|
|
Anybody have any experience with creating/modifying user agreements?
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Hello,
Do any of you have any experience in this area? I'm wondering if you'd be interested in helping me a little?
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Jun 2000
Location: California
Status:
Offline
|
|
Very little help required. When a big company gives you a TOS, take a red pen and line out all the objectionable parts. The parts that take away your rights, and excuse them from any responsibility for not delivering their service. Usually everything beyond the first paragraph. Place your chop beside the lining-out.
You are welcome.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by reader50
Very little help required. When a big company gives you a TOS, take a red pen and line out all the objectionable parts. The parts that take away your rights, and excuse them from any responsibility for not delivering their service. Usually everything beyond the first paragraph. Place your chop beside the lining-out.
You are welcome.
Heh... It looks like a number of people rework existing agreements as to not plagiarize them, I was just wondering if anybody here had gone down that path or a path like it...
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
angelmb: that doesn't really help me much, unfortunately.
What I'm looking for is advice whether basing a user agreement on that of a similar company would be a good idea (with appropriate rewordings to avoid accusations of plagiarism), and whether it is a good idea to summarize a user agreement to make users a little more comfortable with signing it. There would be nothing unusual in my agreement, I just hate having to provide one...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
You get what you pay for.
If you don't care about the user agreement, go for it. If you want it to actually protect you from something, know that someone who represents themselves has a fool for a client.
MURDER PILLS!
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by subego
You get what you pay for.
If you don't care about the user agreement, go for it. If you want it to actually protect you from something, know that someone who represents themselves has a fool for a client.
MURDER PILLS!
It's mostly a matter of assessing risk and cost. I don't think I have ever heard of somebody combing through user agreements and looking for lawsuits, they often seem to be just a means to do some basic ass covering.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
No, it's the other way around. You jack one of your users and they come for blood, you counter with the contract which says you have the right to jack them.
The problem arises when the contract doesn't give you that right because it's not written properly.
To put it another way, an ass cover is useless if it doesn't actually cover the ass.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Yeah, I hear you... I was thinking the same way, I'm just hoping for something this simple I wouldn't have to hire a lawyer. I just want it to say, basically "this is a cloud service, there are backups, proper security measures taken, but you know, the possibility for some data loss still exists, as well as the possible outage, app bugs, and see that thing that says 'beta'? Yeah, that too.
I was thinking that if this was broad enough I might be okay. It's not so much willfully jacking as much as it is acknowledging the computer gods and human error.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Jun 2000
Location: California
Status:
Offline
|
|
"We do not guarantee this service to work perfectly, or at all. Use at your own risk."
Not sure if it would please a lawyer, or your customers. But it does seem to cover everything ...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Originally Posted by besson3c
Yeah, I hear you... I was thinking the same way, I'm just hoping for something this simple I wouldn't have to hire a lawyer. I just want it to say, basically "this is a cloud service, there are backups, proper security measures taken, but you know, the possibility for some data loss still exists, as well as the possible outage, app bugs, and see that thing that says 'beta'? Yeah, that too.
I was thinking that if this was broad enough I might be okay. It's not so much willfully jacking as much as it is acknowledging the computer gods and human error.
You've forgotten lack of privacy, which is usually vital to a functioning cloud service.
That's not a joke. Read any cloud ToS.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Oh I know, that was what I intended to imply with what I wrote about security, but yes... With my app anything that is marked as private will be private, everything public public - much like Amazon S3 or the like...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
So, crypto where you don't have the key?
Edit: unless it's that, then it's not private. You have to tell your users you have access to their data.
Edit 2: note I said cloud services need a lack of privacy. If you claim data is private, and it doesn't have crypto where you don't have the key, the only way you can maintain privacy is to never touch it.
Never touch it means no copies. No copies means you can't make backups, or move it to different hardware.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by subego
So, crypto where you don't have the key?
Edit: unless it's that, then it's not private. You have to tell your users you have access to their data.
Edit 2: note I said cloud services need a lack of privacy. If you claim data is private, and it doesn't have crypto where you don't have the key, the only way you can maintain privacy is to never touch it.
Never touch it means no copies. No copies means you can't make backups, or move it to different hardware.
Yes, in theory I would have access to their private data, but I think this would be handled the same way email providers handle the fact that most email is not stored in some sort of encrypted file format. This is a good point though, perhaps the TOS should include something about this.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Thanks again subego, you've made some great points here. Unfortunately I can't really provide any useful utility to my users without being able to display their data on screen, which means I'd need their crypto key, and I think most users are going to want/need their stuff backed up (although my backups are encrypted), so stating that I'll have access to their data is definitely a good point to make in the user agreement.
The nature of my app doesn't really invite putting sensitive info into it anyway, so I don't think this is a big problem, but it's good to do my homework and cover my ass properly anyway, cause you never know...
I'm actually very close to releasing a beta version of this product, I'll be sure to post about this because your feedback will be most useful to me!
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
I would think summarising one would be asking for trouble.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Waragainstsleep
I would think summarising one would be asking for trouble.
My thinking here was just to provide something a little more friendly and human for the vast majority of people who don't bother to read user agreements. I want to come across as professional without being too homey or folksy/informal, or too cold and sterile. My idea was not necessarily to provide a legal summary, but just something courteous to those who just want to see the important stuff without reading all the legal mumbo jumbo.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Originally Posted by besson3c
My thinking here was just to provide something a little more friendly and human for the vast majority of people who don't bother to read user agreements. I want to come across as professional without being too homey or folksy/informal, or too cold and sterile. My idea was not necessarily to provide a legal summary, but just something courteous to those who just want to see the important stuff without reading all the legal mumbo jumbo.
I get your intention, and I want to applaud it. It wouldn't surprise me if over the next few years some of the epic ToS documents out there did exactly the same (Paypal I believe is the worst culprit at 50,000 words especially compared to Hamlet which is only 30,000 or so). They won't do it until they know they have iron clad protection when doing so though because the second anyone tries it, some **** will take them to court and say "I only read the summary and it didn't expressly forbid me from anally inserting my iPhone and expecting it to work therefore millions of dollars please." or something like that.
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
|
|
|
|
|
|
|
Administrator
Join Date: Jun 2000
Location: California
Status:
Offline
|
|
Originally Posted by besson3c
Yes, in theory I would have access to their private data, but I think this would be handled the same way email providers handle the fact that most email is not stored in some sort of encrypted file format...
Originally Posted by besson3c
... Unfortunately I can't really provide any useful utility to my users without being able to display their data on screen, which means I'd need their crypto key, and I think most users are going to want/need their stuff backed up (although my backups are encrypted)...
Only tangential to the TOS, but it seems the future of cloud services will require user-level encryption by default, with the users having the only keys. After the NSA scandals, it is likely European users and businesses will shun services that can access user data. Even USA businesses may follow, so as not to be at a competitive disadvantage.
MEGA uses browser-side encryption/decryption, so the raw data never reaches their service. But MEGA's TOS #8 more-or-less says they deduplicate files, which implies ways around individual keys. So it looks like even they are vulnerable to snooping. And if you receive a national security letter, you can't even tell your users their data was harvested.
Perhaps complete encryption will help your business, as well as simplify your TOS.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
My pre-NSA understanding was most companies have to balance their crypto with the stupidity of their customers. They don't want to deal with pissed-off clients who lost their key and are up the creek.
I know CrashPlan makes you jump through extra hoops, read warnings, and agree to what amounts to a ToS addendum before they're willing to erase your key and leave it up to you.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|