*.ycombinator.com Terms of Use(ycombinator.com)
ycombinator.com
*.ycombinator.com Terms of Use
https://www.ycombinator.com/legal#tou
80 コメント
> I wonder what changed and made them add the new terms of use.
CCPA's April enforcement deadline, most likely.
CCPA's April enforcement deadline, most likely.
> I wonder what changed and made them add the new terms of use.
Probably a lawsuit, mandatory arbitration avoids lawsuits. I’m just guessing, I have no concrete info.
Probably a lawsuit, mandatory arbitration avoids lawsuits. I’m just guessing, I have no concrete info.
Maybe it’s related to their decision to turn YCombinator into a “safe space” for very specific people; or the way YC takes steps to silence some voices while hiding the fact that they’re silenced. These are deliberate decisions that cause the site to work very differently than naive people envision it from working.
I’m not crazy enough to sue over that shit; but somebody might be.
I’m not crazy enough to sue over that shit; but somebody might be.
It's hard to tell what these dark insinuations refer to, but there's nothing (that I'm aware of) that hasn't been fully explained many times—nor are there any questions we don't answer. If you're talking about shadowbanning, for example, there's plenty of explanation at https://news.ycombinator.com/item?id=23686672 and the links back from there.
amznthrwaway(1)
> You agree to not use the Site to: [...]
> advertise or offer to sell or buy any goods or services for any business purpose that is not specifically authorized;
Heh. I'd say this part is disconnected from reality.
A very significant number of posts and comments recommend aka advertise (in one way or another) various goods or services. Typically third-party goods or services ("I use this"), sometimes first-party ("we made this"). And this is what brings huge value to the website. I get it, ToS are about spam, but it's probably impossible to discern good and bad advertising in legal terms.
> advertise or offer to sell or buy any goods or services for any business purpose that is not specifically authorized;
Heh. I'd say this part is disconnected from reality.
A very significant number of posts and comments recommend aka advertise (in one way or another) various goods or services. Typically third-party goods or services ("I use this"), sometimes first-party ("we made this"). And this is what brings huge value to the website. I get it, ToS are about spam, but it's probably impossible to discern good and bad advertising in legal terms.
Specific authorization is probably fulfilled here:
https://news.ycombinator.com/newsguidelines.html
> Please don't use HN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity.
Emphasis mine.
---
Edit: It gets more interesting with the WhoIsHiring threads. I haven't seen specific authorizations for them, but considering HN staff have commented in said threads in the past (https://news.ycombinator.com/item?id=26306206), this may also be specifically authorized. (I don't know who owns WhoIsHiring)
https://news.ycombinator.com/newsguidelines.html
> Please don't use HN primarily for promotion. It's ok to post your own stuff occasionally, but the primary use of the site should be for curiosity.
Emphasis mine.
---
Edit: It gets more interesting with the WhoIsHiring threads. I haven't seen specific authorizations for them, but considering HN staff have commented in said threads in the past (https://news.ycombinator.com/item?id=26306206), this may also be specifically authorized. (I don't know who owns WhoIsHiring)
Given the link to WhoIsHiring posts on https://news.ycombinator.com/lists , I'm going to guess they qualify as not unauthorized at this point.
WhoIsHiring is a Hacker News bot. Y Combinator created it, so advertising there would plausibly count as explicit authorization.
The first meaningful Terms of Use seems to have gone live Feb 17, 2017. After that, January 1, 2020, and then January 15, 2021.
Pre-2017: http://web.archive.org/web/20161229045611/http://www.ycombin...
2017: http://web.archive.org/web/20170303015020/http://www.ycombin...
2020: http://web.archive.org/web/20200130013739/https://www.ycombi...
2021: http://web.archive.org/web/20210301143626/http://www.ycombin... (current linked)
I'm still doing diffs.
Edit:
2021 (left) v. 2020 (right) diff:
https://imgur.com/a/8LKXKNs
2020 (left) v. 2017 (right): Privacy policy was significantly reworked, not the biggest surprise considering CCPA, but n++ is choking on the compare. Some interesting TOU changes though:
https://imgur.com/a/q4zzm8G
Pre-2017: http://web.archive.org/web/20161229045611/http://www.ycombin...
2017: http://web.archive.org/web/20170303015020/http://www.ycombin...
2020: http://web.archive.org/web/20200130013739/https://www.ycombi...
2021: http://web.archive.org/web/20210301143626/http://www.ycombin... (current linked)
I'm still doing diffs.
Edit:
2021 (left) v. 2020 (right) diff:
https://imgur.com/a/8LKXKNs
2020 (left) v. 2017 (right): Privacy policy was significantly reworked, not the biggest surprise considering CCPA, but n++ is choking on the compare. Some interesting TOU changes though:
https://imgur.com/a/q4zzm8G
This comment made me notice a small typo in the 2017 version fixed in 2020
> h. Future Changes to Arbitration Agreemen
Someone forgot to dot their Is and cross their Ts :)
> h. Future Changes to Arbitration Agreemen
Someone forgot to dot their Is and cross their Ts :)
They allow only California residents to delete their personal information, and they may require proof of residency to initiate a deletion. I am disappointed.
I don't speak legalese, but I can tell you what the actual practice is. For YC data (e.g. applications to YC, participation in Startup School, Work at a Startup, and so on), we delete people's data when they ask us to. For HN data, it's more complicated—we try not to delete posts that got replies, because that's unfair to the commenters who replied, and so on. But we have a lot of tricks to help people in more precise ways than wholesale deletion, and we help people with such requests every day. This is in HN's FAQ: https://news.ycombinator.com/newsfaq.html. There's more explanation at these links from yesterday:
https://news.ycombinator.com/item?id=26962860
https://news.ycombinator.com/item?id=26959559
https://news.ycombinator.com/item?id=26959675
https://news.ycombinator.com/item?id=26962860
https://news.ycombinator.com/item?id=26959559
https://news.ycombinator.com/item?id=26959675
Unless it's changed, I remember that there's no agree checkbox on the sign-ups page. How enforceable is this?
Do they comply with GDPR now?
Here's what HN admins were responding last yeat to requests to have your account deleted (article 17 of the GDPR):
>Our understanding based on the analysis done by YC's legal team is that Hacker News does not fall under the GDPR, so for the time being we're sticking with the approach of not deleting account histories wholesale but helping with privacy concerns in any other way we can. The problem with deleting entire histories is that it guts the threads the account had participated in, which is unfair to the other users who posted.
Here's what HN admins were responding last yeat to requests to have your account deleted (article 17 of the GDPR):
>Our understanding based on the analysis done by YC's legal team is that Hacker News does not fall under the GDPR, so for the time being we're sticking with the approach of not deleting account histories wholesale but helping with privacy concerns in any other way we can. The problem with deleting entire histories is that it guts the threads the account had participated in, which is unfair to the other users who posted.
Can someone explain the legalese. I'm having a hard time deciphering it
ToS;DR has your back: https://tosdr.org/en/service/636 (Though it's not complete yet.)
Wow. That is a brilliant link. Thanks for sharing.
I don't know why terms can't be written that simply in the first place.
I don't know why terms can't be written that simply in the first place.
The "good" answer for why terms of use and contracts are written more complexly is because they encode more complex information, that is less subject to varying interpretations.
Though certainly there is a 'pattern' to these that I think lawyers just fall back into that can be less understandable than needed.
If nothing else, many contracts are written in a somewhat weird frame, where one party is referred to in third person, and the other in second person. And often phrasing is so that the second person needs to recognize a claim of the third person ("you acknowledge etc etc").
In many ways, contracts are like the ultimate reversal of YAGNI. Imagine deploying code that you literally could not fix after release, and you knew that nearly all deviations from intended behavior would just kick you in the butt. Your code (and general product function) would probably get a bit weird too.
Though certainly there is a 'pattern' to these that I think lawyers just fall back into that can be less understandable than needed.
If nothing else, many contracts are written in a somewhat weird frame, where one party is referred to in third person, and the other in second person. And often phrasing is so that the second person needs to recognize a claim of the third person ("you acknowledge etc etc").
In many ways, contracts are like the ultimate reversal of YAGNI. Imagine deploying code that you literally could not fix after release, and you knew that nearly all deviations from intended behavior would just kick you in the butt. Your code (and general product function) would probably get a bit weird too.
Two reasons:
1. Legal contracts are supposed to be as detailed as possible so there's as little room for disagreement as possible when taken to court.
2. It's better for companies if users don't take the time to read and understand their terms, and beyond a certain length and complexity they will just scroll through and click yes.
1. Legal contracts are supposed to be as detailed as possible so there's as little room for disagreement as possible when taken to court.
2. It's better for companies if users don't take the time to read and understand their terms, and beyond a certain length and complexity they will just scroll through and click yes.
3. Lawyers are incentivized to write incompehensibly because it helps keep them in business.
4. It's easier to write incompehensible legal text than simple English that a layman can follow, and customers seldomly call lawyers out on it because they've been trained to accept this as the status quo (also see 3).
4. It's easier to write incompehensible legal text than simple English that a layman can follow, and customers seldomly call lawyers out on it because they've been trained to accept this as the status quo (also see 3).
I like this, curious if the interpretations are legally survivable but still very cool.
If the interpretations are accurate and complete, they'll presumably have the same impact as what is being interpreted. If the interpretations are inaccurate, then your reliance on them will not be a defense. For example, suppose TOU;dr got the arbitration requirements wrong. You could not sue ycombinator then argue that you had relied on TOU;dr, thus you were not bound by the arbitration agreement in the ycombinator TOU.
Which part specifically is confusing you? Like, it's a long TOU, so I don't think anyone's gonna write down the whole explanation here, but let's pick one paragraph:
> Commercial Use: Unless otherwise expressly authorized herein or in the Site, you agree not to display, distribute, license, perform, publish, reproduce, duplicate, copy, create derivative works from, modify, sell, resell, exploit, transfer or upload for any commercial purposes, any portion of the Site, use of the Site, or access to the Site. The buying, exchanging, selling and/or promotion (commercial or otherwise) of upvotes, comments, submissions, accounts (or any aspect of your account or any other account), karma, and/or content is strictly prohibited, constitutes a material breach of these Terms of Use, and could result in legal liability.
This means: don't use the content of the site to make derivative works to make money, otherwise we might sue you.
It's mostly straightforward stuff like that. If there's a specific part that you're having trouble with, I'm happy to have a crack at explaining it.
> Commercial Use: Unless otherwise expressly authorized herein or in the Site, you agree not to display, distribute, license, perform, publish, reproduce, duplicate, copy, create derivative works from, modify, sell, resell, exploit, transfer or upload for any commercial purposes, any portion of the Site, use of the Site, or access to the Site. The buying, exchanging, selling and/or promotion (commercial or otherwise) of upvotes, comments, submissions, accounts (or any aspect of your account or any other account), karma, and/or content is strictly prohibited, constitutes a material breach of these Terms of Use, and could result in legal liability.
This means: don't use the content of the site to make derivative works to make money, otherwise we might sue you.
It's mostly straightforward stuff like that. If there's a specific part that you're having trouble with, I'm happy to have a crack at explaining it.
Why anyone has the authority to compel public expectations based on the arrangement of bits.
Not to get too reductive or anything, but the reasons are very similar to why people have the authority to compel public expectations based on the arrangement of atoms (e.g. you aren't allowed to stab me, etc.). Namely: those with the power to enforce those rules think it's a good idea to do so, and the public continues to support that configuration of the legal system.
Absolutely. I think that's how we got here. But, the thought regulation regime is pretty new historically. I don't know why we accept it, on the basis.... That thoughts ... Take up space?
I'm afraid I'm a little confused about what your question is. I don't think the notion that thoughts take up space has anything to do with why TOUs are enforceable in the US. It's more because the relevant stakeholders are either largely not very interested in or impacted by TOUs (the public at large) or are interested in and positively impacted by TOUs (the services offered with TOUs).
Strange that it mentions CCPA but not GDPR. Is HackerNews GDPR compliant? What are they tracking/storing?
I'm guessing being a US organization they don't care about GDPR just as they don't care about adhering to Chinese internet standard laws.
If you serve EU customers, you have to comply with GDPR no matter the jurisdiction you are based in.
Unless you are prepared to completely sever business ties with Europe.
Unless you are prepared to completely sever business ties with Europe.
According to Article 3 of GDPR, it applies to processing if any of three conditions are met:
1. Processing that takes place in the context of processors and controllers that are in the Union, regardless of whether or not the processing itself takes place in the Union.
2. Processing the data of subjects who are in the Union by controllers or processors who are not in the Union if the processing is related to offering goods or services to such subjects in the Union or the processing is related to monitoring the behavior of such subjects that takes place in the Union.
3. Processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
If none of those cover an entity, that entity's processing is not covered by GDPR.
#2 would probably be the only relevant one for HN.
Is HN offering goods or services to subjects in the Union? Sure, people in the Union can access HN and even make accounts. But that might not be enough. One of the recitals for Article 3 elaborates:
> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.
Does HN envisage offering services in the Union, or is it simply a site that happens to work when accessed from the Union but was not envisaged to do so?
Another recital elaborates on the monitoring of behavior of subjects in the Union:
> In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether natural persons are tracked on the internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.
HN seems to collect minimal data. It might not rise to the level of monitoring that would be needed to count as monitoring behaviour.
1. Processing that takes place in the context of processors and controllers that are in the Union, regardless of whether or not the processing itself takes place in the Union.
2. Processing the data of subjects who are in the Union by controllers or processors who are not in the Union if the processing is related to offering goods or services to such subjects in the Union or the processing is related to monitoring the behavior of such subjects that takes place in the Union.
3. Processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
If none of those cover an entity, that entity's processing is not covered by GDPR.
#2 would probably be the only relevant one for HN.
Is HN offering goods or services to subjects in the Union? Sure, people in the Union can access HN and even make accounts. But that might not be enough. One of the recitals for Article 3 elaborates:
> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.
Does HN envisage offering services in the Union, or is it simply a site that happens to work when accessed from the Union but was not envisaged to do so?
Another recital elaborates on the monitoring of behavior of subjects in the Union:
> In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether natural persons are tracked on the internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.
HN seems to collect minimal data. It might not rise to the level of monitoring that would be needed to count as monitoring behaviour.
Collecting minimal data (or no data at all) is also a way of being 'GDPR compliant' :)
What’s the best practice for making a Terms & Conditions or Privacy Policy page these days? Eg if you start up a social network like hackernews
Lawyer obviously is the best practice.
Is there a specific kind of lawyer that is best suited for this work?
Who will copy paste it from another site..
We run our SaaS on Digital Ocean's backend and their TOS says that anything we allow onto their boxes has to comply, so that means our customers have to comply with DO's TOS.
To handle this, we link to theirs in place of a custom one.
To handle this, we link to theirs in place of a custom one.
I like this. I imagine it’s roughly similar eg using heroku?
It might be. Worth checking into their TOS to see if your customers must comply. I'd say, "probably."
brighton36(5)
I wonder what changed and made them add the new terms of use.
[0]: http://web.archive.org/web/20141020194316/https://www.ycombi...