zlacker

You have to look at Cloudflare user agreement's and texts that describe their relationship to their customers. https://www.cloudflare.com/privacypolicy/ and https://developers.cloudflare.com/1.1.1.1/commitment-to-priv...

You can only held companies accountable for the laws and explicit written promises and legally binding agreements.

Currently the price companies pay for privacy violations is low. If a company like Cloudflare writes down all the privacy promise in legally bind manner and puts themselves into legal and financial liability that is above the norm for breaking the contract intentionally it can increase trust.

Companies can do much more than they do now. They can put explicit bounties for whistle blowing them and revealing privacy violations. They can hire trusted third parties to do privacy audits and handle whistle blowing.

replies(4): >>wilddu+Z >>pnako+11 >>Thorre+S1 >>yourad+Fx

>>nabla9+(OP)
> They can hire trusted third parties to do privacy audits and handle whistle blowing.

All software seems to need that now days.

>>nabla9+(OP)
None of that is legally binding if you don't have a contract with them.

replies(1): >>nabla9+79

>>nabla9+(OP)
> They can put explicit bounties for whistle blowing them and revealing privacy violations.

Employees blowing the whistle internally, or externally? If they want to encourage employees to blow the whistle externally, they could put a carve out for that in their NDA.

>>pnako+11
Click-wrap agreement and browse-wrap agreement are both contracts.

https://en.wikipedia.org/wiki/Browse_wrap

https://en.wikipedia.org/wiki/Clickwrap

replies(1): >>cobbzi+qa

>>nabla9+79
But you must actually “click” or “browse” for it to be enforceable, right?

replies(2): >>nabla9+vJ >>zaarn+Hh2

>>nabla9+(OP)
> And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we're doing what we said we would.

Looks like they are. https://blog.cloudflare.com/announcing-1111/

>>cobbzi+qa
Not necessarily. There can be implied consent.

Of course, in that case you can't put surprising terms into the agreement if they are disadvantageous to the user. Courts don't see that a meeting of the minds took place. https://en.wikipedia.org/wiki/Meeting_of_the_minds

replies(1): >>cobbzi+PT

>>nabla9+vJ
Sure, if you’re actually visiting the site. But (at least in the US) didn’t the recent LinkedIn case find that if my scraper pulls public data off your site, the TOS doesn’t apply?

This court decision doesn’t mean “no rules for scrapers”, rather it means “different rules for scrapers, independent of any site-specific TOS”. Or did I misunderstand the decision?

replies(1): >>nabla9+NV

>>cobbzi+PT
Consumer law applies for consumer users and has different protections than other users have.

Web scraper as a consumer use is hard to argue.

>>cobbzi+qa
It would be a lot harder for Cloudflare to argue some clause in the contract is non-binding when they provided the contract in the first place than the consumer on the other end who just clicked "OK" on a button to agree to that contract.