Brief Thoughts on Privacy and 2 Tricks Your Service Provider Don't Want You To Know
Privacy ramblings and suggestions from a consumer-first perspective
I’m not a philosopher, nor a legal expert. However, I am curious. At least in the United States of America, privacy is not guaranteed. Oftentimes, companies are playing a game of cat-and-mouse against governing bodies, B2B contractual obligations, and lawsuits. While the consumer is typically the primary focus of these conversations, oftentimes it is only to the extent of baseline requirements which aid in retaining and garnering more consumers, with many facets of the average consumer experience left as an afterthought.
Perhaps I’ll make this a series of posts which widen the discussion to consumer-centric agency and protection in the current technological landscape, such as copyright, right to repair, ownership, centralization, self-hosting, and personal projects concerning the aforementioned. Perhaps I won’t.
For now, let’s focus on something that most people are familiar with to some extent — Privacy Policies and Terms of Service.
Privacy Policies and Terms of Service
A privacy policy is a statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data, while a privacy notice tells clients or data subjects what data is held by an organisation and how that data will be handled.
- https://en.wikipedia.org/wiki/Privacy_policy
Terms of Service, also known as Terms of Use and Terms and Conditions, are the legal agreements between service providers and the service consumers. The person must agree to abide by the terms of service in order to use the offered service. Terms of service can also be merely a disclaimer, especially regarding the use of websites.
You’ve been there. I’ve been there. We’re both guilty of it. You sign up for an account, see a wall of text and a green button moving you forward in the process. We could have just agreed to some ridiculous stipulations for using the service, or your data could be handled in such as a way that would make George Orwell sick to his stomach.
We’ve normalized scrolling to the bottom and clicking “Accept” without understanding how our privacy and service experience are impacted, and it’s no surprise. These documents are almost always verbose and overly comprehensive. At the end of the day, they are meant to minimize legal liability and fulfill regulations for companies, rather than be helpful notices to the consumer. It’s difficulty to argue that consumers are the ones at fault when these documents employ “legalese” along with a shotgun approach of trying to cover every edge case.
We’re left with a bleak, and almost hysterical, state of technological affairs where nearly every service requires signing away on documents that really should necessitate a lawyer to be at your beck-and-call. While we can hope for a day where services are required to provide “human-readable” versions of these documents, I’m tired of our current circumstances and want to look into what can be done now. While there’s still plenty more learning and research to be done on my end, I want to briefly discuss two suggestions on how we could mitigate the issue as consumers — GenAI and ToS;DR (no that’s not a typo).
Potential Application of GenAI
Considering the foremost trend in technology (and many other facets of life to a lesser extent) is generative artificial intelligence (GenAI), the first idea I had was to leverage general-purpose large-language models (LLMs).
Given the plain-text-only nature of privacy policies and terms of services, integrating GenAI might be as simple as having a template prompt and uploading copy-pasted snippet(s) of the documents. Retrieval-augmented generation (RAG), chunking, and likely a slew of other AI techniques that have been/are being developed probably can make the process more efficient in terms of context window limitations and ingesting the content of said documents.
If I were to take a stab at this (which might be something I do and cover in the future) this could be a browser extension that parses the contents of the webpage, perhaps does some sort of more efficient chunking or stream processing of the contents, sends requests to a self-hosted open-source LLM, and displays the returned brief summary in the browser extension modal.
As an aside, if it was not clear yet, I claim no expertise in AI engineering and advanced techniques, and my approach might pose numerous inefficiencies or naive design decisions. Moreover, the irony is not lost on me that this approach hinges on open-source LLMs, which are often trained on data that was scraped, processed, and/or used in ways that violate and infringe upon other services’ advertised privacy policies and terms of service. Not to mention, they are typically developed by companies often at the center of these issues in the first place.
Getting back on track, the idea seems like it has promise, and it may also be a rare example of how GenAI could meaningfully be helpful to consumers. However, before reinventing the wheel and/or throwing AI at the problem, I want to begin looking for existing, mature tools and approaches that can help out with this issue. Let’s talk about the most promising option that I came across, so far.
ToS;DR (Terms of Service; Didn’t Read)
“Terms of Service; Didn’t Read” is a play on the phrase “Too Long; Didn’t Read” (TLDR), often used in context of requesting/providing a summary of a lengthy text. Similarly, ToS;DR provides a summary of the Terms of Service and Privacy Policy for numerous services. It relies on human contributors akin to Wikipedia, and provides various browser/operating system integrations to make leveraging the existing summaries seamless.
I haven’t use ToS;DR to a great extent yet so, while this is not a comprehensive review, here are some initial thoughts I have on the service.
Pros
ToS;DR can help alleviate the pain that comes with scrolling through verbose text blocks by providing human-verified key points
Each listed service also is given a cumulative letter grade, based on how consumer-friendly the policies/terms are
Anyone can become a contributor, and contributions go through a review process
Chrome, Firefox, and Safari browser extensions are available, along with Android and iOS apps
Cons
- Due to ToS:DR relying on human contributions, not every service will have an entry, and entries may be outdated or have inaccuracies
Conclusion
My eyes hurt typing this, so I’m going to stop now. Perhaps my retinas will allow for a slick conclusion next time. Please share this post with someone you love, hate, or know, particularly if they’d be interested in any of the potential future topics mentioned in the introduction.
Tune in for next time, where I will write about something, trying to pass off ideas from the depths of my stream of consciousness as an article that shows a semblance of polish, a hint of jest, and a handful of grammatical errors.
Sent from my Web3-based, IoT, always-listening, AI-assisted, smart Generic Air Purifier X,
The Algomist
