Terms of Service

[Sherry]

Looks like a new TOS and Privacy Policy for us. I posted about it in the "Fastmail Acquired by Opera!" thread so thought I'd put a link to that post in this thread.

New TOS and Privacy Policy

Sherry

[erimess]

Why do I feel like 99% of you have never read a TOS or privacy policy before? This is pretty standard stuff, yes. For those who say that being standard doesn't make it right -- well, I see the point. However, it's also true that it can't go against law.

For example, that they can just dump your service "without a cause" seems to make everyone nervous. I like the landlord analogy. Tenants have all the rights - so landlords have to stick everything under the sun in a contract just to save their butts, and even then, it can be very difficult for them. The lease can't go against the rights the tenants already have. I'm not expert at the law, but I suspect you have the same deal here -- it has to be written before Fastmail has any right to do anything they need to do. That's because they're already under the obligation to provide the service you paid for. If there's someone out there causing problems, and possibly jeopardizing me as a customer, I'd want Fastmail to be able to just dump them, immediately. I believe what Jeremy said that other places have had issues when their terms are too tight. And I don't for a minute believe my account is going to get suddenly canceled. If it did by mistake (e.g. they think I did something that I didn't) -- what about all those backups they have? In fact, something can happen to my account without them canceling it. I'd said it's probably MORE likely that something would just happen due to some technical malfunction rather than losing my account because they cancel it "without cause."

All TOS and privacy policies I've read are full of legalese I can't quite understand but I get the gist. I think it's a bit silly for it to be worded only in a way we can understand every word of it, because then it won't stand up against the law. It has to be written in a legal form that works for the law. Yes, it's a shame legal language has to be so hard to understand, but if they made it so we could understand it, it might not be legal anymore.

My only real concern is suddenly having all my private stuff going to another company without my permission (yes, it did happen that way since it happened suddenly) - I'm not planning to cancel so it's not about that, and whether something in the future is going to be really bad about the service. I'm not going to assume everything is going to suddenly fall apart - I just get a little leary when stuff like this happens. Too many "improvements" are worse.

But the TOS is not really what concerns me. As Sherry said, there's a certain amount of trust. I'm right now having issues with another company because of what seems a breech of some privacy. There aren't very many privacy laws to begin with, and I doubt there's anything illegal about what is happening, but it's still wrong. Good, credible companies don't do stuff like that. From what little I've seen about Opera here, I think I'd probably trust them.

[brong]

It's exactly the same people running it. One person that the Opera management trust (and incidentally I do too, I met him the last month when he came to Australia to meet us) has been given access to the production systems just to check that everything was there.

The only difference is - I represent Opera Software Australia (not "Opera Australia" - they sing and wear funny outfits) rather than FastMail Partners or MessagingEngine or whatever they called themselves this week (I never tried to keep track - it seemed that every few years it was worth changing the way the company was structured to get the best tax position. Having most of the company income be in US dollars and coming from overseas made for interesting times for the accountants! So long as I received the same paycheque I didn't really care which name appeared on the top...)

My understanding is that there was some debate over the Novation - if it was even necessary or not. Some lawyers said yes, some said no. The safer option was to do it, otherwise someone could mount a legal challenge and get us locked out of the servers or some such silliness, and we didn't want to risk interruption of service while we went around to all users and got them to click a button. It's impossible to guarantee that I won't see the content of some random email while debugging a problem.

For example - we've had disk recovery situations where I've had to check particular disk blocks - they might contain someone's email.

We've had a security bug in our mail software. We discovered it when one particular user's Sieve script triggered crashes - but only on particular emails. I had to read both the script and those emails - and indeed copy them to my testbed and make modifications until I could trigger the crash repeatedly. Then I could track down what was causing it.

We even had one bug with body searches where if a part of an email was exactly aligned on a 4096 byte
boundary it could cause the regex engine to try to write one byte outside a the mapped file. Amazingly difficult to track down, and I wound up reading a whole bunch of emails from different users' mailboxes. Mostly spams I have to admit - and I didn't care about the contents, just the structure and looking for common features. At no time was I trying to invade peoples' privacy.

Have I mentioned the email with hundreds of images attached, each in a separate part? It was the most amazingly complex MIME structure I've ever seen.

And then there's character set issues - though those emails are usually taken from someone's "ForWebmaster" folder after they give us permission. But if something was causing crashes, I'd look first and ask questions later, for sure. I don't talk to anyone about what I see in emails - it's part of the job. I certainly can't guarantee that I won't see any particular email, but I can guarantee that I'm not reading a million emails a day, and I'm not running any job that searches the contents of emails for anything either.


(that said, I did run a job in the past that read millions of emails to gather statistical data about the number and size of different encoding headers so I could optimise how we cache things - so we do statistical work on our mail corpus as well. Even just to decide what size hard disks to buy for data vs meta storage)


Hope that clears up why we do need permission to look at mail contents when it's necessary for the purpose of keeping the service running. Honestly, I suspect I look at about one email per month, if that. I haven't needed to for over a year, but there were a couple of times when I had to look at a few in quick succession.

[yitzhaq]

Quote:

Originally Posted by erimess

For example, that they can just dump your service "without a cause" seems to make everyone nervous. I like the landlord analogy. Tenants have all the rights - so landlords have to stick everything under the sun in a contract just to save their butts, and even then, it can be very difficult for them. The lease can't go against the rights the tenants already have. I'm not expert at the law, but I suspect you have the same deal here -- it has to be written before Fastmail has any right to do anything they need to do. That's because they're already under the obligation to provide the service you paid for. If there's someone out there causing problems, and possibly jeopardizing me as a customer, I'd want Fastmail to be able to just dump them, immediately. I believe what Jeremy said that other places have had issues when their terms are too tight.

Before I joined Opera, I worked for a Norwegian ISP, and spent much of my time working with service abuse. What we found rather quickly was that, with your average ToS, there was little that could legally be done against customers whose Windows boxes had become botnet zombie drones. We could tell them, sure, make them aware of the problem, tell them it's something they really ought to fix. But until you were able to cut off their access, or at least significantly limit it, the problem just kept growing to the point where it was affecting the service of other customers, and hurting the reputation of the ISP for not taking abuse seriously.

I'm not familiar with the specific discussion taking place here, but in general I would absolutely agree that you do need such clauses in your ToS to preserve the quality of your service. It's probably akin to spammers setting up shop with FM - you need to be able to kick those users out, for the better of everyone. Having that ability doesn't mean anyone is going to start going postal with accounts.

[mariner]

I’m unpersuaded by the image of a poor, defenseless multimillion-dollar corporation that just has to ask customers to sign over all their rights.

Why this attitude of subservience? I’m usually pro-business in my opinions, and I certainly favor tort-reform, but there’s such a thing as going too far!

“They have to!” No, they don’t have to, or everyone else would too. As has already been pointed out above, Runbox (for example) has a more customer-friendly termination policy than FastMail does. And, as I’ve pointed out in the privacy policy thread (see “Examples”), there are several companies with policies far more protective of customers than FastMail’s. They’re all still in business.

Quote:

Originally Posted by erimess

The lease can't go against the rights the tenants already have. I'm not expert at the law, but I suspect you have the same deal here

Obviously these agreements have consequences: if there were no rights you could sign away, there would be no point in getting you to do so! For example, in America at least, many companies require their employees to give up the right to sue the company, requiring them to agree in advance to private arbitration. Private arbitrators rarely decide in favor of employees, so it works out quite nicely for them.

Quote:

If there's someone out there causing problems … I believe what Jeremy said that other places have had issues when their terms are too tight.

That’s what lawyers are for. The thing is, as a business-owner, you have to tell your lawyer that you actually want terms that are equitable for the customer. Otherwise — because he is your lawyer — his job is to craft terms that reduce your customers’ rights as much as possible.

Quote:

I think it's a bit silly for it to be worded only in a way we can understand every word of it, because then it won't stand up against the law …. if they made it so we could understand it, it might not be legal anymore.

Again, why do people think things like this? Obscure language — by which I mean jargon — is 1) great for making money for lawyers, 2) even better for their reputations as High Priests, and 3) perfect for hiding a rip-off. (That’s why people say to “read the fine print,” isn’t it?)

A contract to provide email service is not a nuclear arms treaty! Have a look at Opera ASA’s basic policy for disclosure of information to third-parties:

We protect your data from disclosure, with the exception of matters where designated by law or court order.

That’s the whole thing. I guess they never heard that contracts have to be incomprehensible! Hopefully this charming naiveté will spread to Opera Software Australia as well.

[mariner]

Quote:

Originally Posted by brong

Hope that clears up why we do need permission to look at mail contents when it's necessary for the purpose of keeping the service running.

Thanks — it’s great that you’re offering this level of detail.

The thing is, if “necessary for the purpose of keeping the service running” is the standard, then why not have the policy say so? That specific wording is probably too narrow, but consider the text that Opera ASA uses in this respect:

It is the policy of Opera Software to process personal data for purposes that are objectively justified by Opera Software's service ….

(Here’s the rest of the sentence: “… and to perform the processing in accordance with fundamental respect for the right to privacy, including the need to protect personal integrity and private life and to ensure that personal data are of adequate quality.”)

That’s a lot tighter than FastMail’s current policy.

[B4its2L8]

Uhh.... how many times are you going to post this ?

[Sherry]

Moderator: The cross-posts has been deleted and the member banned.

[tehsux0r]

Quote:

Originally Posted by Sherry

Moderator: The cross-posts has been deleted and the member banned.

Who precisely has been banned?

[Sherry]

Quote:

Originally Posted by tehsux0r

Who precisely has been banned?

Moderator: Please see Rule B). Thank you.

[tehsux0r]

Quote:

Originally Posted by Sherry

Moderator: Please see Rule B). Thank you.

I'm sorry, but this response is not relevant to my question. I am neither debating nor second-guessing, but asking for information on what has occurred. You provided no indication of who you were referring to in your post about the banning, and I am asking for one because I would like to know. I fail to see how this is prohibited, or touched upon in any way, by rule B.

[robert@fm]

Quote:

Originally Posted by tehsux0r

You provided no indication of who you were referring to in your post about the banning, and I am asking for one because I would like to know.

In my experience, moderators rarely give any clue as to the user ID which as been banned (after all, it could be someone just making the post for ego-boosting purposes, and why give them the satisfaction?), and almost never leave any trace of the incident leading to the ban.

However, I suspect (from B4its2L8's post) that it refers to a poster who both made this (possibly NSFW) post and copied and pasted it as a new thread. He was warned (and his thread deleted), but chose to ignore both the warning and the implications of the thread deletion, to start another new thread (which of course got deleted as soon as the mods spotted it -- really, what on earth did he expect?). To judge from other posts, he pasted the same identically-worded post into this thread -- thereby triggering proof that even our very tolerant (compared to most) mods have their limits (again, what else could have been expected?).

[tehsux0r]

Quote:

Originally Posted by robert@fm

In my experience, moderators rarely give any clue as to the user ID which as been banned (after all, it could be someone just making the post for ego-boosting purposes, and why give them the satisfaction?), and almost never leave any trace of the incident leading to the ban.

Indeed - that's been my experience too. The post you point to was one I didn't even see before it disappeared, which is what caused my confusion when I saw the notice! If I'd known that all copies of the post had been removed, then I wouldn't have asked about it, but I was afraid that one of the active contributors to this thread might have fallen foul of a rule and got banned for it. Never mind!

Quote:

Originally Posted by robert@fm

However, I suspect (from B4its2L8's post) that it refers to a poster who both made this (possibly NSFW) post and copied and pasted it as a new thread. He was warned (and his thread deleted), but chose to ignore both the warning and the implications of the thread deletion, to start another new thread (which of course got deleted as soon as the mods spotted it -- really, what on earth did he expect?). To judge from other posts, he pasted the same identically-worded post into this thread -- thereby triggering proof that even our very tolerant (compared to most) mods have their limits (again, what else could have been expected?).

Agreed. It's a shame his wording and tone were so poor, because it's true that the handling of the transition has been pretty rotten. It's something I haven't touched on too much because I wanted to stay focused, but I'm sure I'm not the only one who finds "by using this service in any way after the issue of this notice, even if you haven't actually read it, you agree to these new terms" wording pretty offensive.

[David]

Quote:

Originally Posted by tehsux0r

I'm sure I'm not the only one who finds "by using this service in any way after the issue of this notice, even if you haven't actually read it, you agree to these new terms" wording pretty offensive.

Offensive indeed, I do agree.

[Sherry]

Quote:

Originally Posted by robert@fm

In my experience, moderators rarely give any clue as to the user ID which as been banned (snip), and almost never leave any trace of the incident leading to the ban.

Moderator:

Ok guys, I thought I'd clear this up. Robert is right, I rarely ever post when a member gets banned. The only reason I did this time was B4its2L8's post followed the banned post I deleted and I didn't want to put B4its2L8 on the spot by those following this thread to think his post was meant for one of them and come back at him/her for it.