search

appdotnet / terms-of-service

The App.net terms of service documents live here. To facilitate transparent discussion, we encourage users to create issues and/or submit pull requests with your feedback. Our general process is to incorporate user feedback on a roughly quarterly basis based on review with our legal team, but in the early stages this may occur significantly more often.
Other
39 stars 23 forks source link

"may also obtain information" is too broad #10

Open mattflaschen opened 11 years ago

mattflaschen commented 11 years ago

The sentence "We may also obtain information from other companies and combine that with information we collect on the Service." is too broad.

As written, it would allow things like Facebook Beacon (http://en.wikipedia.org/wiki/Facebook_Beacon), in which third-party companies like Fandango disclosed which movies people watched to Facebook for a new ad program.

I'm not sure why this sentence is here at all. If it is regarding "other companies" being certain developers using the API, it should be written as such (and apply to individual devs too). Another I can think of is information from the payment processor. But as is it's way too broad.

JoshBlake commented 11 years ago

@mattflaschen I can think of three cases for interpreting this clause:

  1. Other companies = app developers (as you said), in which case that should be explicit.
  2. Other companies = other companies with user information that may be cross-referenced with the app.net identities. I agree I don't know why ADN would even care about that as an infrastructure platform. I could see a third-party app that provided a Beacon type of cross-references, but users would be free to use or not use that application. (There is an edge case which should go in a different issue - the case of an app developer combining ADN identifies and profiles with other companies for the purpose of selling that combined information back to other companies for targeted advertising, or enabling targeted ADN posts, "smart spam".)
  3. Other companies = companies required to do ADN business, such as credit card companies for payment info, or user-requested imports of email addresses or FB friends. Like #1 this should be made explicit.
mattflaschen commented 11 years ago

Your list is helpful.

I agree with #1, to essentially notify users that developers can do things allowed by the separate API TOS (as I requested in issue #13).

2 in your list would be best addressed in the API TOS. I agree that

privacy and advertising implications of the API should be carefully considered.

3 should be both explicit and limited. Imports from other social

networking sites (like http://friendfind.co/) should be allowed by the API TOS, but I don't think app.net itself should do it.

berg commented 11 years ago

separate API TOS is coming (obviously :))

We obviously have no intent to do anything like Beacon, nor do we care about tracking you across the web, etc. so we should be able to reduce this significantly.

mattflaschen commented 11 years ago

In the new privacy policy, the wording has changed to, "We may also obtain information from other sources and combine that with information we collect through our services.", but unfortunately, that's even broader (source is broader than company).

mattflaschen commented 11 years ago

In the new one, there is also, "Link or combine with other information we get from third parties to help understand your needs and provide you with better service." which is essentially the other side of the same overly broad coin.