Terms: Problems with the handling of modifications #44

gaberg commented 2023年10月28日 01:02:54 +02:00

foreword...

So, yes I'm obsessed with terms 😂
But I'm one of the maybe few people who always reads them, and on projects where it's feasible to have them improved, I like to try 😜

Anyhow, I do praise you for the concise privacy terms, and even the terms of service are much shorter and better than the norm, there are just a few improvements they might benefit from ;)

And this is the last issue I'm making about them I promise (today xD).

---

problem...

So, this issue is about the handling of modifications to the terms:

The current text* is better than usual, in that it at least guarantees a notification when the terms change.

But such notification gets displayed in a user's dashboard, which means that they'll have already logged in to see them, and thus have implicitly accepted the changes.

Yes I know than many services claim that you accept the terms even by connecting to the site which hosts them, but... 🙄
And almost everyone else says you're supposed to check the terms before any interaction (and what if they change in the middle of the interaction? 🤷🤦).
I don't think I need to comment on that.

proposal...

Anyhow, what I'm proposing is that notices of terms modifications get either sent by e-mail (some time before they take effect) or displayed before letting a log-in complete, to those who haven't yet accepted the updates.

I personally prefer the e-mail solution, which is also probably easier to implement.

Although an additional notice of the terms' updates, displayed in the login page, might be better.

But in any case yes this is a modification proposal that requires some technical implementation, not only changes in the terms' text.

---

further problem

I actually noticed a further problem, the current text says "If you disagree to a change, you are responsible for closing your account".
This seems to imply that any modification to the terms will automatically have effect until one closes his account.
It's unlikely here, but such modifications could potentially have effects that don't require a user to login (such as the transfer of his data).

So, while I understand that it might be unfeasible to subject users to different revisions of the terms indefinitely, I think it would be reasonable to do it for e.g. three months.
Or more simply, to guarantee that changes that negatively affect users irrespective of them logging-in will be notified (by mail) three months before they have effect.

---

Well and that was it.
It's all and I think I'm done for today 😅.

---

---

* Current terms:

(4) Changes to the Terms of Use are communicated via an announcement banner in your dashboard. If you do not login for longer than three months, it is your own responsibility to recheck for the current Terms of Use. If you disagree to a change, you are responsible for closing your account.

### foreword... So, yes I'm obsessed with terms 😂 But I'm one of the maybe few people who always reads them, and on projects where it's feasible to have them improved, I like to try 😜 Anyhow, I do praise you for the concise privacy terms, and even the terms of service are much shorter and better than the norm, there are just a few improvements they might benefit from ;) And this is the last issue I'm making about them I promise (today xD). --- ### problem... So, this issue is about the handling of **modifications to the terms:** The current text* is better than usual, in that it at least guarantees a notification when the terms change. But such notification gets displayed in a user's dashboard, which means that they'll have already logged in to see them, and thus have implicitly accepted the changes. Yes I know than many services claim that you accept the terms even by connecting to the site which hosts them, but... 🙄 And almost everyone else says you're supposed to check the terms before any interaction (and what if they change in the middle of the interaction? 🤷🤦). I don't think I need to comment on that. ### proposal... Anyhow, **what I'm proposing** is that notices of terms modifications get either sent by e-mail (some time before they take effect) or displayed before letting a log-in complete, to those who haven't yet accepted the updates. I personally prefer the e-mail solution, which is also probably easier to implement. Although an additional notice of the terms' updates, displayed in the login page, might be better. But in any case yes this is a modification proposal that **requires some technical implementation**, not only changes in the terms' text. --- ### further problem I actually noticed a further problem, the current text says "*If you disagree to a change, you are responsible for closing your account*". This seems to imply that any modification to the terms will automatically have effect until one closes his account. It's unlikely here, but such modifications could potentially have effects that don't require a user to login (such as the transfer of his data). So, while I understand that it might be unfeasible to subject users to different revisions of the terms indefinitely, I think it would be reasonable to do it for e.g. three months. Or more simply, to guarantee that changes that negatively affect users irrespective of them logging-in will be notified (by mail) three months before they have effect. --- Well and that was it. It's all and I think I'm done for today 😅. --- --- \* Current terms: ``` (4) Changes to the Terms of Use are communicated via an announcement banner in your dashboard. If you do not login for longer than three months, it is your own responsibility to recheck for the current Terms of Use. If you disagree to a change, you are responsible for closing your account. ```

fnetX commented 2023年10月28日 14:36:58 +02:00

The current terms of service highly depend on humans (i. e. our moderation team) to enforce them. Our software completely lacks methodology for doing as you describe.

Take the notification for example. We currently don't even have working notification system on the dashboard, but back when the terms were written, it existed. For the last Terms of Service change, we also emailed all users (even if the old ToS did not contain any guarantee about it). And we'll likely try to do this again, if feasible. But it was a horrible nightmare, because suddenly increasing your email volume is not always welcome by all commercial providers. And resolving such situations with Google, Microsoft, ... you know. Also, we invested quite a good amount of time to actually build a system for sending the emails.

So basically, we expect that the Terms of Use are interpreted with some degree of common sense and trust. The goal of Codeberg is to make Free/Libre software development convenient, and users can trust that we'll do our best. Our moderation team will apply some common sense, and probably not start removing tons of projects the minute new Terms of Service take effect.

It would of course be better to have established procedures, but maybe rather in the form of transparent moderation (e.g. public guidelines for moderators, and workflows that are standardized in software and reviewed in public).

The current terms of service highly depend on humans (i. e. our moderation team) to enforce them. Our software completely lacks methodology for doing as you describe. Take the notification for example. We currently don't even have working notification system on the dashboard, but back when the terms were written, it existed. For the last Terms of Service change, we also emailed all users (even if the old ToS did not contain any guarantee about it). And we'll likely try to do this again, if feasible. But it was a horrible nightmare, because suddenly increasing your email volume is not always welcome by all commercial providers. And resolving such situations with Google, Microsoft, ... you know. Also, we invested quite a good amount of time to actually build a system for sending the emails. So basically, we expect that the Terms of Use are interpreted with some degree of common sense and trust. The goal of Codeberg is to make Free/Libre software development convenient, and users can trust that we'll do our best. Our moderation team will apply some common sense, and probably not start removing tons of projects the minute new Terms of Service take effect. It would of course be better to have established procedures, but maybe rather in the form of transparent moderation (e.g. public guidelines for moderators, and workflows that are standardized in software and reviewed in public).