[HN Gopher] Show HN: Get notified when sites update their terms ...
___________________________________________________________________
Show HN: Get notified when sites update their terms of service
After reading about what happened with NightOwl yesterday [0], I
thought about what it would take to be aware of things like that in
the future. I created ToSNotify to automatically notify you when a
website's terms change. A harder problem I've been thinking
through is how to know which terms to track, since it'd be a pain
to add every site I have an account with. One idea I had is to
automatically get terms for apps you have installed from the app
store. Any other ideas/feedback are appreciated! [0]:
https://news.ycombinator.com/item?id=37052508
Author : supermdguy
Score : 129 points
Date : 2023-08-09 15:26 UTC (7 hours ago)
(HTM) web link (tosnotify.com)
(TXT) w3m dump (tosnotify.com)
| teddyh wrote:
| There's a principle of monitoring systems and their alerts: "Only
| alert _actionable_ events." Applied to this case, if a ToS
| changes, what can a user do about it? (Let's not pretend that
| they will read the entire ToS again every time, or that they even
| read it the first time.) Even if the change was obvious or
| highlighted, and even if the change was detrimental, what could a
| user actually, realistically, _do_ about it? Stop using the
| service? If the change is _that_ bad, they'll probably hear about
| it anyway.
| toxicFork wrote:
| The service can show a diff, pass it through an LLM into a bite
| sized email
| supermdguy wrote:
| I currently show a diff (see
| https://tosnotify.com/reports/example), but adding some sort
| of LLM summary could be cool!
| haldujai wrote:
| Some thoughts:
|
| 1. I have no idea (and am curious) how frequently ToS are
| updated and how often the updates are meaningful to me as
| an end-user as is the case with Zoom and NightOwl. It would
| be really interesting if you post some stats after running
| this service.
|
| 2a) Based on the Reddit example: 9 blocks were changed and
| 1 block was deleted and in a hypothetical use case where I
| get an e-mail notification about this I would have to read
| them all.
|
| After reading them none appears substantially different as
| far as I am concerned as a Reddit user which makes me
| wonder what the SNR of this service would be as compared to
| deferring to the HN front page to notify me of major
| changes that would potentially change my usage of a
| product.
|
| If I'm missing something significant in this example it
| would raise the issue of my capability to accurately
| interpret these changes and therefore whether such
| notifications are relevant.
|
| 2b) Perhaps the "Guidelines for Healthy Communities"
| changing to "Moderator Code of Conduct" could be
| significant to a moderator but the details aren't included
| in the ToS and on searching are listed in a separate
| document. I wonder how often a ToS reference terms in or
| includes agreements to other documents, presumably with
| this service I would have to add and read each one
| separately?
|
| Overall, it's a great idea but I'm very curious how useful
| this will end up being in practice, if the SNR is low I'm
| unlikely to read all the diffs.
|
| For what it's worth I think the price is very fair and I
| chipped in to support the initiative using my "spam" email.
| It would be really great if you could do a write-up after a
| while with some numbers regarding the comments above.
|
| I assume (but IANAL) that there may be some legal liability
| or at least ethical risks to account for if you were doing
| this but I would be willing to pay more for a reliable
| summarized service (i.e. not an off the shelf LLM
| interpretation) that I can trust to notify me of
| potentially relevant changes of comparable quality to the
| HN hive-mind with the advantage of being able to add the
| services I personally use that the collective here may not.
| lynndotpy wrote:
| For one thing, they will need to opt out of arbitration, every
| time it changes.
|
| I've managed to convince an entire DnD server I'm on to stop
| using Discord and Zoom because of their recent ToS changes, so
| it's not unreasonable.
| tylercrompton wrote:
| Out of lazy curiosity, what change in particular prompted
| this?
| npunt wrote:
| Interesting that users must opt out every time, that seems
| like something a service could exploit. Imagine a service
| that has a rotating TOS that updates every week/month with
| some meaningless change and in each transactional and
| marketing email they include 'we've updated our TOS' as part
| of their duty to inform users. People would quickly become
| blind to that or think it didn't apply to them since it was
| also in the last email they got.
| gczh wrote:
| This is really cool! Shared with a few friends!
|
| It might be interesting to plug GPT-3 in and use embeddings for
| each clause. For example, for each website where a user has
| agreed already to their ToS, you could use embeddings to see
| which ones are similar.
|
| Wondering if there's a chance we could chat more if you're keen!
| I'm on twitter @gabrielchuan
|
| PS: I'm working on something tangentially related at
| https://url2format.com. It's a WIP (for now free) service that
| allows people to do various things with any public url such as
| checking metatags, generating a markdown of a url, etc. I think
| there's lots of interesting spaces to explore around these
| supermdguy wrote:
| Thanks for the support! I sent you a dm
| Varqu wrote:
| Isn't it that you get notified anyway by a site about the ToS
| changes (either with a popup or email message)?
| matsemann wrote:
| I guess what would be nice is a diff of new and old.
| supermdguy wrote:
| Yeah, that's what I send in the email updates, here's an
| example:
|
| https://tosnotify.com/reports/example
| PeterCorless wrote:
| I did this exact thing, working with Dor to produce the exact
| diffs when MongoDB went with their SSPL 1.0.
|
| https://www.scylladb.com/2018/10/22/the-dark-side-of-
| mongodb...
| burkaman wrote:
| Not always. NightOwl's ToS said "We reserve our right to alter
| the terms in this Agreement and/or the pricing information and
| method detailed in NightOwl app's website at any time. In case
| the Agreement is amended as described, we will post an updated
| version of it in our website, at which time it becomes active
| and binding."
|
| That's probably illegal, but plenty of sites and apps will try
| it anyway.
| dymk wrote:
| I already get a billion of these emails from companies whenever
| the ToS updates, and I always mark them as spam
| supermdguy wrote:
| I honestly don't think I've ever read one of the ToS updates
| either. Do you think there'd be a way for them to be more
| relevant?
| kenbolton wrote:
| I would pay for commercial support, an API, and maybe a webhook
| or some programmatic way to be notified of changes.
| supermdguy wrote:
| I could definitely add in webhook support, feel free to shoot
| me an email: support@tosnotify.com
| tasn wrote:
| Check out svix.com when you do, it'll literally take you
| minutes to start sending webhooks with it.
|
| Ping me if you need any help, email in profile.
| hiatus wrote:
| Just curious, how much would you pay? Would you feel better
| about paying per vendor or a flat fee to monitor up to X
| vendors, or something completely different?
| omneity wrote:
| I work on https://monitoro.co which offers exactly what you're
| looking for, and is not limited to terms of service.
|
| We also allow you to filter changes for the specific ones that
| are relevant to your needs, and trigger 3rd party APIs or
| webhooks with the updated data, or a text diff.
| waithuh wrote:
| Thats fast execution! You should get into the law industry.
| supermdguy wrote:
| Haha thanks! Why law specifically?
| camhart wrote:
| Use ChatGPT to compare the different versions and summarize the
| changes for you.
| supermdguy wrote:
| I tried it for the example, but it wasn't very good at
| differentiating between the old and new changes. I'm definitely
| going to try to see if I can get some good outputs though.
| josh_carterPDX wrote:
| There's a great platform out of Portland called Versionista
| (https://versionista.com/) which has been working closely with
| the government and other entities to understand changes that
| happen on websites or even internal documentation managed by
| multiple teams.
| PeterCorless wrote:
| Hey, here's an idea for an extension to your really cool idea if
| you want to make this a kick-ass commercial service:
|
| 1. Break licenses down into titles and paragraph sections and run
| an MD5 or SHA hash on each section to get a "fingerprint" of that
| section of the TOS.
|
| 2. Allow users to check off or redline specific sections of
| licenses they come across. If a license is "all green" it's
| approved for use by you.
|
| 3. Allow organizations and groups of individuals to share these
| green and redlining sections of licenses.
|
| 4. If a new license is encountered, you can then show "similar
| licenses you have accepted or rejected" -- especially if a
| section is word-for-word the same.
|
| 5. If you really get into ML training you can do this not just
| for identical but _similar_ sections of license acceptance
| /rejection.
|
| I do love seeing the exact diffs. It's a cool tool for legal and
| IT teams trying to get their hands on all the clickthrough
| licensing they face. Let me know if you like the above ideas and,
| if you use them, all in return I'd ask is just credit me by name,
| perpetually free and royalty free, somewhere in the code for the
| suggestions.
| supermdguy wrote:
| I like this! Focusing on enterprise probably makes more sense
| since terms matter more for compliance.
| waffleiron wrote:
| Privacy Policies/Notices would be a great addition to the tool.
| supermdguy wrote:
| It works for any online document! Right now it just generates a
| diff of any URL: https://tosnotify.com/reports/example. In the
| future it'd be cool if it could auto-detect TOS/Privacy Policy
| links for a given domain.
| sneak wrote:
| The issue with NightOwl was not that the TOS was updated.
|
| The issue with NightOwl is that allowing automatic updating of an
| app is equivalent to allowing the app developer remote code
| execution of any arbitrary program on your machine.
|
| Notification won't solve that problem. Disabling automatic
| updates does.
| supermdguy wrote:
| That's a good point, and in general actual application behavior
| matters more than what the TOS says. I do think there are
| unsolved problems with TOS/privacy policies in general though,
| so I'm interested in exploring ways for users to gain more
| control over how companies use their data.
| jcims wrote:
| I wish there was something like annualcreditreport.com where I
| could go and request an email from every company that has my
| email address on file. I've got a hotmail account that's over 25
| years old that probably has hundreds of accounts splashed all
| over the internet.
| michaelmior wrote:
| I don't see how that's possible. Creditors are required to
| report information, entities who have your email address are
| not. And I think I'd prefer that remain the case.
| mdavidn wrote:
| 1Password has a similar feature to notify me whenever a site adds
| two-factor support or experiences a data breach. Password
| managers are (or should be) understandably uneasy about
| integrations, but this feels like a natural extension to those
| warnings.
| supermdguy wrote:
| I've been thinking through how this could work more
| practically, and this definitely makes the most sense. I might
| try to find an easy way to export just a list of sites that I
| have accounts on and then watch those for TOS changes.
| FireInsight wrote:
| Somewhat related: Terms of Service; Didn't Read https://tosdr.org
| supermdguy wrote:
| I really like their summaries, they have a nice system for
| categorizing different aspects of sites' terms.
| JadeNB wrote:
| I could have sworn that there used to be a site, not
| <https://tosback.org>, that provided diffs between old and new
| ToS for major companies. Something like <https://tosdiff.org>
| is the obvious candidate, and seems to be the address that I
| remember, but that doesn't exist (or at least won't load for
| me). Does anyone in the HN community know the site that I'm
| remembering?
| amelius wrote:
| Can it show a diff?
| HyprMusic wrote:
| I was thinking about this idea when the Zoom saga happened,
| that's an amazingly quick implementation!
|
| My plan for getting a list of subscribed services was to get
| people to add a forwarder to their email account with specific
| keywords (i.e "thanks for creating an account" or perhaps just
| "unsubscribe" would be enough). This would forward to an API
| which would check for a recognised service and add it to the list
| to notify. It has some privacy implications but I think you could
| narrow the scope enough for people to go for it.
|
| The other method I had considered was getting a list of places
| your SSO is used from Google etc. Not sure if that's possible
| through their API but I'm sure with enough of the hacker spirit
| you could work out a way.
|
| If you go for either of those ideas I expect a lifetime VIP
| account! (Just kidding)
| supermdguy wrote:
| Those are both good ideas! Someone else suggested using account
| lists in password managers. In general it would be a lot more
| practical if it could feed from a list of accounts you have.
| tikkun wrote:
| Semi related: If anyone's looking for a side project, LLM-parsed
| terms of service that summarize whether a service will use the
| content for AI training would be helpful.
| supermdguy wrote:
| I've been thinking about adding some LLM summarization, it
| would definitely take some work to verify that it to output
| corrects interpretations though.
| 0cf8612b2e1e wrote:
| This seems like exactly the kind of idea built for git
| scraping[0].
|
| Have GitHub run a daily/weekly pull of the site in question.
| Attempt to add the artifact to the repo. If identical, no action
| taken. Otherwise, a commit is made with the new content, and you
| can now trivially diff the changes over time.
|
| [0] https://simonwillison.net/2020/Oct/9/git-scraping/
| seeknotfind wrote:
| There are also general tools I like for this that work for any
| website change. visualping.io is good. Though it might be hard to
| configure for specific textual changes.
|
| One question I have, why do you get emails for terms of service
| changes on some things but not others?
| imafikus wrote:
| You can give notify-me.rs a try if you want. We offer pretty
| generous Early Adopters plan.
|
| You can see example of the twitter rules change on this link:
| https://notify-me.rs/history?diffPath=7797308284cb6466f79b88...
|
| If you do give it a try, let me know what you think, cuz I'm
| one of the founders.
|
| Cheers!
| DanielSantos wrote:
| Very cool. We have been working on something similar but with
| analysis of the policies using AI[1]. I like your approach, much
| faster to launch than what we did.
|
| [1] https://www.legalreview.ai
| sf_bigfan wrote:
| Great service - clean and solves particular problem, definitely
| will try it. I used to use changepatrol.com and visualping.io for
| solving similar problems of tracking changes on particular URL
___________________________________________________________________
(page generated 2023-08-09 23:00 UTC)