Have you read the Terms of service?

Friday 6, January 2012

I am a huge fan of 37signals, their products, their work ethos, their office. I have both their books and have followed their blog for as long as I can remember. I am not going to bore you with how much respect I have for the company and what they do.

One reason I follow them quite closely, is that they are open about the stuff they do and share this information on their blog. Being a company who produce web applications used by hundreds of thousands of people on a daily basis, I find their openness and willingness to share stats and information regarding the setup, and how they run and manage their company a great insight to their company. Maybe I am slightly nosey, but I do not expect them to share how much money they are making for example.

While this is not a blog post aimed at 37signals, it was what happened on their blog the other day that made me finally write it.

So, in 37signals’ usually manner of being open, they blog some insight to the numbers their company/apps/business deals with in things like support cases, requests, files stored, etc. See blog post here

One of the bullet points was

And a Basecamp user uploaded the 100,000,000th file (It was a picture of a cat!)

While a lot of people may take that as quite funny, it seems a lot of people have commented about their privacy is now under threat as 37signals maybe looking at users data.

This leads me onto the bigger picture…

How many of you use online services, such as Google? Facebook? Dropbox? Well, pretty much any online app that you store, share or post information to? I am guessing most of you do. Next question, how many of you have actually read the Terms of Service for these services? I am guessing about the same number as if you have then the number to the first question would be VERY low.

Lets look at the Google Terms of Service, I am guess a lot of you use either GMail or Google Apps, I know I do.

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

The above, was taken straight from the Google Terms of Service, let’s look at this more closely. Google states that you remain copyright and any other rights to the content you submit to their services. By the next sentence is where it gets good.

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

Here they are saying what ever information you submit, post or display you are giving Google free rain to do what they like with it. You are even giving them rights to publicly display your information. So if you are sending sensitive information across GMail for example, you just gave Google the right to reproduce this information and publicly display your content. This also means Google employees are free to poke their nose’s into your data and you have agreed.

While Google have this in their Terms of Service, and I am guess many of you are unaware of this, other companies have stricter rules for example Dropbox who state:

We guard your privacy to the best of our ability and work hard to protect your information from unauthorized access. Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy

Even though you are using a third party service which in some cases you are paying for, your information is being stored on someone else’s hardware, and in some cases being transmitted across a couple of providers (ie, from Dropbox’s server across to Amazon’s for backup). While 37signals meant no harm in what they posted (they have since posted a reply), it did create a riff in the comments, but what you are doing is putting your content into someone else’s hands and while 99.999% of people/companies have strict rules regarding privacy and data encryption and the rest there is still a chance someone is able to see your data.

But you must remember that all these companies will have monitoring software in place to watch how their applications/services are performing and to make sure customers are not breaking their Terms of Service. In 37Signals case the filename is logged and they saw the name of the 100,000,00th file was name cat.jpg, big deal, maybe they were not clear in their post that all they saw was the filename, they thought it was funny and decided to share it. But at least all they are seeing is the filename unlike Google for example who you are giving full access to your data.

I am a massive internet addict and use all the services I have talked about and more, and I will still carry on using them to store my information in the ‘cloud’. But will you? Maybe next time you sign up to some new service you will read the Terms of Service first.