Slashdot Mirror
Have You Really Read Your ISP's TOS?
NewtonsLaw writes "XTRA, New Zealand's largest ISP is in the process of losing customers in droves after it announced its new Terms of Service which seek to claim rights over customers intellectual property (see the Slashdot discussion). Now, if that wasn't enough, Aardvark Daily reports that the ISP is also banning its users from saying bad things (anything 'detrimental to our reputation or to our brand') about it. I wonder how many slashdotters have actually read their own ISPs' terms of service in detail? Is this type of IP-grab and clampdown on free speech is unique to Xtra or is it slowly pervading the whole industry, right across the globe?" Read on for Xtra's amendments to the original IP-grab terms, though.
Reader THX1138 points out that "After the very recent story on Xtra (New Zealand's version of AOL) they changed the IP section to include 'Xtra does not claim ownership of any content or material you provide or make available through the Services. However...' at the start and 'in each case for the limited purposes for which you provided or made the Customer Materials available or to enable us and our suppliers to provide the Services.' at the end."
If they give up common carrier status and start controlling and owning everything on their network, does this mean that if terrorist sites or kiddie porn appear on their network, their CEO and board of directors will be habeas corpused off to Cuba? Or whatever the equivalent thing that New Zealand does to people they don't like.
If tits were wings it'd be flying around.
...they can have my slashdot posts!
:p
Nothing intellectual there, really
What's your GCNSEQNO?
Is this type of IP-grab and clampdown on free speech is unique to Xtra or is it slowly pervading the whole industry, right across the globe?
At what point did free speech become global?
Maw! Fire up the karma burner!
I live in the Portland/Metro area of Oregon and I *love* my ISP (http://www.easystreet.com).
They are geek-friendly. They encourage limited sharing of your DSL bandwidth (I mean, as long as you lock it down with a password so not every yahoo driving buy can use it) and offer a lot toward the wireless community in Oregon.
Not to mention, they have great policies about allowing you to run non-commercial web and email servers (which is important for me since I do a lot of small testing stuff) and are staffed by a lot of good people (some I've worked with before in a former life).
Everything you could want in an ISP, they are. I have never had a problem with them. Period. They are always friendly, helpful, have 24x7 support. Even their second and third tier tech guys will get paged and call you back in the middle of the night if you are experiencing a severe problem.
They also have people familiar in supporting non-windows OSes (mac, linux, etc) and offere their own tutorials for home networking.
Overall they are very cheap (compared to cable at least - especially if you want static IPs. For the cost of one static IP with Comcast, you can get eight here).
I've been with them for three years and since I work from home, I make HEAVY use of the DSL service. Qwest provides the actual line and I've only had two or three issues in all three years, total. One was due to a hardware problem at the PO-LOC (Qwest problem, obviously), one was due to the ISPs backbone getting torched for a few hours and another was up in the air - but eventually fixed itself.
I would say that I have had approximately two days of down time in these three years. Remarkably good for all the benifits you get.
This is the next big thing for corporations to do, is to attempt control the content that flows over "their" wires. Fortunately governments have failed to control encryption (intentionally? adjust aluminum hat if you think so, but maybe) so this might not be as ominous as it first appears. But if the courts cooperate (i.e. subpoena your key) then ... hilarity may ensue.
I am quite civilized, and I should be brought a beer immediately. -- Bruce Sterling
I haven't read my TOS yet, but I can tell you that my ISP is a total piece of sh
Speaking of insane "agreements"....
The other day I purchased some domain space and dusted off my old domain name I had sitting around for about a year. When I went to change my DNS records via netsol, this is what I got:
"It's appears you haven't agreed to our new revised terms of service. You must do so before you proceed."
So, before agreeing to something I haven't even seen, I went and checked it out. HOLY JESUS -- The thing had to have been about 300 pages long. Besides being soaked in legal double talk, the thing was straight up unreadable in size. This is not service agreement, it's a freaking tome! Needless to say, while I tried to read it, it was all too much and I just agreed to it in the end. I mean, I just need to change a DNS record, not spend 2 days trying to digest the most uninteresting thing ever written. Besides, what if I saw something totally evil in there anyway? Chances are, I would have agreed. What am I going to do, let my domain name go to waste? I already payed for it. Shenanigans!
It's a sad state of affairs. Shouldn't there be some sort of limit on the length of a TOS agreement? It reminds me of the old cartoons where somebody would pull out some insane contract with a library of congress's worth of text on the bottom that could only be read with a microscope.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
Before today, I'd only given the TOS a cursory glance, and I found that I am regularly in breach of a couple of the terms:
I don't really care too much, though, because it's only a dial-up connection, so the connection is inherently throttled...
My local ISP just started to roll out DSL. Our current service is 56k dialup limited to 90 hours per month. We pay about $30 for that.
The new DSL is 1.5mbps "best effort". They have not mentioned any download caps, but they will probably be on the way soon. The worst part of the TOS is the restriction on NAT/PAT.
They say that they can detect how many computers are on a network. For each computer, you have to pay an additional $60 for the exact same bandwidth. They don't even give you another modem for the extra $60.
Anyway, how do you think they are detecting NAT/PAT? Is there any way to stop this detection? I had planned on running Gentoo or *BSD as a firewall, but paying more money for the exact same thing seems harsh to me.
I'd rather you do it wrong, than for me to have to do it at all.
I've always wondered though, how can companies actually make clicking on an "OK" button legally binding? No witnesses, no signature, nothing. Although the best one I ever saw was "By opening this package, you agree to the terms and conditions contained within."
ISPs change-hands so often here, it's hard to keep up. When my ISP spontaneously became Comcast one month, I asked them to send me a new TOS. They said that their TOS was the same as AT&T's, but have refused to provide them. Am I bound to something they won't give me?
-- 'The' Lord and Master Bitman On High, Master Of All
It may be due to initial sequence numbers, or possibly the way that a computer responds to IP packets with certain header options set (although I'm not sure if that would be possible when NAT is involved). You could probably get around it by having OpenBSD do the NAT - as it can basically rewrite NATted packets so it looks like it's all coming from the OpenBSD box. The OpenBSD pf firewall is being ported to other BSDs too, apparantly, so you might find you can get it to do the same thing on FreeBSD.
This effectively means that no broadband, dialup or other ISP customers who get an IP address when they connect will be able to send mail directly to AOL, you wil instead be forced to use your ISPs or some other willing SMTP relay which AOL considers to be worthy of peering with. No more end-to-end TLS encryption and/or verification; no more routing around overburdoned ISP mail hubs.
There is as yet no indication that I've seen one way or the other on what they're doing about DELIVERING mail to such addresses, but if you run your own mail server, be prepared to find that AOL.com no longer exists (which you may not consider "bad", exactly, and in fact I currenly have no plans to route around this particular damage other than to get my relatives to find new ISPs, even if that means going to MSN... *shudder*).
Many have made the argument that this is reasonable for AOL to do because many ISPs have TOSes that ban servers. So far, the standard retort has been 1) no ISP bans direct-to-MX transmission of mail except where it is spam 2) most ISPs don't enforce said rule (and tacitly encourage users to roll their own) 3) not ALL ISPs have such restrictive TOSes, and of course 4) that's none of AOL's business when receiving an incoming message.
For those who are interested in details, here's the almost useless blurb I get when telneting to port 25 on any random AOL MX host:Good luck!
Hmmm, this is interesting:So no posting Project Gutenberg texts, then. Taken literally, anything I post has to be trademarked.So, no GPL'd software that I wrote then, but presumably other peoples' GPL'd software is ok.Seems reasonable, they need the right to distribute the data, they might want to keep an archive, and they might want to sell that archive as an asset. Note the limiting nature of the last paragraph.
IMO, there's nothing sinister here, although the first section I quoted is just incompetently written.
The thing about 'no derogatory comments about our service' is nothing new - in the mid to late 1980s, Micronet (and Prestel), an online service in Britain, also had the same thing. And they did threaten to kick off a friend of mine for complaining about Micronet in one of the message boards.
Their AUP also didn't allow any kind of profanity in the message boards, either!
They did have some good things (such as Shades the MUD, which is *still going* - telnet games.world.co.uk, yes, it's on port 23).
That's not to say it's right. The "you must only say good things about us" clause was incredibly dumb, and people often pushed at them, just to see how far they could go.
Oolite: Elite-like game. For Mac, Linux and Windows
In fact, some I'm downright thrilled with.
Like ones that come in text boxes that you can edit.
Such as the agreement with ATI I cheerfully clicked my agreement to. When I was done with it, it said "In appreciation for downloading this driver suite, ATI inc. will send me one (1) riding pony in good health and standing in the equine community."
They've since changed the format, but I still don't have my pony.
High-speed Road Trip (18.000KPH)
I agree with you, and I do read the contracts. When I was applying to access my bank account online, I was supposed to sign a form saying I'd read and agreed to the terms of service on a separate document. When I asked to see that document, the customer service person looked at me like I was nuts. It took her 10 minutes to find a copy and then I sat there and read the 5 page document. There was a clause that said they are not responsible if someone steals from my account even if it's their own employee acting through their negligence. Basically it gives them the right to take my money any time they want. Of course I refused to sign the agreement and from the reactions of the people there that was the first time it had happened.
I was taking an IT law course at the time, so I took a copy of the contract to school and showed it to the lawyer teaching the course. He said if it went to court, a judge would probably throw the clause out, but it would cost so much to fight it, I'd still lose.
I wonder how many people have signed their life's savings over to their bank like that without even knowing it. Jason
ProfQuotes
Just read the TOS for my ISP again and was reminded why I chose this ISP (even though it is not the cheapest available). One of the clauses says (roughly translated):
I feel that this should be a standard clause in any ISP's TOS.
I own a small software company; the license agreement to use our software is about 25 pages long. It isn't off-the-shelf software, I won't bore you with the specifics, but it is niche market, mission critical software that really does need a lengthy agreement. I should also mention that the licensees *always* have their lawyers involved in the negotiation, it's not inexpensive software.
At any rate, I have found that when you ask your attorney to write up an agreement for such-and-such, they will invariably write a very one-sided agreement, they will want the other party to sign their life away. After we have verbally come to terms with a new customer, our attorney writes up a license agreement, and more often than not he has put in major restrictions and terms which were not part of our verbal terms with the new customer - we then have to "send it back" to have our attorney remove restrictions which really are excessive.
Before you say that our attorney is just trying to take more time and bill us more: he really isn't - he is just attempting to watch our back in every way he can.
The flip side is also true, when a customer's attorney writes up the agreement, it invariably claims that the customer has exclusive, unlimited, rights to our software. It says that if they [the customer] stubs their toe after installing the software we are liable for millions of dollars. It says we cannot license our software to anyone else [as the customer "owns" it now], etc., etc.
Needless to say, we won't sign such an agreement.
In a nutshell, when attorneys write up any sort of legal document, they really do try to protect their customer in every way they can, and more often than not they go overboard. It really (imho) isn't their job to "see it from the other side", and hence the one-sided agreements.
When you are negotiating an agreement and both sides are represented by council, usually a fair agreement comes out in the end - but when only one side is represented, you can get "terms of service" as that ISP has published.
I suspect that the "fair" terms of service we do frequently see and agree to have been either not written by an attorney, and/or have had someone (but probably not the attorney) playing the role of the customer and looking at the agreement from their point of view.
Evidently, that didn't happen in this case.
An interesting, off-topic, side note that an attorney once told me: If there is a grey area in a contract, usually a court will side with the party that DIDN'T author the contract.
It's standard legal language to protect the service provider from idiots who want to sue them because "you, my ISP, made copies of my copyrighted web page available to everyone via the Internet!!!"
Duh. That's what a service provider is supposed to do, but they have to include the kind of legal disclaimer above to protect themselves from litigious idiots.
Here's my story.
The page in question.
Once upon a time (a couple of years ago) I was sysadmin for a smallish ISP up here in Montreal. While out TOS didn't spell it out, it was my policy as well. (I was blessed with intelligent bosses/owners that decided from the onset that given that I was the security, its enforcement should be left to me).
There have been a total of two compromises during the two years I worked there. Both were detected by my diagnostics within minutes. I let both play out to ascertain the intent and method, and one of the crackers was obviously a white hat given that noticing me on the box he talked me to tell me how he got in. The other was a silly warez d00d-- took me about 5 minutes to detect how he got in.
In both cases, I restored offline, plugged the hole, then put the system back up.
Having compromised a system does not give you "forever usage of the system".
Just before I started work there, where was another (major) compromise of the entirety of the DMZ-- the security wasn't set up very well and each box trusted every other box. That took a complete redesign of the infrastructure, but it was also fixed. By the white hat that broke in and went to them with "Look. Obviously you need to hire a sysadmin."
You get to guess who that was.
Not everyone is a script kiddie, you know.
-- MG