[HN Gopher] Show HN: Get notified when sites update their terms ... ___________________________________________________________________ Show HN: Get notified when sites update their terms of service After reading about what happened with NightOwl yesterday [0], I thought about what it would take to be aware of things like that in the future. I created ToSNotify to automatically notify you when a website's terms change. A harder problem I've been thinking through is how to know which terms to track, since it'd be a pain to add every site I have an account with. One idea I had is to automatically get terms for apps you have installed from the app store. Any other ideas/feedback are appreciated! [0]: https://news.ycombinator.com/item?id=37052508 Author : supermdguy Score : 129 points Date : 2023-08-09 15:26 UTC (7 hours ago) (HTM) web link (tosnotify.com) (TXT) w3m dump (tosnotify.com) | teddyh wrote: | There's a principle of monitoring systems and their alerts: "Only | alert _actionable_ events." Applied to this case, if a ToS | changes, what can a user do about it? (Let's not pretend that | they will read the entire ToS again every time, or that they even | read it the first time.) Even if the change was obvious or | highlighted, and even if the change was detrimental, what could a | user actually, realistically, _do_ about it? Stop using the | service? If the change is _that_ bad, they'll probably hear about | it anyway. | toxicFork wrote: | The service can show a diff, pass it through an LLM into a bite | sized email | supermdguy wrote: | I currently show a diff (see | https://tosnotify.com/reports/example), but adding some sort | of LLM summary could be cool! | haldujai wrote: | Some thoughts: | | 1. I have no idea (and am curious) how frequently ToS are | updated and how often the updates are meaningful to me as | an end-user as is the case with Zoom and NightOwl. It would | be really interesting if you post some stats after running | this service. | | 2a) Based on the Reddit example: 9 blocks were changed and | 1 block was deleted and in a hypothetical use case where I | get an e-mail notification about this I would have to read | them all. | | After reading them none appears substantially different as | far as I am concerned as a Reddit user which makes me | wonder what the SNR of this service would be as compared to | deferring to the HN front page to notify me of major | changes that would potentially change my usage of a | product. | | If I'm missing something significant in this example it | would raise the issue of my capability to accurately | interpret these changes and therefore whether such | notifications are relevant. | | 2b) Perhaps the "Guidelines for Healthy Communities" | changing to "Moderator Code of Conduct" could be | significant to a moderator but the details aren't included | in the ToS and on searching are listed in a separate | document. I wonder how often a ToS reference terms in or | includes agreements to other documents, presumably with | this service I would have to add and read each one | separately? | | Overall, it's a great idea but I'm very curious how useful | this will end up being in practice, if the SNR is low I'm | unlikely to read all the diffs. | | For what it's worth I think the price is very fair and I | chipped in to support the initiative using my "spam" email. | It would be really great if you could do a write-up after a | while with some numbers regarding the comments above. | | I assume (but IANAL) that there may be some legal liability | or at least ethical risks to account for if you were doing | this but I would be willing to pay more for a reliable | summarized service (i.e. not an off the shelf LLM | interpretation) that I can trust to notify me of | potentially relevant changes of comparable quality to the | HN hive-mind with the advantage of being able to add the | services I personally use that the collective here may not. | lynndotpy wrote: | For one thing, they will need to opt out of arbitration, every | time it changes. | | I've managed to convince an entire DnD server I'm on to stop | using Discord and Zoom because of their recent ToS changes, so | it's not unreasonable. | tylercrompton wrote: | Out of lazy curiosity, what change in particular prompted | this? | npunt wrote: | Interesting that users must opt out every time, that seems | like something a service could exploit. Imagine a service | that has a rotating TOS that updates every week/month with | some meaningless change and in each transactional and | marketing email they include 'we've updated our TOS' as part | of their duty to inform users. People would quickly become | blind to that or think it didn't apply to them since it was | also in the last email they got. | gczh wrote: | This is really cool! Shared with a few friends! | | It might be interesting to plug GPT-3 in and use embeddings for | each clause. For example, for each website where a user has | agreed already to their ToS, you could use embeddings to see | which ones are similar. | | Wondering if there's a chance we could chat more if you're keen! | I'm on twitter @gabrielchuan | | PS: I'm working on something tangentially related at | https://url2format.com. It's a WIP (for now free) service that | allows people to do various things with any public url such as | checking metatags, generating a markdown of a url, etc. I think | there's lots of interesting spaces to explore around these | supermdguy wrote: | Thanks for the support! I sent you a dm | Varqu wrote: | Isn't it that you get notified anyway by a site about the ToS | changes (either with a popup or email message)? | matsemann wrote: | I guess what would be nice is a diff of new and old. | supermdguy wrote: | Yeah, that's what I send in the email updates, here's an | example: | | https://tosnotify.com/reports/example | PeterCorless wrote: | I did this exact thing, working with Dor to produce the exact | diffs when MongoDB went with their SSPL 1.0. | | https://www.scylladb.com/2018/10/22/the-dark-side-of- | mongodb... | burkaman wrote: | Not always. NightOwl's ToS said "We reserve our right to alter | the terms in this Agreement and/or the pricing information and | method detailed in NightOwl app's website at any time. In case | the Agreement is amended as described, we will post an updated | version of it in our website, at which time it becomes active | and binding." | | That's probably illegal, but plenty of sites and apps will try | it anyway. | dymk wrote: | I already get a billion of these emails from companies whenever | the ToS updates, and I always mark them as spam | supermdguy wrote: | I honestly don't think I've ever read one of the ToS updates | either. Do you think there'd be a way for them to be more | relevant? | kenbolton wrote: | I would pay for commercial support, an API, and maybe a webhook | or some programmatic way to be notified of changes. | supermdguy wrote: | I could definitely add in webhook support, feel free to shoot | me an email: support@tosnotify.com | tasn wrote: | Check out svix.com when you do, it'll literally take you | minutes to start sending webhooks with it. | | Ping me if you need any help, email in profile. | hiatus wrote: | Just curious, how much would you pay? Would you feel better | about paying per vendor or a flat fee to monitor up to X | vendors, or something completely different? | omneity wrote: | I work on https://monitoro.co which offers exactly what you're | looking for, and is not limited to terms of service. | | We also allow you to filter changes for the specific ones that | are relevant to your needs, and trigger 3rd party APIs or | webhooks with the updated data, or a text diff. | waithuh wrote: | Thats fast execution! You should get into the law industry. | supermdguy wrote: | Haha thanks! Why law specifically? | camhart wrote: | Use ChatGPT to compare the different versions and summarize the | changes for you. | supermdguy wrote: | I tried it for the example, but it wasn't very good at | differentiating between the old and new changes. I'm definitely | going to try to see if I can get some good outputs though. | josh_carterPDX wrote: | There's a great platform out of Portland called Versionista | (https://versionista.com/) which has been working closely with | the government and other entities to understand changes that | happen on websites or even internal documentation managed by | multiple teams. | PeterCorless wrote: | Hey, here's an idea for an extension to your really cool idea if | you want to make this a kick-ass commercial service: | | 1. Break licenses down into titles and paragraph sections and run | an MD5 or SHA hash on each section to get a "fingerprint" of that | section of the TOS. | | 2. Allow users to check off or redline specific sections of | licenses they come across. If a license is "all green" it's | approved for use by you. | | 3. Allow organizations and groups of individuals to share these | green and redlining sections of licenses. | | 4. If a new license is encountered, you can then show "similar | licenses you have accepted or rejected" -- especially if a | section is word-for-word the same. | | 5. If you really get into ML training you can do this not just | for identical but _similar_ sections of license acceptance | /rejection. | | I do love seeing the exact diffs. It's a cool tool for legal and | IT teams trying to get their hands on all the clickthrough | licensing they face. Let me know if you like the above ideas and, | if you use them, all in return I'd ask is just credit me by name, | perpetually free and royalty free, somewhere in the code for the | suggestions. | supermdguy wrote: | I like this! Focusing on enterprise probably makes more sense | since terms matter more for compliance. | waffleiron wrote: | Privacy Policies/Notices would be a great addition to the tool. | supermdguy wrote: | It works for any online document! Right now it just generates a | diff of any URL: https://tosnotify.com/reports/example. In the | future it'd be cool if it could auto-detect TOS/Privacy Policy | links for a given domain. | sneak wrote: | The issue with NightOwl was not that the TOS was updated. | | The issue with NightOwl is that allowing automatic updating of an | app is equivalent to allowing the app developer remote code | execution of any arbitrary program on your machine. | | Notification won't solve that problem. Disabling automatic | updates does. | supermdguy wrote: | That's a good point, and in general actual application behavior | matters more than what the TOS says. I do think there are | unsolved problems with TOS/privacy policies in general though, | so I'm interested in exploring ways for users to gain more | control over how companies use their data. | jcims wrote: | I wish there was something like annualcreditreport.com where I | could go and request an email from every company that has my | email address on file. I've got a hotmail account that's over 25 | years old that probably has hundreds of accounts splashed all | over the internet. | michaelmior wrote: | I don't see how that's possible. Creditors are required to | report information, entities who have your email address are | not. And I think I'd prefer that remain the case. | mdavidn wrote: | 1Password has a similar feature to notify me whenever a site adds | two-factor support or experiences a data breach. Password | managers are (or should be) understandably uneasy about | integrations, but this feels like a natural extension to those | warnings. | supermdguy wrote: | I've been thinking through how this could work more | practically, and this definitely makes the most sense. I might | try to find an easy way to export just a list of sites that I | have accounts on and then watch those for TOS changes. | FireInsight wrote: | Somewhat related: Terms of Service; Didn't Read https://tosdr.org | supermdguy wrote: | I really like their summaries, they have a nice system for | categorizing different aspects of sites' terms. | JadeNB wrote: | I could have sworn that there used to be a site, not | <https://tosback.org>, that provided diffs between old and new | ToS for major companies. Something like <https://tosdiff.org> | is the obvious candidate, and seems to be the address that I | remember, but that doesn't exist (or at least won't load for | me). Does anyone in the HN community know the site that I'm | remembering? | amelius wrote: | Can it show a diff? | HyprMusic wrote: | I was thinking about this idea when the Zoom saga happened, | that's an amazingly quick implementation! | | My plan for getting a list of subscribed services was to get | people to add a forwarder to their email account with specific | keywords (i.e "thanks for creating an account" or perhaps just | "unsubscribe" would be enough). This would forward to an API | which would check for a recognised service and add it to the list | to notify. It has some privacy implications but I think you could | narrow the scope enough for people to go for it. | | The other method I had considered was getting a list of places | your SSO is used from Google etc. Not sure if that's possible | through their API but I'm sure with enough of the hacker spirit | you could work out a way. | | If you go for either of those ideas I expect a lifetime VIP | account! (Just kidding) | supermdguy wrote: | Those are both good ideas! Someone else suggested using account | lists in password managers. In general it would be a lot more | practical if it could feed from a list of accounts you have. | tikkun wrote: | Semi related: If anyone's looking for a side project, LLM-parsed | terms of service that summarize whether a service will use the | content for AI training would be helpful. | supermdguy wrote: | I've been thinking about adding some LLM summarization, it | would definitely take some work to verify that it to output | corrects interpretations though. | 0cf8612b2e1e wrote: | This seems like exactly the kind of idea built for git | scraping[0]. | | Have GitHub run a daily/weekly pull of the site in question. | Attempt to add the artifact to the repo. If identical, no action | taken. Otherwise, a commit is made with the new content, and you | can now trivially diff the changes over time. | | [0] https://simonwillison.net/2020/Oct/9/git-scraping/ | seeknotfind wrote: | There are also general tools I like for this that work for any | website change. visualping.io is good. Though it might be hard to | configure for specific textual changes. | | One question I have, why do you get emails for terms of service | changes on some things but not others? | imafikus wrote: | You can give notify-me.rs a try if you want. We offer pretty | generous Early Adopters plan. | | You can see example of the twitter rules change on this link: | https://notify-me.rs/history?diffPath=7797308284cb6466f79b88... | | If you do give it a try, let me know what you think, cuz I'm | one of the founders. | | Cheers! | DanielSantos wrote: | Very cool. We have been working on something similar but with | analysis of the policies using AI[1]. I like your approach, much | faster to launch than what we did. | | [1] https://www.legalreview.ai | sf_bigfan wrote: | Great service - clean and solves particular problem, definitely | will try it. I used to use changepatrol.com and visualping.io for | solving similar problems of tracking changes on particular URL ___________________________________________________________________ (page generated 2023-08-09 23:00 UTC)