Well, that's technically a problem of service provider. If you're afraid your product won't be used because of a complicated TOS, then... simplify the TOS. Drop the tons of legal bullshit, and stop hiding shady stuff in it.
The more I think about it the more I like the incentive structure it creates.
Licenses are long and complex not only because they have "bullshit" and "shady stuff" in them. This is an unfortunate fact of life.
It's true that some services can do with much simpler TOS. The BSD 3-clause license is 220 words long (most of them in scary caps). But how short and simple does a license need to be to make the average user actually read it before clicking OK? My guess is most users would read 1-2 sentences. But some users, as soon as they see a dialog with a single "OK" or "Next" button or an "I agree" checkbox, will automatically click it without reading any text at all: this can be practically muscle memory for people used to next-next-finish installation wizards.
None of those licenses are for the user of the software. Some are long(-ish) because they address copyright law and are intended to be read by software authors and distributors, who presumably have the luxury of time to read and research which license they would like to use for their software or 3rd party software they want to redistribute.
> Licenses are long and complex not only because they have "bullshit" and "shady stuff" in them.
That's fine. Now find a way to explain it plainly to the user so they can make an informed decision.
> But how short and simple does a license need to be to make the average user actually read it before clicking OK?
Well, that varies, but you can be sure that anybody that clicked OK after only a few seconds did not read anything. Choosing to continue when you know the contract wasn't read is prima facie evidence that no contract was established.
However, the larger problem is you think simply presenting legalease and waiting for someone to click OK can ever meet the standard of informed consent[1], which is a much stronger requirement than the click that's required for some contracts. Contract law is sufficient for most of what's in an TOS, but data is very important and most people have a poor understanding of what is being collected and what is possible when their data is aggregated with other sources. To protect people, the higher standard of informed consent should be used before collecting any data. This would only apply to the data you want to collect, not the entire TOS.
[1] https://en.wikipedia.org/wiki/Informed_consent#Valid_element...
Of course licenses are for the user! Without a license, copyright law forbids you from downloading and running an application, let alone copying it to your other PC or emailing a copy to your friend. Addressing copyright law doesn't makes licenses longer, it makes them exist in the first place.
It's true that the GPL talks about some additional things like access to the source and the right to modify it, which ordinary, non-programmer users don't care about. But you also need it, or some license, to use the software at all. The BSD one is much simpler, but it's still a license and still needed.
Networked services don't fall under copyright law, but other laws exist that prohibit accessing a service (if it requires authentication) except under such terms as the service provider offers to you in a license or other contract.
Another example: when you edit a Wikipedia page, you are presented with this text:
> By saving changes, you agree to the Terms of Use, and you irrevocably agree to release your contribution under the CC BY-SA 3.0 License and the GFDL. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
The linked Terms of Use, CC BY-SA, and GFDL contain many thousands of words combined, and require a grounding in copyright law to fully understand. Very few people ever give informed consent when editing Wikipedia.
> the higher standard of informed consent should be used before collecting any data
The Wikipedia article about informed consent says:
> Capacity pertains to the ability of the subject to both understand the information provided and form a reasonable judgment based on the potential consequences of his/her decision.
Most of the people in the world, and a significant part of the population even in Western countries, won't be able to understand the potential consequences of sharing their data.
I can't be sure I fully understand them myself! Twelve years ago, when Gmail was opened, I didn't know de-anonymization of large datasets would prove to be so easy. I didn't imagine Internet mobs doxxing and swatting people. What might be possible ten years from now with the personal data I share today?
If the law puts the burden of verifying the user's understanding on the service - meaning they can't trust the user's assurances - the service would need to administer an exam or interview to each prospective user. And indeed Wikipedia says to get informed consent, "the investigators must ensure that subjects have adequate comprehension of the information provided [....] assessing the level of understanding during the meeting". Obviously this isn't practical for Internet services.
The biggest source of personal data Facebook gathers is what its users post themselves. This would be true even if they didn't gather anything from Whatsapp messages, tracking cookies, etc. So should any services letting users post often-private content, like blogs and image hosters, require "informed consent"? That's just not practical.
I agree there's a problem. I don't see a solution yet. Banning everything until there's a solution is neither practical nor desireable.
