We already know that people are willing to hand over their firstborns for free Wi-Fi.
Or, at least, they’re more willing to accidentally sign over perpetual ownership of their tots than they are to read lengthy terms and conditions. We know this thanks to a security firm that set up an open Wi-Fi network in a busy public area in London and then presented people with lengthy terms and conditions to sign up and – buh-bye, now! – inadvertently sign kids away in blissful ignorance.
Now, thanks to new research, we know that the same goes for signing up for a new social media platform.
Sorry, kids: you’ve once again been put on the bargaining table by researchers out to prove the point that this is the biggest lie on the internet:
I have read and agree with the terms and conditions.
The study comes from Jonathan Obar, who teaches communication technology at York University, and Anne Oeldorf-Hirsch, a University of Connecticut communications assistant professor.
Their study is titled The Biggest Lie on the Internet: Ignoring the Privacy Policies and Terms of Service Policies of Social Networking Services.
Besides sneaking the (legally unenforceable, of course!) Herod clause about the firstborn past most people, the study also found that participants are apparently just fine with their data being shared with the National Security Agency (NSA) and employers.
The reason is similar: they’re not reading privacy policies.
The study involved 543 participants – undergraduate students “recruited from a large communication class at a university in the eastern United States” – and an experimental survey that presented them with a new, fictitious social networking site named “NameDrop.”
The students were told that their university was working with NameDrop and that they would be “contributing to a pre-launch evaluation.” According to the deception, the students needed to sign up for the site to perform that analysis.
To make sure the TOS policies were long enough to ensure glazed-over eyeballs, the researchers modeled them on an actual policy: namely, LinkedIn’s.
Most – 98% – missed both NameDrop’s gotcha clause about data sharing with the NSA and employers, as well as the bit about paying for the service with a firstborn.
It should have taken far longer, the researchers said, given the average adult reading speed of 250-280 words per minute.
From the study:
PP should have taken 30 minutes to read, TOS [Terms of Service] 16 minutes.
From a writeup in The Atlantic:
If it was your job to read privacy policies for 8 hours per day, it would take you 76 work days to complete the task. Nationalized, that’s 53.8 BILLION HOURS of time required to read privacy policies.
With regards to the more recent study, the researchers say that the cause of all these firstborn babies being theoretically handed over as currency for online services is, no surprise here, information overload:
A regression analysis revealed information overload as a significant negative predictor of reading TOS upon signup, when TOS changes, and when PP changes.
Qualitative findings further suggest that participants view policies as nuisance, ignoring them to pursue the ends of digital production, without being inhibited by the means.
The researchers conclude that the study adds support for the argument that “notice and choice policy is deeply flawed, if not an absolute failure.”
From the paper:
Transparency is a great place to start, as is notice and choice policy; however, all are terrible places to finish. They leave digital citizens with nothing more than an empty promise or protection, an impractical opportunity for data privacy self management, and… too much homework.
If adults can’t get through these policies, imagine how vanishingly small the possibility is that children can protect themselves, the researchers suggest.
They can’t be protected by long policies that nobody reads, and they can’t keep their parents from inadvertently signing them over – along with their own data privacy rights.
5 comments on “Users sign away their firstborns on fake social network”
Should have called the program Rumpelstiltskin. Just for the additional slap in the face.
I have a friend, who is a Lawyer, and I’ve witnessed him review an entire ToS and actually redline some of the text prior to signing the agreement. Point here, if you’re not a lawyer, they are terribly hard to understand in most cases. What are we to do? Stop using all things that require a PP or a ToS to be signed?
No matter what you do, you “agree” to share everything with the NSA.
One problem is if you don’t agree, you don’t use the site. Many don’t see this as a problem or the associated consequences. I went to a site, the ULA (User License Agreement). Anyway the ULA was 960+ pages all written in CAPS and legalese. I skipped the site. I doubt they knew or cared, which they should. I bet none of these sites track who reads them and leaves. Many commercial sites allow data to be stored anywhere in the world and the company owns it, even thought it’s yours. One place that was support for the animal ID for my pet. So to use the device that I paid for, I now have to agree to something unknown at the time of purchase. They store data world wide and anything entered by you is theirs for any use they wish. NO THANKS, how to get it out of my cat??? I work in politics sometimes and know senators or representatives. I don’t want anything that relates to them on a server that ISIS can get to, or anyone else for that matter. I’m uncomfortable if they can get access to the hardware. Also like iOS 10, nice, but can’t control the iCloud that I’ve found.