Cable Firms Limit Users' Freedoms

Passacaglia writes "An article in the Washington Post reports that a coalition of companies, including Dell, Microsoft, IBM, Sun, and even the BSA, have filed a report with the FCC complaining about how cable providers are placing restrictions on how subscribers use broadband access. This is in the wake of the recent FCC ruling that cable providers need not open their networks to competition from outside ISPs. The restrictions include limits on VPNs, servers, and many things that would make broadband really worth having." Meanwhile, TWC sent nastygrams to people it suspects are using unsecured wireless networks, skimming the info from the public database of wireless access points.

Text version of letter

Dear xxxxxxxxx;

We have information indicating that you or omeone using your Road Runner account has been transmitting the Road runner service over a wireless network so that anyone with a wireless network card can tap into our service without authorization from us.

Use of your account for this purpose violates your subscription agreement and our Acceptable Use Policy in a number of ways, including Paragraph 5(d) of the agreement, which states that subscribers are prohibited from reselling or redistributing the service, or any portion thereof, whether for a fee or otherwise. This activity also violates a number of federal and state laws, including 47 U.S.C. 553, which allows for civil remedies of up to $50,000.

You should be aware that this is a very serious problem that goes beyond the theft of our services. Individuals utilizing the Road runner system in this manner to carry out criminal activity, would be able to do so in an anonymous manner. In such circumstances, when law enforcement attempted to trace such activity, the trail would end with your account.

It is not our desire at this time to sue you, and we assume it is not your desire to allow unknown users to anonymously plan criminal acts through your account. However, your wireless broadcast of the Road Runner service must cease and desist.

If we do not receive written assurances from you within three (3) business days of this letter that your account will not be utilized in this manner, or if the unauthorized use continues, we will suspend your account and we may pursue our legal remedies. Your written confirmation should be sent to:

Gregory Powell
Abuse and Security
Time Warner Cable of New York City
41-61 Kissena Boulevard
Flushing, New York 11355
Internet.security@twcable.com

Please contact Internet Security directly at either (718) 670-6621 or internet.security@twcable.com if you have any questions.

Sincerely,
Gregory Powell
Abuse & Security, Supervisor
High Speed Online Services
Time Warner Cable of NYC

Re:It all comes down to the users. And how!

[Combuchan]

I wholeheartedly agree that people should be able to run 'low-bandwith' daemons--provided they stay low bandwith. The problem is that 95% of your cable company's customers haven't heard of sshd, 4.9% have, and .1% actually want to run an sshd server. Sorry, you're not in the target market.

Let's explore this further. I should be able to run a low-bandwith web server and serve small personal pages. However, the reality of the other 99% of the customers is this: Code Red/Nimda. Idiots who didn't even know they had a webserver running got wormed and turned a low-bandwith web server into a massive pipeleech that made my Internet connection horrendously slow for about two months and logged tens of thousands of 404's to apache running off my cable. You mention you want to run sendmail. You gonna leave that an open relay? No, I'm sure... but a majority of everybody else who would run an MTA (either accidentally (it came with my WinInternetSharingProgram32 Lite!)) or purposefully isn't smart enough to lock it down, and this further compends the spam problem. Same with people who run NNTP servers and screw up news for everyone else.

Broadband customers as a whole are too irresponsible to run servers and should be prohibited from doing so. That's why this is prohibited in the Accetable Use Policy. It's a bitter reality.

I however, should be free of such restrictions as I'm smarter than most other broadband customers, but until I can prove that to my cable company and/or they see a market in letting intelligent people run servers, I'm ... somewhat SOL.

I run sshd, and ftpd for myself. Cox doesn't block it, but they do block SMB (139/tcp), HTTP, and telnet (23/tcp). They have the technical measures to block problematic ports, and I'm quite frankly glad they do that for the nimda reasons discussed above. I run apache off of port 8080 and cox doesn't seem to mind, else they'd send their AUP Gestapo after me

"Cable modems should be priced like burstable T1's used to be. "

Burstable T1's run today in my part of town (Phoenix metro) for a unnegotiatable local loop fee of $400/month, plus data fees of somewhere around $700 - $1200 depending on the provider. I know I'm misconstruing your statement, but as I understand it, Cox.net has an OC-12 coming in to what I assume is the entire Phoenix metro area (3 million people) A pricing structure that would allow for profitability and burstability up to T1 speeds and beyond and the ability to run servers would be only somewhat more cost-effective than an actual dedicated circuit with the added disadvantages of being far less reliable. Cox.net does offer a business rate plan, but it's not nearly as flexible as a T1 feed would be, probably for these reasons.
Moreover, people who want to run servers generally can afford colocation (which is far more cost-effective) and/or pay for their own line.

I'm in the same boat as you, I'm a poor geek who likes high bandwith and apache and php and MySQL and all that good stuff, but we're few and far between to even be considered a blip on MassiveCableCo's radar. Maybe, in time...

My $0.02

Re:It all comes down to the users

[weave]

I don't even really want a lot of bandwidth...just to be able to ssh back home and check things

Create an IPTABLES rule like...

iptables -A INPUT -p tcp -s x.x.x.x/32 -dport 22 -j ACCEPT
iptables -A INPUT -p tcp -dport 22 -j reject-with tcp-reset

They can scan for you all they want. Just sub -s with your CIDR of choice where you want to come with, and anyone else trying to connect to port 22 gets connection reset, making it look like nothing is listening on the port.