- August 19, 2017
- Posted by: cyberanalyst
- Category: Blog, CISSP, Consulting, Cyber-security and Ethical Hacking Training, Development, Others, Project and Research Nigeria, Softwares, Technologies
Some people have a habit of not reading through the Terms of Service whenever they want to get a new application or buy a new device. I must let you know that this is a big mistake because most of the apps that are available in the market commonly known as graywares rely on you to get access to your personal information. The developers know that a lot of people do not read through the Terms and Service so they often include languages that are capable of authorizing a massive invasion of privacy. You may have noticed at the same time that most of the Terms and Services are just boilerplates. Now how do you read through a Terms of Service in order to find out what it is it as concerning privacy without having to waste a lot of time on reading standard terminology?
What are Terms of Service?
The Terms of Service commonly abbreviated as ToS is legal document b\used by websites and internet service providers (ISPs) that contain user’s personal information like social networking services and e-commerce.
Elements of Terms of Service?
A typical ToS contains the following
- Definition of keywords and phrases and disambiguation.
- Rights and responsibilities of the User.
- Expected/proper usage or a potential misuse
- Accountability for all online actions, conducts and behaviour
- Details concerned with payments like membership or subscription fees etc
- Policies for opting out-detailed procedures for opting out.
- Arbitration carrying details of how the dispute is to be resolved and the extent of rights to take issues to court.
- Notification of the user whenever any modification is made.
There is a second problem you may come across while reading through the ToS, which is the fact that the Terms of Service are usually written in legalese. This makes understanding some worth difficult even for people who are in the habit of reading such documents.
- Access and Correction: This is the part that details out who can access your data and who the data can be shared with and the circumstances.
- Consumer choice: It provides an opt-out option as to how consumers may disclose their personal information to any unaffiliated third party agent.
- A comprehensive list of what kind of data is required from you. There are some kind of information organizations have to collect from you in order to make their products function for you. They always have to tell you what the type of data that should be collected from you.
- A list of all the persons they are sharing information with and why they should share the information. The general language here will be vague such as third parties.
But under what circumstances should your data be collected from you? And do they only share this with companies that have security policies and is it done in the course of a normal business transaction?
Now, if there are not properly explained clauses as to who these third parties actually are and when they can share your personal data, then this can be a big warning signal for you.
- If you have any doubts, be sure to send an email to the customer service of the provider with all your questions clearly outlined. Reputable organizations or companies will normally and most likely answer all your questions promptly.
Sometimes the problem may not be that the company does not want to answer your questions or do they have an intention to do some nefarious with your personal data. It might just be that they are not taking seriously your internet security and privacy seriously enough. This can be just a type of lax security which sets you and them up for a major security breach.
As parting words, it is very important that you take a little time to read through licensed documents and terms of services. At least scroll through for a minute before checking the “i agree” box. Subscribe to learn our security course at SOUTECH Ventures where you will thought and equipped on things you need to know in order to become security conscious. Call us today to get a certification in CEH.