Submit a link Features Reviews Podcasts Video Forums More ▾

You bought it, you own it, right?

In the latest Electronic Frontier Foundation post for Copyright Week, Corynne McSherry tackles one of the most troubling aspects of modern copyright law: the idea that even though you've bought a device or a copyrighted work to play on it, they're not really your property. Because of the anti-circumvention rules (which are supposed to backstop "copy protection"), it's illegal to discover how your technology works, to tell other people how their technology works, to add otherwise lawful features to your technology, and to make otherwise lawful uses of your media.

Read the rest

Apps come bundled with secret Bitcoin mining programs, paper over the practice with EULAs


Researchers at Malwarebytes have discovered that some programs covertly install Bitcoin-mining software on users' computers, papering over the practice by including sneaky language in their license agreements allowing for "computer calculations, security."

The malicious programs include YourFreeProxy from Mutual Public, AKA We Build Toolbars, LLC, AKA WBT. YourFreeProxy comes with a program called Monitor.exe, which repeatedly phones home to WBT, eventually silently downloading and installing a Bitcoin mining program called "jhProtominer."

Read the rest

Terms and Conditions May Apply documentary screening this Sunday with Reddit AMA and panel

Cullen writes, "There is is a special screening this Sunday 11/17 at 5PM Eastern by Demand Progress of Terms And Conditions May Apply, a New York TImes Critic's Pick documentary about how governments and corporations are tracking your every online move. The first 3000 people to visit the online screening can watch the film for free. Afterward, there will be a Reddit AMA that focuses on the issues raised by the film, including how to rein in the NSA's surveillance. The film's director, Cullen Hoback, will be joined by several privacy experts including the ACLU's Ben Wizner, who's responsible for coordinating Edward Snowden's legal defense in the US."

Terms and Conditions May Apply: documentary about abusive license terms, privacy and surveillance

Cullen Hoback's documentary "Terms and Conditions May Apply" is a scathing look at the abusive, lengthy fine-print that dominates our online lives. If the YouTube trailer and the non-embeddable Guardian trailer are representative, this is an important and timely film. I do quibble with one point -- the movie doesn't distinguish between the stupid license agreements that are a function of a stupid law (for example, requiring LinkedIn users to license the stuff they give to LinkedIn so that LinkedIn can display it) and the ones that are pure greed and venality (AT&T making you agree to extrajudicial wiretapping).

Hoback has an op-ed in today's Guardian where he sets out his thesis with great clarity, and draws the important connection between Patriot Act surveillance and fine-print "agreements." Unfortunately, the video itself seems to be exclusively available through Itunes, which has some pretty dreadful license terms, and mandatory DRM to boot.

Read the rest

Santa's privacy policy


"Santa's Privacy Policy" is a McSweeney's classic from 2010. On the one hand, the joke is pretty much all in the headline and doesn't really need much elaboration. On the other hand, this is pretty well done.

We obtain information from a variety of sources. Much of it comes from unsolicited letters sent to Santa by children all over the world listing specific items they would like to receive for Christmas. Often these letters convey additional information as well, such as the child’s hopes and dreams, how much they love Santa, and which of their siblings are doodyheads.

The letters also provide another important piece of information—fingerprints. We run these through databases maintained by the FBI, CIA, NSA, Interpol, MI6, and the Mossad. If we find a match, it goes straight on the Naughty List. We also harvest a saliva sample from the flap of the envelope in which the letter arrives in order to establish a baseline genetic identity for each correspondent. This is used to determine if there might be an inherent predisposition for naughtiness. A detailed handwriting analysis is performed as part of a comprehensive personality workup, and tells us which children are advancing nicely with their cursive and which are still stubbornly forming block letters with crayons long past the age when this is appropriate.

Our network of fully trained, duly deputized mall “Santas” file reports from the field, telling us which children are well-behaved, which are elf-phobic, which are prone to sphincter control issues, and which are squirmy beard-pulling monstrous little brats. Digital copies of photos taken with these “Santas” are automatically sent to our database for further evaluation, with particular attention given to the ones where the children are crying.

Santa’s Privacy Policy. (via Dan Hon)

(Image: Santa Claus, a Creative Commons Attribution (2.0) image from mattimattila's photostream)

Zappos's crappy EULA found unenforceable, leaving Zappos without a legal leg to stand on

Of all the stupid clauses in the license "agreements" that the Internet crams down your throat, the cake-taker is "this agreement subject to change without notice." In other words, you're "agreeing" to anything and everything that the company dreams up, for the rest of time. This clause -- and its place in a "browsewrap agreement" that you supposedly agreed to just by visiting a website with "by visiting this website, you agree to our terms of service" on the bottom of it -- was found to be unenforceable by a federal judge in Nevada, who voided out the company's whole agreement on that basis, leaving the company vulnerable to lawsuits after a password leak affecting 24 million customers.

Eric Goldman's posted analysis:

Zappos can hardly be surprised by this adverse judicial ruling. We have known for years that browsewraps are unenforceable (see some of the cases discussed here) and judges clearly dislike unilateral amendment clauses (see, e.g., the uncited Ninth Circuit's Douglas ruling from 2007 and the cited 2009 ruling in the Blockbuster/Facebook Beacon case).

Still, the ruling leaves Zappos in a bad position. Its contract is legally irrelevant, meaning that all of the risk management provisions in its contract are ineffective--its disclaimer of warranties, its waiver of consequential damages, its reduced statute of limitations, its clause restricting class actions in arbitration...all of these are gone, leaving Zappos governed by the default legal rules, which aren't nearly as favorable to it. Losing its contract provisions meant Zappos is legally naked.

Avoiding this outcome is surprisingly easy. Use clickthrough agreements, not browsewraps, and remove any clauses that say you can unilaterally amend the contract.

That's pretty grim: you can load up nearly any BS you want in a EULA, and so long as you stick it in a clickthrough "agreement" and it's binding. Good time to remind you all of my own email sig, the original "Reasonable Agreement:

READ CAREFULLY. By reading this email, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

Feel free to use this in your own contexts, of course!

How Zappos' User Agreement Failed In Court and Left Zappos Legally Naked (Forbes Cross-Post)

Commensense about ebooks

Joanna Cabot's An Open Letter to E-Book Retailers: Let’s have a return to common sense is just what you'd hope for from a post with a title like that: three commensensical points about ebooks, licensing and DRM that I generally agree with (though I quibble a little here and there). 1. If your button says "Buy this ebook," then I own it. 2. Ebooks are read by households, not devices or the users to whom they're registered. 3. It's not piracy to share the kids' ebooks you buy with your kids. (Thanks, Dan!) Cory

Valve user agreement now disallows class-action suits

To buy games from Steam, you must now sign an agreement not to join class-action lawsuits against operator Valve. [Steam via Ars] Rob

London Olympic committee says you're only allowed to link to their site if you have nice things to say

James Losey from New America Foundation sez,

The Atlantic's Alexis Madrigal, who has estimated how long it would take to read every privacy policy you encounter highlights an interesting bit from the "Linking Policy" in the Terms of Use for the London 2012 website:

"a. Links to the Site. You may create your own link to the Site, provided that your link is in a text-only format. You may not use any link to the Site as a method of creating an unauthorised association between an organisation, business, goods or services and London 2012, and agree that no such link shall portray us or any other official London 2012 organisations (or our or their activities, products or services) in a false, misleading, derogatory or otherwise objectionable manner."

Hey, LOCOG! I think you're a bunch of greedy, immoral corporatist swine who've sold out London to a bunch of multinationals and betrayed the spirit of athleticism and international cooperation. You're a disgrace. And I'm linking to you. In a most derogatory manner.

What are you going to do about it?

(Thanks, James!)

EULAs for the afterlife

Tom Scott's Welcome to Life is a clever and chilling short film about the EULA you will be asked to click through when you die. It paints a picture of an afterlife run on the kinds of shitty, non-negotiable terms as today's social media sites.

If you liked this, you may also enjoy two novels that provided inspiration for it: Jim Monroe's Everyone in Silico, where I first found the idea of a corporate-sponsored afterlife; Rudy Rucker's trippy Postsingular, which introduced me to the horrifying idea of consciousness slums.

Welcome to Life: a science fiction story about what you see when you die.

Reading all the privacy policies you "agree" to would take a month per year

In The Cost of Reading Privacy Policies (PDF), by Aleecia M. McDonald and Lorrie Faith Cranor, the authors calculate that the average Internet user would have to spend one full working month per year in order to skim all the Internet privacy policies she encounters in a year. Mike Masnick reports on Techdirt:

In fact, a new report notes that if you actually bothered to read all the privacy policies you encounter on a daily basis, it would take you 250 working hours per year -- or about 30 workdays. The full study (pdf) by Aleecia M. McDonald and Lorrie Faith Cranor is quite interesting. They measure the length of privacy policies, ranging from just 144 words up to 7,669 words (median is around 2,500 words) and recognize that at a standard reading pace of 250 words per minute, most privacy policies take about eight to ten minutes to read. They also ran some tests to figure out how long it actually takes people to read and/or skim privacy policies.

They put all of this together and estimated that it would normally take a person about 244 hours per year to read every new privacy policy they encountered... and even 154 hours just to skim them.

Here's the key takeaway from the abstract: "Studies show privacy policies are hard to read, read infrequently, and do not support rational decision making."

Of course, that's just the privacy policies. Throw in the EULAs and other fine print and you've got yourself a full-time job.

To Read All Of The Privacy Policies You Encounter, You'd Need To Take A Month Off From Work Each Year

Sony "Other OS" lawsuit dismissed

Though a judge tossed a lawsuit filed against Sony for removing the "Other OS" feature from the Playstation 3, even he could not let it pass without a note of disbelief: "As a matter of providing customer satisfaction and building loyalty, it may have been questionable." [Ars Technica] Rob