Have you also done it? Briskly skimming through the terms and conditions or not bothering to read them at all before blindly clicking “I agree”. This is not uncommon, however, we put ourselves at risk by signing away various rights over what happens to our personal data; namely, how platforms collect, use, store and share our personal information. In some cases, one might even be waiving their intellectual property rights.
These agreements are termed clickwrap (also known as click-accept, click-to-sign, or clickthrough) agreements. A clickwrap agreement is defined as “an online agreement that users agree to by clicking a button or checking a box that says “I agree.” The act of signing via an electronic signature is replaced with the act of clicking.”1 Therefore, it is important to note that when you click “I agree” on these documents, your approval is legally binding.
Terms and conditions are created to serve the best interests of the company by explaining what the rules are for customers when using their service. Whereas a privacy policy explains to users how their data will be collected, stored and used by the company and any third parties or affiliates. It is important to pay attention, particularly to areas in the document which pertain to matters such as granting a company the right to sell your personal information to third parties, monitor your movements using location tracking and GPS, or track your device identifiers such as your device’s IP address.2
Another common agreement is an End User License Agreement (EULA), which is also referred to as a software license. A EULA is an agreement which grants the purchaser the right to use the developer or publisher’s software after they have purchased it. The main issues which discourage the careful review of these agreements are the length of the document and the complicated wording, and legal and technical jargon which might deter the layman.
The Cybersecurity & Infrastructure Security Agency (CISA), has highlighted the following recommendations for protecting oneself from the security and privacy problems associated with EULAs:
- Read the EULA before you install the software. It can be tedious, but reading the agreement is the only way to know exactly what privacy and security risks you might be taking by agreeing to the EULA.
- Consider the software publisher. If you are unfamiliar with the publisher, carefully review the EULA covering its software.
- Beware of firewall prompts when installing software. Take caution when firewall prompts request permission for certain traffic to pass. Review the EULA to find out why this traffic must be allowed and whether you wish to allow it.
- Beware of free software, especially peer-to-peer (P2P) file-sharing software. “Rarely is anything truly free.” Review the EULA to find out what actions are required of you or permissions to be granted in exchange for using the software, and evaluate what impact this might have on the security of your computer and personal information.3
It is never wise to sign anything that you have not read and thoroughly understand. It is advisable to always read a document or agreement prior to signing, agreeing to, or acknowledging that you have read the contents within.
As stated by CISA: “While you might incur a half hour of boring reading, doing so can spare you security and privacy headaches.”3
References:
