User:Everyoneworthknowing/The Biggest Lie on the Internet

Definition
The Biggest Lie on the Internet is an internet meme; the lie refers to the statement “I agree to the terms and conditions”. The “I agree” statement is commonly acknowledged when a user registers for a website or service: they must click to agree/accept the terms and conditions presented to them and they often do so without having actually read or understood those policies. The biggest lie on the internet unmasks the false assertion that the user has read and comprehended privacy and terms of service policies, as people do not read them even though there is a requirement to acknowledge that they did. This assertion is founded based on significant research that proves “that people do not read privacy policies, do not understand them when they do, and realistically could not read them even if they wanted to”.

History
Although there is no consensus on the first time the descriptor “the biggest lie on the internet” was used, a CommonTerms report entitled Previewing Online Terms and Conditions published in January 2012 refers to the term having gained popularity on social media. CommonTerms was a project run by Metamatrix AB that received funding from the Swedish government and began in 2010, seeking to address the issue related to consumers not understanding the contents contained in legal agreements they were required to accept. Their project identified reasons behind why people do not read terms and conditions, and proposed a series of icons that were meant to demystify the legal jargon of terms and policies that users find too arduous and complicated to read through and understand. A later report by CommonTerms that was published in 2013 entitled Fighting the Biggest Lie on the Internet includes a list of projects that work to further similar aims of clarifying the problem of terms and policies not being readily understood by most users.

The website “Terms of Service; Didn’t Read” was established in June 2012 and provides point-form blurbs about commonly-used websites’ privacy policies and terms of service with the intention of making clear what users agree to when they affirm their consent therein. As part of their effort to combat the biggest lie on the internet, they offer downloadable extensions for browsers that can display clear information about terms and policies when navigating to websites that have been previously reviewed.

The Office of the Privacy Commissioner of Canada (OPC), along with the Social Sciences and Humanities Research Council and York University funded a project entitled “Understanding “the biggest lie on the internet”: Visualizing and translating the online consent challenge” and its research was published in 2020. The project’s website entitled The Biggest Lie on the Internet includes research reports related to terms of service, privacy policies, and clickwraps, as well as information about the project and a frequently asked questions page. Two videos were produced in association with this project and uploaded to YouTube: What is The Biggest Lie on the Internet (which is also displayed on the front page of the website) and The Clickwrap and The Biggest Lie on the Internet.

Consent
The general approach taken towards eliciting agreement from consumers comes in the form of “transparency and choice”, “Often called notice-and-consent, or informed consent”. In actuality this approach tends to only offer a binary choice of yes to proceed or no to reject using the site altogether rather than the opportunity to negotiate what kind of personal information will be shared and how. Those choosing to accept the terms and conditions tend to not be well informed enough to proceed with agreeing to said terms, which means that consent—which requires a person to comprehend clearly what they are agreeing to—has not necessarily been achieved. Predominantly, there is recognition that even though a person may give their legally valid consent through a clickwrap, this does not equate to their comprehension of the terms to which they have consented. Further, the fact that so many people do not read privacy policies and terms indicates that this form of eliciting consent is not working as it is meant to nor is it a successful strategy.

Privacy on Social Networking Sites (SNS)
In order to use online social networking sites (SNS) or services online, people are required to share information about themselves. What those companies and services will do with and/or how they will protect said data is detailed in privacy policies that establish the terms of how a person will engage with a website, and are normally coupled along with the terms of service of said website. These policies also include notices about how to safeguard and control what information can be shared. The most important parts of privacy policies are the pieces that may not be immediately evident on a cursory glance. Terms of service and privacy policies are relevant and necessary, yet according to studies previously conducted they are not often read by consumers.

Comprehensive data about a person can be collated and used for various purposes, so much so that to deal with these inevitablities of use seems near arduous. Part of the problem with reading all of the policies has to do with the volume of time it would take to collectively read all of them—equating to about 40 minutes per day every day for an entire year, or the equivalent of the whole country of the United States of America spending 54 billion hours annually, which represents a significant investment of time. There is also the matter of how these terms and policies are presented on screen, for example terms and conditions presented in uppercase looking less like text and more like a graphic.

Privacy Concerns & Privacy Fatigue
Also related to the concept of the biggest lie on the internet is the “privacy paradox”, which refers to the notion that people want to safeguard their data but are willing to openly share said data without taking appropriate steps to protect it. People proclaim to have a desire for privacy but instead action ignorance. The literature on this topic recommends that studies should focus on what people do, rather than what they say they do.

“Privacy fatigue” refers to users feeling that they cannot exert any form of control regarding what they are able to keep private online. When a person experiences “privacy fatigue”, they employ minimal effort in working to change how their data is shared; these psychological feelings play a strong role in how a person works to safeguard their information. Data breaches are commonplace and widely reported on, yet people still trust sharing their personal information online.

Clickwraps & Browsewraps
A clickwrap is an agreement to terms and policies that requires a person to click a button or a box identifying that they have accepted or agreed to terms/policies for the site/company/service that they are engaging with. Clickwraps, which are essential for maintaining the functioning of e-businesses, make the opportunity to skip terms of service or privacy policies much easier—compared to placing a link on a page that a user would be required to click, read, and then accept the policies. Instead, clickwraps exist to help people jump to the end of registration and click to accept the terms, often without second guessing any piece of the process. Clickwraps and browsewraps are the most often employed Internet contracts : clickwrap requires an actual sign up whereas browsewrap does not and instead just by virtue of accessing a website or engaging with software there is deemed to be valid consent.

The option to agree or skip ahead to join is generally designed to look enticing and fun, and is foregrounded compared to the actual contents of the terms and conditions. Clickwraps require an acceptance of/agreement with terms in order to proceed and there are two ways of accomplishing this: either within a frame where the text can be moved upwards and downwards towards an opportunity to accept/agree or where the terms of service and/or privacy policy can be accessed through clicking a link. Clickwraps are categorized as adhesion contracts because the party signing does not have the ability to change pieces of the agreement—only two options are presented to the party signing the contract: the choice to accept/agree or not.

Clickwraps facilitate enrollment in websites and also when there are shifts in the privacy policies and terms of service. While clickwraps are generally thought to be a positive way to present the opportunity to agree/disagree, there has been criticism levelled against the practice as it allows contentious language and provisions that protect the corporation (more than the individual giving their consent). When a person agrees to the clickwrap without actually looking at the terms of service or privacy policy they are lying because they agree to having read and comprehended said documents when in fact they have bypassed them.

Browsewrap is distinguished by a user not specifically being required to click a button or box to indicate that they have read/understood/agreed to specific terms of use for said site/company/service—there will instead be a link or notice that a person is granting their consent by continuing to engage with the site/company/service. One issue related to browsewrap is that people do not necessarily know to what they are consenting.

Reading Terms and Policies
Study findings indicate people do not read service terms and privacy policies for social networking sites both when signing up and when policies are updated; if policies are opened, it is usually for long enough to find and click the ‘accept’ or ‘agree’ button. Other studies have found that females tend to read service terms more frequently than men do, and that while some people state willingness to pay more for services they believe will better safeguard their information, in practice people will usually go for a more cost effective product—even if it means less security for their personal information.

Given how most terms of service and privacy policies are designed, valid consent that is meaningful cannot be a foregone conclusion. Reasons why people do not read said policies include them being verbose, unclear, long, written in legal language that is not accessible, how the terms are displayed on screen, or even whether there is already trust established with the entity that is asking for agreement on their terms. It is worthwhile to note that effort is rarely made on the part of those companies to clarify what their terms and policies actually encompass.

It is widely accepted that most people do not read the contracts to which they consent, and for the most part contractual agreements are not read by those signing them. Though some people do actually read through the legalese of the terms they are agreeing to, this number is in the minority rather than the majority. Courts will generally abide by the validity of clickwrap contracts if there was both notice that a user could read the terms and an act where the user clicked to agree to those terms. Whether the person remembers clicking to consent or whether they actually read or understood the terms they were entering into is irrelevant ; even if a person does not recall their deliberate agree/accept button click, the policies still remain in force.

Legal Challenges
The first time clickwrap was recognized by judges in court was in 1998 during the case of ProCD, Inc. v. Zeidenberg. This case was the first time that a clickwrap agreement was taken to court, and since then judges have ruled that unless there has been deliberate deceit, even if a consumer does not read or comprehend the contents of the terms, clicking that they agree to the terms is still a valid form of consent.

Obar & Oeldorf-Hirsch
Jonathan A. Obar & Anne Oeldorf-Hirsch have conducted two studies about whether users read terms of service and privacy policies: one with a sample of 543 students in an undergraduate program, and one where the sample was comprised of 500 older adults.

In their study of the younger demographic, students were asked to sign up to a new fictional social networking service called ‘NameDrop’; they were presented with a clickwrap to skip the privacy policy or they could choose a link to read the privacy policy. On deciding to agree or not in the latter example, they were then shown the terms of service and had to decide if they agreed to them or not. This experiment included two ‘gotcha clauses’ within the fine print in order to see how carefully the terms were being read: one related to questionable policies about information sharing and another related to granting ownership of the user’s eldest child to NameDrop.

Findings of the study indicated a sense of eagerness for participants to join the NameDrop site in order to not miss out on possible connections—regardless of the terms placed on participation. 74% of the participants accepted the clickwrap and moved directly to the terms of service, agreeing to the privacy policies without reading them. In addressing the terms being skipped, one of the participants noted that: “‘it feels like a cultural norm not to read them and I’m too lazy to read them in detail’“. The research findings of the study showed only 7% of the students did not agree to the terms of service; those declining spent more time reading the terms and privacy policies compared to the median average of the full sample of participants.

What is significant about this study is that the sample was collected from students whose field of study addresses concerns about capturing of personal information and the implications related to those ends. That those most well versed on the possible negative ramifications of ignoring terms and policies do not dedicate the time to read them leads Obar and Oeldorf-Hirsch to conclude that there is minimal hope that those uneducated in such matters would dive in further if at all.

Obar & Oeldorf’s second study related to the biggest lie on the internet and how older adults would behave when signing up for the fictional social networking site NameDrop focused on 500 individuals aged 50-86 and their interaction with the terms of service and privacy policies for the website. Those involved in the study were shown a clickwrap that offered two options: to either accept the privacy policy by clicking an agree button or by an option to read the privacy policy before clicking to accept—and were then forwarded to review the terms of service; in the case of the latter option, on clicking through to read the privacy policy, the next screen would show the terms of service and again an option to either agree or not. The expected duration to read the complete terms and policy was 42 to 71 minutes, or extended times if the subjects were over age 60.

Obar and Oeldorf-Hirsch note within their literary analysis that people have a tendency to be apprehensive over sharing their information and have a desire to safeguard what information of theirs is shared. As in their earlier study, ‘gotcha clauses’ were added—clauses that were meant to cause concern by those reading them and to test who truly had read through both the terms of service and privacy policies. For this older adults study, the terms of service had replaced the child-assignment clause from the study of undergraduate students with another clause related to organ harvesting.

Results of the study focused on whether participants clicked to skip the privacy policy or to read them, as well as how long was spent reading those and the terms of service—in addition to whether or not participants agreed to them. Reading time for both terms and policies was the same for those clicking to agree and those clicking to not agree. In total, 91.4% agreed to the privacy policies and 83.4% agreed to the service terms. Of the 500 participants in the sample, only four people flagged the organ harvesting clause as problematic.

Bakos et al.
Bakos et al. surveyed 48,154 users accessing End User License Agreements (EULAs), finding that only 0.2% actually looked at the terms and policies for more than 1 second. Their study looked at the specific sites and pages visited, in what order, and the length of time spent on each of them. This study inferred that those reading the terms and policies—which is only about 0.1% of people—may have prior experience and familiarity with the language therein and thus have the ability to skim quickly. This ability to skim may account for the reason why many people spent only one minute overviewing the terms, though the researchers note that this is not necessarily a good sample of the general populace since most people don’t read those documents.

Bakos et al. find that less than 1% of people actively engage in reading/understanding the terms and policies because the opportunity cost to reading these contracts seems heavily slanted towards it being a challenging undertaking rather than easily accepting or agreeing via the clickwrap. Part of the problem with reading these policies has to do with the volume of time it would take to read all of them—equating to about 40 minutes per day every day for an entire year, or all of the residents of the United States spending 54 billion hours annually. The fact that so many people do not read privacy policies and terms indicates that this form of eliciting consent is not working as it is meant to.

Popular Media
The South Park episode “Humancentipad” addresses a fictionalized version of extreme consequences resulting from the character Kyle not having read the full user license agreement for an Apple product he has purchased.

Terms and Conditions May Apply is a 2013 documentary that addresses the declining ability to maintain privacy online, as told through interviews with politicians and social media gurus, and includes real life examples of privacy failures and deliberate actions by companies to circumvent privacy protocols. The documentary determines that “free” services do have an associated cost: that of the information of the consumer, often in the form of surveillance. This discussion of cost to the user is further elaborated on in the 2020 documentary The Social Dilemma where the issue of user-as-end-product is addressed at greater length.