Feeds

Adobe demands 7,000 years a day from humankind

It's all in the EULA fine print

  • alert
  • submit to reddit

3 Big data security analytics techniques

Feature I'm not a very good liar, I haven't got the memory for it, which is why it always pricks my conscience whenever I tick the yes box to the prompt "I have read and understood…" when installing software. I am, of course, fibbing. I never read a word. In fact, even though we all tick yes to these agreements every day, unless you're a legal bod, I doubt you could find anyone you know who could quote a single line from any of them.

Since the beginning of the year, I've been collecting licence agreements for all the software I've installed. The idea was to see just how many words I was being asked to read. It seemed like a good idea at the time, but as the pile for me to read grew, so, in inverse proportion, did my will to live. I could lie at this point and say I read them all, but instead, I opted for a few well-worn favourites.

Blind faith

Adobe Flash anyone? In recent years, the company has claimed it had eight million downloads a day and, before we get on to the maths, have you ever followed that link that took you a second to ignore as you ticked the "I have read and agree…" box?

Adobe Flash installer

You read it, right?

Follow the click and you'll be on your way to 3500-word licence agreement that appears in about 50 languages that you’ll have to scroll through to find your native tongue. I don't know about you, but ten minutes or so later, I could certainly tick yes to having read it. But had I understood it? You know what? I think these companies don't mind if we lie at this point. And that irks me somewhat. Why don't they just have a box that says, “Whatever, dude” or “I have read and understood… You're kidding, right?”

Yet the tickbox convenience provided serves to reinforce the user attitude that, I'll never read or understand any of this… can we just get on with it now?

So eight million people a day lie to Adobe. Or put it another way, 8 million honest people who all took at least ten minutes to read this licence agreement and, oh lordy, understood it, would, in terms of total time, eat up over 1,522 years in just one day. If we put that into man-hours: an 8hr day, 240 working days in a year, that becomes 6944 years in a day. Turn that into a 50-year working life and that's 138 lifetimes a day… How about a year of Adobe Flash downloads with the licence agreement being read each time… that's 50,694 working lifetimes per annum… Equivalent to populations of Macclesfield or Staines.

And if we go back to how many years of reading a ten-minute licence agreement takes for this quantity of users, we’re on to over 2.5 million years. Wind the clock back that far and we’re in a time when mammoths roamed a globe dominated by glaciers. Given Adobe's claims to these download volumes, reading that licence agreement demands quite a lot time from mankind.

Now if I can return to the soapbox for a moment, the issue is really one of collusion. A software vendor doesn't imagine for a moment that anyone will read its Ts&Cs. And, obligingly, we never do. Yet we blindly click “I agree and understand…” every day. It just seems wrong. And it's not so much the deliberate ignorance we choose in the name of expediency, but why do they bother?

OK, so there are legal caveats to be flagged up, but if we ignore them, how can this be said to work to inform us of our responsibilities? There must be a more succinct approach that doesn't turn every Flash, iTunes, or Firefox user into a habitual liar.

BBC iPlayer notification

Done in a flash... sort of

I was rather taken with the BBC’s desktop iPlayer message of just a one-line warning about security issues. It seemed so simple and user friendly, and then moments later the Adobe Air instal box appeared and the pain started all over again. Interestingly, the iPlayer desktop app has its own terms of use link on the main UI page, the installation doesn’t insist that you read them. Perhaps the assumption is you’ll use the product responsibly and if you have any doubts, just click.

It’s perfectly reasonable approach and no doubt amounts to more of a contractual obligation than someone buying a gun at Wal-Mart is asked to agree to. I’ve never bought a gun nor a new car, but if you had thrust into your hand a 3000-word agreement to abide by before you stepped into a brand new Mercedes, acknowledging that...

In no event will the company, its suppliers, or certification authorities be liable to you for any damages, claims or costs whatsoever including any consequential, indirect, incidental damages, or any lost profits or lost savings, even if a company representative has been advised of the possibility of such loss, damages, or claims. Blah, blah, blah...

...it might rather spoil that purchase feelgood factor. That’s why it’s so convenient to have those software ‘read it’ tickboxes. Also, car drivers do have insurance for any unpleasantness. Maybe if computer users had insurance too, we could skip those licence agreements? On second thoughts, scrap that – have you read the small print on your car insurance lately? Another factor is you will most likely own the car or the gun, rather than have them on licence.

I have to say I find Apple’s take on things rather interesting. The Mac OS X Mountain Lion software updater, declares use of the update is subject to the original SLA and rather than bore you with it, you can just move on and click instal. There is a link shown too, but it rather abandons the ‘read it first’ approach. You might find the SLA appearing when you run the updated app, but it seems a bit late in the day. The new iTunes 11 does this and then invites you to agree to share info with Apple, which involves yet another layer of seemingly innocuous text to ponder.

iTunes 11 sharing info

Peeling the onion with iTunes 11: 'Learn More' on sharing goes to this page where there's another link for the Privacy Policy page

During the year I recall encountering some installations that don't even allow scrolling the whole SLA before proceeding. There's just the 'I have read and agree' tickbox alongside a 'Save for later' option. This, let's just get on with it, approach has its appeal, but it also suggests the agreement isn't to be taken seriously, as it doesn’t matter if we lie about having read any of it. All very strange considering this documentation remains important enough for massive companies to draft out, have checked by lawyers, present in some form or another and insist on imposing on users.

SANS - Survey on application security programs

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.