Services like ToS;DR, which decodes byzantine terms of service agreements, exist to patch the internet’s biggest security and privacy holes. But startups shouldn’t have to fix the mess.
By Adam Smith
The internet is a complex organism. Most people don’t know how to manipulate YouTube keywords so children are tricked into watching violent content or adults are sent down a path of radicalization. Most don’t know exactly how much their data is worth and what Big Tech is gathering about them -terms of service changes are agreed to without a second thought.
There are services intended to solve these problems: Jumbo lets users take back control of privacy settings. DoNotPay translates legal language and provides burner payment cards so you don’t have to hand over real credit card data to get a free trial. And Terms of Service; Didn’t Read explains the terms and conditions of some of the biggest websites on the internet.
That’s nice, but consumers should not have to rely on startups to fix technical problems that could be easily solved by Twitter, Facebook, Google, and their armies of engineers and developers.
Taking Control of Your Data
Jumbo’s free iOS app performs an audit, which runs through the permissions you’ve granted to Amazon, Facebook, Google, or Twitter, and offers to turn the permissions off or delete the data they’ve collected. (An Android version is in the works.)
Logging into my Google account, Jumbo found that Google Chrome had saved 11 webpages I visited and Maps had saved 98 activities. Underneath each message is a button called “Why you should care,” which describes what Google does with the information. Google tracking my location means it can better target me with ads, which could encourage me to spend money and even change my behavior.
While data skeptics warn that if you’re not paying for a product you are the product, Jumbo CEO Pierre Valade assures me this is not the case; the company will make its technology open source to prove it isn’t spying on you.
“We will never have access to your data. We don’t have any servers that are processing or storing any of your data. All of the processing is coming from the phone,” Valade says.
Valade envisions an enterprise version of Jumbo for companies struggling to comply with large-scale regulation such as GDPR or California’s Consumer Privacy Act, but for now, it’s funded by over $3 million in venture capital.
Everything Jumbo does you could, theoretically, do manually, but it can get complicated. In Facebook’s app, you need to navigate between menus for managing the privacy of what you post on the site, the settings that handle what Facebook knows about you, and the ad-tracking data Facebook holds on you. For Google, it can be equally difficult to manage your privacy among the search giant’s numerous services, such as Maps, Search, and its voice assistant.
Even if you think you’ve been thorough, there’s always the chance that you missed a section, so Jumbo’s automated service-where one or two button presses, instead of dozens-can give you back some control over your information.
That’s not to say there aren’t risks-for Jumbo. Valade has said previously that Facebook, Twitter, and other services with which Jumbo interacts could take legal action against it. Valade and Jumbo’s lawyer would not elaborate, but say there’s a concern these companies “don’t have a business interest in people.”
“We recommend…that [people] block [targeted advertisements], and most people follow recommendations. Maybe that makes Facebook, from a business point of view, less valuable to advertisers. And as we are installing more phones to protect more people, they may see this as a business risk-that we’re lowering the amount of money they can generate out of the data we’re giving to them,” Valade says.
When a ‘Free Trial’ Is Actually Free
DoNotPay recently launched a new feature that allows customers to use a virtual payment card for free trials.
Many companies count on people signing up for trials and then forgetting about them. A 2017 poll found that 35 percent of Americans had inadvertently set up an account that enrolled them in automatic payments, and 42 percent said it was difficult to turn off the continuous payments. DoNotPay, however, stops that from happening. It generates a fake name and email address linked to a Visa-backed card, which allows DoNotPay to “act as an agent paying for consumers”-but only for payments where no money is involved.
Earlier this summer, founder Josh Browder told Wired he was concerned that banks would shut down DoNotPay if they discovered how they were being utilized to game this system. But Browder recently told PCMag that DoNotPay’s banking partners do not have any problem with the service, though they declined to be named publicly.
This isn’t the first instance where DoNotPay has fought the powers that be, so to speak. The app began life in 2018 as a way to “sue anyone by pressing a button.” Browder described to Vice how he racked up numerous parking violations while living in London-some warranted, some unjustified-so he built the app to help people who did not have the legal know-how to fight their fines. An AI chatbot asked a few questions before drawing up documents, filling in details, and even creating a script for the plaintiff to read out loud in court, if necessary.
But why do we need artificial intelligence to translate our own laws? Can we not simply write them in a way average people can understand? If all the problems in the world could be fixed, Browder says, DoNotPay wouldn’t have to exist. But he doesn’t think that’s going to happen any time soon.
Cutting Through the Legal Jargon
That’s why projects like Terms of Service; Didn’t Read ( ToS;DR) exist. Maintained by a network of volunteers acting like Wikipedia for terms of service agreements, it translates these complex legal documents into bullet-point lists and grades them from A to F; check them out on the fly with the browser extension.
For the team, it’s difficult to know when to stop digging. “How do we look at web apps versus native mobile apps, and the permissions they request on the device. Should [we] restrict ourselves to reviewing what we read in the Terms and Conditions of a service, or also include information about how the service is run in practice?” says co-founder Michiel de Jong.
ToS;DR isn’t a legal resource. It’s not backed by AI, which occasionally means the humans at the controls get it wrong, but Jong thinks the benefits outweigh the negatives. “You can compare it to how WikiTravel gives you advice directly from other travelers rather than an expert travel guide writer. Or OpenStreetMap instead of Google Maps” Jong says.
“Sometimes, some data may be out of date or incorrect, but then the crowd can easily go in and actively fix the information. And the reviews you get reflect what people like you, who came before you, thought was noteworthy, so in a way that gives the best balance of topics.”
DoS;TR has plenty to keep it busy, Jong says, since internet privacy issues-from Edward Snowden and Cambridge Analytica to GDPR-have dominated headlines in recent years.
A Market for Mistakes
In a statement, a Facebook spokesperson said the social network is “always trying to give people more clarity on how their information is used on Facebook and how they can control it.
“Over the past 18 months, we have made our policies clearer, our privacy settings easier to find and introduced new tools for people to access, download, and delete their information. We will continue to work on new ways to give people greater transparency and control over their privacy on Facebook.”
Still, as more companies offer internet-based subscription services, those without a legal background will have to engage with contracts they don’t understand.
“I agree to the terms and conditions” is one of the largest lies in tech, and that needs to change. But despite Silicon Valley’s endless talk about transparency, it’s not in the best interest of Facebook or Google, for example, to make their privacy settings easier to understand since they make money from our data.
Jumbo, DoNotPay, and ToS;DR show that solutions are possible. But there should not be a market for apps that make sense of data privacy or translate terms and conditions you’ve already accepted and that could change on a whim. If these small companies can do it, why can’t the big ones?
Originally published at https://www.pcmag.com on August 23, 2019.