There’s a principle of monitoring systems and their alerts: “Only alert actionable events.” Applied to this case, if a ToS changes, what can a user do about it? (Let’s not pretend that they will read the entire ToS again every time, or that they even read it the first time.) Even if the change was obvious or highlighted, and even if the change was detrimental, what could a user actually, realistically, do about it? Stop using the service? If the change is that bad, they’ll probably hear about it anyway.
Somewhat related: Terms of Service; Didn't Read https://tosdr.org
The issue with NightOwl was not that the TOS was updated.
The issue with NightOwl is that allowing automatic updating of an app is equivalent to allowing the app developer remote code execution of any arbitrary program on your machine.
Notification won't solve that problem. Disabling automatic updates does.
I was thinking about this idea when the Zoom saga happened, that's an amazingly quick implementation!
My plan for getting a list of subscribed services was to get people to add a forwarder to their email account with specific keywords (i.e "thanks for creating an account" or perhaps just "unsubscribe" would be enough). This would forward to an API which would check for a recognised service and add it to the list to notify. It has some privacy implications but I think you could narrow the scope enough for people to go for it.
The other method I had considered was getting a list of places your SSO is used from Google etc. Not sure if that's possible through their API but I'm sure with enough of the hacker spirit you could work out a way.
If you go for either of those ideas I expect a lifetime VIP account! (Just kidding)
This is really cool! Shared with a few friends!
It might be interesting to plug GPT-3 in and use embeddings for each clause. For example, for each website where a user has agreed already to their ToS, you could use embeddings to see which ones are similar.
Wondering if there's a chance we could chat more if you're keen! I'm on twitter @gabrielchuan
PS: I'm working on something tangentially related at https://url2format.com. It's a WIP (for now free) service that allows people to do various things with any public url such as checking metatags, generating a markdown of a url, etc. I think there's lots of interesting spaces to explore around these
Isn't it that you get notified anyway by a site about the ToS changes (either with a popup or email message)?
I want the opposite of this, a gmail filter to hide every email about someone updating their privacy policy or terms. Almost none of them have unsubscribe buttons.
There are also general tools I like for this that work for any website change. visualping.io is good. Though it might be hard to configure for specific textual changes.
One question I have, why do you get emails for terms of service changes on some things but not others?
I already get a billion of these emails from companies whenever the ToS updates, and I always mark them as spam
Great service - clean and solves particular problem, definitely will try it. I used to use changepatrol.com and visualping.io for solving similar problems of tracking changes on particular URL
Hey, here's an idea for an extension to your really cool idea if you want to make this a kick-ass commercial service:
1. Break licenses down into titles and paragraph sections and run an MD5 or SHA hash on each section to get a "fingerprint" of that section of the TOS.
2. Allow users to check off or redline specific sections of licenses they come across. If a license is "all green" it's approved for use by you.
3. Allow organizations and groups of individuals to share these green and redlining sections of licenses.
4. If a new license is encountered, you can then show "similar licenses you have accepted or rejected" — especially if a section is word-for-word the same.
5. If you really get into ML training you can do this not just for identical but similar sections of license acceptance/rejection.
I do love seeing the exact diffs. It's a cool tool for legal and IT teams trying to get their hands on all the clickthrough licensing they face. Let me know if you like the above ideas and, if you use them, all in return I'd ask is just credit me by name, perpetually free and royalty free, somewhere in the code for the suggestions.
There's a great platform out of Portland called Versionista (https://versionista.com/) which has been working closely with the government and other entities to understand changes that happen on websites or even internal documentation managed by multiple teams.
1Password has a similar feature to notify me whenever a site adds two-factor support or experiences a data breach. Password managers are (or should be) understandably uneasy about integrations, but this feels like a natural extension to those warnings.
Privacy Policies/Notices would be a great addition to the tool.
Semi related: If anyone's looking for a side project, LLM-parsed terms of service that summarize whether a service will use the content for AI training would be helpful.
I would pay for commercial support, an API, and maybe a webhook or some programmatic way to be notified of changes.
Very cool. We have been working on something similar but with analysis of the policies using AI[1]. I like your approach, much faster to launch than what we did.
Anecdote: our car recently displayed a dialig asking us to accept new terms. We bought the car, and nowhere in the process did we ever see or accept "terms of service". Legally speaking, WTF?
Use ChatGPT to compare the different versions and summarize the changes for you.
Thats fast execution! You should get into the law industry.
Didn’t Firefox use to have something called live bookmarks where you could bookmark a section of a page and be notified when it changed?
Isn't stealth updating TOS illegal in the EU ?
I could not find a terms of service page for your product on your web-site.
I wish there was something like annualcreditreport.com where I could go and request an email from every company that has my email address on file. I've got a hotmail account that's over 25 years old that probably has hundreds of accounts splashed all over the internet.
Hi - I'm a paid user of this, how do I add more URLs to track?
Can it show a diff?
This seems like exactly the kind of idea built for git scraping[0].
Have GitHub run a daily/weekly pull of the site in question. Attempt to add the artifact to the repo. If identical, no action taken. Otherwise, a commit is made with the new content, and you can now trivially diff the changes over time.
[0] https://simonwillison.net/2020/Oct/9/git-scraping/