Slash Boxes

SoylentNews is people

posted by martyb on Saturday September 12 2015, @12:58PM   Printer-friendly
from the unacceptable-acceptable-use-policies dept.

Is it just me or have ISP (Internet Service Provider) terms and conditions gotten a lot more one-sided about what you can't do and what they can do?

I was considering switching to the new Vodafone Connect broadband and phone service as there are some nice discounts for existing Vodafone customers (and I've had enough of BT's high prices for FTTC) but reading through the text of their Acceptable Use Policy (AUP) has caused me to think again. I'm sure a lot of the text in the agreement is fairly standard, and to be honest it's been a while since I switched providers, but some of these terms seem rather overreaching. For example:

2.7. You must not use the Vodafone Connect Services to access, download, send, receive, store, distribute, transmit, upload or in any way deal with material or data that we deem:

i. to be offensive, threatening, defamatory, racist, abusive, harassing, invasive of privacy, obscene, harmful, indecent or menacing;

Those words cover one hell of a lot of territory... sorry, did you deem my use of the "H" word offensive? What if I'm in a private chat with a friend and he calls me a "####" so I tell him to "#### off"? Use your imagination, we could be covering offensive, abusive, obscene and indecent right there (if not more).

Further on there's a section titled "Actions we may take" (where "we" is Vodafone) and this one really got my attention:

[More after the break...]

4.1. We may, at our sole discretion, run manual or automatic systems and monitoring in order to ensure that you remain compliant with the terms of this AUP at all times (for example we may scan for open mail relays, or open proxy servers). By accessing the internet via our Vodafone Connect Services you are deemed to have granted us permission to access and monitor your computer systems and networks.

So just by using their service I've given permission for them to access and monitor all my systems and networks! Well, given that they bought Cable & Wireless they do have a history of working closely within the surveillance system. Funny though, that they deem it acceptable to "access and monitor" my systems when earlier in the AUP it states:

2.11. Without the explicit permission of the relevant operators you may not run "scanning" software which accesses remote machines, networks or other computer systems.

Of course, they've got the usual "we can change this document at any time without explicitly telling you, and continuing use of the service means you agreed to any new conditions we've set" (See section 1.3) and finally you better not ever get a virus (goodbye Windows users):

2.13.You must ensure that your computer systems and network are not configured in such a way that others are able to exploit them in order to disrupt the internet or any other third party network. This includes but is not limited to ensuring that your network cannot be exploited as an open mail relay, open proxy server, or as a component of a wider network used in denial, or distributed denial of service attacks by third parties.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday September 12 2015, @09:46PM

    by Anonymous Coward on Saturday September 12 2015, @09:46PM (#235708)

    so hey,

    I am curious about this "just add a VPN!"

    Where, exactly, is one doing this? Don't tell me some other end point that isn't under the user's control. that isnt much better. you never get a chance to agree or disagree to the VPN endpoint's eula.

    What you agree to with the VPN provider may have nothing to do with the antics that their ISP does to them.

    People seem to now call VPN a type of security that the same types of people had called NAT, once upon a time. Security through obscurity. The problem is with the VPN is that yes you are secure to that endpoint and then you go out their NAT. If you were being spied on, your VPN would be allowed and then they'd just watch where the traffic came out.

    NAT never stopped anyone from watching, NAT only stopped from direct connections from the outside without a prior hook to a device behind the NAT itself.

    VPNs are just as vulnerability to ignorance of its use and purpose as was NAT.

    Your traffic is only obscured between you and the end point; for all you know everything unencrypted after leaving the tunnel is being sold or watched. If *privacy* is your concern, all it will do is ensure that your ISP sends you generic ads as opposed to specific ones. If security is your concern, then why are you surfing the web over a VPN to an uncontrolled endpoint and logging into various places that clearly reveal who you are?

    If privacy and security are your concerns, the advice is invalid and I'd suggest rethinking how to avoid being seen. Hiding behind one of two bushes will still get you blown up and exposed...

  • (Score: 0) by Anonymous Coward on Sunday September 13 2015, @04:01PM

    by Anonymous Coward on Sunday September 13 2015, @04:01PM (#235904)

    Hence sit under a rock in the woods and wait for the rock to fall on head.

    nothing is prefect.

  • (Score: 2) by gidds on Monday September 14 2015, @01:17PM

    by gidds (589) on Monday September 14 2015, @01:17PM (#236234)

    Good point.

    From what you say, using a VPN isn't solving the problem, just moving it somewhere else.

    If you have somewhere else that is safe, secure, under your control, and not filtered or redirected or throttled, then fine — but what about those of us who don't?  Perhaps, like free IP4 addresses, the long-term solution isn't to fight over the remaining ones, but to arrange something better.

    [sig redacted]