back to article Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday. More and more infosec software makers now include legal language in their T&Cs insisting that their products cannot be tested for usefulness if …

  1. Anonymous Coward
    Anonymous Coward

    Business as usual in the Land of the Free...

    You're Free to do as you like / have total Freedom in America.... As long you're a CORPORATION. The rest that live there are pretty much f*cked!

    1. jtaylor

      Re: Business as usual in the Land of the Free...

      "As long you're a CORPORATION."

      You have that backwards, or replied to the wrong story.

      This act is "To prohibit the use of certain clauses in form contracts that restrict the ability of a consumer to communicate regarding the goods or services offered in interstate commerce that were the subject of the contract, and for other purposes."

      1. Anonymous Coward
        Anonymous Coward

        'You have that backwards, or replied to the wrong story.'

        The Act exists, but it still must be enforced, that's my point... How do you typically ensure its enforced? You must lawyer up! If you've no money as most Americans don't, that means a class action suit, which often only benefits the lawyers. That's what's wrong here.

        Recently, Equifax tried to get consumers to waive their rights to sue if they took advantage of the free 1-year credit monitoring. My guess is they would have gotten away with this too, only that the breach was too big, and some executives opted for insider trading!

        1. Charles 9 Silver badge

          Re: 'You have that backwards, or replied to the wrong story.'

          Or you find a Contingency lawyer. He only gets paid if you win. Makes for some encouragement.

        2. Alan Brown Silver badge

          Re: 'You have that backwards, or replied to the wrong story.'

          "and some executives opted for insider trading!"

          Yup.

          Time to public disclosure: over 36 days

          Time to dumping shares: under 36 hours

    2. Voland's right hand Silver badge

      Re: Business as usual in the Land of the Free...

      As long you're a CORPORATION

      Just the opposite in this case. The act protects only the consumer. If you are a security company, it offers you little or no protection and the whole interaction with the vendor falls under other laws on the statute books.

  2. Anonymous Coward
    Anonymous Coward

    Still better to smack down the idiots for trying it

    the US courts have had a mixed record of late when it comes to enforcing draconian terms in EULAs. Just like the forced arbitration clauses that were declared unenforceable, right up until they changed their minds, which resulted in people losing rights in court due to a clause that had been ruled unenforceable when they "Agreed" to it.

    In the U.S. it may be better to avoid agreeing to anything you aren't willing to have enforced.

    1. find users who cut cat tail

      Re: Still better to smack down the idiots for trying it

      > In the U.S. it may be better to avoid agreeing to anything you aren't willing to have enforced.

      It is *always* better to avoid agreeing to anything you aren't willing to have enforced.

      But nowadays there are essentially only two ways of doing it consistently: (a) living in a cave far from civilisation (b) being a billionaire or dictator, ideally both.

  3. Mystic Megabyte Silver badge
    Unhappy

    I bought a Trump branded MAGA hat and after DNA analysis found it to contain commie bacteria. I'm outraged I tell ya!

    1. Lysenko

      I'm confused...

      "MAGA" means "victim of a confidence trick". The term originates from Nigerian slang and typically refers to the Advance Fee Fraud commonly known as a 419 scam (example: Maga Don Pay), but it can also be used to mean "gullible fool" in a general sense.

      So, given that you bought a hat that specifically states that you've been conned, why are you surprised about this unanticipated defect?

  4. corestore

    "Some publishers even specify a fine – up to $25,000 in some cases"

    I hate it when every jobsworth with a clipboard and a yellow waistcoat pretends they can 'fine' people.

    A fine is a form of punishment which may be imposed by a court after a criminal conviction as an alternative to prison.

    What these people attempt to do is issue *invoices*. Only the nature of the paper used makes them unsuitable for toilet paper.

  5. sitta_europea

    Never mind how they do it or whether it works... WHO ARE THEY?

  6. Christoph Silver badge

    So don't review them

    If you don't use the product you aren't subject to its T&Cs. So in your review of security products just describe those T&Cs and note that you'd have to be crazy to buy a product with T&Cs like that.

    1. Voyna i Mor Silver badge

      Re: So don't review them

      "and note that you'd have to be crazy to buy a product with T&Cs like that."

      Exactly. How would anybody trust a company which banned negative reviews of its products? There's only one reason why they would do that.

      1. Anonymous Coward
        Anonymous Coward

        Re: So don't review them

        How do all these clauses 'Trump' the 1st Ammendment to the US constitution?

        Don't they try to restrict your 1st ammendments rights?

        If it is that bad then a video of how bad it is and posted on YouTube will soon go viral.

        1. Destroy All Monsters Silver badge

          Re: So don't review them

          will soon go viral

          More like "will be memholed by The Goog's Memhole Squad"

        2. Alan Brown Silver badge

          Re: So don't review them

          "How do all these clauses 'Trump' the 1st Ammendment to the US constitution?"

          Simple, the outfits trying to gag reviews aren't the government. - "Congress shall make no law, etc etc"

          As for reviews, I'd take the lead of another commenter and simply post "We'd love to review the product, however the T&Cs say this: ...... - on that basis we recommend avoiding the product."

    2. JulieM Silver badge
      Boffin

      Re: So don't review them

      You overestimate people, if you think they won't buy software subject to egregious terms and conditions of use, even despite any merit they may falsely ascribe to such conditions.

      People are still buying software without the Source Code, for crying out loud. And the only reason why anyone would conceal Source Code from users is to disguise what a crock of shit they believe it to be. (I'm proud of the code I write, and I'll gladly show it to anyone; I believe that's what the youth of today refer to as "owning it".)

      In some cases, they even look past software whose Source Code is made available to them in favour of inferior software made available in binary form only without Source Code. It's the old "I don't see why I need it, therefore nobody needs it" fallacy.

      1. This post has been deleted by its author

      2. Amorous Cowherder
        Facepalm

        Re: So don't review them

        "People are still buying software without the Source Code, for crying out loud. And the only reason why anyone would conceal Source Code from users is to disguise what a crock of shit they believe it to be."

        What planet are you on?! The average person doesn't understand or even care how a car works, they would never buy a workshop or manufacturer service manual, so long as the engine fires and they can drive it that's all they're concerned with. So why the heck would they care about the code that underpins the software they use on a daily basis?! Just 'cos Hotpoint won't automatically issue me with the service manual for my washing machine that didn't stop me buying one of their machines.

        Just because I don't know exactly how a device works, doesn't mean I need to know and doesn't stop me trusting the manufacturer. So long as I get some basic assurance the product is generally fit for purpose I'm OK with purchase. I think FOSS and GPL are superb ideas, they give those who want them choices but for most of us life is too short and too busy to worry about knowing everything about everything. You have to pick your battles carefully and for average Joe Public knowing how an app works is not even going to make it on the top 1000 list of things they need to know in their daily lives.

      3. Terry 6 Silver badge

        Re: So don't review them

        JulieM

        Do you, really, in all honesty think that the many users of software would know what to do with source code, or that it even existed. Or was it just trolling? Even techie purchasers of infosec software are probably not likely to have the time or skills to examine vast pages of code, assuming that said code is even sufficiently clear to be followed.

        I actually agreed the first paragraph. The whole "apps" business is built on users clicking through Ts&Cs that say " we will copy all your data, sell your family into bondage and rent out your house to foreign businessmen for use as illicit love nests". (Or they might for all anyone knows).

      4. Alan Brown Silver badge

        Re: So don't review them

        "And the only reason why anyone would conceal Source Code from users is to disguise what a crock of shit they believe it to be"

        It's worth noting that in a lot of cases the source code that you see isn't the source code that was actually used.

  7. JimC Silver badge

    I'm kinda torn, because there's also the well known "Give me a discount or I'll post a negative review on xxx" blackmail, and there ought to be some kind of reasonable defence against that.

    1. Lysenko

      There is a defence against that in the UK...

      Making an unwarranted demand with menaces with a view to making a gain or causing a loss is a criminal offence under s.21 of the Theft Act 1968. That's one (of many) reason lots of companies record all phone calls. If it happens, advise the extortionist that you're calling the cops (penalty: fine and/or up to 14 years as a guest of her Majesty).

    2. Remy Redert

      There is, it's called extortion and it's illegal for a good reason.

      1. Anonymous Coward
        Anonymous Coward

        1/10 - Poor

        We have rated this product 1/10 due to unconscionable terms contained within their EULA which precluded the publishing of a full review. We can only conclude that if the manufacturer is so afraid of an unbiased review that they have to use these tactics, then the product is clearly not of sufficient quality to recommend to consumers. Our copy of the software was returned unused for a refund - if you've already purchased a copy we would suggest you do the same.

        **************

        That wouldn't be extortion, it would be fair comment - and the EULA wouldn't apply.

        Unfortunately the companies who review software need the software companies more than the software companies need the reviewers, so don't expect anything like this to actually happen.

  8. Anonymous Coward
    Anonymous Coward

    Now for the fun part: what happens if someone DOES include those terms?

    Maybe it's just me but I like companies trying this - no, no, hold your outrage, bear with me on this.

    When evaluating a supplier, you should not just look at the product but also the business because it gives you a good hint of the quality, flaws, future and support of the product you're buying.

    A company which pre-emptively seeks to quell bad reviews is actively worried about those. In other words, this company doesn't like feedback to improve its product, which suggests they either KNOW the product will get a bad review, fear it, or even both.

    This declares whatever you're thinking of buying not only a potential steaming pile of problems, but it also suggests the organisation involved will rather hide behind lawyers than address the problems or use the feedback to make the product better (actually, let's start with "acceptable" first).

    Ergo, the presence of such conditions in the T&Cs acts as a nice evaluation shortcut: it sends a very clear "do not buy under any circumstances" signal. I'd avoid a company trying this like the proverbial plague.

    1. joea

      Re: Now for the fun part: what happens if someone DOES include those terms?

      Now, if people would only *Read* the "Terms and Conditions". I'd guess less than 1% of users read any, let alone all, of any T&C.

      1. John Brown (no body) Silver badge

        Re: Now for the fun part: what happens if someone DOES include those terms?

        "I'd guess less than 1% of users read any, let alone all, of any T&C."

        In the UK and the rest of the EU we have a thing called "fairness". If a contract is clearly imbalanced on one side, potentially the entire contract could be invalid if it gets to court. T&Cs, especially those where you don't get to see them until after the purchase are generally not worth the paper or pixels they are written on. Most especially those written by US lawyers for US products sold here. It's very, very rare for a challenged T&C document to reach court because the companies are terrified of legal precedent being set where they are fairly certain to lose.

      2. annodomini2
        Coffee/keyboard

        Re: Now for the fun part: what happens if someone DOES include those terms?

        "Now, if people would only *Read* the "Terms and Conditions". I'd guess less than 1% of users read any, let alone all, of any T&C."

        Unfortunately you need a law degree and many years experience of contract law to understand these things, such is how they are written.

        Someone also worked out that if we actually read all the T&Cs forced upon us over a lifetime it would take ~10 years to read all of them.

        1. Jack of Shadows Silver badge
          Meh

          Re: Now for the fun part: what happens if someone DOES include those terms?

          Someone also worked out that if we actually read all the T&Cs forced upon us over a lifetime it would take ~10 years to read all of them.

          Not so much. After a few dozen you get the flow in these things. After a while it's more like running a checklist, just as is the case with most boilerplate contracts. Then you notice what they don't cover.

    2. joea

      Re: Now for the fun part: what happens if someone DOES include those terms?

      Great reasoning. Now if only reality would follow along.

      How many users actually READ the Terms and Conditions? 1% or less, I's guess.

  9. Dwarf Silver badge

    Caveat Emptor

    Who realistically buys anything that is based solely on the manufacturers statement of how perfect their product is ?

    After all, these statements are made up by their marketing departments who are so far away from reality and unfortunately too far away from a ticket on the B ark

    Independent reviews are good as long as they are truly unbiased and based on fact that others can independently verify (i.e. by repeating the tests themself).

    Personally, I won't buy something until I've read a number of reviews and extract the common thread from them.

    I agree with @JimC that those who post fake reviews for personal gain should feel some pain, but in the modern world where common sense has been removed and things are solely based on the accountants "lowest cost option" the companies set themselves up for this sort of situation, so its mostly their own fault.

    1. Mike 125

      Re: Caveat Emptor

      >> in the modern world where common sense has been removed and things are solely based on the accountants "lowest cost option" the companies set themselves up for this sort of situation

      And in that world, it follows that there are individuals and companies which exist solely to post convincing fake reviews - the profits are enormous. Online reviews are entirely meaningless.

      I take this line: If a company opts to sue for extremely thorough, independent, open, and free testing of its product, then it is insane and therefore to be avoided at all costs.

    2. annodomini2
      Devil

      Re: Caveat Emptor

      "After all, these statements are made up by their marketing departments Turd Polishers who are so far away from reality and unfortunately too far away from a ticket on the B ark"

      Corrected it for you

  10. Anonymous Coward
    Anonymous Coward

    It works fine for eBay ...

    What's the fuss? eBay have been doing this since 2008. Years earlier Pierre Omidyar felt it was a great idea to invite feedback (and it was), but one day they woke up with a brilliant idea... BAN negative feedback! Who needs all this negativity the marketeers decided. Buyers are eBay's product, and these 'products' should only receive +ve ratings... eBay's products are just great now...

  11. unwarranted triumphalism

    Maybe they should have thought about the consequences before slandering a company. Just sayin'

    1. JulieM Silver badge

      Not Slander

      Not even libel. To be misrepresentation of any flavour, it has to be untrue.

      Only someone whose reputation was built upon lies could ever object to the truth being told.

  12. SVV Silver badge

    No problem

    If the terms and conditions ban bad reviews then you should automatically assume it's shit.

  13. Black Betty

    It was restaurants, B&Bs and extracting penalties directly from customer's credit card's that brought this legislation on.

  14. Bill M

    Great!! So we can all slag off the Register whatever their T's n C's say

    Must admit I ain't read their T's n C's though.

    1. Mike 125

      Re: Great!! So we can all slag off the Register whatever their T's n C's say

      wot???????

      I love that some people don't even get the question, let alone the answer! Hahahaha............oh my lord!!!!!!!!! \i'm falling off my chair

  15. Jonathan 27 Bronze badge

    If someone tries to give me a set of ridiculous terms and services I just turn around and leave... Leave a bad review on all the social medias that is! I also go somewhere else, because that's a clear sign that the business in question is terrible and not worth my time or money.

  16. Destroy All Monsters Silver badge
    Windows

    It's all about greed. Do anything. Kiss anything. Debase yourself anyway. To rake it in.

    So, that's the CrowdStrike brought in by the DNC to emit unverifiable proof of Russian Hacking of the DNC servers around July 5, which was then "made plausible" by someone calling himself Guccifer 2.0 emitting russiana-tainted word-docs as marker material? Then it turns that it got all hoovered up via USB 2,0 device...

    Interesting

    One reasonable objection to these findings is that Crowdstrike’s excellent cyber protection system, Falcon, was in place prior to July 05, and, therefore, a hack could not have occurred on this date. The locale of the 5th event is in question, whether on a DNC server or later on a copy previously made. True, the action could have been on an earlier copy, in which case Falcon is irrelevant. However, were the action to have occurred on a DNC server then questions arise on the protection granularity decision making criteria of Falcon. For instance, would Falcon stop a DNC user with privileged access, e.g., System Programmer or even a regular authorized user, from copying/downloading something? Here, the conclusion is that it was a local copy, so this question is relevant.

    ZERO CREDIBILITY!

  17. Mike Rodgers

    Don't worry. Our illustrious "leaders" will soon realize they voted for the wrong party to be protected. You can rest assured they'll fix it just as soon as it's pointed out to them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019