For mandatory T&Cs I'll put in the signature box "Decline", including updating the HTML page to say "decline" instead of "OK" and screenshotting it or modifying the HTTP response sent back to include riders.
I know it probably won't matter, but it's kind of fun for me.
>No chance that would hold up in court. Clickwraps have been tested in courts and are fully enforceable.
there may be no chance it would hold up in court, but not for the reason you say. it would have be be because "any words on on a modified document "signature" line would be taken as a signature" or "subverting a clickwrap license is theft of services" or whatever.
that "agreed" clickwrap licenses have been found enforceable is a separate fact about a separate issue.
And keep in mind that (at least in the US) the opposite of "I accept the terms and conditions" is not "I get to do whatever I want," it's "I am accessing this service without authorization, which is a crime under the Computer Fraud and Abuse Act."
Are you implying that if a US "service" consists of e.g. publicly accessible HTTP endpoints, it is illegal to use these endpoints in the US without "accepting" some terms and conditions that the provider of these endpoints requires its users to accept before using them?
I do not understand how such a requirement would be legally enforceable for public endpoints.
Simply violating a TOS is not a federal crime, as long as it doesn't circumvent a technical barrier like a subscription wall. This is a new SCOTUS interpretation of the Computer Fraud and Abuse Act as of 2021, in Van Buren v. United States.
That's a different situation. Those urls weren't meant for public use, and provided private information on user devices.
Furthermore, on reading the wikipedia page, his conviction was vacated.
> On April 11, 2014, the Third Circuit issued an opinion vacating Auernheimer's conviction, on the basis that the New Jersey venue was improper,[60] since neither Auernheimer, his co-conspirators, nor AT&T's servers were in New Jersey at the time of the data breach.
> While the judges did not address the substantive question on the legality of the site access, they were skeptical of the original conviction, observing that no circumvention of passwords had occurred and that only publicly accessible information was obtained
You can reasonably assume that if no terms and conditions were offered, then your use of a publicly accessible endpoint is authorized.
But if terms and conditions ARE offered to you, and you bypass acceptance somehow, then you're knowingly accessing the system without being authorized.
I really doubt this would be prosecuted except as part of some much larger misbehavior, but it is there.
If I use wget to mirror a site and there are terms and conditions that I never see then I'm "using a public facing API while being unaware of terms and conditions".
I mean, the CFAA being discussed is a notoriously broad law that's far too easy to run afoul of without realizing it.It's totally possible a court could seem that illegal.
The only valid agreements require the party seeking the agreement to make efforts in that pursuit. Did a human view the signed agreement afterward? Do they store that signed agreement in such a way as to be able to retrieve it if they need to contest the terms later?
Then no agreement was made.
And as for the CFAA provisions, if they put those resources on the public internet, then the public has the right to interact with them. You can't fence off the sidewalk and claim that someone trespasses when they walk on it.
> You can't fence off the sidewalk and claim that someone trespasses when they walk on it.
Perhaps a better analogy would be:
If you go out into a public space, you have to accept that by doing so you lose a certain portion of your privacy. You cannot expect that other people will agree to your "terms and conditions" before being allowed to talk to you. They will just talk to you if they so like.
It’s not like fencing off part of the sidewalk. It’s like having a building next to that sidewalk with a door. The fact that the door is easily accessible doesn’t mean everyone is welcome to come in. If the door is open that’s generally how it is. If it’s locked, even badly, entering would be trespassing. If it’s locked with a button that unlocks it, and the button says “by pushing this button you agree to the following terms,” well, that’s hard to say.
I envy the rigor and time investment, but I'm inclined to agree: there are unenforceable contracts, but I'm not aware of any case in which denying t&c's while using a service deliberately was successfully defended as compatible?
I'm not a lawyer though, I'm not even that well-informed about everyday law stuff for laymen.
Their heroku setup is having a moment. But if this is about the game I've been playing with my rude ass car that started nagging me about Kia's t&c update, weeks after i first got it, every time i start the engine...
I'm not sure if I'm winning and I'm not sure if the game is fun anymore. at least the car and I have been playing a single game of me declining the t&c and please ask me again later for some three years and a few months now. So the replay value is high.
Also sometimes my wife pretends to go for the "accept" button and it makes me all hot and bothered
If you're in Europe, then most new cars do that right now. There was an EU-wide court case some time ago whether tracking consent can be one-and-done in a car or not because different people can be driving a car at different times, if memory serves well. Rather than simply drop the tracking, the car manufacturers decided to just nag you every time. This is now the first thing on my list when looking for a new car, if they do stuff like that I'm not buying.
Mozilla did an expose a while back on what's hidden in those terms, IIRC. Things like "we want to know do you use the heated seats" (okay... useful free market research maybe) but also "we store personality profiles including your sexual preferences"
Somewhere I hope a PM is deliberating the intricacies of automotive teledildonics. I hope.
Broken for me, but going off of the headline, I have been playing the same game with Apple Health. Refuse to accept what probably gives them some wiggle room to monetize my health information. Which also means that I cannot setup a wake up alarm, only generic alarms.
The site has a little game where you click to dismiss as many cookie-consent popups as possible, in 30 seconds. I suppose if you can't see the cookie consent popups, then at the end of the timer you just have zero points.
i don't understand people believe it
whether you accept or deny, does it matter if i had to log i will its not my site will have to pass all test about malpractice before being publish, or on everyday basis
Those prompt are not real prompts from browser permission system itself that if you deny will prevent site from accesing any data
> An error occurred in the application and your page could not be served. If you are the application owner, check your logs for details. You can do this from the Heroku CLI with the command
heroku logs --tail
For mandatory T&Cs I'll put in the signature box "Decline", including updating the HTML page to say "decline" instead of "OK" and screenshotting it or modifying the HTTP response sent back to include riders.
I know it probably won't matter, but it's kind of fun for me.
No chance that would hold up in court. Clickwraps have been tested in courts and are fully enforceable.
[delayed]
>No chance that would hold up in court. Clickwraps have been tested in courts and are fully enforceable.
there may be no chance it would hold up in court, but not for the reason you say. it would have be be because "any words on on a modified document "signature" line would be taken as a signature" or "subverting a clickwrap license is theft of services" or whatever.
that "agreed" clickwrap licenses have been found enforceable is a separate fact about a separate issue.
And keep in mind that (at least in the US) the opposite of "I accept the terms and conditions" is not "I get to do whatever I want," it's "I am accessing this service without authorization, which is a crime under the Computer Fraud and Abuse Act."
Are you implying that if a US "service" consists of e.g. publicly accessible HTTP endpoints, it is illegal to use these endpoints in the US without "accepting" some terms and conditions that the provider of these endpoints requires its users to accept before using them?
I do not understand how such a requirement would be legally enforceable for public endpoints.
Simply violating a TOS is not a federal crime, as long as it doesn't circumvent a technical barrier like a subscription wall. This is a new SCOTUS interpretation of the Computer Fraud and Abuse Act as of 2021, in Van Buren v. United States.
How much money, time and freedom to waste do you have to fight and then appeal this from jail then prison?
Yes of course. Ask weev how the “it was publicly accessible” defense worked out.
That's a different situation. Those urls weren't meant for public use, and provided private information on user devices.
Furthermore, on reading the wikipedia page, his conviction was vacated.
> On April 11, 2014, the Third Circuit issued an opinion vacating Auernheimer's conviction, on the basis that the New Jersey venue was improper,[60] since neither Auernheimer, his co-conspirators, nor AT&T's servers were in New Jersey at the time of the data breach.
> While the judges did not address the substantive question on the legality of the site access, they were skeptical of the original conviction, observing that no circumvention of passwords had occurred and that only publicly accessible information was obtained
https://en.wikipedia.org/wiki/Weev#Imprisonment
You can reasonably assume that if no terms and conditions were offered, then your use of a publicly accessible endpoint is authorized.
But if terms and conditions ARE offered to you, and you bypass acceptance somehow, then you're knowingly accessing the system without being authorized.
I really doubt this would be prosecuted except as part of some much larger misbehavior, but it is there.
If I use wget to mirror a site and there are terms and conditions that I never see then I'm "using a public facing API while being unaware of terms and conditions".
So, then what?
I mean, the CFAA being discussed is a notoriously broad law that's far too easy to run afoul of without realizing it.It's totally possible a court could seem that illegal.
Man, the law really needs some technical nous...
If I'm on the jury, I'll make sure he walks.
The only valid agreements require the party seeking the agreement to make efforts in that pursuit. Did a human view the signed agreement afterward? Do they store that signed agreement in such a way as to be able to retrieve it if they need to contest the terms later?
Then no agreement was made.
And as for the CFAA provisions, if they put those resources on the public internet, then the public has the right to interact with them. You can't fence off the sidewalk and claim that someone trespasses when they walk on it.
> If I'm on the jury, I'll make sure he walks.
If you're going to be on a jury, don't post things like this on the internet, even if I agree with you.
> You can't fence off the sidewalk and claim that someone trespasses when they walk on it.
Perhaps a better analogy would be:
If you go out into a public space, you have to accept that by doing so you lose a certain portion of your privacy. You cannot expect that other people will agree to your "terms and conditions" before being allowed to talk to you. They will just talk to you if they so like.
> If I'm on the jury, I'll make sure he walks.
This statement ensures you won't be on the jury.
It’s not like fencing off part of the sidewalk. It’s like having a building next to that sidewalk with a door. The fact that the door is easily accessible doesn’t mean everyone is welcome to come in. If the door is open that’s generally how it is. If it’s locked, even badly, entering would be trespassing. If it’s locked with a button that unlocks it, and the button says “by pushing this button you agree to the following terms,” well, that’s hard to say.
I envy the rigor and time investment, but I'm inclined to agree: there are unenforceable contracts, but I'm not aware of any case in which denying t&c's while using a service deliberately was successfully defended as compatible?
I'm not a lawyer though, I'm not even that well-informed about everyday law stuff for laymen.
Inb4 a dozen non-lawyers give confident proclamations as to the law.
You misspelled 'potential jurors'.
Their heroku setup is having a moment. But if this is about the game I've been playing with my rude ass car that started nagging me about Kia's t&c update, weeks after i first got it, every time i start the engine...
I'm not sure if I'm winning and I'm not sure if the game is fun anymore. at least the car and I have been playing a single game of me declining the t&c and please ask me again later for some three years and a few months now. So the replay value is high.
Also sometimes my wife pretends to go for the "accept" button and it makes me all hot and bothered
If you're in Europe, then most new cars do that right now. There was an EU-wide court case some time ago whether tracking consent can be one-and-done in a car or not because different people can be driving a car at different times, if memory serves well. Rather than simply drop the tracking, the car manufacturers decided to just nag you every time. This is now the first thing on my list when looking for a new car, if they do stuff like that I'm not buying.
I backed into my garage wall after being distracted by one of those things, now I just leave it up
My Toyota also got that game in a DLC about a year after I bought it
Mozilla did an expose a while back on what's hidden in those terms, IIRC. Things like "we want to know do you use the heated seats" (okay... useful free market research maybe) but also "we store personality profiles including your sexual preferences"
Somewhere I hope a PM is deliberating the intricacies of automotive teledildonics. I hope.
Monthly payment features and telematic updates, oh yeah
Sketchy auto-braking and seats that heat your derrière
You are supreme
The chicks'll cream
For Greased Lightnin'
This game seems to be all the rage right now. I've seen clones of it everywhere.
> You need to enable JavaScript to play.
I didn't enable JavaScript. Does that mean I win?
WOPR would be proud.
Yes. You won the whole internet.
I get a Heroku error trying to view the site.
That means you won the game.
damn, I just lost The Game.
same
According to its terms and conditions, Heroku is not Web Scale.
Have they tried MongoDB?
Broken for me, but going off of the headline, I have been playing the same game with Apple Health. Refuse to accept what probably gives them some wiggle room to monetize my health information. Which also means that I cannot setup a wake up alarm, only generic alarms.
Apple Health data is end-to-end encrypted, even without using ADP. They don't have access to it: https://support.apple.com/en-us/102651
That is cute, but if big tech goes out of its way to get specific permissions to do something, I am going to assume it is not in my best interests.
Sure, Apple is less bad than many others, but that does not mean they are trustworthy.
I assumed it was to update your sleep stats in health.
The app is erroring out for me, but I have a suspicion it's a "Neal-like"?
Shameless Plug
I created this web application to review the terms and conditions of website and show an LLM surface the ugly parts of the TOS.
tosreview.org/
Shoutout: this was inspired by the amazing humans at tosdr.org
Just wanted to say thank you. It prompted a review of our own T&Cs.
Your site gives me ssl error.
Someone went to sleep after a long day of work and the heroku servers crashed, this is why you need monitoring and alerts people
Site's borked, but for those that were able to access it, is it like Ente's https://consent.gg/ ?
Note to everyone: disable your adblocker when visiting that website, or you'll see only an empty page with a countdown.
> disable your adblocker when visiting that website, or you'll see only an empty page with a countdown.
Thanks for the heads-up. Will not visit site.
what happens at the end of the countdown?
The site has a little game where you click to dismiss as many cookie-consent popups as possible, in 30 seconds. I suppose if you can't see the cookie consent popups, then at the end of the timer you just have zero points.
It's not working. Shows an error.
i don't understand people believe it whether you accept or deny, does it matter if i had to log i will its not my site will have to pass all test about malpractice before being publish, or on everyday basis
Those prompt are not real prompts from browser permission system itself that if you deny will prevent site from accesing any data
those are dummy
The Sequel: Decline e-Delivery.
T&C 3: Block Notifications
HN hug of death?
Damn. I lost it.
Yep, I just lost the game as well.
> An error occurred in the application and your page could not be served. If you are the application owner, check your logs for details. You can do this from the Heroku CLI with the command heroku logs --tail
[dead]
[dead]