Gotcha! Group uncovers privacy lies in websites’ fine print

What are the odds that the average person reads the ToS (terms of service) before signing on to a new social networking site, email service, or any other service or software? Probably slightly worse than the odds that the average user will, indeed, RTFM (read the freaking manual) before calling the help desk when trying to figure out a new software or service. In other words: slim to nil.

A group of privacy enthusiasts has launched a free, open-source-inspired project called Terms of Service; Didn’t Read (ToS;DR) in the hopes of helping users make better-informed choices before blithely clicking Agree when presented with those walls of legalese. By the group’s assessment, clicking “I have read and agree to the terms of service” is the “biggest lie on the Web.”

That tendency to blindly agree to ToS is understandable. The wording tends to be dense and confusing to the point that you need a lot of time — and perhaps a law degree — to realize whether your click means you’re about to hand over all rights to your personal data; your self-created content; personal info on your friends, family, and peers; and more.

That’s where ToS;DR comes in. It’s a website that rates and labels site terms of privacy policies, from very good (Class A) to very bad (Class E). Per the creators’ description of the project, “We are three volunteers who met through free software and online rights advocacy. We are trying to fight the unfair situation in which big websites make us sign Terms-of-Service agreements that are too long to read and understand.”

Just who are the privacy activists behind the program asking for financial assistance? Among the founders are Hugo Roy, the project leader and a self-described hacktivist at Free Software Foundation Europe, as well as a law student. Joining him are Michiel de Jon, an independent “freedom hacker,” programmer, and co-author of the remoteStorage protocol, and Jan-Christoph Borchardt, who curates open source projects and designs Web apps.

The site’s ratings, along with user-friendly reviews, aim to break down the pros and cons of a particular service’s terms, and they come from expert curators who take the time to slog through them. The project’s been under way since June, though right now, the founders are seeking donations via an Indiegogo campaign to allow them to purchase resources and hire more hands. For example, they want to hire full- and part-time expert curators “who will double-check all discussion outcomes and make sure the reviews and ratings reliably reflect the consensus in the open discussions.”

In its current form, ToS;DR provides class ratings and reviews for several sites. The reviews include specific breakdowns on what a particular site is doing well and where it may be falling short.

For example, the site has this brief assessment of SoundCloud’s ToS, which has earned a Class B rating. The review follows. (The site has thumbs-up for positive ToS traits, thumbs-down for negatives, and white arrows for neutral assessments. I’ve swapped in plusses and minuses here.)

+You stay in control of your copyright

+Collected personal data used for limited purposes

+6 weeks to review changes

-Indemnification from claims related to your content or your account

+Pseudonyms allowed

+You can terminate your account

+The terms are easy to read

-Use of cookies and third-party cookies (opt-out)

-Personal information can be disclosed in case of business transfer or insolvency

-Jurisdiction in Germany

Users can expand those explanations with a click for more clarity. For example, “Collected personal data used for limited purposes” earns a thumbs-up because “SoundCloud collects data that you provide, but also automatically. Information collected about you is only used for a list of purposes which are reasonable. Your data is not shared with any third-party, except for the features you use.”

Meanwhile, “Use of cookies and third-party cookies (opt-out)” garnered a thumbs-down because “SoundCloud uses persistent cookies. They also have a limited set of third-party cookies: Google Analytics, Quantcast, and ATInternet. Detailed information about how to opt-out is provided.”

Other sites that have ratings and reviews include: Delicious (Class D), DuckDuckGo (Class A), GitHub (Class B), and Twitpic (Class E). Many other sites have reviews but not ratings, including Facebook, Google, Yahoo, Twitter, Netflix, Dropbox. Given that it’s an open source project, it’s likely the sky’s the limit as to which services will be rated and reviewed.

The group’s fundraising goal is 10,000 Euros (about $13,000); at the time of writing, it has accumulated just over 8,000 Euros in donations. The fundraising drive ends Oct. 10.

This story, “Gotcha! Group uncovers privacy lies in websites’ fine print,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.