Updated Terms Notice & Privacy Policy

[Cheif Operations Director]

One moment

The types of information collected in connection with the activities listed above will vary depending on the activity. The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use. Prize winners may be required to provide additional information for prize fulfillment. 

That clause seeing as you agreed to it, it would be binding to a contract correct?

I mean it pretty much says they can use spyware. 

Personal information is information that identifies you and that may be used to contact you online or offline. The Company collects personal information from you on a voluntary basis. When you submit personal information to the Company, it will usually take the form of:

Registration for Online Services, websites, jobs, products, contests, and special events;

Subscribing to newsletters or alerts;

Posting in or commenting on our message boards, forums, news blogs, chat rooms, or other Online Services;

Purchasing a product or services through our online stores;

Purchasing downloadable content, virtual items, or virtual currency for use with our software and/or Online Services;

Using "tell a friend," "email this page," or other E-Card features;

Requesting technical support;

Downloading demos, programs, or other software;

Participating in polls, surveys, and questionnaires; or 

This is when they can harvest said data

How could you counter this with the law?

[Starman4308]

8 minutes ago, Cheif Operations Director said:

One moment

The types of information collected in connection with the activities listed above will vary depending on the activity. The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use. Prize winners may be required to provide additional information for prize fulfillment. 

That clause seeing as you agreed to it, it would be binding to a contract correct?

It would be as binding so far as the judge agrees its binding, subject to:

Local laws (of which Britain, at least, has a law that I'm pretty sure would force the most favorable-to-the-consumer interpretation).

Legal precedent.

Exact details of legalese: did they define what they meant by "collect"? Is "collect" being used as specialized legal jargon that would exclude outside data harvesting unless otherwise defined?.

Potentially grey areas like "reasonable interpretation".

EDIT: Furthermore, the judge may just decree that whole clause illegal. No contract saying "this EULA lets us kill you at any time for any reason" would be legal, and external data harvesting is quite possibly identity theft. Contracts do not supercede the law.

Edited March 13, 2018 by Starman4308

[Cheif Operations Director]

[snip]

4 hours ago, Starman4308 said:

It would be as binding so far as the judge agrees its binding, subject to:

Local laws (of which Britain, at least, has a law that I'm pretty sure would force the most favorable-to-the-consumer interpretation).

Legal precedent.

Exact details of legalese: did they define what they meant by "collect"? Is "collect" being used as specialized legal jargon that would exclude outside data harvesting unless otherwise defined?.

Potentially grey areas like "reasonable interpretation".

EDIT: Furthermore, the judge may just decree that whole clause illegal. No contract saying "this EULA lets us kill you at any time for any reason" would be legal, and external data harvesting is quite possibly identity theft. Contracts do not supercede the law.

So this EULA doesn't do its job?

It wouldn't protect them...

Edited March 13, 2018 by Vanamonde

[Starman4308]

2 minutes ago, Cheif Operations Director said:

Also I recently asked if anyone was having problems with glitches. I tried verifying files and reinstalling. it didn't work... I remember this started happening when a transformer near me blew up. My mobile device flickered even though it wasn't plugged into anything. It could have been a well time coincidence. Could be connected? I highly doubt it but I'm not tech savvy... obviously...

So this EULA doesn't do its job?

It wouldn't protect them...

It would likely do its job of protecting them so long as they don't do anything utterly stupid like spy on their users.

For the N'th time, it is almost certainly not intended to permit spyware, it's intended to state "yes, we may need some data for things like in-game transactions, and you're giving us the right to collect the information as you submit it", except in legalese instead of English.

[Cheif Operations Director]

4 hours ago, Starman4308 said:

It would likely do its job of protecting them so long as they don't do anything utterly stupid like spy on their users.

For the N'th time, it is almost certainly not intended to permit spyware, it's intended to state "yes, we may need some data for things like in-game transactions, and you're giving us the right to collect the information as you submit it", except in legalese instead of English.

Instead of a firewall could you set up a program that would only detect an outgoing transmission?

[snip]

4 hours ago, Cheif Operations Director said:

Also I recently asked if anyone was having problems with glitches. I tried verifying files and reinstalling. it didn't work... I remember this started happening when a transformer near me blew up. My mobile device flickered even though it wasn't plugged into anything. It could have been a well time coincidence. Could be connected? I highly doubt it but I'm not tech savvy... obviously...

 

Edited March 13, 2018 by Vanamonde

[Vanamonde]

Things removed from this thread include: 

• Personal remarks
• Quotes of personal remarks 
• Bug troubleshooting
• The thread going off topic 
• Complaints about the thread going off-topic 

Please play nice and stick to the topic. 

[steve_v]

4 hours ago, Cheif Operations Director said:

Instead of a firewall could you set up a program that would only detect an outgoing transmission?

On GNU/Linux, I could hack this up with bash & netstat in a couple of minutes... On windows, you'd probably have to buy some "security product".

[artwhaley]

So, I asked my lawyer.   She required me to point out that this is general discussion, not legal advice and doesn't create an attorney client relationship and varies wildly by jurisdiction, especially since KSP has an international audience.   She also required me to take out the trash.  ((I'm dating a lawyer.))  She did a quick google and this is what she said.

EULA's are considered contracts of adhesion -  which doesn't outright invalidate them, but the courts generally recognize that they aren't entered into from an equal power relationship and there's no opportunity for fair negotiation, so when an issue comes up, the court WILL examine whether the provision in question was fair to start with (unconscionability) before trying to enforce it.  And where ambiguity exists, they will err on the USER'S part based on the principle of Contra Proferentem - preference against the draftsmen.  That's part of why they're worded so unfairly...  the court starts out scowling at the big company... so to get back to a point of fairness they try to make sure every definition is spelled out in THEIR favor.

US courts are split by circuit on EULA's in general, so where you live matters if you have to sue Take Two.  All of the cases where they've come up are generally decided with very narrow scope - the court says that this particular clause in this particular contract is enforceable or not...  intentionally not ruling broadly about whether types of clauses work in general.

No contract releases you from liability for negligence.   If Take Two doesn't take reasonable precautions with your data and it gets hacked- you can sue them and will probably win.   Same as all of the other companies that know a scary amount about you.   And likewise - if they take reasonable precautions and still get hacked - you probably weren't going to succeed at suing them whether you'd signed an EULA or not.  It's the same as those 'liability waivers' you sign when you do anything athletic or dangerous.  The principle function of those waivers is to make you THINK you can't sue them.   A business's due diligence cannot be waived or disclaimed.  That said - losing your name and address and the fact that you played KSP for 5000 hours isn't going to rise to the level of any sort of damages.  You're not that important.  Your identifying info is already in lots of public databases.   Pay 4 dollars to any of those 'find out who owns this phone number' websites for proof of that.  So giving it to another company or to Russian hackers isn't damages in and of itself.   Now if that company or those hackers find a way to actually hurt you... then you have damages.

EULA's 'set the tone' for a discussion, but they do not finish the discussion.   Of particular interest might be Specht v. Netscape Communications Corp., where the court found that the EULA was unenforceable because you could download and install the software BEFORE agreeing to it. 

I asked about the legality of changing an EULA long after purchase.  She said that her group of friends had discussed the topic a while back when Rockstar made EULA changes.  The general consensus in her office was it wasn't automatically void, and companies weren't obligated to offer a refund if you wanted out, but that if a term that had changed after purchase (and outside a reasonable return/refund period) was challenged in court, they were confident that it would be fairly easy to prove unconscionability of the new provision.   Before you invest a few hundred hours in a game, a take it or leave it clause is one thing.  Once you're way into a game, you're in even less of a fair position.

So...  the overall answer is - clicking yes on an EULA does NOT automatically transfer ownership of your soul just because they said so.   Your legal position if you have to sue is a LITTLE worse than if no agreement was in writing, but that any term you have issue with will be examined to figure out if it was legally valid in the first place at that time.

Edited March 13, 2018 by artwhaley

[frizzank]

The New EULA, Take2 and You...

I included sources so you know I'm not just spewing madness out of my rear end.

 

I don’t understand what the pitch forks and torches are for it’s a standard EULA.

No one can force you to sign a contract. You are free to decline the EULA. 

If you are a minor it is unenforceable.

If you can play the game without clicking accept then it is unenforceable. As is the case with KSP
https://en.wikipedia.org/wiki/Software_license_agreement#Shrink-wrap_and_click-wrap_licenses

You are legally allowed to backup data on your own computer for safe keeping (US law). 
https://www.copyright.gov/help/faq/faq-digital.html

You cannot enforce an illegal contract, or a contract with a minor. (If the EULA said you can’t make copies but you’re just backing up the data then that part is un-enforceable.)
https://en.wikipedia.org/wiki/Void_contract

If for some insane reason they did come after you for making a personal back up copy it wouldn’t go well for Take2. The courts would rule that the EULA was illegal, and it would void all the current EULA’s for KSP. This would give everyone free rain to do whatever they wanted with the software as long as it complied with general copyright law.

Edited March 13, 2018 by frizzank

[Wilhelm Kerman]

The problem so many people have with the new EULA (kinda including me) is that it is so much more authoritarian than the 'old' one. There are threads talking about Take Two putting spiders and/or probes into 1.4 to spy on you for whatever reason. Personally, I hate the new EULA. But I don't think it will impact my gameplay to a serious extent. I don't live in the US, and I have never been there, so I don't abide by US law. No one will stop me keeping good 'ol 1.3.1 on my computer as well as 1.4.

[frizzank]

I like how people just make up stuff with nothing to support it.

An example of how this fictitious spider would play out for Take2

https://www.networkworld.com/article/2998251/malware-cybercrime/sony-bmg-rootkit-scandal-10-years-later.html

Quote

The company recalled products, issued and re-issued rootkit removal tools, and settled lawsuits with a number of states, the Federal Trade Commission and the Electronic Frontier Foundation.

 

Edited March 13, 2018 by frizzank
sources

[micha]

I think for most people the bigger issue with the new EULA is that it effectively gives Take Two ownership of all player-generated content, AND that it makes modding the game technically illegal despite Squad and Take Two having stated that they want to continue to support modders.  Other games published by Take Two continue to have a modding community, under the same EULA, but that's contravening the EULA whether or not it's currently being tolerated. Legally it's shaky grounds (and yes, I realize that it's hugely unlikely for Take Two to go after an individual modder, I'm just saying..) and without explicit amendments to the EULA to allow modding, that's where we stand.

These clauses are fairly standard for modern game companies, but is a change and a very big deal for some mod authors. Ultimately it might (or already has) dissuade people from modding this game, which is something that has had a huge impact on the games' popularity.

The making personal backups/copies issue is unenforceable/minor at best.

While the removal of the "Send data" checkbox and additional sending of data is also a concern to many, this is easily solvable with a properly configured firewall.

[katateochi]

3 hours ago, Wilhelm Kerman said:

There are threads talking about Take Two putting spiders and/or probes into 1.4 to spy on you for whatever reason

People have said that, but there's nothing to actually support that happening. The only bit of hard data I've seen is in this comment

which shows the sort of data KSP is transmitting, and it's all perfectly fine. In fact, I think it's rather minimal. I'd actually like to see KSP collecting more info like crash reports and analytics (like average part count of crafts, average frame rate, etc), because all of those provide the devs with good information about their user base and how they use the software and that helps make things better for all.

[Harry Rhodan]

9 minutes ago, micha said:

AND that it makes modding the game technically illegal despite Squad and Take Two having stated that they want to continue to support modders.

It doesn't. People really need to understand that "modify" has a different meaning here. It prohibits people from reverse-engineering and breaking up the game files, it is not illegalizing mods that use the official API the game is offering for modding purposes.

[micha]

8 minutes ago, Harry Rhodan said:

It doesn't. People really need to understand that "modify" has a different meaning here. It prohibits people from reverse-engineering and breaking up the game files, it is not illegalizing mods that use the official API the game is offering for modding purposes.

"reverse engineer, decompile, disassemble, display, perform, prepare derivative works based on, or otherwise modify the Software, in whole or in part;"

Many mods do exactly these things.  Furthermore, a lot of mods use APIs (or have figured out -how- to use such APIs) by reverse engineering the game files rather than only relying on "the official API [and documentation] the game is offering for modding purposes".

Also, the "meaning" of a legal statement can only be determined in a court of law. I very much doubt it would ever come to that, but as I said, for some people, the uncertainty is enough.  And -that- is the reason for a lot of the uproar here.

Personally I couldn't care less (and I maintain a few mods), but hopefully this clarifies to the OP what the main issue is that some people have with the new EULA.

[Renegrade]

2 hours ago, frizzank said:

You are legally allowed to backup data on your own computer for safe keeping (US law). 

 

https://www.copyright.gov/help/faq/faq-digital.html

 

From that self-same copyright.gov site, which, by the way, you linked from a Steam link:

It is also important to check the terms of sale or license agreement of the original copy of software in case any special conditions have been put in place by the copyright owner that might affect your ability or right under section 117 to make a backup copy. There is no other provision in the Copyright Act that specifically authorizes the making of backup copies of works other than computer programs even if those works are distributed as digital copies. 

Note that music and video are NOT covered as "computer programs", and you might find that 3D models and other related assets aren't "computer programs" either.  And a scary thought occurs to me - KSP is a C#/mono project, which means that it turns into bytecode, like Java does, not actual executable code (the CLR/mono does that dynamically at runtime), and could very well also not be a "computer program" in some contexts.  Also, be advised that great deals of the US's copyright law have been superseded and/or rendered moot by the Digital Millennium Copyright Act, which more or less prohibits the doing of ANYTHING.

Also, that's all about "Fair use", which is this nebulous thing that's often failed people at the worst possible moment.

Consider too, this scenario: the police raid your place and seize your equipment, totally in error, but then discover that you have illegal backups.  They're going to want to prove wrongdoing at that point to justify their raid and seizure....

From the Wikipedia article you linked (again, from a steam link):

Whether shrink-wrap licenses are legally binding differs between jurisdictions, though a majority of jurisdictions hold such licenses to be enforceable. 

Whoops.

By the way, are you an attorney, offering this as free legal advice?  Before answering this question, remember that answering in the affirmative might open you up to damages should it result in convictions etc.

I'll maintain that while the more paranoid people are being a bit "chicken little" about this, but the EULA is not a reassuring one.  It's the sort of we-own-you-now crap you'd see out of EA or Ubisoft.

1 minute ago, katateochi said:

 I'd actually like to see KSP collecting more info like crash reports and analytics (like average part count of crafts, average frame rate, etc), because all of those provide the devs with good information about their user base and how they use the software and that helps make things better for all.

I'd rather not.  Developers NEVER, and I mean NEVER look at that info unless it's attached by hand to a well-written bug report (and then ALMOST NEVER look at that bug report anyhow).  And that opens you to man-in-the-middle attacks, and/or poor security on the opposite end.

3 minutes ago, Harry Rhodan said:

It doesn't. People really need to understand that "modify" has a different meaning here. It prohibits people from reverse-engineering and breaking up the game files, it is not illegalizing mods that use the official API the game is offering for modding purposes.

Hey, what's this?  There's this weird .csproj file in the mod I made a ways back:

  <ItemGroup>
    <Reference Include="System" />
    <Reference Include="Assembly-CSharp">
      <HintPath>..\..\..\KSP_1.0.4\KSP_Data\Managed\Assembly-CSharp.dll</HintPath>
    </Reference>
    <Reference Include="UnityEngine">
      <HintPath>..\..\..\KSP_1.0.4\KSP_Data\Managed\UnityEngine.dll</HintPath>
    </Reference>
  </ItemGroup>

I suspect this is a lot like linking.  Linking with software with various licenses has proven problematic in the past, which is why stuff like this exists:

https://en.wikipedia.org/wiki/GPL_linking_exception

(and the GPL is a friendly, lets-all-share-and-be-kind-to-each-other license, not the we-own-you-now BS that exists at http://www.take2games.com/eula/ )

Are YOU now offering this as free legal advice, by the way?

[micha]

17 minutes ago, Renegrade said:

I'd rather not.  Developers NEVER, and I mean NEVER look at that info unless it's attached by hand to a well-written bug report (and then ALMOST NEVER look at that bug report anyhow).

 

Offtopic nitpick: Not true. I know for a fact (because I've had to work on a couple) that automated crash logs and telemetry DOES get looked at. We take stability fairly seriously... YMMV.

Regardless, IMHO, it should always be OPT-IN, no matter how "useful" the developer/publisher of a piece of software may think a particular set of data collection is (either for themselves or their customers), and there should always be a way for customers to disable any such functionality.

Standard Disclaimer: These opinions are my own and in no way reflect the opinions of any employers, past, present, or future, that I may be employed by.

[Renegrade]

7 minutes ago, micha said:

Offtopic nitpick: Not true. I know for a fact (because I've had to work on a couple) that automated crash logs and telemetry DOES get looked at. We take stability fairly seriously... YMMV.

YMMV indeed, none of the places I've worked at have ever looked at those.  In fact, the most recent one had a cron job to delete those things...hourly.  Plus, without user context, it can be tricky to figure out what happened leading up to the dump.

7 minutes ago, micha said:

Regardless, IMHO, it should always be OPT-IN, no matter how "useful" the developer/publisher of a piece of software may think a particular set of data collection is (either for themselves or their customers), and there should always be a way for customers to disable any such functionality.

Totally agreed.  I used to pay for my internet bandwidth (and may have to again at some point in the future), and while that data isn't likely to incur additional charges (especially if it avoids full-on process space dumps..ugh, that would be nice and big), I'd rather not pay for that extra gigabyte during a bandwidth-intense month.  Plus occasionally, if the internet goes down, I tether through my phone for connectivity, and OH MY EFFING GOD do those guys like to bill.

Plus I really hate the Windows behavior where it's doing it's version of that crap ("looking online for a solution..") as it delays the re-launch of the game or program.  Plus it's hidden the actual crash code (what we'd call a 'guru code' in the old days heh), which is often useful for me.

Man, I miss the days when the TCP/IP stack was separate software.  Not in having to install that software, but things didn't assume they had free reign to do whatever on the 'net.

 

[Kerbart]

Thank god, a thread about the new EULA. It’s about time we start discussing it.

[micha]

4 minutes ago, Kerbart said:

Thank god, a thread about the new EULA. It’s about time we start discussing it.

Well, it is at least another couple of hours before 1.4.1 drops...  :-D :-D :-D

[katateochi]

39 minutes ago, Renegrade said:

I'd rather not.  Developers NEVER, and I mean NEVER look at that info unless it's attached by hand to a well-written bug report (and then ALMOST NEVER look at that bug report anyhow).  And that opens you to man-in-the-middle attacks, and/or poor security on the opposite end.

Speaking as a dev, I depend on that information. Info that users manually submit is poor at best and very skewed, but automatic error collecting is fantastic,  so long as it's properly aggregated. As a dev I don't care about each report, I care that suddenly there's a spike in one particular error, or (as a web dev) about the speed of requests and being able to see which requests are being slow helps me make improvements to the places that need it.
Well written bug reports are like unicorns, and honestly, about as useful. Properly aggregated automatic stats and error logs is where it's at.

I know some places just collect reports because someone higher up thought it would be a good idea. And yes, that's useless and never gets used. But there are some fantastic tools out there which collect and aggregate the data and present a graphical overview and those are really useful. 

[nightstalker101s]

That's nice to hear. 

Edited March 13, 2018 by nightstalker101s

[Kernel Kraken]

The only problem I really have with the new EULA is it illegalizes modding. Unless im reading it wrong.

Wanna know how to start a flamewar?

T2 is allowed to put spiders in the game.

Boom, flamewar!

[Renegrade]

5 minutes ago, katateochi said:

I know some places just collect reports because someone higher up thought it would be a good idea. And yes, that's useless and never gets used. But there are some fantastic tools out there which collect and aggregate the data and present a graphical overview and those are really useful. 

Literally every place I've worked at, consulted at, worked with, etc, has been like that.  And they weren't small places either, but places who could buy Take Two with petty cash.  Names you'd recognize.  Places that have had Superbowl ads.  In fact, the bigger they are, they less they seem to care.  Not that the smaller ones did anything either, but they were more along the lines of a regretful "we don't have the manpower to look at this" rather than a dismissive "whatever, we'll set up a cron job to delete this trash".

In any case, DO NOT do this without OPT-IN user permission, AND if they agree to it, do it with total transparency (as in, human-readable text output of ALL data being sent).  In fact, I suspect it's illegal here in Canada to collect said data in an opt-out or non-optional fashion.  I strongly recommend consulting an attorney before implementing it any other way.  And then not doing it in any underhanded way even if said attorney says it's fine, as you don't really want to be the very first case that establishes the new precedent regarding responsibility in MitM or data theft incidents.

 

[mjl1966]

The way I read it is that modders forfeit their copyright for mods to Take Two.  This is not new.  The same thing applied with Squad.  Mods have belonged to them from day one.  The old EULA had similar language regarding user-generated content.  In practical terms, this means the company can incorporate mod content into the game they distribute - something we've seen happen for years.  Mod functionality has crept into the main release for a long time now.

The legally "interesting" thing here to me is that they are attaching a copyright contract to an EULA.  Copyright contracts generally require offer, consideration and acceptance.  The reason being is that it's actually quite a big deal.  The language used in the EULA is very similar to language you see in publishing contracts, where the publisher gets all rights, everywhere on all media.  It's what's known as an "all rights" contract in the publishing industry.  And many writers, including myself, refuse to play.

The thing about copyright is this: it goes for 70 years after the author dies.  Once you sign over that copyright, you lose all control over your IP.  Well, it looks to me that's what's happening here.  But, again, this is not new.  Mods have always been signed over to Squad and now Take Two.

While I expect this is to allow Take Two to continue to include mod functionality in their main release, I doubt it will be otherwise disruptive to the modding community.  i.e. - I don't see them scooping up mods and saying, "Mine!" and shutting out the mod community.  Let's face it, the modding community is responsible for much of the improvement of KSP over the years as their code has slowly crept into the main release. 

In general, I don't see a whole lot has changed except for the language regarding our consent to allow them so snoop around on our computer.  I'd be curious to see if there is any case law on that sort of thing.  EULAs are supposed to govern the use of the IP in question, such as a game.  Attaching a whole bunch of riders granting permission to do other stuff that is beyond the scope of just using the software - I'm very curious to know if that sort of thing can be brought into effect under the guise of licensing.  It's an interesting legal question and I'm not sure it has been definitively answered in the courts.