Clarify Terms of Use

[Lastique]

https://www.preview.boost.org/terms-of-use/

I am not a lawyer, but these terms of use are a significant departure from the current website, which, to the best of my knowledge, is licensed under the Boost Software License 1.0 (or BSL for short):

https://www.boost.org/

(Notice the copyright at the bottom.)

I understand that the new website has a wider range of content that is published, and there should probably be some additional terms and definitions regarding that added content. However, the Terms of Use (TOU) page linked above seems both more verbose and less clear at the same time.

In particular, I have the following concerns:

• The document does not specify exactly what constitutes the Services. It mentions the website https://www.boost.org, but does this also include library documentation, which is also hosted under the same URL? If so, it contradicts the library license, as library documentation is being licensed under BSL, along with the library source code.
• I find it odd that the document prohibits the use of services for persons under the age of 18 years old. I hope we're not planning to post mature content? Also, this goes back to the library documentation - there is no age restriction imposed by BSL.
• Similarly, the document permits "personal, non-commercial use or internal business purpose only", where this was not the case previously.
• The document claims that The C Plus Plus Alliance, Inc. is "the owner or the licensee of all intellectual property rights in our Services, including all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics in the Services (collectively, the "Content"), as well as the trademarks, service marks, and logos contained therein (the "Marks")." Again, does this claim include Boost libraries, including source code and docs that are being distributed and hosted on the website? If so, this doesn't seem true.
• Contributions: The definition is rather vague, and any Boost libraries could be considered as Contributions. Again, I'm not a lawyer, but it seems to me your terms of use of Contributions may be in conflict with BSL. There are different sets of permitted activities wrt. Contributions in TOU and the Software in BSL. BSL also requires to reproduce the license in source form of the Software, which is not acknowledged in TOU.
• In PROHIBITED ACTIVITIES, you list "Systematically retrieve data or other content from the Services to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us." This effectively prohibits automated downloads and fetching archive checksums from the website.
• Also in that section, "Use the Services as part of any effort to compete with us or otherwise use the Services and/or the Content for any revenue-generating endeavor or commercial enterprise." This effectively prohibits use of Boost website (including library docs) as part of commercial activity. This contradicts the BSL.

There are probably other points that are questionable, I did not analyze the TOU document in every detail, and again, I'm not a lawyer and don't understand all the legal details in it. But my main requests can be summarized as follows:

• The document should clearly separate the website implementation, social content and the library content on the website. By website implementation I mean code and media content (images, videos, audio, text, styling) that were created by The C Plus Plus Alliance, Inc. and are used to implement the website functionality. By social content I mean stuff like blog posts, videos, discussions, forum posts and so on - that were created by users and is published on the website. Note this does not include library issue trackers and discussions on GitHub. This also does not include any posts on Boost mailing lists. By library content I mean library documentation, including READMEs, library logos, library downloads, library list, release notes - everything that pertains to particular libraries that was created by library authors and maintainers and may be viewable on the website.
• The document may define terms of use for the social content posted on the website and the website implementation. I would ask to express these terms in a shorter and simpler form than the current TOU, but of course the choice is yours.
• The document should explicitly acknowledge that it doesn't cover the library content, as defined above. The library content is covered by the respective library license (which is currently BSL for all libraries). In particular, library downloads, library list and release notes should also be covered under BSL. For example, when I submit a PR with release notes for my library, I'm doing so under BSL; I'm not agreeing to any additional terms listed in the TOU document and I'm not granting The C Plus Plus Alliance, Inc. any additional rights beyond what is permitted by the BSL.

Also, I think this topic might be worth discussing on the Boost mailing list.

[louistatta]

I used Termly.io to create a template, ensuring compliance with privacy laws like GDPR, CCPA, PIPEDA, and the ePrivacy Regulation. I'm not a lawyer, but I didn't request any additional language; I followed the template for our use and paid Termly.io for the document. @frankwiles, with your experience, is there a less bloated way to stay compliant? Perhaps I was overly cautious, adding unnecessary elements. I'll review it again with the web developers.

I understand that "services" specifically relates to Boost.org website and not to the Boost library or Boost license, as no one owns those. Thus, that claim would be invalid. So, much of the wording doesn't pertain to the library, license, contributions, or ownership.

Regarding the mention of age, I'm curious why it was included, I will have to look at that wording.

[frankwiles]

@louistatta yeah I'm happy to go over the template with a fine tooth comb with you and make recommendations. The vagueness and age restrictions are really there to protect "typical" websites from litigation, but that isn't really a serious concern for the boost site.

We can be compliant with less vague and troubling wording.

[Lastique]

Out of curiosity, you specifically reference GLBA in the TOU document. What relevance does it have to the Boost website and why does TOU need to mention it? The same pertains to other US Acts that are mentioned in the document.

Please note that as a non-US reader, I have no idea what any of those acts are about (at best, I glanced over a Wikipedia page, at worst I didn't bother) and whether I am affected or should care. I think, this example illustrates the problem with the document - for an average international viewer, the document is too difficult to understand and too verbose to even read through.

One of the reasons why BSL is so attractive is that it is short and easy to understand even to an unprepared reader. I think, the new TOU document should also have those qualities.

[vinniefalco]

BSL can't literally apply here because it is a software license, while the website is a service. But I agree I would like the simplest possible legal document.

[Lastique]

One point in the TOU document that I also find bothering is that it states that the user assigns all rights on Submissions and Contributions to The C Plus Plus Alliance, Inc. and that The C Plus Plus Alliance, Inc. owns that content. I do not think this is acceptable, at least not with respect to user-generated content.

I think the user must own his personal data, as well as comments, forum posts that he made and so on, to be able to modify or delete them (where deletion would mean complete removal from the website databases). The owner of the Service may reserve some rights to be able to store, publish and moderate that content, but that certainly should not include passing intellectual property rights to The C Plus Plus Alliance or it "owning" the content.

[frankwiles]

@Lastique which section is that? I see it grants the site a "license" to use that submission (which is necessary) but not ownership.

[frankwiles]

@louistatta the TOU mentions the code of the site itself, which I realized we do not have a license on one way or another here on Github. Is the site itself under an OSS license? If it is we should strike the clause:

Copy or adapt the Services' software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.

[frankwiles]

Suggest we also strike these as they either don't really apply or there is existing precedent that makes them unenforceable/meaningless :

Except as permitted by applicable law, decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Services.

Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services, or use or launch any unauthorized script or other software.

Use a buying agent or purchasing agent to make purchases on the Services.

[Lastique]

Section 2, Intellectual Property Rights:

Submissions: By directly sending us any question, comment, suggestion, idea, feedback, or other information about the Services ("Submissions"), you agree to assign to us all intellectual property rights in such Submission. You agree that we shall own this Submission and be entitled to its unrestricted use and dissemination for any lawful purpose, commercial or otherwise, without acknowledgment or compensation to you.

Emphasis mine.

[frankwiles]

@Lastique aha, I missed that. @louistatta we should adjust the Section 2 language here to be "license" and not own. This covers you in the event someone suggests a useful feature, it can be built without having the person suggesting it be able to sue you for compensation related to the idea.

[d-spencer-strickland]

@Lastique @frankwiles I've updated TOS to use the MD that was provided, does this cover everything that was discussed here?

https://www.preview.boost.org/terms-of-use/

Thanks!

[d-spencer-strickland]

Believe it does, closing. Thanks!

[Lastique]

We reserve the right, in our sole discretion, to make changes or modifications to these Legal Terms from time to time. We will alert you about any changes by updating the "Last updated" date of these Legal Terms, and you waive any right to receive specific notice of each such change. It is your responsibility to periodically review these Legal Terms to stay informed of updates.

I think you should take the necessary steps to notify at least the registered users of the TOU updates. Even the unregistered users could be made aware of the TOU update via a pinned post on the front page or a displayed notification (based on a cookie, for example).

I'm not saying you should guarantee you will notify the user of a TOU update, but you should at least state that you will try, to the best of your technical abilities. Requiring users to poll TOU for changes is not a reasonable proposition.

Intellectual Property

Boost libraries, documentation, and source code are provided under the terms of the Boost Software License.

It is better to say "Boost libraries, documentation, and source code are property of the respective library authors and maintainers and are provided under the terms of the licenses of the respective libraries". Yes, all current libraries are licensed under BSL, but there is no formal requirement that a new library must be under BSL. It would be very strongly desirable to be under BSL, though.

This section should probably also mention that the website implementation itself is licensed under BSL.

You grant The C Plus Plus Alliance, Inc. and Boost a royalty-free and non-exclusive license to display, use, copy, transmit, and broadcast the content you upload and publish.

Boost is not a legal entity. There Boost Foundation and individual authors and maintainers of Boost libraries. The sentence above should be clarified which ones it refers to.

For issues regarding intellectual property claims, you should contact the company in order to come to an agreement.

This sentence should be clarified which one is "the company", in coherence with the clarified previous sentence.

Prohibited Activities

In addition your contribitions must meet these requirements:

Typo in "contributions".

Not obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, or otherwise objectionable (as determined by us).

This sentence should start with something like "They are not ...".

Your Contributions do not violate any applicable law concerning child pornography, or otherwise intended to protect the health or well-being of minors.

The last part of the sentence seem to contradict the first. Did you mean "harm" instead of "protect"?

[Lastique]

@4down Please reopen until the issues above are addressed.

[louistatta]

Before we consider revising the Terms of Service (TOS) language on TOS updates, I'd prefer to have a fully automated system in place. It would automatically send an email notification to all registered users with valid email addresses whenever the website's TOS or Privacy Policy is updated, ensuring the process is seamless and doesn't depend on manual intervention, such as someone remembering to send out a mass email after each update..

Currently, we're focused on other priorities, but we will look into the implementation of this feature in the future. If anyone is willing or able to help expedite the process, we would greatly welcome the assistance, especially considering our website has just been launched under BSL.

Yes, all current libraries are licensed under BSL, but there is no formal requirement that a new library must be under BSL. It would be very strongly desirable to be under BSL, though.

Let's cross that bridge if and when it happens.

All other issues reported have been addressed. Thank you for your contributions and for bringing these matters to our attention.

[Lastique]

The typo in "contributions" is still there.

The changed wording says contributions "should be aimed at safeguarding the health and well-being of minors". I don't think this change is correct, as aiming every contribution at protecting the minors is not realistic. The wording should instead say that contributions harming the minors are prohibited (which is consistent with the Prohibited Activities section name).

[louistatta]

Updated and we're adding this feature. https://github.com/boostorg/website-v2/issues/986