"You maintain ownership of your data: This service does not claim ownership over user-generated content or materials, and the user * doesn't need to waive any moral rights* by posting owned content."
and
"You waive your moral rights"
Edit: I have no energy for figuring out which of these statements is more true.
I think in such a case (unless there was some context that clearly showed the difference between those two statements) then you as a user would benefit from contra proferentem. This legal principle (which is explicit law in some jurisdictions) says that the contract terms should be interpreted in favour of the party who did not write them.
Wikipedia has 4 thumbs down 1 thumbs up and is grade B. Tor has 0 thumbs down 3 thumbs up and is grade C.
DuckDuckGo has only 1 thumbs down: "Instead of asking directly, this Service will assume your consent merely from your usage." and is grade B, presumably because of this. Startpage is grade A, has no thumbs down, but going on startpage does not prompt me to agree to anything either.
The grades are explained at the bottom of the page.
Regarding Startpage, It's not mandatory to show the cookie banner if you don't track. Startpage doesn't track you at all, so it's grade A.
Wikipedia has that all the bad things happen to your account except for the tracking, but you can still use Wikipedia without using an account. I agree that it's a B.
I'm not familiar enough with Tor to answer that grade.
> The grades are explained at the bottom of the page.
Are they? The table at the bottom page doesn't explain anything - in particular doesn't give any indication why Tor might be ranked below Wikipedia (for instance). How can a service with no mentioned negative qualities have a grade C?
Yeah the grades seem pretty biased. Wikipedia has 4 thumbs down and is grade B, Whatsapp has 2 and is grade D. One of them is even the same as Wikipedia's. Apparently just having "Any liability on behalf of the service is only limited to the fees you paid as a user" (which seems fairly reasonable to me) is enough to go from B to D?
You only need to accept DuckDuckGo's ToS when you sign up for privacy pro.
What the point means is that they can change the ToS and assume consent to the changes when you continue using it, instead if prompting again.
Startpage does not have or need a ToS
(For context, shadowwwind is a contributor to tosdr.)
Sweet! One suggestion is to somehow normalize the requirements by company type? Like, for example, PayPal gets a thumbsdown for
> You must provide your identifiable information
but that's reasonable for a company like PayPal?
[dead]
We need browsers where the _user_ can specify their legal terms in the response headers. Let's make this two-sided.
In a negotiation, either side can walk away. If the website can’t refuse then it’s not really a negotiation. So how would that work? If you set certain headers, the website blocks you? It doesn’t seem like that would be a popular feature.
It would make more sense as filtering criteria for a search engine.
Well, we could have organisations like the EFF compose a set of consumer-friendly clauses, which the user can then choose from.
If the website wants to block something the EFF deems a good and reasonable protection for the user, then maybe they should indeed block the request.
ToS are highly unfair, because the company has had a group skilled in legalese draft them over enough time as deemed needed, whereas a layman is supposed to understand and base their next decision on something written in a language hardly understood by almost anyone.
For that reason ToS should be illegal unless, at least, written in layman terms.
Some sites, like Facebook and YouTube are listed as being able to see your browser history. It doesn’t seem to be related to tracking scripts, so how exactly does that work?
Apparently this means that YT can acces the synced browser history if you're logged into Chrome.
The twin purposes of ToS are (1) to provide jobs for lawyers and (2) to screw the customers.
If the ToS were understandable, neither of those would be accomplished.
Name.com just changed their "privacy policy". I leveraged an LLM to analyze the differences, and to identify which party benefitted from the change.
Surprise, surprise ... The people get 1 change, Name.com getall the rest; including making parts of it more ambiguous.
But it was easy to understand using the LLM analysis and it took longer to read than generate.
If you haven't read it yourself how do you know that the LLM is correct?
> If you haven't read it yourself how do you know...
This vacuous objection can be raised against every single piece of information any human has ever learned from elsewhere, recursively, back to the dawn of communication, regardless of the nature of the third party source of information.
Furthermore, LLM hallucination, particularly of reviewed documents, is not a problem I experience any longer with the models I use. For example, my LLM setup and the query I would use would cause the output to include quotes of the differences, which makes ctrl+f/f3 to spot check easy.
LLMs are not a third party source of information, they're prediction engines with known hallucination behaviors. If they're faced with a difficult or impossible challenge (e.g. if the user fails to provide a diff, or fail to provide anything to compare against), and if there is only one type of answer in its training data (there is very little text on the internet that's positive about a TOS change), the most likely outcome is that it'll just make something up that's similar to that type of answer. Yes sometimes they'll realize and ask for more info or maybe call out to a tool to make a diff, but it all depends on the user's setup and settings and the state of RNG that day
[deleted]
And to protect the service provider from lawsuits.
Those two purposes are one and the same. The biggest reason for corporations to hire lawyers is to figure out the exact amount of consumer screwing they can legally get away with.
Whenever people come across any "terms" document, they are well served by simply ignoring it entirely and assuming it contains the following statements:
> you own nothing
> the company owns everything
> you have no rights
> you promise not to try and exercise any right you think you have
> if you ever convince yourself that you actually have rights, you agree to binding arbitration with the firm we pay
> you cannot do anything the company doesn't like
> the company can do literally anything it wants whether you like it or not
> the company is not responsible for anything, ever
> the company makes absolutely no guarantees about literally anything
> you agree to indemnify us in all possible circumstances
Ok this site lost me at Tor Browser. Why is Tor Browser listed on there as if it's a commercial product/service and rated as 'Grade C' without any supporting evidence? If they don't even know what Tor is then I don't know how qualified they are to weigh in on privacy issues.
I'll save everyone some time. In the year 2025, just assume any for profit corporation is stealing your data and you've waived all your rights as a consumer when you agreed to that ToS unless presented with compelling evidence to the contrary.
I will forever remember how my parents, who insisted we should be honest in all situations, also taught us to just click the blue button whenever something wants to be installed.
[dead]
Why does Tor Browser get grade C when it only has green thumbs up?
Just checked with the team (I used to be involved), and apparently the reason is that Tor's policy is too short for the algorithm that turns policy annotations into a grade.
(This also kickstarted a discussion that maybe that warrants a change to the algorithm, so maybe later more.)
I propose that it should use a Baysian prior where the background knowledge is assumed to be an A.
While it may be true that most ToS are onerous, suppose we look at a ToS document as a collection of terms of service. It's only the terms of service that cause a removal of rights that would otherwise be assumed. The more terms there are, and the more onerous each one is, the more rights can be removed. But before there are any terms, no rights are removed, so that situation should be an A. Diminished from there, depending on how many terms there are, and each one's onerousness.
Tangentially related: FreeOutput[1], which summarizes the copyright ownership of AI generated content from various LLM providers.
Wasn't there some regulation in EU, which forces service owners to make ToS actually readable and understandable?
GDPR partly covers this since it's stated that the user must get information about how personal data is used in a clear and easy readable form. But I guess, there's some wiggle room how to interpret that. The law actually suggest that the industry could come up with symbols – like on food packaging. Your website could have a bunch of standardized icons in the footer to inform you how data is used, but since we don't have that it seems like the industry didn't like that idea of transparency.
Why Tor is graded C, even though there are no downsides?
This is more of a solved problem than not these days thanks to LLMs. You can plop an agreement into an LLM chat and ask some questions, which is a lot better than just checking a box because you didn’t have time to read it. I’ve been doing this myself regularly with pretty good results finding things to be concerned about, or not. LLMs hallucinate and aren’t equipped to be attorneys for us, but this is a big improvement over just having to accept everything blindly.
Wikipedia:
"The service may use tracking pixels, web beacons, browser fingerprinting, and/or device fingerprinting on users."
Seriously? What for? People invest their time to provide free content and as a reward they are getting behavior typical for privacy invasive corpo from California?
The builtin rating is absolutely horseshit, that needs to go. If I want my TL;DR (summary) to contain opinions, I go read the news.
I don't understand how a website telling me that Facebook has a "Grade E" ToS is supposed to help me at all. Just give me a summary, the bullet points -- you don't need to try to assign each into "good/bad", and you certainly don't need to run an "algorithm" to show me if it's good or bad.
Chances are, if it says "sells all your data", I can figure out if I care about that, as a user, with freedom.
Maybe give me what you think (or your algorithm thinks) are the most important/controversial/impactful points, but don't rate them. This is akin to Wikipedia saying "Friday is the worst song ever created, wow it's so bad (thumbs down emoji)".
Does a good job of showing how completely unparsable ToS are:
https://tosdr.org/en/service/1448 says both:
"You maintain ownership of your data: This service does not claim ownership over user-generated content or materials, and the user * doesn't need to waive any moral rights* by posting owned content."
and
"You waive your moral rights"
Edit: I have no energy for figuring out which of these statements is more true.
I think in such a case (unless there was some context that clearly showed the difference between those two statements) then you as a user would benefit from contra proferentem. This legal principle (which is explicit law in some jurisdictions) says that the contract terms should be interpreted in favour of the party who did not write them.
https://en.wikipedia.org/wiki/Contra_proferentem
Also not a thing possible to do, depending on jurisdiction.
True. Currently it's practice at ToS;DR to show the worst version. Usually the one for the USA
Both is right I think
It's just one in coming from EU TOS[1] and another comes from USA TOS[2]
And the website doesn't support that
[1] https://www.tiktok.com/legal/page/eea/terms-of-service/en
[2] https://www.tiktok.com/legal/page/us/terms-of-service/en
Gread idea. Odd first impression.
Wikipedia has 4 thumbs down 1 thumbs up and is grade B. Tor has 0 thumbs down 3 thumbs up and is grade C.
DuckDuckGo has only 1 thumbs down: "Instead of asking directly, this Service will assume your consent merely from your usage." and is grade B, presumably because of this. Startpage is grade A, has no thumbs down, but going on startpage does not prompt me to agree to anything either.
The grades are explained at the bottom of the page.
Regarding Startpage, It's not mandatory to show the cookie banner if you don't track. Startpage doesn't track you at all, so it's grade A.
Wikipedia has that all the bad things happen to your account except for the tracking, but you can still use Wikipedia without using an account. I agree that it's a B.
I'm not familiar enough with Tor to answer that grade.
> The grades are explained at the bottom of the page.
Are they? The table at the bottom page doesn't explain anything - in particular doesn't give any indication why Tor might be ranked below Wikipedia (for instance). How can a service with no mentioned negative qualities have a grade C?
See https://news.ycombinator.com/item?id=43535046
Yeah the grades seem pretty biased. Wikipedia has 4 thumbs down and is grade B, Whatsapp has 2 and is grade D. One of them is even the same as Wikipedia's. Apparently just having "Any liability on behalf of the service is only limited to the fees you paid as a user" (which seems fairly reasonable to me) is enough to go from B to D?
You only need to accept DuckDuckGo's ToS when you sign up for privacy pro. What the point means is that they can change the ToS and assume consent to the changes when you continue using it, instead if prompting again.
Startpage does not have or need a ToS
(For context, shadowwwind is a contributor to tosdr.)
Sweet! One suggestion is to somehow normalize the requirements by company type? Like, for example, PayPal gets a thumbsdown for
> You must provide your identifiable information
but that's reasonable for a company like PayPal?
[dead]
We need browsers where the _user_ can specify their legal terms in the response headers. Let's make this two-sided.
In a negotiation, either side can walk away. If the website can’t refuse then it’s not really a negotiation. So how would that work? If you set certain headers, the website blocks you? It doesn’t seem like that would be a popular feature.
It would make more sense as filtering criteria for a search engine.
Well, we could have organisations like the EFF compose a set of consumer-friendly clauses, which the user can then choose from.
If the website wants to block something the EFF deems a good and reasonable protection for the user, then maybe they should indeed block the request.
ToS are highly unfair, because the company has had a group skilled in legalese draft them over enough time as deemed needed, whereas a layman is supposed to understand and base their next decision on something written in a language hardly understood by almost anyone.
For that reason ToS should be illegal unless, at least, written in layman terms.
Some sites, like Facebook and YouTube are listed as being able to see your browser history. It doesn’t seem to be related to tracking scripts, so how exactly does that work?
When you click on edit, you can see the specific section of the ToS: https://edit.tosdr.org/points/11339
Apparently this means that YT can acces the synced browser history if you're logged into Chrome.
The twin purposes of ToS are (1) to provide jobs for lawyers and (2) to screw the customers.
If the ToS were understandable, neither of those would be accomplished.
Name.com just changed their "privacy policy". I leveraged an LLM to analyze the differences, and to identify which party benefitted from the change.
Surprise, surprise ... The people get 1 change, Name.com getall the rest; including making parts of it more ambiguous.
But it was easy to understand using the LLM analysis and it took longer to read than generate.
If you haven't read it yourself how do you know that the LLM is correct?
> If you haven't read it yourself how do you know...
This vacuous objection can be raised against every single piece of information any human has ever learned from elsewhere, recursively, back to the dawn of communication, regardless of the nature of the third party source of information.
Furthermore, LLM hallucination, particularly of reviewed documents, is not a problem I experience any longer with the models I use. For example, my LLM setup and the query I would use would cause the output to include quotes of the differences, which makes ctrl+f/f3 to spot check easy.
LLMs are not a third party source of information, they're prediction engines with known hallucination behaviors. If they're faced with a difficult or impossible challenge (e.g. if the user fails to provide a diff, or fail to provide anything to compare against), and if there is only one type of answer in its training data (there is very little text on the internet that's positive about a TOS change), the most likely outcome is that it'll just make something up that's similar to that type of answer. Yes sometimes they'll realize and ask for more info or maybe call out to a tool to make a diff, but it all depends on the user's setup and settings and the state of RNG that day
And to protect the service provider from lawsuits.
Those two purposes are one and the same. The biggest reason for corporations to hire lawyers is to figure out the exact amount of consumer screwing they can legally get away with.
Whenever people come across any "terms" document, they are well served by simply ignoring it entirely and assuming it contains the following statements:
> you own nothing
> the company owns everything
> you have no rights
> you promise not to try and exercise any right you think you have
> if you ever convince yourself that you actually have rights, you agree to binding arbitration with the firm we pay
> you cannot do anything the company doesn't like
> the company can do literally anything it wants whether you like it or not
> the company is not responsible for anything, ever
> the company makes absolutely no guarantees about literally anything
> you agree to indemnify us in all possible circumstances
Ok this site lost me at Tor Browser. Why is Tor Browser listed on there as if it's a commercial product/service and rated as 'Grade C' without any supporting evidence? If they don't even know what Tor is then I don't know how qualified they are to weigh in on privacy issues.
I'll save everyone some time. In the year 2025, just assume any for profit corporation is stealing your data and you've waived all your rights as a consumer when you agreed to that ToS unless presented with compelling evidence to the contrary.
I’d love to see Kagi on here
ToS;dr is a collaborative effort! Folks can contribute for Kagi at https://edit.tosdr.org/services/11540/.
Great idea - although the website is struggling with comment SPAM https://edit.tosdr.org/points/10493
I will forever remember how my parents, who insisted we should be honest in all situations, also taught us to just click the blue button whenever something wants to be installed.
[dead]
Why does Tor Browser get grade C when it only has green thumbs up?
Just checked with the team (I used to be involved), and apparently the reason is that Tor's policy is too short for the algorithm that turns policy annotations into a grade.
(This also kickstarted a discussion that maybe that warrants a change to the algorithm, so maybe later more.)
I propose that it should use a Baysian prior where the background knowledge is assumed to be an A.
While it may be true that most ToS are onerous, suppose we look at a ToS document as a collection of terms of service. It's only the terms of service that cause a removal of rights that would otherwise be assumed. The more terms there are, and the more onerous each one is, the more rights can be removed. But before there are any terms, no rights are removed, so that situation should be an A. Diminished from there, depending on how many terms there are, and each one's onerousness.
Tangentially related: FreeOutput[1], which summarizes the copyright ownership of AI generated content from various LLM providers.
[1]: https://news.ycombinator.com/item?id=43517585
Wasn't there some regulation in EU, which forces service owners to make ToS actually readable and understandable?
GDPR partly covers this since it's stated that the user must get information about how personal data is used in a clear and easy readable form. But I guess, there's some wiggle room how to interpret that. The law actually suggest that the industry could come up with symbols – like on food packaging. Your website could have a bunch of standardized icons in the footer to inform you how data is used, but since we don't have that it seems like the industry didn't like that idea of transparency.
Why Tor is graded C, even though there are no downsides?
See the same question down this page: https://news.ycombinator.com/item?id=43534479
This is more of a solved problem than not these days thanks to LLMs. You can plop an agreement into an LLM chat and ask some questions, which is a lot better than just checking a box because you didn’t have time to read it. I’ve been doing this myself regularly with pretty good results finding things to be concerned about, or not. LLMs hallucinate and aren’t equipped to be attorneys for us, but this is a big improvement over just having to accept everything blindly.
Wikipedia:
"The service may use tracking pixels, web beacons, browser fingerprinting, and/or device fingerprinting on users."
Seriously? What for? People invest their time to provide free content and as a reward they are getting behavior typical for privacy invasive corpo from California?
The builtin rating is absolutely horseshit, that needs to go. If I want my TL;DR (summary) to contain opinions, I go read the news.
I don't understand how a website telling me that Facebook has a "Grade E" ToS is supposed to help me at all. Just give me a summary, the bullet points -- you don't need to try to assign each into "good/bad", and you certainly don't need to run an "algorithm" to show me if it's good or bad.
Chances are, if it says "sells all your data", I can figure out if I care about that, as a user, with freedom.
Maybe give me what you think (or your algorithm thinks) are the most important/controversial/impactful points, but don't rate them. This is akin to Wikipedia saying "Friday is the worst song ever created, wow it's so bad (thumbs down emoji)".