This might sound like a legal question, but I’m looking for a technical solution.
Like many apps, mine has a Terms and Conditions page, which new users must agree to before availing of my services. This is handled by a True/False checkbox.
The problem is, I as the app administrator have the ability to edit the database and change the True/False record of any user. So, if a user did not agree to my terms, and then violated one of those terms, I could change the database to make it look like they did agree. I know this may sound trivial, but I’m thinking about what might happen during a dispute resolution case. How can I prove that the user really did check the “I agree” box?
Is there any technical way to do this? And is it even an issue?
I never thought about this really, not sure how important it is.
But you could have a slack notification via slack API which sends a message to channel when the user signs terms and conditions. That timestamped message would be pretty good proof as you couldn’t fake it later on.
you can generate a pdf of your general conditions, signed by the client with the signature component, and timestamped. then you store the pdf and send it by email
Hi,
I think from a legal perspective @bioveneris has a good solution and @theadaloguy a global solution. One way for example if we talk about Europe and GDPR, what I do in my websites is:
Toggle box to accept the T&Cs and GDPR, user cannot advance without ticking it.
The acceptance is sent to an external database that only I have access, no other admins can “manipulate” it.´
Register User IP in the moment of registration (This can be mocked of course, but don’t think everybody will think about this lol, unless someone wants to harm your website)
If other people have access to the external database or any database, use a database where you can have logs. So if anyone tries to make any change, it will always be registered and cannot be “manipulated”.
You can also after registration, send those terms to confirm he ticked the box and registered and a code to email, that he can only access website after adding the code to validate the registration. This means that he voluntarily read the email and accessed the website.
Another way of doing this is not storing any information related to a user accepting the terms and conditions because you don’t provide a checkbox.
Many sites and apps have it like “By continuing, you agree to our terms and conditions, and privacy policy”. Or “By signing up, you agree to our terms and conditions, and privacy policy.”
As an option: if you’d like to achieve 100% technical proof, store the response in a blockchain. Not sure how feasible is this for this particular case though
Thanks all, for several great suggestions. I agree, this may not be that important, but it crossed my mind. I’ll post again once I decide what I’m going to do.
