinois, which has a robust anti-biometric lawix. The biometrics were discovered after a hacker stole several databases of student data and leaked it all online for freex.
Once our poor college student leaves college, they will be looking for work. Statistics demonstrate that over sixty percent of companies force workers to use some form of employee monitoring softwarexi. The numbers of people required to use such software is strikingly on the rise as more positions are working remote. Employee monitoring starts with a basic assumption that every little thing you must do for your job is on the computer. If you are like me (a fellow sticky note king) you know that a lot of work can be done offline as well. But the company starts looking not at your final product, but at your computer metrics. The software will record your screen, camera, internet, phone, keystrokes, and morexii. Some of them are being tied into big tech companies providing analytics to mangers who can ascertain your time getting back to a question on Slack or Teams. Nearly all of these tools require invasive software to be installed on your computer. The terms involved provides the servicers full access to your data leaving you little right to privacy, and virtually no trust that you are actually performing the duties you were hired to do.
Of course, we all die and pay taxes, but one plan from the IRS required Americans to create an account with a company called ID.me if they wanted to manage your IRS account onlinexiii. And be sure, they want everyone to interact with the IRS online, apparently going to far as to simply stop picking up the phone at most IRS field offices. This company in question, ID.me, used facial recognition technology powered with AI. This immediately ran afoul with privacy-focused activists and legislators, so the company had to stop using facial ID, though the relationship between the IRS and ID.me still exists. While presently, old IRS accounts can still be used, they are planing to phase out those accounts in favor of the IRS accounts verified by ID.me, just not with the facial recognitionxiv.
This is just the tip of the iceberg of people forced to use third party companies, often without even realizing they are using such companies. We do not have time to talk about the behind-the-scenes “Renters Credit Score” for renters, tied into big tech companies that share their profiles with a number of different landlords. If you have a dispute with one landlord, your “renters score” could keep you from any other rental agency utilizing that same databasexv.
Likewise, we do not have time to talk about the church database collecting all your (and your family’s) personal details to be a third party utilized by your church. Just one of these companies boasts 14,000 churches in its portfolio, and yes, they do use information to share with marketers, advertisers, and other partnersxvi xvii. This latter example is often forced upon unsuspecting congragents who do not even know that their church membership is held by an international conglomerate.
Sure, all of these examples have a means of “opting out” by living in a cave and not participating with the world. But should we become complete societal outcasts if we merely want to be free from a web-based contract that is hoisted upon us? This leaves us questioning what we should do, both as individuals and as a society.
So what are we to do about all these terms of service that we are forced to agree to? We are left with three basic choices. We can become normies and sign every document that is placed before us like a rat pawing for a new food pellet. Or, we can take the opposite extreme and remove ourselves from the whole of society and simply refuse to participate in the world. Of course, that gets us removed from any impact we could make. Like a monk or those troubling people from Brave New World who didn’t want to play along and were excised from society to live their lives in seclusion, we would become powerless. But I think the best approach is to be in the world and push back just enough to slowly influence the people around us into thinking about what they are doing.
Here are my tips, and I invite your tips in the comments. We need to push back at every turn. This means giving up convenience where applicable. When the hair salon wants your phone number or email, say, “no thank you. Just a hair cut today.” When a convenience presents itself, evaluate if you have to agree to a ToS in order to accept it. If you do, simply reject convenience.
Next, there are many things we can do to educate ourselves about terms of service being forced upon us. Take the opportunity to read service agreements as boring as that sounds. Be aware of any partnership with a third-party company. This happens a lot with banks partnering with Zelle and other companies to have easy, convenient payment through text. Evaluate if this is something you really need, or if it is just a service that is being pushed to provide more money between partners (with you as the traded asset). Courses about privacy can go a long way, and I would recommend you look at TechLore’s course Go Incognito, which should spark some good ideas to taking control back into your life.
When it comes to services hoisted upon us or our family, have a difficult conversation with the people in charge. Talk to your school about the dangers of Google, for example. Come armed with the lawsuits and settlements about privacy and location data being illegally harvested by the company and ask for an alternative to your child’s “school Google account”. In college, mention the poor practices of the proctoring services and suggest alternatives. In my day, a clergy member or another teacher could act as a proctor. If all else fails, refuse and make a big deal about it to local media! Whatever it takes to hold fast to your autonomy.
Consider using privacy-focused devices, services, and systems. These systems tend to not want to partner with other groups who are all about the terms of service and data collection. Consider making a full or part switch to Linux, look at Lineage or /e/OS for your phone. Also learn about replacements to the big data offerings. NextCloud can replace everything Google and DropBox together can do, and it is fairly easy to install on your own devices or rented cloud. Using our Linode affiliate link you can setup NextCloud with one click and be off to privacy land.
All these tips, of course, will occur once you make the difficult mindset to be truly more guarded about what you are signing. Once we become cognizant of the way big companies are trying to harvest our data using third parties we will be more able to resist convenience, and we will start saying “Hell No” when various organizations try forcing us to use third parties protected by a contractual Terms of Service.
iihttps://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/
iiihttps://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/
vFrom the System1 Privacy Policy, “Information We Collect Through Automatic Data Collection or Tracking Technologies
As you use our Services, we may use automatic data collection or tracking technologies to collect certain information about your equipment, browsing actions, and patterns, including:
Details of your use of our Services, including traffic data, referral data, location data, logs, and other communication data and the resources that you use (or information that you retrieve) on our Services.
Information about your computer or other device and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (e.g. behavioral tracking).
The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service to our users.
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect or receive from other third-party sources or you provide to us.”
vihttps://apnews.com/article/google-privacy-settlement-location-data-57da4f0d3ae5d69b14f4b284dd084cca
viihttps://www.theverge.com/2020/4/29/21232777/examity-remote-test-proctoring-online-class-education
viiiFrom the ProctorU ToS: “When you use the Services, Meazure Learning will remotely connect to your computer in order to monitor your computer screen and premises and to ensure no prohibited applications or settings are activated during your examination or test session. As a part of using the Services, you agree to scan your premises using your webcam if or when a proctor request that you do so. The proctor will provide you with reasonable instructions on how to accurately scan your room. You agree to maintain audio and video contact with the proctor during the test session, to enable the Services to record your test session, and to disconnect audio and video contact from the test session once it ends. You authorize us to make all recordings of and any Content from your examination or test session available to your Testing Institution.”
ixhttps://lawstreetmedia.com/news/tech/students-sue-online-exam-proctoring-service-proctoru-for-biometrics-violations-following-data-breach/
xhttps://www.bleepingcomputer.com/news/security/proctoru-confirms-data-breach-after-database-leaked-online/
xviiFrom Church Community Builder: Churches use our software, in part, to help keep track of their people. That means that a church may use our systems to maintain names, addresses, contact information, family connections, or other types of information about their people. That might include some information about your attendance, volunteer history, or giving history with the church. If you have questions on what types of data your church is storing, reach out to your church’s office staff.