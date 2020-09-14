NurPhoto / Contributor



Do you read the terms and conditions of the service of an app before accepting its use? If you don’t, you are not the only one. Research has shown that very few people actually take the time to read what an app or website asks them to agree to – even in the case study, participants unknowingly agreed to hand over the company to their future firstborn. Long texts of terms and conditions are often not designed to be understood, other researchers concluded.

“The choice to read the terms and conditions of a service or its privacy policy is not easy. It is not accessible,” said Nader Henein, research director and member of the information privacy area at Gartner. “If you’ve had lawyers write the policy, there’s a good chance that someone without a law degree and with half an hour of time to spend on it, won’t be able to figure out exactly what it says. [el documento]”.

But don’t worry, we are here to help you. Here are three red flags to watch out for before marking that you agree to a privacy policy to download an application or use a service.

Red spotlight no. 1: Complexity



Legal disputes around privacy policy documents and terms and conditions of service do not typically reach litigation, in many cases, because there is no expectation that someone will actually read the fine print, Henein explains. The reader is also not expected to have the necessary training to understand the policy, even after reading it, he added.

Apps with complex policies that bury exactly what a person agrees to (such as sharing their information with third parties) are dishonest on the part of the company and should be avoided, Henein said.

“If the language is complex and you read the first paragraph and it doesn’t make sense to the average person, that tells me that the company hasn’t really considered people in the equation,” Henein said. “You need to raise your guard.”

Jason Cipriani/CNET



Red spotlight no. 2: Implied Agreement

Policies that want an implicit agreement or implicit consent should raise a red flag. This means that you are not actually “giving” your consent, but rather that the consent is implied by a certain action or situation. Henein explains that it would look like, or when a service terms and conditions agreement says something like “by browsing this website you are accepting that A, B and C”. This type of language is not binding and should not be, he said.

Red spotlight no. 3: Data collection and monetization

What a policy agreement says about data collection is another important factor to consider before accepting and initiating the download, according to Engin Kirda, a professor at the Khoury College of Computer Science at Northeastern University. Something that goes hand in hand with this is the way the app generates revenue, Kirda explained, especially if it’s free to download.

James Martin/CNET



Monetizing an application through advertising can mean that it may be offering a better service, but it can also mean that it is generating a profit through the sale of your private information. But there is a difference between collecting some information necessary for the app to be useful and collecting a lot of information that is sold to a third party or could be stolen.

Other warning signs of an app



While it’s important to know what’s in a policy agreement, there are other red flags that you can spot without having to read the document, Kirda said. Another important red light is what permissions an application requests. For example, a calculator app doesn’t need access to your microphone or your location. Also, pay attention to whether she can use the app after denying her any permission, she added. Asking for unnecessary permissions can reveal a bad practice, such as an application having access to your call log The collect information from your Wi-Fi connections , for example.

The coolest and weirdest robots from CES 2020 [fotos] To see photos

Michiel de Jong, one of the volunteers at Terms of Service; Didn’t Read (ToS; DR) – a collaborative grassroots project where anyone can help review the terms and policies of any website – said it is important to see that a policy does not have the ability to be randomly modified.

“Many services will reserve the right to change the policy one day after you sign up and never comply with the version you read when you signed up,” De Jong explained.

Additionally, De Jong said to be on the lookout for sites that force you to sign a class action waiver, which means they can sue you, but you can’t.

Angela Lang / CNET



What can you do



To help you deal with the legal jargon of service agreements and privacy policies, Henein suggested downloading ToS’s browser extension; DR, which digests the documents that would be requesting compliance and makes them fast and readable. ToS; DR classifies the privacy policies and terms of a website into different classes, with Class A being very good and Class E being the worst. In addition to the class score, project contributors can rate sections of the terms as Good, Bad, Block, or Neutral.

For example, Google is rated Class C by the site for having the ability to read a user’s private messages, track users on other websites, and more. For its part, Stack Overflow was rated Class E due to third-party tracking practices, requiring that a lawsuit be dropped, and so on.



Playing:

Watch this:

5 ways to protect your photos better than Jeff Bezos

3:24



Henein highlighted Microsoft as a good example of how to present the terms of use for its website: The technology company outlines its privacy policy on about three pages, divided into sections to provide structure and clarity.

“Privacy policies should be written by a normal person and reviewed by an attorney, not the other way around,” Henein said. “The expectation now is that the privacy policies should focus on their writing and design as much as the rest of the site. They are not something that is a necessary evil – it is part of the site in general, because it should be the commitment that you are making to the people regarding the way you will handle their personal information. “

In addition to ToS; DR, De Jong suggested DuckDuckGo’s Privacy Essentials browser extension. The service combines data from ToS; DR with information from many other sources about encryption, trackers and more. LegiCrowd is another project that demystifies the terms of service the ToS-DR team collaborates with, but De Jong said it is aimed more at researchers.

Tosback.org is a site that keeps logs of legal policy changes, sometimes going back years, according to De Jong. The project was started by the Electronic Frontier Foundation, but is now part of ToS; DR.