People are bad at reading Terms of Service. Of course, most people don’t read Terms of Service, and that’s one form of being bad at it, but there’s also another – people interpret statements of what companies do as equivalent to Terms of Service, and Terms of Service as equivalent to what companies do.

Yesterday, I got linked to Terms of Service; Didn’t Read, which is a site that helpfully color codes and rates parts of ToS for popular websites. There are about four thousand sites out there that do something similar, all of which have failed to gain traction, as most people don’t even care enough to read a color-coded, consumer friendly version of a ToS. 

ToS;DR does something odd though. Under Google, ToS; DR has

Defending your privacy in court: The company went to court to fight for their users’ privacy rights in response to government demands for information. This is a powerful testimony about their willingness to fight back when faced with an overbroad government request. (cc-by eff, edited)”

It links to a Google group discussion of Google’s court defense of users. The problem? This is not something that appears in the Terms of Service. It never will appear in the Terms of Service. Because if it appeared in the Term of Service, Google could be legally obligated to defend its users in court, and Google’s lawyers are not going to let that happen. It’s great that Google has gone to bat for its users. But Google does not have to.

And this is where ToS;DR gets it all wrong. Terms of Service and Privacy Policies are legally binding documents. That’s why they matter so much. The purpose of a Terms of Service (or a Privacy Policy) is to lay the limits of what a company can do with its service in relation to its users. Not what a company does do, but what a company can do or must do. At the end of the day, companies are legally obligated to follow the ToS and Privacy Policies that they make users agree to. Nothing more but also nothing less.

That’s why ToS tend to be broad, often beyond the point that services actually need them to be. If a company is responsible for what is in that contract, its legal team is going to be damn sure that that contract underpromises and the service overdelivers in terms of what users will get. The legal team does that by making the Terms as broad as the company is comfortable with.

For example, from Google’s Terms:

…WE DON’T MAKE ANY COMMITMENTS ABOUT THE CONTENT WITHIN THE SERVICES, THE SPECIFIC FUNCTION OF THE SERVICES, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE SERVICES “AS IS”.

“As Is” clauses are in Terms to prevent users from being able to sue companies if things go wrong. That clause protects Google from getting sued by me if Gmail goes down. Does Google want Gmail to go down? Of course not. They may lose customers.  But it is also not going to be in the business of making any guarantees of uptime.  Google may have an internal policy that says “Gmail should be up as much as possible, and heads will roll if it breaks,” but its legal document will say “we make no guarantees.”

Legal documents are not policy documents, policy documents are not legal documents, and pretending the two are equivalent is not a good idea. That’s what ToS;DR has done (probably by accident).

By including information that is not in the Terms of Service as if it is in the Terms of Service, ToS;DR is actually causing huge damage to any user who relies on it to interpret what they clicked accept to.  That’s pretty much the only thing that scares me more than people not reading the binding contract that they are agreeing to.

Update: Upon chatting the ToS;DR folks, they’ve pointed out that they’re still in alpha and accept suggestions. Fair. I should have suggested they change it before posting this.