How complex is the language?
Apps with complex policies that bury exactly what a person consents to (such as sharing their data with third parties) are unfair on the part of the business and should be avoided, Henein said.
“If the language is complex, and you read the first paragraph and it doesn’t make sense to the average person, that tells me the company really didn’t take people into account in the equation,” said Henein. “You have to be on your guard.”
Know what an implied match is
Policies seeking implicit or implied consent must raise a red flag. This means that you are not actually “giving” your consent, but your consent is implied by a particular action or situation. Henein says this looks like a terms of service agreement that says, “By browsing this webpage, you agree to A, B, and C.” He said this kind of language is not enforceable and should be unenforceable.
What does the agreement say about data collection and monetization?
What a policy agreement says According to Engin Kirda, a professor at Northeastern University’s Khoury College of Computer Sciences, data collection is another important factor to consider before downloading. This goes hand in hand with how the app makes money, Kirda said – especially when it’s free to download.
Monetizing an app with ads can mean that it offers a better service, but it can also mean that it benefits by selling your data. There is a difference between collecting some necessary information to make the app useful versus collecting a lot of information that is sold to third party advertisers – or possibly stolen.
Other warning signs to watch out for
While it’s important to know what’s in a policy agreement, Kirda said there are other red flags you can see without reading the document. Another important red flag is what permissions an app requests: a calculator app, for example, doesn’t need access to your microphone or location. Also note if you can use the app after denying all permissions, he added. Asking for unnecessary permissions could indicate nefarious activity, such as an app accessing youror , for instance.
Michiel de Jong, one of the volunteers at Terms of Service; Didn’t Read – a grassroots project where anyone can help to jointly review a website’s terms and policies – said it’s important to understand that a policy shouldn’t be arbitrarily changed.
“Many services reserve the right to change the policy the day after you sign up and never conform to the version you read when you signed up,” said de Jong.
Additionally, De Jong said he was looking for sites that will make you sign a waiver – meaning they can sue you, but you can’t sue them.
Do not panic. You still have some control
To help you grapple with the legal jargon of service agreements and privacy policies, Henein suggested downloading the Terms of Service; Have not read the browser extension, which digests the documents that might ask for your compliance and turns them into something quick and readable. ToS; DR sorts privacy policies and website terms into different classes, with Class A being very good and Class E being the worst. In addition to the class score, contributors can rate parts of the conditions as Good, Bad, Blocking, or Neutral.
For example, Google gets Class C from the site because it has the ability to read a user’s private messages, track a user on other websites, and more. Stack Overflow was rated Class E due to its third-party tracking practices, which required an exemption from group actions and more.
Besides ToS; DR, de Jong suggested DuckDuckGo’s browser extension Privacy Essentials. The service combines data from ToS; DR with data from various other sources on encryption, trackers and more. LegiCrowd is another project that unravels the terms of service with which the ToS; DR team is working together, but de Jong said it is more focused on researchers.
Tosback.org is a site that, according to De Jong, keeps legal policy change logs, sometimes years back. The project was started by the Electronic Frontier Foundation, but is now part of ToS; DR.
For more information, go to: