TOS agreements require giving up first born—and users gladly consent

David Kravets - 7/12/2016, 4:20 PM

[IMG alt="Screen-Shot-2016-07-12-at-1.55.52-PM" width="582px" height="500px"]http://cdn.arstechnica.net/wp-content/uploads/2016/07/Screen-Shot-2016-07-12-at-1.55.52-PM.png[/IMG]

Here is the front door of a fictitious social networking site that study participants thought was real. All participants, US university students, agreed to terms that included demanding their first born as payment. The privacy policy they all checked off said their data would be shared with the NSA and employers.
A recent study concludes what everybody already knows: nobody reads the lengthy terms of service and privacy policies that bombard Internet users every day. Nobody understands them. They’re too long, and they often don’t make sense.
A study out this month made the point all too clear. Most of the 543 university students involved in the analysis didn’t bother to read the terms of service before signing up for a fake social networking site called “NameDrop” that the students believed was real. Those who did glossed over important clauses. The terms of service required them to give up their first born, and if they don’t yet have one, they get until 2050 to do so. The privacy policy said that their data would be given to the NSA and employers. Of the few participants who read those clauses, they signed up for the service anyway.

“This brings us to the biggest lie on the Internet, which anecdotally, is known as ‘I agree to these terms and conditions,’” the study found.

The paper is called “The biggest lie on the Internet: Ignoring the privacy polices and terms of service policies of social networking services.” It was written by Jonathan Obar, who teaches communication technology at York University, and Anne Oeldorf-Hirsch, a University of Connecticut communications assistant professor.

The study found:

This paper addresses ‘the biggest lie on the internet’ with an empirical investigation of privacy policy (PP) and terms of service (TOS) policy reading behavior. An experimental survey (N=543) assessed the extent to which individuals ignore PP and TOS when joining a fictitious social networking site, NameDrop. Results reveal 74% skipped PP, selecting ‘quick join.’ For readers, average PP reading time was 73 seconds, and average TOS reading time was 51 seconds. Based on average adult reading speed (250-280 words per minute), PP should have taken 30 minutes to read, TOS 16 minutes. A regression analysis revealed information overload as a significant negative predictor of reading TOS upon signup, when TOS changes, and when PP changes. Qualitative findings further suggest that participants view policies as nuisance, ignoring them to pursue the ends of digital production, without being inhibited by the means. Implications were revealed as 98% missed NameDrop TOS ‘gotcha clauses’ about data sharing with the NSA and employers, and about providing a first-born child as payment for SNS (social network service) access.

Here’s how the survey went:

The participants were undergraduate students “recruited from a large communication class at a university in the eastern United States.”

The study said that students were deceived and told that the university was working with NameDrop and that they would be “contributing to a pre-launch evaluation,” and they needed to sign up for the site to perform their analysis. The terms of service policies were “modified versions of LinkedIn’s to ensure comparable length.” The privacy policy was 7,977 words and the terms of service, 4,316. The so-called “gotcha clauses” were added to assess “ignoring behavior.”

In all, 399 of the 543 students skipped reading the terms altogether and clicked the “click-join” option. The bulk of those who did read them spent about a minute, the study found.

Source