Saturday, January 12, 2008

What Did EULA Say?

All too often when installing new software or registering for new websites, I am presented with a EULA (End User License Agreement).

I try (usually) to read through these things to make sure I'm not selling my system's soul to shady practices.

However, some of it can be a real pain in the rump to read through.

There are two great resources I know of to ease the process of understanding just what you are agreeing to.

For comparisons, I am going to use Google's Terms of Service.  However just about any EULA that you can copy/paste should work fine in both of these tools. That includes those found on websites as well as those that appear during (pre/post) software application installations.

Spyware Guide's EULA Analyzer

SpywareGuide.com EULA Analyzer - (web resource) - Click the big "Start EULA Analyzer" button on the page, copy and paste the text from the target EULA and click the "Start Analyzer" button.

You can add a Title, URL and optionally save the EULA and create a bookmark for linkage. (example from my run).

Results may displayed in a detailed analysis, legal layout, or reading battery format.

You get a count of characters, words, sentences, and several readability scores.

There is a summary section which provides the flagged characteristic count and breakdown.

The tool will quickly pick out and flag any particular phrases it finds noteworthy for special attention with bold blocks on the left-hand side of the Details section.  If you click the "change viewing mode" link at the bottom it will return the original content format with flagged sections highlighted and accompanying notations.

Run-time to perform the analysis depends on the loads of the servers as well as the complexity and size of the EULA in question.

In my pass of the Google Terms of Service, it found 11 characteristics; with 8 references to advertising, one reference to on-line promotions, one reference to tracking or monitoring, and one reference to monitoring of usage.

Spyware Guide notes:

Some people who can benefit from this tool include:

  • Parents who want to analyze the privacy impact of software their children might by downloading on P2P networks.
  • IT administrators who must rapidly evaluate whether a program is suitable to reside on their network or carries privacy risks that might violate corporate policies.
  • The tool might also be useful for educators teaching e-commerce classes to students about the implications of online contracts.
  • Government bodies that wish to perform further analysis on a EULA for legislative research
  • The EULA analyzer is a perfect tool for independent spyware researchers who frequently analyze the EULA as a regular part of their practice and volunteer efforts.
  • Attorneys or legal professionals who want to dissect EULAs for legal research.

SpywareGuide's tool isn't "portable" since it runs off their servers.  However, it is a great starting point and should be reachable when you need it.

Javacool Software's EULAlyzer

EULAlyzer personal - (free for personal and educational use) - Unlike the web-based solution of Spyware Guide, this product can be installed locally on a system.  (It seems to be working fine on my USB stick as well where I copied it to from my Program Files folder.)

Once installed, launch the program and you are presented with the main window.  Here you can check for updates to the application, scan a new EULA, view your statistics and any saved EULA's you set to keep.  It also has a link to the EULA Research Center (on-line) where you can submit interesting EULA finds to them to improve the product's detection algorithms.  This is a nice "community-building" touch.

If you click the Analyze option, you can either paste your own copied text into the area, or use the handy capture tool to accomplish the same thing.

Click "Analyze" and let it rip!  It is very fast.

The results get a EULA Interest ID code, a results window which allows for each category item to be expanded to see the details along with a color-coded interest-level bar,  as well as a summary conclusion on the EULA overall.

You can search the EULA text for key words, save, and "submit online" from this page as well.

In my pass of the Google Terms of Service with this tool, it flagged text in the following categories: Advertising (12 references), Promotional Messages (1 references), Third Party (4 references), Web Site Address (7 references), and Without Notice (2 references).

The Interest Level color-coded bar I noted should alert you if the terms are very suspicious or restrictive.  I've seen some 8's before on one or two EULA's, but the Google's tend to be mostly average "5" level scores.

EULAlyzer is a really neat and clever product.  I really like it and find it wonderfully helpful in trying to quickly get a feel for a products EULA.  If I find one that gets very high (bad) marks that might set off some warning bells in my head and I will take a closer look at the product and/or do more on-line research.

Javacool Software notes about their product:

EULAlyzer can analyze license agreements in seconds, and provide a detailed listing of potentially interesting words and phrases. Discover if the software you're about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much much more.

The Benefits

  • Discover potentially hidden behavior about the software you're going to install
  • Pick up on things you missed when reading license agreements
  • Keep a saved database of the license agreements you view
  • Instant results - super-fast analysis in just a second

Also available is EULAlyzer Pro - ($) - This version included EULA-Watch which runs "real-time" in your system to intercept and decode EULA's automatically when encountered in a software install, automatic updates, and coverage of all new version releases during the 1-year license timeframe.

Final Thoughts

These tools are not meant to replace a full reading of the EULA, nor are they considered "legal" advice.  They do however, quickly bring up content found that might be of significant concern or note.

In today's murky waters of what rights you "think" you have and what rights companies and providers "might" be extending you, it's a good thing to always stay informed and aware.

High marks (in a good way) to both these tools!

--Claus

No comments: