pages tagged termsOfService
hroy.eu
https://hroy.eu/tags/termsOfService/
hroy.eu
ikiwiki
2023-10-30T21:03:46Z
Why I want to update the User Data Manifesto
https://hroy.eu/posts/why-new-user-data-manifesto/
2023-09-18T15:16:31Z
2014-08-26T09:39:22Z
I’ve been working on a new version of the User Data Manifesto published by Frank Karlitschek. I think the current version have several problems and I want to fix them.<hr><br><p><strong>Update</strong>: Version 2 of the <a
href="https://userdatamanifesto.org/">User Data Manifesto</a> is
out!</p>
<hr />
<p>In late 2012, a new manifesto emerged from the free software
community: <a href="http://userdatamanifesto.org/1.0/">The User Data
Manifesto</a>, written by Frank Karlitschek of <a
href="http://owncloud.org">Owncloud</a>. Quite similar to the <a
href="http://autonomo.us/2008/07/14/franklin-street-statement/">Franklin
Street Statement</a> on freedom and network services, the manifesto was
taking another approach which I think was good: identifying a new set of
rights for users, or as the manifesto puts it: “defining basic rights
for people to control their own data in the internet age.”</p>
<p>I have applauded the approach and I think the current manifesto is a
good starting point — which is why I have started an effort to create a
new better version built on the <a
href="http://userdatamanifesto.org/1.0/">first version</a>. If you are
interested directly into <a
href="https://github.com/userdatamanifesto/www/pull/4">discussing the
new version</a> then you can <a href="https://hroy.eu/tags/termsOfService/#my-current-proposal">skip the
first part</a> of this article.</p>
<h3 id="whats-wrong-with-the-current-version">What’s wrong with the
current version?</h3>
<p>Right now, the manifesto consists of 8 points – and I think that’s
probably too much. As you will see, some of these points overlap.
Another thing that’s wrong with the current version is that it mixes
several issues together with no hierarchy or context between these; for
instance, some points are about user rights, some others are about
implementation only (like point 8. Server software transparency).</p>
<p>So let me take some points separately:</p>
<blockquote>
<p>1 - Own the data<br />
The data that someone directly or indirectly creates belongs to the
person who created it.</p>
</blockquote>
<p>This one is very, very problematic. What does “belong” mean, what
does “own” mean? Why is one used in the title and the other in the
description? What happens when several persons “created” data. What does
“create [data]” even mean? I don’t create “data”, my computer generates
data when I do things and make stuff.</p>
<p>This point could be read like a copyright provision and thus justify
current copyright laws. This is probably not the intention behind this.
So this point should be fixed. This reason alone is enough to make it a
necessity to update the current manifesto.</p>
<p>But what was the intention behind this?</p>
<aside class="pull-left">
<table class="img">
<caption>
1991, Sega’s Zero Wing
</caption>
<tr>
<td>
<a href="https://hroy.eu/posts/why-new-user-data-manifesto/Aybabtu.png"><img src="https://hroy.eu/posts/why-new-user-data-manifesto/Aybabtu.png" width="240" height="160" alt="Zero Wing screenshot" class="pull-left aside" /></a>
</td>
</tr>
</table>
</aside>
<p>I think I understand it, and I agree with it. Maybe you know the meme
<a
href="https://en.wikipedia.org/wiki/All_your_base_are_belong_to_us">“All
your base are belong to us”</a> sometimes deviated into “All Your Data
Are Belong to Us” in reference to Google/NSA/etc.</p>
<p>This is basically what we want to prevent. For a user data manifesto
to be effective, it means that even if I use servers to store some of
<em>my data</em>, it does not mean that the server admin should feel
like being able to do as if it was <em>their data</em>.</p>
<p>However, a careful note is needed here. As you will notice, I’m
referring to data as “my data” or “their data.” This is very important
to consider. If we want a good User Data Manifesto, we need to think
clearly about what makes data, “User Data.”</p>
<p>The current version of the manifesto says that what makes User Data
is data “created by the user.” But I think that’s misleading.</p>
<p>Usually, there are two ways in which one might refer to data as
“their data” (i.e. “their own” data):</p>
<ol type="1">
<li><p>Personal data, or personally-identifiable information, are often
referred to by <em>someone</em> as <em>their data</em>. But in our case,
that’s not relevant, this is covered by laws such as data protection in
the European Union. That’s not the scope of this manifesto, because in
this case the <em>person</em> is called the “data subject” and
typically, this person is not necessarily a “user.”</p>
<p>However, this is users that we are concerned with in this manifesto.
Which leads to the second case in which one usually refers to data as
their own data:</p></li>
<li><p>Data that is stored on <em>my</em> hard-drive or other storage
apparatus. In this case, the meaning of ownership of data is an
extension of the ownership of the physical layer on which it sits.</p>
<p>For instance, when I refer to the books that are in my private
library at home, I say that these are <em>my books</em> even though I
have not written any of them. I <em>own</em> these books not because I
have created them, but because I bought them.</p></li>
</ol>
<p>So, for the purpose of the User Data Manifesto, how should we define
User Data to convey the objective that servers admins do not have the
right to do as they wish with user data, i.e. <em>our data</em>?</p>
<p>I propose this:</p>
<blockquote>
<p>“User data” means any data uploaded by a user and/or generated by a
user, while using a service on the Internet.</p>
</blockquote>
<p>This definition is aimed at replacing point 1 of the first version.
This definition is consistent with our current way of referring to data
as “our own data” but it also includes the case where data is not
necessarily generated by devices that we own, but instead are generated
<em>by us, for us</em> on devices that somebody else owns.</p>
<blockquote>
<p>2 - Know where the data is stored<br />
Everybody should be able to know: where their personal data is
physically stored, how long, on which server, in what country, and what
laws apply.</p>
</blockquote>
<p>I have tried to improve this. This is point 2 in [my version of the
manifesto][#mycurrentproposal].</p>
<blockquote>
<p>3 - Choose the storage location<br />
Everybody should always be able to migrate their personal data to a
different provider, server or their own machine at any time without
being locked in to a specific vendor.</p>
</blockquote>
<p>This is point 3 in my version of the manifesto.</p>
<blockquote>
<p>4 - Control access<br />
Everybody should be able to know, choose and control who has access to
their own data to see or modify it.</p>
<p>5 - Choose the conditions<br />
If someone chooses to share their own data, then the owner of the data
selects the sharing license and conditions.</p>
</blockquote>
<p>These two points are now point 1 in my version. I have merged them
together. However, I have modified the part about “choosing the
conditions” and instead refer to “permissions” (as in, read-only,
read-write, etc.). I think the “conditions” as in licensing conditions
are out of scope of this manifesto.</p>
<blockquote>
<p>6 - Invulnerability of data<br />
Everybody should be able to protect their own data against surveillance
and to federate their own data for backups to prevent data loss or for
any other reason.</p>
</blockquote>
<p>This point was redundant with point 4 and it was drafted in a vague
manner, so I have modified it and integrated in point 1 of my version of
the manifesto.</p>
<blockquote>
<p>7 - Use it optimally<br />
Everybody should be able to access and use their own data at all times
with any device they choose and in the most convenient and easiest way
for them.</p>
</blockquote>
<p>I feel this is not in scope with the manifesto because this describes
a feature, not a right, and also because I felt it was a bit vague:
what’s “most convenient and easiest way for them”? So I decided to leave
this one out.</p>
<blockquote>
<p>8 - Server software transparency<br />
Server software should be free and open source software so that the
source code of the software can be inspected to confirm that it works as
specified.</p>
</blockquote>
<p>This is about implementation related to point 3 of the current
version related to the right to choose any location to store their data,
the right to move to another platform. So I have merged it into point 3
of my version of the manifesto regarding the freedom to choose a
platform.</p>
<hr />
<p>That’s it. Overall, I think the manifesto was a good starting point
and that it should be improved and updated. I think that we should
reduce the number of points because 8 is too many; especially because
some of them are redundant. We should also give more context after we
lay out the rules.</p>
<p>This is what I have tried to do with <a
href="https://github.com/userdatamanifesto/www/pull/4">my
modifications</a>. There is a <a
href="https://github.com/userdatamanifesto/www/pull/4">pull request on
Github</a> pending. Feel free to give your impressions there.</p>
<p>Obviously, this is also a request for comments, criticism and
improvement of my version of the manifesto.</p>
<p><strong>Thanks</strong> to Jan-Christoph Borchardt, Maurice
Verheesen, Okhin and Cryptie for their feedback and/or suggested
improvements since April 2013.</p>
<h3 id="my-current-proposal">My current proposal</h3>
<p><a href="http://udm.branchable.com/index.en.html">User Data
Manifesto, v2 DRAFT:</a> as of today, August 26, 2014:</p>
<p>This manifesto aims at defining basic rights for people regarding
their own data in the Internet age. People ought to be free and should
not have to pay allegiance to service providers.</p>
<ol start="0">
<li>
“User data” means any data uploaded by a user and/or generated by a
user, while using a service on the Internet.
</li>
</ol>
<p>Thus, users should have:</p>
<ol type="1">
<li><p>Control over user data access</p>
<p>Data explicitly and willingly uploaded by a user should always be
under the ultimate control of the user. Users should be able to decide
whom to grant (direct) access to their data and under which permissions
such access should occur.</p>
<p>Cryptography (e.g. a <a
href="https://en.wikipedia.org/wiki/PKI">PKI</a>) is necessary to enable
this control.</p>
<p>Data received, generated, collected and/or constructed from users’
online activity while using the service (e.g. metadata or social graph
data) should be made accessible to these users and put under their
control. If this control can’t be given, than this type of data should
be anonymous and not stored for long periods.</p></li>
<li><p>Knowledge of how the data is stored</p>
<p>When the data is uploaded to a specific service provider, users
should be able to know where that specific service provider stores the
data, how long, in which jurisdiction the specific service provider
operates, and which laws apply.</p>
<p>A solution would be, that all users are free to choose to store their
own data on devices (e.g. servers) in their vicinity and under their
direct control. This way, users do not have to rely on centralised
services. The use of peer-to-peer systems and unhosted apps are a means
to that end.</p></li>
<li><p>Freedom to choose a platform</p>
<p>Users should always be able to extract their data from the service at
any time without experiencing any vendor lock-in.</p>
<p>Open standards for formats and protocols, as well as access to the
programs source code under a Free Software license are necessary to
guarantee this.</p></li>
</ol>
<p>If users have these rights, they are in control of their data rather
than being subjugated by service providers.</p>
<p>Many services that deal with user data at the moment are gratis, but
that does not mean they are free. Instead of paying with money, users
are paying with their allegiance to the service providers so that they
can exploit user data (e.g. by selling them or building a profile for
advertisers).</p>
<p>Surrendering privacy in this way may seem to many people a trivial
thing and a small price to pay for the sake of convenience that the
Internet services brings. This has made this kind of exchange to become
common.</p>
<p>Service providers have thus been unwittingly compelled to turn their
valuable Internet services into massive and centralised surveillance
systems. It is of grave importance that people understand/realize this,
since it forms a serious threat to the freedom of humanity</p>
<p>When users control access to the data they upload (Right #1), it
means that data intended to be privately shared should not be accessible
to the service provider, nor shared with governments. Users should be
the only ones to have ultimate control over it and to grant access to
it. Thus, a service should not force you to disclose private data
(including private correspondence) with them.</p>
<p>That means the right to use cryptography<a href="https://hroy.eu/tags/termsOfService/#fn1"
class="footnote-ref" id="fnref1" role="doc-noteref"><sup>1</sup></a>
should never be denied. On the contrary, cryptography should be enabled
by default and be put under the users’ control with Free Software that
is easy to use.</p>
<p>Some services allow users to submit data with the intention to make
it publicly available for all. Even in these cases, some amount of user
data is kept private (e.g. metadata or social graph data). The user
should also have control over this data, because metadata or logging
information can be used for unfair surveillance. Service providers must
commit to keeping these to a minimum, and only for the purpose of
operating the service.</p>
<p>When users make data available to others, whether to a restrictive
group of people or to large groups, they should be able to decide under
which permissions they grant access to this data. However, this right is
not absolute and should not extend over others’ rights to use the data
once it has been made available to them. What’s more, it does not mean
that users should have the right to impose unfair restrictions to other
people.</p>
<p>Ultimately, to ensure that user data is under the users’ control, the
best technical designs include peer-to-peer or distributed systems, and
unhosted applications. Legally, that means terms of service should
respect users’ rights.</p>
<p>When users use centralised services that uploads data to specific
storage providers instead of relying on peer-to-peer systems, it is
important to know where the providers might store data because they
could be compelled by governments to turn over data they have in their
possession (Right #2).</p>
<p>In the long term, all users should have their own server.
Unfortunately, this is made very difficult by some Internet access
providers that restrict their customers unfairly. Also, being your own
service provider often means having to administer systems which require
expertise and time that most people currently don’t have or are willing
to invest.</p>
<p>Users should not get stuck into a specific technical solution. This
is why they should always be able to leave a platform and settle
elsewhere (Right #3). It means users should be able to have their data
in an open format, and to exchange information with an open protocol. <a
href="http://fsfe.org/activities/os/def.html">Open standards</a> are
standards that are free of copyright and patent constraints. Obviously,
without the source code of the programs used to deal with user data,
this is impractical. This is why programs should be distributed under a
Free Software license like the GNU AGPL-3<a href="https://hroy.eu/tags/termsOfService/#fn2"
class="footnote-ref" id="fnref2"
role="doc-noteref"><sup>2</sup></a>.</p>
<hr />
<p><strong>Thanks</strong> to <a href="https://hroy.eu//samtuke.com">Sam Tuke</a> for
his feedback on the post and the manifesto!</p>
<aside id="footnotes" class="footnotes footnotes-end-of-document"
role="doc-endnotes">
<hr />
<ol>
<li id="fn1"><p>We mean effective cryptography. If the service provider
enables cryptography but controls the keys or encrypts the data with
your password, it’s probably <a
href="https://en.wikipedia.org/wiki/Snake_oil_%28cryptography%29">snake
oil</a>.<a href="https://hroy.eu/tags/termsOfService/#fnref1" class="footnote-back"
role="doc-backlink">↩︎</a></p></li>
<li id="fn2"><p>The GNU AGPL-3 safeguards this right by making it a
legal obligation to provide access to the modified program run by the
service provider. (<a href="http://www.gnu.org/licenses/agpl.html">§ 13.
Remote Network Interaction</a>)<a href="https://hroy.eu/tags/termsOfService/#fnref2" class="footnote-back"
role="doc-backlink">↩︎</a></p></li>
</ol>
</aside>
https://hroy.eu/notes/secret-tos/
<a href="http://creativecommons.org/publicdomain/zero/1.0/">CC0-1.0</a>
<p>The Secret ToS are ©2014 Secret Inc. Extracts
used without authorisation for the goal of providing relevant
criticism and opinion.</p>
2014-10-21T15:44:11Z
2014-04-16T17:14:03Z
<p>It seems <a href="https://www.secret.ly/tos">Secret</a> is the new thing.
So I had a look at <a href="https://www.secret.ly/tos">their terms of service</a>. Here are
some extracts:</p>
<p><a class="toggle" href="https://hroy.eu/tags/termsOfService/#notes-secret-tos.secretosbad">TL;DR: They’re not good.</a></p>
<div class="toggleable" id="notes-secret-tos.secretosbad"></div>
<blockquote>
<p>However, unless we expressly state otherwise, your right to use
the Service does not include (i) publicly performing or publicly
displaying the Service,</p>
</blockquote>
<p>That's funny, because it seems to imply that taking a screenshot
of a secret and tweeting it is forbidden (although the Secret
co-founder uses them in his <a href="https://medium.com/secret-den/12ab82fda29f">post explaining how it works
technically</a>.)</p>
<blockquote>
<p>When you post, link or otherwise make available content to the
Service, you grant us a nonexclusive, royalty-free, perpetual,
irrevocable and fully sublicensable right to use, reproduce,
modify, adapt, publish, translate, create derivative works from,
distribute, perform and display such content throughout the world
in any manner or media, on or off the App.</p>
</blockquote>
<p>This got to be the most <a href="http://tosdr.org/topics.html#copyright-scope">extreme copyright license in Terms of
Service</a> that I have
ever seen.</p>
<p>Basically, it's as if you did not exist as an author. Which is
fine because it's supposed to be a secret. But in the process,
Secret wants all the rights for themselves (and their future
business partners I assume).</p>
<p>(I'm not sure that most Secret messages would pass the originality
threshold required for copyright and authors' right protection
anyway.)</p>
<blockquote>
<h4>Modification to the service</h4>
<p>Secret reserves the right in its sole discretion to review,
improve, modify or discontinue, temporarily or permanently, the
Service and/or any features, information, materials or content on
the Service with or without notice to you. </p>
</blockquote>
<p> </p>
<blockquote>
<h4>Suspension/Termination</h4>
<p>Secret may suspend and/or terminate your rights with respect to
the Service for any reason or for no reason at all and with or
without notice at Secret’s sole discretion. </p>
</blockquote>
<p> </p>
<blockquote>
<h4>Governing Law; Arbitration</h4>
<p>PLEASE READ THE FOLLOWING PARAGRAPHS CAREFULLY BECAUSE THEY
REQUIRE YOU TO ARBITRATE DISPUTES WITH SECRET AND LIMIT THE MANNER
IN WHICH YOU CAN SEEK RELIEF FROM SECRET.</p>
<p>[…]</p>
<p>If settlement is not reached within 60 days after service of a
written demand for mediation, any unresolved controversy or claim
will be resolved by arbitration in accordance with the rules of
the American Arbitration Association before a single arbitrator in
San Francisco, California.</p>
</blockquote>
<p> </p>
<blockquote>
<h4>Legal Compliance</h4>
<p>You represent and warrant that: (i) you are not located in a
country that is subject to a U.S. Government embargo, or that has
been designated by the U.S. Government as a “terrorist supporting”
country; and (ii) you are not listed on any U.S. Government list
of prohibited or restricted parties. </p>
</blockquote>
<p>That's funny. I guess I don't know if I'm on a US government list
of restricted parties!</p>
<div class="toggleableend"></div>
<p>Oh, and here's the <a href="https://www.secret.ly/privacy">Privacy policy</a>.</p>
<p>In case you thought you were “anonymous” when using Secret, think
again:</p>
<blockquote>
<p>We may share information about you as follows or as otherwise
described in this privacy policy:</p>
<ul>
<li>In response to a request for information if we believe
disclosure is in accordance with any applicable law,
regulation or legal process, or as otherwise required by any
applicable law, rule or regulation;</li>
</ul>
</blockquote>
Eben Moglen: privacy is ecological, not transactional
https://hroy.eu/posts/moglen_privacy_ecological/
2023-10-30T21:03:46Z
2013-11-16T23:00:00Z
<aside class="pull-right">
<table class="img">
<caption>
Eben Moglen
</caption>
<tr>
<td>
<a href="https://hroy.eu/posts/moglen_privacy_ecological/moglen.jpg"><img src="https://hroy.eu/posts/moglen_privacy_ecological/108x150-moglen.jpg" width="108" height="150" alt="moglen portrait" class="img" /></a>
</td>
</tr>
</table>
</aside>
<blockquote>
<p>Now I spoke last time of the way in which we can decompose “privacy,”
the concepts that we float around under that word, into three more
specific parts: First, secrecy: that is, our ability to have our
messages understood only by those to whom we intend to send them.
Second, anonymity: that is, our ability to send and receive messages,
which may be public in their content, without revealing who said and who
listened or read what was said. Third, autonomy: that is, the avoidance
of coercion, interference, and intervention by parties who have violated
either our secrecy or our anonymity and who are using what they have
gained by those violations to control us.</p>
<p>I would ask you also—in thinking analytically about this substance
“privacy” whose continuation I am asserting is essential to democracy’s
survival—I would urge you also to consider that privacy is an ecological
rather than a transactional substance. This is a crucial distinction
from what you are taught to believe by the people whose job it is to
earn off you.</p>
<p>Those who wish to earn off you want to define privacy as a thing you
transact about with them, just the two of you. They offer you free email
service, in response to which you let them read all the mail, and that’s
that. It’s just a transaction between two parties. They offer you free
web hosting for your social communications, in return for watching
everybody look at everything. They assert that’s a transaction in which
only the parties themselves are engaged.</p>
<p>This is a convenient fraudulence. Another misdirection, misleading,
and plain lying proposition. Because—as I suggested in the analytic
definition of the components of privacy—privacy is always a relation
among people. It is not transactional, an agreement between a listener
or a spy or a peephole keeper and the person being spied on.</p>
<p>If you accept this supposedly bilateral offer, to provide email
service for you for free as long as it can all be read, then everybody
who corresponds with you has been subjected to the bargain, which was
supposedly bilateral in nature.</p>
<p><cite>— Eben Moglen, <a
href="http://snowdenandthefuture.info/PartIII.html" title="Snowden
and the Future, part Ⅲ">The Union, May It Be Preserved</a></cite></p>
</blockquote>
<p>I have become increasingly convinced that this analysis is right on.
If you’re looking for evidence that the transactional/bilateral nature
of privacy is a big lie, <a href="http://biggestlie.com">look no</a> <a
href="http://tosdr.org">further</a> than how Privacy Policies and Terms
of Service are set up.</p>