
Business as usual in the Land of the Free...
You're Free to do as you like / have total Freedom in America.... As long you're a CORPORATION. The rest that live there are pretty much f*cked!
Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday. More and more infosec software makers now include legal language in their T&Cs insisting that their products cannot be tested for usefulness if …
"As long you're a CORPORATION."
You have that backwards, or replied to the wrong story.
This act is "To prohibit the use of certain clauses in form contracts that restrict the ability of a consumer to communicate regarding the goods or services offered in interstate commerce that were the subject of the contract, and for other purposes."
The Act exists, but it still must be enforced, that's my point... How do you typically ensure its enforced? You must lawyer up! If you've no money as most Americans don't, that means a class action suit, which often only benefits the lawyers. That's what's wrong here.
Recently, Equifax tried to get consumers to waive their rights to sue if they took advantage of the free 1-year credit monitoring. My guess is they would have gotten away with this too, only that the breach was too big, and some executives opted for insider trading!
As long you're a CORPORATION
Just the opposite in this case. The act protects only the consumer. If you are a security company, it offers you little or no protection and the whole interaction with the vendor falls under other laws on the statute books.
the US courts have had a mixed record of late when it comes to enforcing draconian terms in EULAs. Just like the forced arbitration clauses that were declared unenforceable, right up until they changed their minds, which resulted in people losing rights in court due to a clause that had been ruled unenforceable when they "Agreed" to it.
In the U.S. it may be better to avoid agreeing to anything you aren't willing to have enforced.
> In the U.S. it may be better to avoid agreeing to anything you aren't willing to have enforced.
It is *always* better to avoid agreeing to anything you aren't willing to have enforced.
But nowadays there are essentially only two ways of doing it consistently: (a) living in a cave far from civilisation (b) being a billionaire or dictator, ideally both.
"MAGA" means "victim of a confidence trick". The term originates from Nigerian slang and typically refers to the Advance Fee Fraud commonly known as a 419 scam (example: Maga Don Pay), but it can also be used to mean "gullible fool" in a general sense.
So, given that you bought a hat that specifically states that you've been conned, why are you surprised about this unanticipated defect?
"Some publishers even specify a fine – up to $25,000 in some cases"
I hate it when every jobsworth with a clipboard and a yellow waistcoat pretends they can 'fine' people.
A fine is a form of punishment which may be imposed by a court after a criminal conviction as an alternative to prison.
What these people attempt to do is issue *invoices*. Only the nature of the paper used makes them unsuitable for toilet paper.
"How do all these clauses 'Trump' the 1st Ammendment to the US constitution?"
Simple, the outfits trying to gag reviews aren't the government. - "Congress shall make no law, etc etc"
As for reviews, I'd take the lead of another commenter and simply post "We'd love to review the product, however the T&Cs say this: ...... - on that basis we recommend avoiding the product."
You overestimate people, if you think they won't buy software subject to egregious terms and conditions of use, even despite any merit they may falsely ascribe to such conditions.
People are still buying software without the Source Code, for crying out loud. And the only reason why anyone would conceal Source Code from users is to disguise what a crock of shit they believe it to be. (I'm proud of the code I write, and I'll gladly show it to anyone; I believe that's what the youth of today refer to as "owning it".)
In some cases, they even look past software whose Source Code is made available to them in favour of inferior software made available in binary form only without Source Code. It's the old "I don't see why I need it, therefore nobody needs it" fallacy.
This post has been deleted by its author
"People are still buying software without the Source Code, for crying out loud. And the only reason why anyone would conceal Source Code from users is to disguise what a crock of shit they believe it to be."
What planet are you on?! The average person doesn't understand or even care how a car works, they would never buy a workshop or manufacturer service manual, so long as the engine fires and they can drive it that's all they're concerned with. So why the heck would they care about the code that underpins the software they use on a daily basis?! Just 'cos Hotpoint won't automatically issue me with the service manual for my washing machine that didn't stop me buying one of their machines.
Just because I don't know exactly how a device works, doesn't mean I need to know and doesn't stop me trusting the manufacturer. So long as I get some basic assurance the product is generally fit for purpose I'm OK with purchase. I think FOSS and GPL are superb ideas, they give those who want them choices but for most of us life is too short and too busy to worry about knowing everything about everything. You have to pick your battles carefully and for average Joe Public knowing how an app works is not even going to make it on the top 1000 list of things they need to know in their daily lives.
JulieM
Do you, really, in all honesty think that the many users of software would know what to do with source code, or that it even existed. Or was it just trolling? Even techie purchasers of infosec software are probably not likely to have the time or skills to examine vast pages of code, assuming that said code is even sufficiently clear to be followed.
I actually agreed the first paragraph. The whole "apps" business is built on users clicking through Ts&Cs that say " we will copy all your data, sell your family into bondage and rent out your house to foreign businessmen for use as illicit love nests". (Or they might for all anyone knows).
Making an unwarranted demand with menaces with a view to making a gain or causing a loss is a criminal offence under s.21 of the Theft Act 1968. That's one (of many) reason lots of companies record all phone calls. If it happens, advise the extortionist that you're calling the cops (penalty: fine and/or up to 14 years as a guest of her Majesty).
We have rated this product 1/10 due to unconscionable terms contained within their EULA which precluded the publishing of a full review. We can only conclude that if the manufacturer is so afraid of an unbiased review that they have to use these tactics, then the product is clearly not of sufficient quality to recommend to consumers. Our copy of the software was returned unused for a refund - if you've already purchased a copy we would suggest you do the same.
**************
That wouldn't be extortion, it would be fair comment - and the EULA wouldn't apply.
Unfortunately the companies who review software need the software companies more than the software companies need the reviewers, so don't expect anything like this to actually happen.
Maybe it's just me but I like companies trying this - no, no, hold your outrage, bear with me on this.
When evaluating a supplier, you should not just look at the product but also the business because it gives you a good hint of the quality, flaws, future and support of the product you're buying.
A company which pre-emptively seeks to quell bad reviews is actively worried about those. In other words, this company doesn't like feedback to improve its product, which suggests they either KNOW the product will get a bad review, fear it, or even both.
This declares whatever you're thinking of buying not only a potential steaming pile of problems, but it also suggests the organisation involved will rather hide behind lawyers than address the problems or use the feedback to make the product better (actually, let's start with "acceptable" first).
Ergo, the presence of such conditions in the T&Cs acts as a nice evaluation shortcut: it sends a very clear "do not buy under any circumstances" signal. I'd avoid a company trying this like the proverbial plague.
"I'd guess less than 1% of users read any, let alone all, of any T&C."
In the UK and the rest of the EU we have a thing called "fairness". If a contract is clearly imbalanced on one side, potentially the entire contract could be invalid if it gets to court. T&Cs, especially those where you don't get to see them until after the purchase are generally not worth the paper or pixels they are written on. Most especially those written by US lawyers for US products sold here. It's very, very rare for a challenged T&C document to reach court because the companies are terrified of legal precedent being set where they are fairly certain to lose.
"Now, if people would only *Read* the "Terms and Conditions". I'd guess less than 1% of users read any, let alone all, of any T&C."
Unfortunately you need a law degree and many years experience of contract law to understand these things, such is how they are written.
Someone also worked out that if we actually read all the T&Cs forced upon us over a lifetime it would take ~10 years to read all of them.
Someone also worked out that if we actually read all the T&Cs forced upon us over a lifetime it would take ~10 years to read all of them.
Not so much. After a few dozen you get the flow in these things. After a while it's more like running a checklist, just as is the case with most boilerplate contracts. Then you notice what they don't cover.
Who realistically buys anything that is based solely on the manufacturers statement of how perfect their product is ?
After all, these statements are made up by their marketing departments who are so far away from reality and unfortunately too far away from a ticket on the B ark
Independent reviews are good as long as they are truly unbiased and based on fact that others can independently verify (i.e. by repeating the tests themself).
Personally, I won't buy something until I've read a number of reviews and extract the common thread from them.
I agree with @JimC that those who post fake reviews for personal gain should feel some pain, but in the modern world where common sense has been removed and things are solely based on the accountants "lowest cost option" the companies set themselves up for this sort of situation, so its mostly their own fault.
>> in the modern world where common sense has been removed and things are solely based on the accountants "lowest cost option" the companies set themselves up for this sort of situation
And in that world, it follows that there are individuals and companies which exist solely to post convincing fake reviews - the profits are enormous. Online reviews are entirely meaningless.
I take this line: If a company opts to sue for extremely thorough, independent, open, and free testing of its product, then it is insane and therefore to be avoided at all costs.
What's the fuss? eBay have been doing this since 2008. Years earlier Pierre Omidyar felt it was a great idea to invite feedback (and it was), but one day they woke up with a brilliant idea... BAN negative feedback! Who needs all this negativity the marketeers decided. Buyers are eBay's product, and these 'products' should only receive +ve ratings... eBay's products are just great now...
So, that's the CrowdStrike brought in by the DNC to emit unverifiable proof of Russian Hacking of the DNC servers around July 5, which was then "made plausible" by someone calling himself Guccifer 2.0 emitting russiana-tainted word-docs as marker material? Then it turns that it got all hoovered up via USB 2,0 device...
One reasonable objection to these findings is that Crowdstrike’s excellent cyber protection system, Falcon, was in place prior to July 05, and, therefore, a hack could not have occurred on this date. The locale of the 5th event is in question, whether on a DNC server or later on a copy previously made. True, the action could have been on an earlier copy, in which case Falcon is irrelevant. However, were the action to have occurred on a DNC server then questions arise on the protection granularity decision making criteria of Falcon. For instance, would Falcon stop a DNC user with privileged access, e.g., System Programmer or even a regular authorized user, from copying/downloading something? Here, the conclusion is that it was a local copy, so this question is relevant.
ZERO CREDIBILITY!