Legality behind auto-accepting Let's Encrypt's Terms of Services


#1

With the default for this being set to Agree, you might be doing something that, although not illegal, removes liability from the user and puts it on the software creator(s) (@JoshData)

You should consider this and maybe bring back the Terms of Service (Or have MIAB installer have the user agree to a ToS for MIAB which includes LE’s ToS as well?) agreement to MIAB’s installation.

Sources:

1 https://ux.stackexchange.com/questions/33119/automatic-agreement-to-terms-of-service
2 https://en.wikipedia.org/wiki/United_States_contract_law

I wish I had example court cases, but it only came up recently so examples are limited at this time.

EDIT1: I am sure @JoshData is aware and looked into this, but I just wanted to make sure as it is pretty concerning. If JoshData can reply saying if he is aware or not, then we can mark this as resolved.


#2

I mean, he isn’t promising anything when he gives out his software, and it is the end-users choices to follow the instructions @JoshData provides (instructions, being either English instructions of programmatic instructions).

I mean, to be fair, if you install a lot of Windows applications, each installer makes you agree to the license. However, on Linux, you just use apt-get and hit “Y” to install something–no license required. I’m not sure if developers can really be liable to how their users use their software.

Maybe it would be a good idea to make a disclaimer in the installation thing that says “the developers are not liable to how you use this, use at your own risk” blaw blaw blaw technical jargain… Then have a “next” button on that screen.


#3

That’s a common misconception - Open Source license’s are different from Terms of Services.

This wont solve anything legally - We need to keep the LE ToS agreement in place to remove liability.

I am specifically talking about LE (Let’s Encrypt) Terms of Service, not MIAB’s. The legality issue here is the user doesn’t have the option to deny the LE ToS.

“But, then they don;t need to install the software” - Not the point here. Some people might not even be aware.


#4

Without (I assume) any of us being a lawyer, it’s not productive to speculate about the details, but I appreciate you flagging the issue @murgero. At a minimum we should mention this in the setup guide (e.g. “Note that the box will automatically agree to Let’s Encrypt’s Terms of Service.” with a link to the TOS). Would you mind opening a pull request for that?


#5

Is there some reason that the MiaB script cannot be paused to wait for input when this comes up during install? Then this becomes a moot point.

Alternatively, is it not possible to add to the MiaB set up script an acknowledgement similar to:
“By continuing to install Mail-in-a-Box, you acknowledge that you expressly accept the terms and conditions of Let’s Encrypt which can be view at (insert link to Tos)”
With a check box?


#6

That would work too.


#7

@JoshData https://github.com/mail-in-a-box/mailinabox.email/pull/56

Let me know what you think.


#8

Actually, I really like it when scripts are designed for user input, THEN processing the script. It’s really frustrating when I’m installing a Ubuntu image how I put in user input, the script does a thing, then pauses for me to input more stuff.

That is, because I would like to input all my settings, then leave the computer and come back to do its thing. When I come back, I expect the process to be done, and it is very frustrating when I come back after 30 minutes to find that there was more input needed, and I have to wait even longer.

I like having the mention of Lets Encrypt on startup. I don’t like the idea of pausing the script.


#9

I added a comment to the pull request on GitHub suggesting wording that I think would be better than the wording last committed.

Michael S. Scaramella, Esq.


Added Legal Notice
closed #10

This topic was automatically closed after 61 days. New replies are no longer allowed.