Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Get notified when sites update their terms of service (tosnotify.com)
190 points by supermdguy on Aug 9, 2023 | hide | past | favorite | 66 comments
After reading about what happened with NightOwl yesterday [0], I thought about what it would take to be aware of things like that in the future. I created ToSNotify to automatically notify you when a website's terms change.

A harder problem I've been thinking through is how to know which terms to track, since it'd be a pain to add every site I have an account with. One idea I had is to automatically get terms for apps you have installed from the app store. Any other ideas/feedback are appreciated!

[0]: https://news.ycombinator.com/item?id=37052508




This seems like exactly the kind of idea built for git scraping[0].

Have GitHub run a daily/weekly pull of the site in question. Attempt to add the artifact to the repo. If identical, no action taken. Otherwise, a commit is made with the new content, and you can now trivially diff the changes over time.

[0] https://simonwillison.net/2020/Oct/9/git-scraping/


I had no idea you could run GitHub actions as a cron job. That’s pretty cool.


There’s a principle of monitoring systems and their alerts: “Only alert actionable events.” Applied to this case, if a ToS changes, what can a user do about it? (Let’s not pretend that they will read the entire ToS again every time, or that they even read it the first time.) Even if the change was obvious or highlighted, and even if the change was detrimental, what could a user actually, realistically, do about it? Stop using the service? If the change is that bad, they’ll probably hear about it anyway.


> Stop using the service?

Yes, precisely. But also, do so as a group, and say why they're doing so.

> If the change is that bad, they’ll probably hear about it anyway.

People hear about such changes because someone notices and brings it up and raises a stink about it.

For a service like this, one model that may make sense is to remind the user that their primary recourse is to stop using the service, but that for egregious ToS changes (known types of which you can flag), they may want to sign on to an awareness/action campaign whose premise is "we're not going to use this service anymore, here's why, change the term and we come back, otherwise we're in the market for a new service without that term".


For one thing, they will need to opt out of arbitration, every time it changes.

I've managed to convince an entire DnD server I'm on to stop using Discord and Zoom because of their recent ToS changes, so it's not unreasonable.


Interesting that users must opt out every time, that seems like something a service could exploit. Imagine a service that has a rotating TOS that updates every week/month with some meaningless change and in each transactional and marketing email they include 'we've updated our TOS' as part of their duty to inform users. People would quickly become blind to that or think it didn't apply to them since it was also in the last email they got.


Out of lazy curiosity, what change in particular prompted this?


What alternatives do you use?


I'd prefer everyone I know stop using Discord and start using Matrix, but that will never happen.


Mumble is great for voice chat.

https://www.mumble.info/


The service can show a diff, pass it through an LLM into a bite sized email


I currently show a diff (see https://tosnotify.com/reports/example), but adding some sort of LLM summary could be cool!


Love this, tried it for ya. Check out the chat example [1].

For small changes, I'd rather read the diff. But occasionally, like item (10), it displays an understanding of the content and the summary is pretty useful. With guided prompts I bet you could make it much more useful, and even answer specific questions that align with folks' use cases for monitoring.

[1] https://chat.openai.com/share/c6ec81aa-de8c-49e3-b132-239136...


Some thoughts:

1. I have no idea (and am curious) how frequently ToS are updated and how often the updates are meaningful to me as an end-user as is the case with Zoom and NightOwl. It would be really interesting if you post some stats after running this service.

2a) Based on the Reddit example: 9 blocks were changed and 1 block was deleted and in a hypothetical use case where I get an e-mail notification about this I would have to read them all.

After reading them none appears substantially different as far as I am concerned as a Reddit user which makes me wonder what the SNR of this service would be as compared to deferring to the HN front page to notify me of major changes that would potentially change my usage of a product.

If I'm missing something significant in this example it would raise the issue of my capability to accurately interpret these changes and therefore whether such notifications are relevant.

2b) Perhaps the "Guidelines for Healthy Communities" changing to "Moderator Code of Conduct" could be significant to a moderator but the details aren't included in the ToS and on searching are listed in a separate document. I wonder how often a ToS reference terms in or includes agreements to other documents, presumably with this service I would have to add and read each one separately?

Overall, it's a great idea but I'm very curious how useful this will end up being in practice, if the SNR is low I'm unlikely to read all the diffs.

For what it's worth I think the price is very fair and I chipped in to support the initiative using my "spam" email. It would be really great if you could do a write-up after a while with some numbers regarding the comments above.

I assume (but IANAL) that there may be some legal liability or at least ethical risks to account for if you were doing this but I would be willing to pay more for a reliable summarized service (i.e. not an off the shelf LLM interpretation) that I can trust to notify me of potentially relevant changes of comparable quality to the HN hive-mind with the advantage of being able to add the services I personally use that the collective here may not.


Somewhat related: Terms of Service; Didn't Read https://tosdr.org


I could have sworn that there used to be a site, not <https://tosback.org>, that provided diffs between old and new ToS for major companies. Something like <https://tosdiff.org> is the obvious candidate, and seems to be the address that I remember, but that doesn't exist (or at least won't load for me). Does anyone in the HN community know the site that I'm remembering?


I really like their summaries, they have a nice system for categorizing different aspects of sites’ terms.


The issue with NightOwl was not that the TOS was updated.

The issue with NightOwl is that allowing automatic updating of an app is equivalent to allowing the app developer remote code execution of any arbitrary program on your machine.

Notification won't solve that problem. Disabling automatic updates does.


That's a good point, and in general actual application behavior matters more than what the TOS says. I do think there are unsolved problems with TOS/privacy policies in general though, so I'm interested in exploring ways for users to gain more control over how companies use their data.


I was thinking about this idea when the Zoom saga happened, that's an amazingly quick implementation!

My plan for getting a list of subscribed services was to get people to add a forwarder to their email account with specific keywords (i.e "thanks for creating an account" or perhaps just "unsubscribe" would be enough). This would forward to an API which would check for a recognised service and add it to the list to notify. It has some privacy implications but I think you could narrow the scope enough for people to go for it.

The other method I had considered was getting a list of places your SSO is used from Google etc. Not sure if that's possible through their API but I'm sure with enough of the hacker spirit you could work out a way.

If you go for either of those ideas I expect a lifetime VIP account! (Just kidding)


Those are both good ideas! Someone else suggested using account lists in password managers. In general it would be a lot more practical if it could feed from a list of accounts you have.


This is really cool! Shared with a few friends!

It might be interesting to plug GPT-3 in and use embeddings for each clause. For example, for each website where a user has agreed already to their ToS, you could use embeddings to see which ones are similar.

Wondering if there's a chance we could chat more if you're keen! I'm on twitter @gabrielchuan

PS: I'm working on something tangentially related at https://url2format.com. It's a WIP (for now free) service that allows people to do various things with any public url such as checking metatags, generating a markdown of a url, etc. I think there's lots of interesting spaces to explore around these


Thanks for the support! I sent you a dm


Isn't it that you get notified anyway by a site about the ToS changes (either with a popup or email message)?


Not always. NightOwl's ToS said "We reserve our right to alter the terms in this Agreement and/or the pricing information and method detailed in NightOwl app's website at any time. In case the Agreement is amended as described, we will post an updated version of it in our website, at which time it becomes active and binding."

That's probably illegal, but plenty of sites and apps will try it anyway.


I guess what would be nice is a diff of new and old.


Yeah, that's what I send in the email updates, here's an example:

https://tosnotify.com/reports/example


I did this exact thing, working with Dor to produce the exact diffs when MongoDB went with their SSPL 1.0.

https://www.scylladb.com/2018/10/22/the-dark-side-of-mongodb...


I want the opposite of this, a gmail filter to hide every email about someone updating their privacy policy or terms. Almost none of them have unsubscribe buttons.


There are also general tools I like for this that work for any website change. visualping.io is good. Though it might be hard to configure for specific textual changes.

One question I have, why do you get emails for terms of service changes on some things but not others?


You can give notify-me.rs a try if you want. We offer pretty generous Early Adopters plan.

You can see example of the twitter rules change on this link: https://notify-me.rs/history?diffPath=7797308284cb6466f79b88...

If you do give it a try, let me know what you think, cuz I'm one of the founders.

Cheers!


I already get a billion of these emails from companies whenever the ToS updates, and I always mark them as spam


I honestly don't think I've ever read one of the ToS updates either. Do you think there'd be a way for them to be more relevant?


Great service - clean and solves particular problem, definitely will try it. I used to use changepatrol.com and visualping.io for solving similar problems of tracking changes on particular URL


Hey, here's an idea for an extension to your really cool idea if you want to make this a kick-ass commercial service:

1. Break licenses down into titles and paragraph sections and run an MD5 or SHA hash on each section to get a "fingerprint" of that section of the TOS.

2. Allow users to check off or redline specific sections of licenses they come across. If a license is "all green" it's approved for use by you.

3. Allow organizations and groups of individuals to share these green and redlining sections of licenses.

4. If a new license is encountered, you can then show "similar licenses you have accepted or rejected" — especially if a section is word-for-word the same.

5. If you really get into ML training you can do this not just for identical but similar sections of license acceptance/rejection.

I do love seeing the exact diffs. It's a cool tool for legal and IT teams trying to get their hands on all the clickthrough licensing they face. Let me know if you like the above ideas and, if you use them, all in return I'd ask is just credit me by name, perpetually free and royalty free, somewhere in the code for the suggestions.


I like this! Focusing on enterprise probably makes more sense since terms matter more for compliance.


There's a great platform out of Portland called Versionista (https://versionista.com/) which has been working closely with the government and other entities to understand changes that happen on websites or even internal documentation managed by multiple teams.


1Password has a similar feature to notify me whenever a site adds two-factor support or experiences a data breach. Password managers are (or should be) understandably uneasy about integrations, but this feels like a natural extension to those warnings.


I've been thinking through how this could work more practically, and this definitely makes the most sense. I might try to find an easy way to export just a list of sites that I have accounts on and then watch those for TOS changes.


Privacy Policies/Notices would be a great addition to the tool.


It works for any online document! Right now it just generates a diff of any URL: https://tosnotify.com/reports/example. In the future it'd be cool if it could auto-detect TOS/Privacy Policy links for a given domain.


Semi related: If anyone's looking for a side project, LLM-parsed terms of service that summarize whether a service will use the content for AI training would be helpful.


I've been thinking about adding some LLM summarization, it would definitely take some work to verify that it to output corrects interpretations though.


I would pay for commercial support, an API, and maybe a webhook or some programmatic way to be notified of changes.


Just curious, how much would you pay? Would you feel better about paying per vendor or a flat fee to monitor up to X vendors, or something completely different?


I work on https://monitoro.co which offers exactly what you're looking for, and is not limited to terms of service.

We also allow you to filter changes for the specific ones that are relevant to your needs, and trigger 3rd party APIs or webhooks with the updated data, or a text diff.


I could definitely add in webhook support, feel free to shoot me an email: support@tosnotify.com


Check out svix.com when you do, it'll literally take you minutes to start sending webhooks with it.

Ping me if you need any help, email in profile.


Very cool. We have been working on something similar but with analysis of the policies using AI[1]. I like your approach, much faster to launch than what we did.

[1] https://www.legalreview.ai


Anecdote: our car recently displayed a dialig asking us to accept new terms. We bought the car, and nowhere in the process did we ever see or accept "terms of service". Legally speaking, WTF?


Maybe they're just mentally preparing you for your impending heated seats subscription.


Use ChatGPT to compare the different versions and summarize the changes for you.


I tried it for the example, but it wasn't very good at differentiating between the old and new changes. I'm definitely going to try to see if I can get some good outputs though.


Thats fast execution! You should get into the law industry.


Haha thanks! Why law specifically?


A painful remark about how slow the government is, haha. I really like the idea, however. Hope you make some spare bucks!


Didn’t Firefox use to have something called live bookmarks where you could bookmark a section of a page and be notified when it changed?


Isn't stealth updating TOS illegal in the EU ?


I could not find a terms of service page for your product on your web-site.


I wish there was something like annualcreditreport.com where I could go and request an email from every company that has my email address on file. I've got a hotmail account that's over 25 years old that probably has hundreds of accounts splashed all over the internet.


I don't see how that's possible. Creditors are required to report information, entities who have your email address are not. And I think I'd prefer that remain the case.


Hi - I'm a paid user of this, how do I add more URLs to track?


Can it show a diff?


Yep, here’s an example of what a report looks like: https://tosnotify.com/reports/example


I like how that's implemented, what are you using to generate the pretty plaintext colored diffs like that?


I used diff2html, it's really nice!

https://github.com/rtfpessoa/diff2html-cli




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: