Thomas đ⨠(@thomasfuchs@hachyderm.io) 23andMe just sent out an email trying to trick customers into accepting a TOS change that will prevent you from suing them after they literally lost your genome
(hachyderm.io)
from PoseidonsWake@lemmy.world to technology@lemmy.world on 06 Dec 2023 09:36
https://lemmy.world/post/9207489
from PoseidonsWake@lemmy.world to technology@lemmy.world on 06 Dec 2023 09:36
https://lemmy.world/post/9207489
23andMe just sent out an email trying to trick customers into accepting a TOS change that will prevent you from suing them after they literally lost your genome ro thieves.
Do what it says in the email and email arbitrationoptout@23andme.com that you do not agree with the new terms of service and opt out of arbitration.
If you have an account with them, do this right now.
Hereâs an email template for what to write: www.patreon.com/posts/94164861
threaded - newest
How is this a trick?
They sent an email that seems standard and claims to be beneficial. I would have ignored it if I wasnât aware of the current situation
Wew, ignoring emails is a trick now?
You wouldnât read that email either and you know it.
I hate it when people act dumb like this. You know why itâs an issue because of the opt out instead of the normal opt in.
That doesnât make it a trick.
âWeâve made a change to the TOS, you have 30days to opt-outâ
The TOS :
By using this service you agree to these terms :
5 paragraphs of legal gibberish.
+ We reserve the right to chop your balls off at any time.
5 more paragraphs of legal gibberish.
âIf you didnât get our notice in the first place, FUCK YOU!! WE DONâT CARE!!â
It is a corporation who thinks they can just alter the deal without getting an explicit agreement by the other party.
It is definitely a trick.
Not a trick.
It is a legit question. Usually you donât have to pro-actively inform anyone that you disagree with anything, TOS included. Thatâs just what companies want you to believe since it benefits them greatly.
No idea though how things in the U.S. are handled and if there are differences in certain states. It would surprise me though if that was actually an enforcable legal principle.
I donât get why itâs a trick either. Thatâs the catchy headline right? But no word on if the changes apply into the past or itâs just lawyers trying to protect themselves for next time. Itâs an email with new TOS and the ability to opt out.
No itâs not good for users and yes itâs a shitty 30 day notice in an email even I didnât read yet because Iâm so irritated with them.
But reading the patron post didnât tell me how it was a trick and neither did the mastodon link. However the replies were good and helped fill me in on some details I wasnât aware of yet on the actual breach. hachyderm.io/@thomasfuchs/111531294441702837
Not sure why the down votes on a perfectly acceptable question.
Asking users to Opt out as a method to replace an Opt in TOS is a trick because they are hoping users wonât see it. If they sent an email asking users to click a link to Opt in to the new TOS, that would be OK.
Makes sense. I didnât get it from what was posted but I understand now from the replies. Thanks.
What would you call it, unmitigated benevolence?
Ok now that I have that out of my system, letâs seeâŚ
trick /'trik/ noun
scheme /ËskÄm/ noun
especially : a crafty or secret one
outwit /auĚt-Ëwit/ verb
What we have, in the immediate wake of a massive security breach, mind you, is an attempt to benefit the company by getting the better of the customers, writ large, by altering how disputes are handled. By taking the unusual step of requiring explicit opt-out from the new TOS within a short timeframe, they make it more likely that customers will âacceptâ the TOS without even realizing it and be in a worse position as a result.
That qualifies as an act intended to outwit customers.
Or, to put it another way, if they had contacted customers and asked for an opt in for the new TOS, nobody would consider that an attempt to outwit.
So, yeah, this is a trick to further fuck over customers who are already victims of the companyâs poor security practices.
Somebody â preferably a goddamn judge â really needs to start explaining to all these sociopathic corporate lawyers thatâŚ
<img alt="" src="https://i.imgflip.com/88f84l.jpg">
Preferably a judge, but maybe an alien will do.
I, for one, welcome our new Alien Overlâuh, Judicial Authorities
I feel like the TOS you are subject to is the one you signed when you first used the service. Unless you have been constantly using their service, I canât see how a new TOS would affect you. I could be WAAY off here because IANAL, but a company canât just retroactively change the TOS for customers without some kind of action taken by the customers under the new TOS.
I once successfully defended myself from a lawsuit by invoking a previous TOS. The court allowed me to choose any version of the TOS that benefited me the most. It was akin the doctrine in contract law that ambiguity is always found to be detrimental to the drafter of the contract.
đŚ yeah! Thatâs awesome! Kudos to you for prevailing.
Contracts are way less enforceable in courts then the writers would hope. Basically the enforceable parts are payment and performance and anything directly related to that. Once you start adding clauses that are outside of that realm they become more and more of a waste of ink.
Youâre right. I just want to add the proper terms for people to search for in case this information helps them. The main matters considered in contract law are âconsideration and performanceâ. Happy hunting yâall. Take down these corporations that do not care for you.
Yes, payment isnât necessary, itâs just that consideration is payment 99% of the time for the average Joe, to the point where the first definition of consideration is âpayment or moneyâ but there are certainly contracts out there where it isnât money.
Youâre right. I only wanted to include the search term for anyone wanting to pursue this on their own. I think it is better to search the proper term and build knowledge from there than to summarize it and hope laymen understand the underlying principles.
I'm not sure if lawyers think their words are magic sometimes, or if they'd just really like them to be magic.
I live in a state that prohibits most non-competes from employers, and any effort to try to get employees to sign overly restrictive agreements can actually result in a fine and penalty. My company sent me a legal agreement saying that by signing the doc and continuing to be employed, I agree to waive my state's protections against non-competes. As if... that would hold up in any court, ever.
It's a blatantly illegal clause and I could have fought it at the time... but in the end I knew it was totally unenforceable at worst. I'll go after them for the penalty if they ever try to enforce it, or if I leave under bad circumstances. It was more valuable to me to have this document than it is for them to have it.
They want us to believe their words are magic for 2 reasons:
They make a lot of money and they want that gravy train to keep chugging
The average person is scared by lots of big sounding words, and the evidence of that is everywhere.
The average person is scared of massive lawyer fees trying to defend against any law suit.
See reason 1. But yes.
Anywhere to read more about this?
I wish I could give you a source but I recall this from college almost 20 years ago. If you read into âcontract lawâ you will arrive there pretty quickly. Itâs one of the main principles
IANAL too, buddy, IANAL too
I just LOVE that the standard acronym for a lack of legal license sounds like an Isaac Asimov porn parody đ
Or a new Apple product⌠iAnal
Iâm pretty sure iAnal is what the executives at Apple call the accounting department when they donât get to expense their third pound of beluga kaviar.
Even thatâs rather iffy too. If itâs been made so long that a reasonable person cannot be expected to read or understand it, it likely wonât hold up.
Of the courts decide to say, fuck it then it wonât hold up.
If this goes to a class action suit, I expect the judge to not let this change of TOS affect who is covered under the class action suit.
This is just a way to make the customer THINK they canât sue.
âThey lost my genomeâ is certainly a 2023 phrase.
Itâs only useful to US assurance companies.
Thanks for sharing this
I donât see how an email that has no proof of delivery (could have ended in spam for example) would be legally binding.
Accepting a ToS update simply by virtue of no action is also questionable unless provisions permitting that were in the ToS youâve accepted and even then it would not work in the European Union, because thatâs listed in the forbidden clauses registry.
Why would you need proof of delivery? The original email gives instructions. You follow those instructions and can prove you did so with date and timestamps. I donât see the issue.
en.m.wikipedia.org/wiki/Non-repudiation
Legally you have to be able to prove someone received a thing. Itâs why you get served when youâre sued. An agent physically hands you the complaint (or whatever theyâre called). If the papers were put in the mail the person being sued could say they never received them.
Couldnât the same be said about the TOS updates though? Would they not need to prove it was delivered?
Exactly. Thatâs why an email saying you are losing your rights unless you opt out is invalid. You cant prove that i ever saw/received that email
Thatâs the whole point. They can force you to agree to updated TOS before they allow you to access their app.
Canât you trace an email and prove it was delivered? Even mail you sign for only proves you received it, not that you opened it.
No. You can confirm the server received it. Thatâs different from a user opening it and reading it
You canât prove that person ever saw that email.
Even it being âquestionableâ is a fucking outrage â it should be so blatantly, obviously, disallowed that a lawyer should lose their license just for proposing it!
The entire concept is a goddamn farce.
Nope. The silent consent concept is a nice thing, it solve a lof of problems both for companies and private citizens. I could offer plenty of examples of the correct use of the concept that solve problems.
23andMe is just doing a big dick move trying to avoid to be sued for the leak.
Can you share some of those examples please?
Not OP, here's a Law Stack Exchange thread where silence (in conjunction with other actions) is consent.
Here's where silence is NOT consent.
Replying to you, but it is valid also for @porksoda@lemmy.world.
If you ask for permission to do certain works in your house, you present the project to your city council, or the required office, and if after a given time (depending on what what you want to do) they donât object then you have the permission. Before the introduction of the silent consent, you have no idea about how many time you need to wait before you get an answer and it was prone to corruption while now the âyesâ is the default unless there are real problems. It is not a perfect solution, but it is way better than before.
Basically all the interactions with the authorities are on a silent consent base when the authority in question does not need to produce something to give back.
All the minor changes to the contract with banks, utility companies and so on: they propose the new terms and if you donât accept in a given time from the moment you read it you accept it. By law in the event I refuse the new terms, I donât end with the old ones but the contract end and in the case it has penalties for early terminations, these are nullified if the penalties are applied to the other side.
On the other hand, this way a company has a certain deadline after which the new terms come into effect and as a side bonus the fact that it has to handle only the exceptions (who donât accept) and not all the ones that are ok.
Wedding publications, since we have not the whole âif you disagree to this marriage talk now or shut up foreverâ part of the ceremony, to be sure that there is no hidden problems we put an announce in a designated public place (usually a notice board at the town hall and/or your church) for a given period of time, usually 2 or 3 weeks, and then if nobody object you can marry.
I agree that this is probably something old that were done back at the time but it work on the same principle. Of course now there are other ways to know if someone is already married (on the civil side) or is divorced (on the religious side) or there are some hindrances.
And before someone ask, we also have examples where this approach were shoot down: the last of these is when a big back decide to move part of their clients to a virtual back (a different branch of itself) and they were stopped on the basis that this change it too radical to be done this way (even if the notice was about 6 months). Other cases hit utilities companies which in some cases where forced by a judge to pay compensation to the customers because what they done was basically illegal and the silent consent where then void.
Thanks for the insight!
I would like some of your plenty of examples.
I thought the same thing when my Disney+ rate went up a couple months ago and I couldnât find the email warning about it in my inbox or spam folders.
Why do we let these companies get away with everything? If the rates are going up, show me in the app/ui. Make it opt in. Disable my ability to watch anything until I approve the increase in spend. It should be illegal to just change the terms of a contract and say âI sent you an email.â
You most likely did not officially consent to the changes and have a prolonged right to terminate the contract without the need of upholding the contract duration.
Itâs probably mich cheaper just to deal with the few that complain rather than sending out hundreds of thousands of paper letters or having them confirm the changes electronically and terminating the contracts of those who did not accept.
I guarantee the original contract said the rates are subject to change without notice. Plus, raising the prices will definitely increase CS call volume more than sending out notices.
Sounds illegal. Maybe in countries with weak consumer rights.
.
Itâs not, and TOS are not legally binding either
By viewing this post, you agree to gift 50% of all after tax future earnings to PersnickityPenguin. Additionally, your entire Steam Library of games is hereby under sole ownership of PersnickityPenguin. All games and/or steam account login and password must be provided to PersnickityPenguin.Failure to transfer all financial and virtual property within (30) days is considered a breach of contract. Each incident of a breach of contract will result in a $500,000 penalty per incident. Viewer agrees to these terms of service. Any dispute or breach of contract will result in additional legal fees to be paid by the viewer entering into this contract pursuant to paragraph (A).damn. I lost. Give me your bank details to send you your money.
Hmm, letâs see⌠social security number 000-00-0002 (damn, Roosevelt).
Ok, check your PM
lmao after seeing your name I canât believe it was you all the time
My ISP, phone company, bank, insurance company and everyone else send me TOS related messages from time to time. Usually, the message is something along the lines of: âWeâre altering the deal. Pray we donât alter it any furtherâ
It doesnât seem fair to me, but since everyone is doing it, there probably isnât a law against it.
Every time an ISP does that around here they send you a notification via certified mail with a prepaid return envelope and a service cancellation form included - you can decide to not continue using the service without any early cancellations fees etc.
If they fail to do that they get fined by consumer protection agency, are required to return any fees they charged based on the change and they get to start over - send a notification that follows the rules resetting the clock for those who opt to cancel
Youâd think that, but you know those âdonât remove or warranty is voidâ stickers on stuff? Theyâre illegal.
Not illegal, just not legally binding.
âBut they clicked the imaginary button, your Honor. How can they still have rights ?â
This just blows my fucking mind. Same thing happened with Crunchyroll, apparently I could have been part of a class action lawsuit when it was found out that they were selling users data. But I didnât hear about it, didnât get any letters and didnât see the email. The date came and went. Because I didnât âtake actionâ in time I apparently forfeit my right to my piece of the settlement AND to sue.
HOW THE FUCK IS THAT LEGAL. How can you make the least amount of effort to notify someone after illegally fucking up their life, then when they donât respond (because they didnât see the notification or whatever), say, âwell legally that means theyâre ok with it, and canât do anything in the futureâ
What the fuck
It depends, it may not be. TOS are not as ironclad as they appear.
Send their legal team an email telling them youâre going to update the terms unless you hear from them.
Also, send a bunch of irrelevant shit about what your doing and thinking about and video games youâre playing first, theyâll probably block your email address and then wont see the legally important email.
Technically a contract can have anything in it that both parties agree to, unless some are all of those provisions are actively illegal. I would agree that assumed agreement should be illegal. You could probably fight this in court, make the argument that this is a material change to the contract what you did not agree to and would not have agreed to had you been aware of it. But that costs money and lawyers and time.
This feels like the weirdo that Muta covered who was sending out legal notices telling people that if they didnât take action, he would consider them to be entered into contracts that he wrote.
The class actions Iâve been part of have said that if I want to retain the right to sue then I have to opt out of the class action. I donât think itâs possible to be force-opted in, and in that case you should retain the ability to sue.
Iâve only been in 3 or 4 though, so I donât know if thatâs representative of all class actions.
Right, but you have to be in the class to do that. If they didnât notify you because they donât think you were in the class, then that shouldnât reduce you legal options. And if they do think youâre in the class and donât notify you or send you the settlement, thatâs just straight malicious.
Damn I forgot about that Crunchyroll class action. Thanks for reminding me. I got those emails too but I have until the 12th. Itâs only $30 but thatâs like two Five Guys meals soâŚ
They didnât lose it, they know exactly where it went
Piracy is theft in the eyes of the law. So because the hackers copied it, your data was lost and you should be compensated for the loss.
.
Whoa bud 4chan is the other way
Good fuck my guy, lay off the casual racism
Did they lose anyoneâs genome? Thatâs not whatâs been reported. They certainly lost customer information and this is definitely a super shitty move to trick you into waiving some rights, but Iâve seen no reporting that says they lost full DNA information.
They have disabled the download data button and refuse to provide customers with a copy of their own data. I have been trying to get a copy of my data for over a month and they just tell me theyâll consider re-enabling the button in the future.
I would bet money (not much, relax) that they got their shit hacked and locked down by ransomware at least, if not also extracted for sale by the same black hat.
I was under the impression that it was compromised logins of users that were used to get into accounts, afaik they werenât actually hacked.
Our two scenarios arenât necessarily mutually exclusive, but yours is much more plausible.
That and they link all the genealogy data so the âhackersâ got some info on a bunch of people they didnât hack.
Probably not as much info as you can scrape from Facebook about any one of them, but some.
Facebookâs intranet servers maybe
So, our main interactions happened in the past, your fault and abuse of me happened in the past, and now, in the present, you can slip a little âgo out of your way or the legal terms governing our interactions in the past will be alteredâ clause in an email, and itâs all legal?
(Hold on, let me try applying a rule of thumb that helps me answer legal questions like this: Would this help the rich and powerful maintain riches and power?⌠Yes. I think the answer to my question above is yes.)
Iâd argue the the interactions and faults of the past should be governed by the agreement we had in the past.
The real question is why would you put your genome into the hands of a company without a compelling reason beyond âThis sounds coolâ
So I can prove that Iâm 3% black and get my word pass. /s
.
/s and still at -6. Wow, Lemmy. Iâm hoping the joke just went overhead.
What joke? Jokes are supposed to at least try to be funny.
It was just another cynical explanation for the type of person to get a vanity dna test. Do people not realize that racial supremacists are getting these test and bragging if they like the results?
Maybe the joke just wasnât funny
Apparently my comment making fun of white supremacists wasnât taken well by the mods.
Either it went over peopleâs heads or hit too close to home. I dunno.
It being cool is a compelling reason.
âI use discord cos It is so coolââŚ
A lot of people didnât, but their relatives did and now theyre implicated.
If my uncle did this, how would they get my information and genome over him? I read the Wikipedia article but still donât understand how this works.
Because 25% of your uncles DNA is the same as yours.
Okay, but they donât know which part and the donât even know I exist if my uncle isnât telling them?
They donât, but other companies like insurance might know. And they are the ones whoâs buying. They use multiple sources of data. And then they put 2 and 2 together.
Even though itâs 25%, they will still calculate it as a risk.
Thanks for putting it together, now I understand the reasoning.
Iâll have to get the name of the specific murder porn show from my wife, but thereâs one where they go into detail about how they find a suspect with DNA by finding people with a close enough match to narrow down the family tree and get super close to the actual person, if not the exact person.
âŚescapistmagazine.com/âŚ/facebook-ceo-people-who-tâŚ
How else are you going to get it?
Wow, thatâs dirty. The email you need to opt out at is different from what they link. If you donât respond, you automatically agree to their new TOS which bars you from taking class action against them. Shady af.
If anyone wants my genetic information just come to my door and Iâll supply it to you directly đ
đđŚ
Saw this in my inbox and totally thought it was for this comment lol
lemmy.world/comment/5851431
đđŚ
some more reddit level engagement for you ;)
Ok but is fuchs a real last name lol
Itâs literally just âFoxâ in German.
Yes. My mother had a teacher named Mrs. Fuchs. And she told me, âyou can guess what we all called her.â And that was in the 1950s!
Nobodyâs genome was lost. What happened was, users with weak passwords had their accounts compromised, something like less than 2,000 of them, and from those accounts, bad actors were able to access and download family tree data for something like 6.5 million accounts.
I donât really see how the data lost is actionable in any way except for the spoofed âHey gramma! Itâs me! Iâm in jail and I need bail money!â phone calls.
Yes, and if my genome was stolen Iâd probably be dead.
There needs to be a c/Literally lol
If you build it, maybe theyâll come.
I will come thatâs for sure
I already came. And I will certainly come again!
We can rebuild you. We have the technology.
From what I understand - the first action the bad actors are taking are releasing the family trees to "out" anyone with Jewish relatives.
So, just hate crimes to start.
One of the typical arguments is selling ancestry history to insurance companies, effectively handing them health data which could lead to up-pricing or rejections for customers with bad health history.
Thatâs 23andMeâs end game anyways
That is a whole different can of worms and should be illegal as well
But at least the second one isnât allowed anymore. Iâm not sure if the ACA addresses the first point.
.
What does this even mean?
.
I guess what I meant:
Iâm not trying to be annoying. I genuinely believe you are trying to say something important but I just donât understand what you mean.
Agreed unfortunately. An important thing in US law that people often donât know is that in most cases, you need to prove that you were damaged in some way. Unless the company broke a specific law, you probably just have to accept it until you have problems relating to identity theft. And even when that happens, youâd still need to prove that the the attacker used the lost 23andMe data.
I personally donât understand why people use these services in the first place. Letâs all let some private company that we know nothing about build an absolutely massive database of peopleâs DNA. And letâs voluntarily do it and even pay them for that âserviceâ. Sure, that sounds like a good idea. What could possibly go wrong? Hope your minor curiosity was worth the massive privacy invasion.
In my case, I went through 23 and Me because 75% of my DNA comes from sources unknown. No idea who my father was or my maternal grandfather. So being able to fill in those gaps as well as helping to determine medical risk has been very useful.
Thank to the American healthcare systemâs lobbyists, if a company sequences your DNA, they canât give you information related to health.
Which is why 23andme has a fraction of the stuff they used to.
I paid $5 to a third party to take my raw 23andme data and output a very nice html file (not online, in a zip file) that checks against common mutations for all types of shit. Not sure if theyâre still around, but they automatically delete your data once the HTML is sent out, if I want it again I donât have to pay again, but I do have to send them the raw data because they donât have it anymore.
Because they didnât sequence it, they can give me all the information without having to be a âhealthcare providerâ like 23andme would need to be to tell me the same info
Building a massive collection of DNA is a really good thing from a research standpoint. Plus, itâs helping solve a bunch of murder cold cases.
Iâd pass this around if the writer knew another adverb. Iâm tired of âlitchallyâ people.
Then it should have been upvoted for reality.
I had them destroy my sample and delete my data the week they went public, so Iâm glad weâve finally reached the âI told you soâ phase of this.
How can you be sure they did what you requested? How can you verify?
If I was that guy I would dig for the leak and search through it. If I would find even a shred of my data, thatâs a lawsuit.
yeah, and I assume only the pool of people who has requested deletion of their data is in a position to do this. @Artyom you should consider doing this.
If you were dumb enough to pay someone to take your genome for profit, a second grift is just icing on the cake.
Isnât this illegal?
Of course, and in some places a TOS isnât even legally binding.
No, but that doesnât mean itâs legally enforceable.
You canât sign away negligence in a contract.
Yes but theyâll just outspend the average person in court. Itâs a fucked design
bruh