Whys of Tarsnap Terms and Conditions

Why do people have to use unmodified Tarsnap client code?

In designing Tarsnap, I had to make trade-offs at several places between making the client as efficient as possible and making the server efficient enough that I can run it cheaply. There are places in the Tarsnap client code where it looks like "optimizations" could be made; but if people start making those changes then I'd need to detect this on the server and adjust the pricing formula so that those users pay extra to compensate for the increased load they're placing on the server... so it's much better just to say "don't do that".

That said, if you have a great idea for improving the Tarsnap client code, I want to hear from you. Ideas are great; patches are even better, of course. Send me an email.

Why do I reserve the right to provide information to law enforcement authorities?

Short answer: Because there are some situations where it would be reasonable, and I want to be able to apply my own judgement in determining when those situations are.

Long answer: International law is painful, particularly where things like search warrants are concerned. My (very limited) understanding of the law is that because I'm in Canada, if any non-Canadian police force wants to compel me to provide them with information, they need to talk to their Canadian counterparts and get a Canadian court to instruct me to hand over the information. This would probably take a lot of time and effort for people involved; and honestly, if someone is using Tarsnap to help them break the law (e.g., if they're creating backups of child pornography) I want to be able to help the police.

However, I'm serious about saying "at my sole discretion" — if a law enforcement agency wants information, they'd better have a good reason for asking for it... and I don't consider the NSA saying "we want to have all the information you have, just because we feel like it and someone somewhere might be a terrorist" to be a good reason. Also note that unlike the situation with certain illegal wiretaps, I can't give your data to anyone, because it's all encrypted such that I can't read it.

Why do I reserve the right to provide information about your account if I believe that doing so is in your interest?

Because in June 2004, Dan Langille's laptop was stolen and was seen on MSN, but Microsoft wouldn't tell Dan where the laptop was. If your laptop gets stolen and connects to the Tarsnap server to do an automatic backup, I don't want to be in the position of worrying about whether it's ok for me to tell someone who I think is you but might conceivably not be you what IP address your laptop connected from.

Why do I reserve the right to provide information about your account if it is necessary in order to keep Tarsnap running or to diagnose or fix problems with Tarsnap or another network?

This one is simple: Things break, and I want to be able to fix them. For example, if I get a phone call from a network administrator saying "hey, my network is falling over because lots of machines are sending huge volumes of data to your server", I want to be able to say "right, go talk to you@yourdomain.com, because he's the guy who set up fifty machines to do their backups at exactly the same time".

Why do people have to pay in advance to use Tarsnap? Why can't you just bill credit cards at the end of each month?

There are three major reasons for this:

  1. Predictability. This way, you're not going to get surprised with a large bill at the end of the month, and I'm not going to get surprised by someone not paying their bill.
  2. Simplicity. Keeping a list of credit card numbers (securely) and charging them at the end of each month is complicated; dealing with expired/cancelled credit cards, failed charges, etc. would just add to the headaches.
  3. Economics. Many people using Tarsnap have less than 1 GB of data stored — that is, they're using less than $0.25/month of storage. Given that credit card processors typically take a fee of about $0.30 + 2.5% to charge credit cards, charging credit cards every month for such small amounts would be a horrible waste of money — whereas having someone deposit $5 which lasts them for the next 20 months works out quite reasonably.

Why do you need names and addresses of Canadian Tarsnap users? Why can't they remain anonymous?

I have to remit GST/HST to the government, and the rate depends on where you're living. Arguably this only requires me to know which province you're in, but the regulations refer to businesses collecting customer addresses and I don't want to get into arguments with the Canada Revenue Agency about whether asking for the province alone is good enough.

Similarly, I'm required to provide invoices which show your name, and I can't do that if I don't know your name.

What's up with the weird price for British Columbia residents?

Section 188 of the BC Provincial Sales Tax Act prohibits advertising that sales taxes "will be assumed or absorbed by the [vendor]", "will not be considered as part of the amount payable", or "will be refunded". This is, of course, the exact opposite of what happens in Europe, where VAT is required to be included in advertised prices. Alas, Tarsnap is based on British Columbia, so it has to conform with British Columbian legislation, no matter how idiotic.

So instead of charging 250 picodollars including tax, like I do for all other Canadians, I give British Columbians a 3/28ths discount, then add sales taxes. Google, of course, can tell you what 223.214285 plus 12% tax works out to.

Why should anyone agree to terms and conditions which you can unilaterally change?

There are some things which I will almost certainly have to change in the future. One likely point of adjustment is paragraph 7 — I hope that I will be able to lower the price I charge people for using Tarsnap at some point — while another is in paragraph 10 — there will probably be a more streamlined process for closing an account and withdrawing unspent funds than "send me an email" at some point.

Given that you will always have 30 days' notice before being bound by any change (I'm presuming that if I lower the price, nobody will insist that they want to be charged the higher rate, but for anything more serious than that I certainly plan on giving at least 30 days' notice of any changes), I don't think this is a big deal.