Expert Texture Home Contact me About Subscribe Digipede Connect on LinkedIn rwandering on Twitter rwandering on FriendFeed

rwandering.net

The blogged wandering of Robert W. Anderson

User Contracts – Part II: User Beware

I recently wrote about some problems I had with the user contracts for Cluztr, an attention service.  At the time I promised to write about a user contract I could stomach.  Some of these ideas are being rolled into what Steve Gillmor has called Click Insurance to be supported by the GestureBank.  More on that soon.

My problem with the Cluztr contract is their version of user opt-in.  Cluztr is unremarkable in this way — many companies use the same approach.  Their form of opt-in goes like this:

  1. Read our user contract before you use our service (good);
  2. Using our service implies acceptance of our contract (good);
  3. We may change our user contract (not good or bad);
  4. We may not post any notification that our contract has changed (bad); and,
  5. Continued use of our service implies acceptance of our new user contract (what?).

I call this the User-Beware Contract.  This is any contract expressly allowing the service provider to change it without user notification.  The onus is on the user to be wary of the service provider.

Instead, I’d like to see the User-Aware Contract.  It goes something like this:

  1. Read our user contract before you use our service;
  2. Using our service implies acceptance of our contract; 
  3. We may (and probably will) change our user contract;
  4. We will notify you of any change;
  5. Any change will require you to opt-in again formally (through a click-through or other process);
  6. If you do not formally agree to the new contract, you will be removed form the service and all user data associated with your account will be purged.

This type of contract puts the onus on the service provider.  After all, the service provider changed the user contract — shouldn’t they take the responsibility of notifying them and getting their continued opt-in?

A variant of the latter approach is not uncommon (e.g., on banking sites).  Your data may not be purged if you don’t accept the new contract; however, you will not gain access to the site unless you do.

That said, the User-Beware Contract is, by far, the dominant contract on the Web.  The big players all use it, most of the smaller players use it.

I would like to see an attention service throw out their User-Beware Contract in place of a User-Aware Contract.  Of course, they’ll have to notify their users of the change 😉

Tags: , , , , ,

User Contracts — Part I: Cluztr

User contracts are the proof behind user in charge business models.  I took Steve Gillmor’s challenge to go and take a look at attention startups in search of a user contract I could stomach.  First up, Cluztr.  I suppose this is pronounced clusterApologies to my distributed computing readership — this is not a clustering company.

The interesting part of their user contract is in their privacy policy.  I call out some parts of it (out of order).

Adherence to the principle of Property

Most importantly in this context, the principle of property:

Property – You own your attention and can store it wherever you wish. You have CONTROL.

A critical corollary to this is that you can delete your attention data too.  They have this covered in the following:

Cluztr collects clickstream data by means of a browser add-on that tags your use of the Internet. We do not track Internet usage on a secure website, or capture username or password information at any time. You have full control over your clickstream data and can delete or purge our database at anytime.

Note to legal: tighten up that language.  This really should say “purge your attention data from our database” instead of offering users the right to completely delete the entire Cluztr database.

So far, so good.

Changing the policy without notice

And then we have some sticky language about changing this policy.  Granted, this is common in its user unfriendliness:

By submitting your information you consent to the use of that information as set out in this Policy. If we change our Privacy Policy we will post the changes on this page, and may place notices on other pages of the web site, so that you may be aware of the information we collect and how we use it. Continued use of the service will signify that you agree to any such changes.

In other words (my words):

You own and control your clickstream data unless we decide that you don’t.  This privacy agreement is the only place we are obligated to tell you this.

Not good.

Change of ownership

And finally, their sale caveat:

Unless otherwise stated in this Privacy Policy data relating to you will not be disclosed to any third party unless you have specifically given your consent. We will not rent or sell your personal information without your permission (other than as part of a sale of the whole or a substantial part of the assets of Cluztr).

This language makes me nervous because it appears to mean:

You own your data unless we need it as an asset to sell the company in which case we own your data.  For all intents and purposes, we own your data.

To be kind, they may mean here that your contact info (like email address) is owned by them, but your clickstream is not. If they are purchased, that contact info would be passed to a new owner.  OK, but the ownership of the clickstream should not change and, if that is their intention, they should state it.

Conclusion

Cluztr has made a good start at a user-friendly contract but then mucked it up by over reaching on rewriting the policy and on the company sale.

I wouldn’t sign up with an Attention service with such a policy.

Next up on this topic:

  1. the GBX2 broadcasting user licenses
  2. a better user contract (what I currently call triggered-opt-in)
  3. other Attention companies and their user contracts

 

Tags: , , , , , ,