Trying to Decipher that EULA? Better Have a PhD

By Josh Catone
We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now

This week, amid all the hype around the Google’s Chrome browser, there was a mini-controversy over the EULA that came with Google’s new toy. The EULA, required users to “give Google a perpetual, irrevocable, worldwide, royalty-free, and nonexclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.”

That sounded ominous to many users — why should Google have a right to do whatever it wants with what you do when using Chrome? As it turns out, Google reuses its EULA language as much as possible, and so occasionally stuff will sneak in that doesn’t really apply. Google quickly responded and changed the offending text, which now reads, “You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.”

The “controversy” highlights something important, though: the text of things like EULA’s and privacy policies are necessary for users to read but often times they are so long and difficult to comprehend that they are more likely to be skipped over. To be fair, Google’s Chrome EULA actually rates as one of the easiest to comprehend, but it is still lengthy — weighing in at over 4,000 words — or about 10 pages in Times New Roman 12 point. It’s unlikely that most users would ever read it, and the offending text only came to light after a tech journalists noticed it (i.e., not your average users).

Erik Sherman over at BNet decided to see just how easy the tech legal documents we encounter every day are to read and understand. Sherman looked at 23 tech company privacy policies and graded them on a scale that went from 0-19+. The following chart shows comparable reading material by score so you can judge approximately what it would be like to read these policy documents.

SMOG Grade Level Reading Material Example
0-6 Soap Opera Weekly
7 True Confessions
8 Ladies Home Journal
9 Reader’s Digest
10 Newsweek
11 Sports Illustrated
12 Time Magazine
13-15 New York Times
16 Atlantic Monthly
17-18 Harvard Business Review
19+ IRS Code

The result was an average privacy policy weighing in at 3,442 words and an average reading level of 15.77 (Sherman averaged three scores, including the SMOG) — or somewhere between the New York Times and Atlantic Monthly. That hardly makes understanding these documents rocket science, but it is also far above what you’d expect in order to effectively speak to a broad base of users. That indicates that these companies generally don’t care if their users can understand (or will bother to read) the legal documents they’re expected to agree to in order to use the products or services offered.

The worst offender on Sherman’s list was Insight Communication, which scored a whopping 20.78 — which means reading their privacy policy was akin to reading the US tax code. Or in other words: no one will actually bother. The most readable was Yahoo!’s, but at 5,500 words, it was also the longest. Or in other words: no one will actually bother.

Google’s Chrome EULA actually stacks up pretty well, in terms of readability it landed at an 11.77 average score using Sherman’s method. That’s easier to comprehend than anything on Sherman’s list of privacy policies, but the 10 page length still makes it a daunting read for the average user. Google Chrome privacy policy is actually quite good at a 12.15 and 1,100 words. Readable and pretty short.

The best user-facing legal document we’ve seen in the tech world over the past few months came from Cuil. Their privacy policy is just 520 words long and scored a very readable 12.29 using Sherman’s method. Another great privacy policy is the one from Bill Monk. It’s just 733 words in length and scores a 10.01 — making it perhaps one of the most easy to read legal documents on the web. (Funniest policy goes to Something Awful — their serious version isn’t bad either. It scores poorly on the comprehension test, but is under 200 words, making it very manageable.)

The lesson: make your privacy policy, EULA, and other user-facing legal documents as short and as easy to comprehend as possible. Your users will thank you (and you might even score some free press by bucking the trend and actually putting out a legal document that mere mortals can understand).

We teamed up with SiteGround
To bring you the latest from the web and tried-and-true hosting, recommended for designers and developers. SitePoint Readers Get Up To 65% OFF Now
  • The result was an average privacy policy weighing in at 3,442 pages

    I sincerely hope you mean 3,442 words, not pages! Three thousand words is bad enough.

  • Thanks Tommy, nice catch. :)

  • Desmond K

    I can’t remember the last time I read one.

  • Jack Matier


  • Michel Merlin

    Do NOT read any EULA

    Most EULAs would not stand 5 minutes before a court (if a real one still existed in 2008), because uselessly too long (making them actually NOT read by most people involved), too unclear and ambiguous (making them inapplicable), and above all, containing clauses that are illegal, unjust, ineffective or illogical. For instance, most include clauses allowing the big party (the company that is publishing the software or operating the telecom or web service) to change that “contract” unilaterally (such clauses being usually hidden behind an opposite appearance), or more generally allowing the big party to violate the core of the obligations, while holding the small one to those same obligations.

    Many obvious solutions would be possible if there were not a strong intent to deceive customers on a large scale. One is to write a General Public EULA (that could be 5-10 page long). Then each Particular EULA would be only 1-page long, since referring to the GPEULA for all the long common language. The total length the End User would have to read and learn would be much shortened; but even better, the daily instance (when you hit a PEULA to approve) would always be very short. That solution is the one that was used on a very large scale some decades ago for public contracts in French civil works, and probably in most other countries as well; in applying them as designer, or contractor, or redactor, I could experience their high efficiency and fairness. This was in fight against bad intents; unfortunately in the current era those bad intents have become the majority and have overwhelmed all organizations, down to writing those EULAs.

    As long as none of these obvious solutions is applied, the EULAs proposed can’t be honest; reading one would be just helping the bad ones further deceive citizens. In conclusion:

    Citizens should so far NEVER READ AN EULA.

    Versailles, Fri 5 Sep 2008 16:18:20 +0200