[lawtalkinghuman]

I mean, contractual terms that are implied by statute exist. In English consumer contract law—which since 2015 has been extended due to the EU Consumer Rights Directive to cover digital content—includes an implied term that the goods are of satisfactory quality, and when it's a continuing service (including something like a digital content service like Netflix or Spotify, or a software product with updates), it doesn't radically depart from what's initially offered.

See https://www.legislation.gov.uk/ukpga/2015/15/part/1/chapter/...

Most jurisdictions have something broadly similar (albeit often not quite up-to-date around software and digital products). Everywhere in the EU will have laws that implement the EU's Consumer Rights Directive.

Which is great and would apply if you'd paid money for it. NightOwl is free (as in beer). The expectations the law sets out regulating the sale of goods and services do not apply when no money has changed hands.

Which I'd argue is pretty much right: while it sucks that companies get taken over and have spyware crap put into products, the idea that, say, a teenager who is hacking around and building stuff to learn how to code, puts up a project they've made as open source or a freeware download, does something silly like the left-pad debacle, then gets sued—potentially by a big corporate behemoth with very deep pockets and very scary lawyers—for a series of acts which involved them writing some software for no money. Regulation of technology should rest far heavier on the shoulders of Google, Microsoft, Apple and so on than it does on a hobbyist or small indie dev creating freebie menubar utilities or Chrome extensions or whatever.

The difficulty of ensuring those little freebie and open source apps don't become a vector for supply chain attacks remains difficult. Much better sandboxing and OS app-level permissioning, good network monitoring and anomaly detection on a per-app level, and building trust into packaging/distribution processes - these are all slow, grinding, incomplete ways to improve this. Lawsuits probably aren't.