« FDA Releases Guidelines For Apps And Wearables For Fitness And Health | Main | Security Flaws Place 900 Million Android Phones And Tablets At Risk »

Monday, August 08, 2016


Feed You can follow this conversation by subscribing to the comment feed for this post.

Chanson de Roland

Years ago, I used Hulu. But then, along with the rest of the industry of online services, Hulu discovered the vast amounts of wealth that could be had from collecting its customers/users’ (Customers) personal information. As a result, Hulu then imposed one of the most privacy-compromising and legally unfair terms of service and privacy policies as could be seen anywhere. Now, from what the Editor reveals, Hulu has only gotten incredibly and appallingly worse.

Now Hulu not only collect its Customers’ personal information but it does so in conjunction with others across the web and across virtually all of its Customers’ devices, and it does so by every available means. Hulu also deprives its Customers of any just and effective forum, the courts, for settling their disputes with Hulu. Taken together, the price of using Hulu is not only its subscription but also all of your information about what you do on the Web, as Hulu and its partners can collect that information by any and every available means.

Yet there is one new incredibly powerful and dangerously insecure means that I hadn’t seen others employ, and that is the SDK. An SDK, which stands for Software Development Kit, is a complete environment for developing applications. Depending on the capabilities of the an SDK, it can be used to develop applications that can do almost anything on one’s computing devices (e.g., personal computer, smartphone, etc.), including changing how the operating system works, how the browsers on one’s device works, how any application on one’s computing device works. This is incredibly powerful stuff. And it is incredibly dangerous, because, if there is a security breach at Hulu, any of its partners, or of any SDK, the person responsible for that breach could be capable of completely controlling one’s computing devices, with all the harms that has led to and which have been reported on in the press, including this blog.

And, if these harms happen, what remedy do Hulu’s Customers have? Well they are limited to binding arbitration, which has much less power than a court to compel discovery and impose various type of remedies beyond damages, as well as establish precedents of law. And binding arbitration has shown itself to be as expensive, if not more so, as litigation for individual plaintiffs. Yet, since Hulu’s agreements bar class actions and restrict damages to the much more limited damages of binding arbitration, it is highly unlikely that any other than a very wealthy plaintiff could afford to pursue arbitration, and even for such a person, it is unlikely that damages that could be obtained would be worth the costs of obtaining them. So, while dramatically increasing the scope and extent of the invasion of its Customers’ privacy and adding an extremely dangerous new vector for malware, the SDK, to their computing devices, which hitherto had been limited mostly to developers of operating systems, who are the only ones with the resources to secure SDKs, Hulu so completely limits its Customers’ remedies for any wrongs and harms as to deprive them of any practical effective remedy for wrongs and harms that it causes or is otherwise responsible for doing to them.

It seems to me that Hulu should be paying Customers to subscribe to its service, and should be paying a lot, rather than Customers paying Hulu.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)


  • Updates via E-mail RSS Feed Updates via Twitter Updates via Facebook


  • Bloggers' Rights at EFF
  • George Jenkins, author of the I've Been Mugged Blog


  • © 2007 - 2017. George Jenkins. All Rights Reserved.


  • <$MTStatsScript$>