Slashdot Mirror
Reasonable Expectation of Privacy From Web Hosts?
Shafted writes "I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong. Regardless of the fact that they missed the boat with regards to the support question, I found it surprising that they would access my database data without my consent. When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?"
Read below for the rest of the question.
Shafted continues: "I did get a response from one of the higher-ups, who said it was ok - they were perfectly within their rights, and their privacy policy supports that. Problem is, I've read the privacy policy, terms of service and acceptable use policy, and nowhere does it make mention that they have the right to look at files or data. It does indicate that I am the one who owns the data (presumably to cover copyright infringement). Another fellow indicated he felt that, as site admin, he had the right to look at whatever he wanted on the site, whether it's his data or a customer's (he, from what I can tell, is not an employee). I can understand looking at data to determine whether it violates the AUP or TOS, provided that it's justified (i.e. a scanner or audit indicates that something fishy is going on). But since I haven't violated the AUP or TOS, do they have this right? Is this something all web hosting companies do? If it isn't expressly stated, either that they do or do not have the right, does that automatically give them the right? Is this an industry norm, or did someone make a mistake and they're simply unwilling to admit to it? I'd really like to hear what some of you have to say, knowing that many of you probably have sites hosted by third-parties, and some of you may work for web hosting companies. Since this is the first one I've ever dealt with, I'm unsure whether I should expect this anywhere else, and if so I may end up going back to self-hosting."
there isn't much you can do. if you choose to co-locate your server at another location, be prepared to have other people looking at your stuff all day. If you have issues with that, either encrypt your private data, or dont co-locate your data at some hosting provider.
that no matter what, when you sacrifice control for convenience there is always going to be a chance that someone is going to poke around your stuff. It's a risk of the business.
load "$",8,1
Hmm... I can see your point. Nothing anywhere in their policies that you agreed state they have that right. And you also seem ok with it IF they suspect or even have proof that someone broke the agreement that both parties made.
Often times people will put private stuff on a server they rent/own and make the files/folder private so that they and a select few can only view the files. So what right does hosting company have to look at information that's private without my consent?
I think this goes beyond the "well I own it!". Guess what? When you rent out a house to other people, you don't have the right to snoop on your renter's. You can't just access their house whenever you please. There's an expectation of privacy and I think the same applies here.
My suggestion? Kindly tell them to fuck off and find another hosting company. I would suggest you make it public who this company is and what their practices are so the rest of us can avoid them too.
it's thier box. Don't put anything on it that you would not want printed in the NY Times.
We had some affiliate software, X, on our servers.
The internal mailing script was buggy, so I'd written another one, scrapeX.php.
We had some unrelated problems, which required them to have access to parts of the box.
All of a sudden, I'm receiving confirmations of email receipts: their incompetant 'tech' had fixed the problem, then poked around, found a script scrapeX.php and thought: well, I'd better run this, to see what it did - and ended up mailing all our clients.
Action taken: a virtual shrug.
You have to bear in mind that on hosts that are geared towards entry-level users, that the clients have a tendancy to destroy things in ways possible, which is why they probably did a look around, similarly how when you call your ISP for issue X, they normally give the list: is your power on, can you ping this, can you do that..
Who is this hosting company, and why are you protecting them? People should know what they're getting into when they enter into an agreement, and it sounds like this company isn't doing that. I don't know if this is "industry standard", legal, or whatever, but I'd run away very fast from this hosting company. Find another hosting company that'll give you assurances in writing that they won't look at your data without your permission. They can't ALL be douche bags.
AccountKiller
Wow.. I think this is the first time I've seen an Ask Slashdot so comprehensively addressed in the first comment. Nice going, dude!
As this issue has been so speedily resolved, I propose this discussion be archived immediately and we all move on to more contentious, problematic issues in other stories.
you asked for help? how would they be able to help you without actually trying to fix the issue?
It seems that far too many people are afraid of walking with their wallets these days. Your options are:
1. File a complaint with the BBB - where probably nothing will happen
2. File a lawsuit - which will take a long time and may get nothing done
3. Take your money and go home - has the least amount of strain on you and dings them for doing something stupid.
Banks don't go in safety deposit boxes. Apartment complexes don't go through apartments looking for "hidden" animals to charge tenants more money. ISPs don't read your email (supposedly). Just go find another ISP and whenever someone asks you about this ISP just tell them the story of how they snoop your data.
So basically my thesis is: No, it's not okay for them to just go through your data without permission. You are paying them for a service and unless they build into it an audit and a process of reviews, you shouldn't have to put up with a lack of privacy.
I figure if it ain't on my computer, in my direct reach and control, then I don't expect privacy.
Considering a privacy policy can't stop the physical act, it's dangerous to believe a privacy policy - especially if someone reading that data could compromise you or your company.
I've never had this happen as far as I know (obviously hosts can snoop without telling you). I'd say that this was quite unusual, if for no other reason that hosting companies rarely help you diagnose problems that are likely of your own making. They'll usually just tell you to revert to a supported configuration.
It seems quite odd that they'd be poking around in your database to debug a mail configuration unless you are doing something unusual. But if it is indeed technically related, I doubt you could support the argument that they shouldn't be inspecting your configuration when you ask them to help you debug something. If the database can cause your problem, then how do you expect them to help you without giving them access to it?
Bogtha Bogtha Bogtha
Only under a court issued warrant or under your permission and physical supervision, would they then have permission to your data. That is a severe breach of any Privacy Statement. I would definitely look elsewhere for your hosting needs.
Let's have the company name and a copy of the response from that higher up who said it was perfectly OK. I think you'd see some backpedaling. I would hope the terms of service don't say anything about you needing to refrain from criticizing their service.
...for example, if you let the electrician in the front door, he has free reign to look around to fix the problem unless you've told him to stay out of certain areas.
I don't mean to be critical here but why don't you encrpyt the sensitive data prior to storing it? Yes it is going to cost you some development and testing time but it will provide with piece of mind that 3rd parties who peak at your data whether legitmattly or illegitmatlly wont be able to use it for the own purposes easily.
Dreamhost repeatedly did this to me when I was hosting with them. They even modified my databases more than once. Mainly adding indexes (including ones that already existed...), but they changed the type of a column once.
That's one of the many reasons I'm not using them anymore.
I respond to your sigs
Isn't this the great flaw of Cloud Computing?
Playing in the clouds is convenient, but should probably be focused that way. Do serious stuff locally and transmit it as needed.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I run a few servers here at home that are web-facing.
I have never found a provider that will accommodate me in any ways that I see fit, so the home solution has won me over every time I go looking.
I host my own work as well as customers. I'm running it all on a Business Class 7Mbit ADSL line... never any problems as most sites are pretty low on bandwidth.
I've recently got a new client (signed and sealed -- working on the project right now, actually). Their project is going to require their own server(s -- Yay redundancy!) for some power behind their project... if all goes well I'm going to lease some office space outside of my home and upgrade the connection to whatever the best is I can get.
The 'at home' solution offers total control. If you're making enough money off your clients, it's worth it in my opinion.
I'd say that any instance where you don't fully own/control the hardware (managed servers or shared hosting), that the contract can SAY whatever it wants, but if they want to see your data, they can.
Now, I'm sure most tech support folks have better things to do than to nose through your data or read your email. There is a certain level of trust that you have to give your hosting service, or else it's just not going to work.
It's been my experience that if you want more change / access control in place, you can get it, but it's not going to be cheap. The hosting facility my previous employer used had tech support folks who always asked permission and told us what they were going to do and/or what they did, but that was a $50,000/month hosting contract.
Anyhow, You're going to have to choose... is your privacy more important than having to buy/handle your hardware? if so, then go back to a colo and be prepared for those occasional 4:00am calls. If the support is what's more important, then find a hosting provider where you have some faith in the folks involved. I maintain a very good working relationship with the main support guy where my own server is hosted. I have a lot of faith in him, and I never get redirected to the "Bangalore Bargain Bin" cuz they're not doing that outsourced support thing. To me, this is a comfortable arrangement.
In the end, security versus convenience is always going to be a give-and-take arrangement.
The Digital Sorceress
I have been a part of several start-ups that do not have substantial financing and rely on such infrastructure to even function. The thought that the hosting service would file through our data, especially our "protected" databases, seems like a massive breach of privacy and should cause concern.
When the US (public, private, and government) farms (outsources) critical infrastructure development (software & hardware) to foreign countries without thinking of the long-term security implications, it does not surprise me that these companies just expect that activity to be "normal", but we should not.
I agree that rifling through private data, without due consent, is completely out of bounds and I informing the higher ups is always the right position, even if they disregard the ramifications.
Derek
If you are buying 'web hosting' then you are essentially buying a managed server - someone else is the administrator, you are a user. You have no control over it and should have no expectation of control. If you want an expectation of privacy then you should get a dedicated server. If you are a reseller then you could probably do this quite easily - get your own co-located dedicated server somewhere and sell vhosts to your clients. If the hosting company wants the root password for your machine, run away.
I am TheRaven on Soylent News
While it is their servers, and they may have legal ability to review data for certain purposes, technical support usually isn't one of those purposes allowed by some state laws or by ethics. (Please note that I am not a lawyer, but I have both been a systems administrator and a technical support representative.)
What I really question is their ethics. The person who casually looked at your data without your explicit permission showed a disturbing lack of ethics. The person who followed up with you also showed the same lack of ethics. On this basis alone, I would choose to not do business with them.
Your question should be taken up with a good lawyer. These days things are quite unclear as to what snooping is reasonable.
I am not a lawyer and my opinion is that anyone looking at your files acquires certain legal liability if anything at all is going on through your servers that breaks civil or criminal law. Not looking at files by you or anyone else leaves you with a great deal of legal protection.
Recently I learned that a vague acquaintance was arrested for possession of child pornography as a popular music- file sharing site runs search
programs looking for copyrighted materials and they happened to key in on certain words or images within those porn files.
He may have had some expectation of privacy. I really don't know. But what I do know is that famous site now has a problem if other porn passes through their site and they fail to catch it. Not doing a good enough job carries legal penalties whereas not doing any job at all relieves them of responsibility. Color that spying can be foolish, expensive and dangerous.
It's a difficult issue. I have a dedicated server at APlus in Phoenix, and for the first six months, they didn't have any of the passwords for the box. Then they had a big outage and had to move the servers to another data center, and asked the users to tell them the root password so the could shut down the server, move it, and reconfigure the networking. So now they have the root password, and they did use it once without asking me first when I called in with a later problem.
It's not a big issue for this particular application, because it doesn't have any proprietary or personal data and it doesn't do credit card transactions. But for anyone selling something, it could be a very big deal.
This is to some extent a lack of Linux system administration capability. There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup. APlus uses the Plesk control panel, which can do most of those things, but its security isn't designed to give the co-location operator a limited login.
Some customers will get upset with you if you wait to fix the problem, others will get mad if you don't wait and ask them first. It is a no-win situation.
Your rights here are largely determined by the contract between you and the hosting company. Typically, these things will list the conditions under which they will access private data stored on their server. If the contract is silent, then at best they're probably just limited to not selling data to your competitors or posting your naked pictures to porn sites.
If you are a reseller for this group, you should have more paper than just the website's terms of use and privacy policy -- those are all generally facing the site's end users and are not really intended for its main customers.
Look for the terms and conditions around the hosting agreement. If they don't say anything, you can always go back to the hosting company to negotiate alternate terms.
Recognize, however, that even if you can get them legally bound not to look into your files w/o your authorization, as a practical matter, this is hard to enforce.
possession is nine-tenths of the law. They physically possess your data ... regardless of any terms-of-service or other contractual issues, if they want to look at your data they will and there's not a lot you can do about it. As others have said, about the only guarantee you can have of privacy in this case would be encryption.
The higher the technology, the sharper that two-edged sword.
You asked them to fix something. You in effect invited them in to your server. If you're going to let someone else manage your servers, that's what happens. If you're going to host on a machine with the accounts of others also present, that's what happens.
If you don't like being open like that, and don't want to deal with the support problems of colo, and don't want to have the servers located in your home, then your only real option is to lease entire machines for yourself. And then change the root passwords and keep those to yourself. Granted, if they want it bad enough they can still get to your data...just pull the hard drive and put it in another machine. But since you'd notice the downtime, that's not likely with a reputable company.
That's what I do. I lease entire machines, not just space on a server with a bunch of others running reseller accounts. I also self manage.
But again, remember one fact...as soon as you ask them "Can you fix this software problem for me?", you just invited them in.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Turn this thing around. I am a DBA for a medium sized company. If I am testing an interface, for example, I can grab some data and push or pull as the case may be. If I see it on my screen, nobody cares.
However, if there is no business related reason for me to look at data (even my own personal information), I am prohibited from doing so.
The same rules should apply here. They probably were within their right because there was a technical reason (troubleshooting) to look at the data. If they weren't, that email from the "higher up" was probably a CYA to try and deflect a lawsuit.
If it really bothers you, I concur with other posters - encrypt your data.
this may be a violation of civil and criminal law. you may wish to seek the advise of an attorney.
As a general principle - if something is accessible then you should assume that someone will access it. Whether the company had the right to do this or not - as a practical matter, you shouldn't expect their policies to protect you from their employees reading your private stuff.
If it's that important - then either encrypt it - or don't put it out on the Web site - keep it on your local PC.
This strikes me as one of those situations where what actually happened is less important than the company's reaction to your questions. The initial silence, followed by a response from a company official that is not in harmony with their published policy, screams "guilty conscience". They got caught with their hand in the cookie jar (yours, in this case), and they're just hoping you'll shut up and go away. I find myself wondering whether they routinely snoop databases hoping to find information that might be of use to them.
Three recommendations: Encrypt everything that matters if you decide to stay with this company; publish their name, along with a factual account of their actions and links to your documentation; if there is a relevant regulatory body or professional association, send your story to them and ask whether the company's actions and response are reasonable under the circumstances.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
I understand your being mad and you have every right to be upset. I agree with Kneo24 by letting the public know who is working with these questionable practices. On the same hand, putting information you are concerned about sharing on a third party server is a risk you should be aware of taking, and either stop using it or be more selective with what you load, even encrypt what you are worried about sharing. Good luck and keep us posted!
Only post what you want others to see, encrypt things that you want a particular group of people to see. Private data? Don't post it at all.
For a cloud-computer based netbook or webtop or whatever you want to call them; if you have lots of private data, get an unmountable external usb harddrive.
What's the value of information that you don't know?
So, a while back - 2001 according to whois, I registered my personal domain at a small webhost. It was my personal domain, and, as such, not something I was to concerned, where reliability was concerned. Anyway, I picked this place off an ad on kuro5hin (heh, remember them?) and did so based *only* on price. It turned out it was running by one guy. Over the years we exchanged a number of emails and got to know each other by name. Now, I address my support emails directly to him, and I know they're not going to screw with my stuff.
So my advice is this: If you're going to use a webhost, use somewhere small, and take the time to get to know the admins. They'll value you a lot more than some huge conglomerate.
As for legality, look to the terms of use. If they offered you virtual private hosting, well, there's an assumption of privacy. Otherwise, look at that "terms of service" document you most likely clicked right though.
And to give the a quick plug (I neither work there, nor have a financial relationship outside of paying) http://ion-web.com/ is pretty good. Feel free to tell them Nick Bernstein recommended them, maybe they give me an even better deal.
RandomAndInteresting.comdefending the world from stupidity since 1979
Unfortunately, you are in the right to assume you should have a relative expectation of privacy when it comes to your data. I say unfortunately, because they don't care and the law will back them up, not you. Basically, if they are storing the data on their equipment, while you have the copyright (rightfully so) on the data, they have the right to ensure that data does not make them an accessory to a crime or infringe on their security in any way. It's bs, but that's the unfortunate risk you take when storing private data on someone else's servers. I agree with the people who say you should co-locate data that there is no expectation of privacy on, and privately store the rest.
If you asked support to look into an issue, and there's a database on your server, you can give reasonable expectation that your database may be looked into.
That being said arbitrary queries are a no-no. And if someone was caught doing such a thing, you're out the door, no warning.
I deal with some of the most secure databases that you could imagine in the hosting world. But aside from running SHOW GLOBAL VARIABLES (LIKE) and SHOW GLOBAL STATUS (LIKE) and possibly run an explain across an slow query, we never pry into data.
If you enlist our DBA services then they may look a little deeper for index recommendations, and query tuning, but again, they're still not running queries just to look at data.
If you want to really keep people out of your database, put a password on root@localhost, don't give it out. If they really must get in and look at it, then keep an eye on ~/.mysql_history
Thanks for the heads up, I had never really read through ;my hosts AUP, just did this morning, and found this:
Monitoring/Privacy
reserves the right to monitor any and all communications through or with facilities. Customer agrees that is not considered a secure communications medium for the purposes of the Electronic Communications Privacy Act, and that no expectation of privacy is afforded. It may become necessary for employees to examine system accounting logs and other records to determine if privacy violations or other network unfriendly activities have occurred. also reserves the right to access a Customer's mailbox or other files stored on systems to resolve system problems or mail system errors.
So, it comes to this.
Half of you people replying are completely missing the point of the post. He is NOT Co-Locating a server, he is a reseller. He is using the companies equipment and hardware. He owns absolutely nothing hardware wise.
As such, the company is perfectly within their rights to inspect what data is being stored on their servers, in a SHARED database. He's not the only customer using that MySQL server. He is not the only customer using that CPU, that hard drive, that webserver.
The hosting company has every right to be sure there is nothing in the database or elsewhere that is going to compromise the other customers.
That's why you colo a server. Then it's YOURS and YOU control access to it. No one is going to be inspecting anything on it without your consent or at worst, if they hack your password and/or reboot it without your consent into single user mode. Either way, then you'll know something hinky was going on. Whereas if you are just a "reseller," the hosting provider can do whatever they want as root on a box you do NOT own.
So yeah... if the original poster doesn't like it, he needs to colo a server. If he doesn't want the hassle of that, then you're at the mercy of the system admin.
To provide good support, you need to understand the customer's situation and what the customer is trying to achieve.
To gain that understanding, you need to look at the customer's actual setup and actual data. If you rely only on the customer's own explanations, you are just setting yourself up for inevitable misunderstandings. No amount of careful explanation is a substitute for looking at the actual data. Also keep in mind the good doctor's advice: Everybody lies. To cure the patient, you simply have to run your own tests to find out what's going on.
Your right to privacy is that the supporter must not pass on any information to a 3rd party, no more than that.
If your data is sensitive or governed by a regulation like HIPAA, you should've had a BAA in place with the host that regulated access. But from what you descibed you still OWN the data, nobody copied or used your data. Without an additional agreement, someone reading your data, code, etc is a risk you take.
We went in your database because we can.
I dare you to come down here and fight me in the parking lot!
I'll be waiting for you!!!
this was a database that was on a system that they provided with a lot of other customers, right? So you paid for one of those developer plans that includes a database and web hosting.
Host your own machines at a respected data center if you want any level of data privacy.
If you wanted them to fix your programming/software/data/configuration issue on a machine they own and manage, then to me, that implies that they have to be able to look at the data itself on at least an as-needed basis. Hopefully they are discrete about it and comply with appropriate privacy requirements (e.g. never disclose what they see to anyone else besides other staff that are also working on your problems).
What if you owned the machine(s) and they were physically located in your own office space in a building you own ... and you hired a programmer or system administrator or consultant to look at your programming problem? Would you expect them to NOT look at the data? You see, I think that this is an implied situation.
When I long ago worked for an ISP (director of operations with 3 net/sysadmins reporting to me), our policy is we did not look at customer data directly unless it was for problem resolution, and then only look where problem analysis suggested the problem might be, or that information about the problem might be. For example, I did look at a couple customer mailboxes to resolve problems with why their mail agent wasn't loading the mail. Turns out there were non-compliant headers and a less than robust agent. I did not feel a need to ask to look once the evidence suggested the problem was in the content of the messages. I did ask the customer for permission to manually edit his mailbox to remove the defective mail so he could continue to use hos non-robust mail agent. And I will never divulge what I saw in that email short of a valid and verified court order to do so.
now we need to go OSS in diesel cars
IMO everyone should expect privacy, however, even with strict privacy policies and expectations in place there should be no surprise that any data which you make accessible is accessed.
Far to many web application developers are lax on security when developing their applications and storing data. End users running these applications should be pushing developers and hosting providers to implement some level of security against unauthorized access to data using least privilege and encryption of stored data.
And now for the plug. :) PHPgirder is an example of implementing both least privilege and encryption to protect from unauthorized access and encryption of data in the event unauthorized access does occur.
Basically the idea is to use the user level access control built into the database engine to limit access to tables and encrypt all sensitive data that is stored in those tables. This requires the use of multiple database users and while the username and password for the user with the least privilege is stored in plain text like any other web application the usernames and passwords for higher access levels in the database are stored in encrypted records in the database and require user authentication before they can be decrypted and thus provide higher levels of access to the application and the data in the database.
The same encryption and ACL technique that is used to control an application based on PHPgirder can also be applied to any pages and data that are implemented in an application using the classes by using the same database ACLs required to run PHPgirder or by adding additional ACLs upon the base PHPgirder ACLs (translation: more database usernames and passwords with restricted database access).
Now this will not stop someone who has root access to the server from intercepting user session information and stealing user's usernames and passwords to gain access to the encrypted data but it will surely stop someone from doing a casual dump of your database to peruse your data and tell you what your doing wrong.
burnin
We do our hosting with Cirkuit Networks. One time when our forum was getting bombarded with spam bots, they politely called me and told me about the issue. They then asked me if it was okay if they go in and install a CAPTCHA and upgrade the forum software (which required access to SQL). It sounds to me that some hosting companies respect their users' rights to privacy a bit more than others.
This is not so much a question of legality, but ethics. Yes, you might own the data, but you don't own the server. By allowing your data to be hosted on another person's server, you gave them the right to snoop. If you secure the data (encryption) then it will be harder to snoop. It's like taking a box of your things to a friend's house for storage. While it would be unethical for your friend to snoop through it, it is not illegal.
If you want to prevent it with your current host, request an alternate agreement of services that requires extra privacy of your data from support staff. Having worked in the hosting industry in the past, some providers are willing to do this.
I'm not sure I see the problem here.
You said that they looked at your data "presumably, in order to tell me what I was doing wrong." It sounds to me that you were asking for help and they were trying to provide it. I'm having trouble seeing the problem here, either practically or legally. Most privacy policies that I've seen quite reasonably say that the host can look at data as directly needed to provide you the service in question. That's sort of implied by your asking for the service - in this case your support request. For example, they can use your address to send you bills, etc.
Now perhaps the support folk were incorrect in thinking that the data in question was needed to solve the problem in question. I can't judge that from the data given. But that seems more like a support competency question than a privacy one. You suggested that you had other reasons to question their support competency (not that this is unusual, as you note.)
The followon stuff with their replies to your complaint does seem to get into the privacy issues, but maybe you got off on the wrong foot and it went downhill with their attempts at rationalization.
Setup your own local server, get a static ip address and stock up on a lot of coffee. That pretty much defeats getting around the waking at 4am thing but at least you can have complete control of your website.
There is another option that I've seen for hosting sites but it can be more expensive than your typical dedicated hosting. They allow the option to install your own OS from start to finish. At most it will force an end user to have an account to access that information. Other than that, there really isn't much you can do about security because it will be on their virtualized servers where they are being hosted. Any encrypted connections would be futile. Encrypting the partitions themselves also defeats the purpose especially when you have to enter the decryption password to get the system up and running. Essentially, when you have someone host for you, you will always give up your privacy. That being so, there are a lot of hosts out there that can be trusted, but it's always best to make sure.
You're hosting on their servers. I don't think you have much expectation of privacy, frankly. I'm all for privacy, and if you own the box, then nobody should be allowed to look at it, but if you're renting the box, just like a landlord, they should have a right to inspect it for whatever reasons. They are, to some degree, responsible for what that box contains.
On a slightly different topic, you say they're pretty good except for... And then you have a list of issues with them. I don't know who your host is, but I'd recommend CrystalTech. I have no affiliation with them other than having hosted some sites with them over the past decade or so. Other than the occasional technical problem, for example an upgrade several years ago that broke one of my apps, or one of the two times in the past 10 years when my e-mail went down, they've been solid as rock. Additionally, when I've needed help, both their online tech support as well as their phone tech support were amazing and responsive. I'll never host with anyone else as long as they continue the way they are.
I don't expect any privacy with my webhost.
partly because I realize I'm using their hardware on their site.
but mostly because it's a shared server.
If I got a dedicated server, I could set my own root password and lock them out. but then, I wouldn't get support.
If you want their support, you grant them access to the machine and its data to aid in their troubleshooting.
They're using their grammar skills there.
While you can discuss the ethics or morality of having strangers accessing (or worse, changing or "accidentally" destroying it - ooops, there goes another database), the fact is that once it's off your site, it's out of your control.
Wasn't there a case recently of some politician who got their records "snooped" by an outsourced operation - consider yourself lucky that all they're doing is looking. It's not impossible to think that they could take any code you written, or sell off credit card details from your database.
Second law of outsourcing: you're tacitly admitting that someone else can run your operation better/cheaper than you can.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I don't buy that 'compromise other users' argument. It might be a shared database SERVER, but every customer should be at least one distinct database user and should get their own database on that server(*)(**). Nobody should be able to see anybody else. If the database server can't handle it, find one that does. If the hosting company doesn't bother giving everyone their own database user accounts, find one that does.
The only reason the hosting company should ever look at the contents of a customer's database is 1) court order or 2) to do transparent optimization to eliminate real performance hits on other users, as permitted by hosting contract. This would cover the case somebody else mentioned where the hosting company added indexes to his database. The hosting company should have kept him informed, though.
(*) you want multiple users so that the owner of the database tables is different from the web app. You might still get hit by SQL injection if you aren't careful, but you won't have some bozo altering your tables.
(**) the exception is if the host provides certain tools to all users, e.g., an interface to a credit card processing engine. In this case the app might have a common backend database, but should still be designed so that one user can't see any other user's data.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Dreamhost hacked me. Yes they did.
I reviewed logs and determined it was one of their employees, they claimed to have fired him.
Regardless, dreamhost hacked me.
It depends on the motive. From the text it seems as if they looked at the database to determine whether the data in it was causing the problem. I would say that it is reasonable for any sysadmin to look at data when it pertains to the smooth running of their system unless there was some explicit agreement that under no circumstances whatsoever were they to look at data.
Certainly in most places I have accounts the usual rule for sysadmins is: do not look at private data unless required for problem diagnosis and fixing. If you do need to look then treat whatever you find as confidential.
I think some of you have hit on it -- it doesn't actually matter what the AUP, ToS and so on say. It is completely possible for them to have full access to your data (WITHOUT YOUR KNOWLEDGE, even) if they're the ones controlling the network and servers you're hosted on.
If that is TRULY a problem for you, you need to look at colocation in a locked cage with cameras.
The real question is - what is the privacy of your data worth to you? The extra cost of colo, or not?
> I got a reseller account with a company that will remain nameless.
What are you afraid of here?
The company's name is not some sort of privileged information that you can be punished for disclosing!
-fb Everything not expressly forbidden is now mandatory.
You are way overreacting here.
As an ISP, I look at anything and everything that I think may be related to the problem. Absolutely I look at databases.
The expectation of privacy is that I won't repeat this information to anyone else. If you have a doctor, it is the same thing. You have no privacy as to the contents of an X-ray, or as to your medical condition. You have expectations of privacy as to disclosure. And if you were damaged, even due to negligence like en clair data streams used by the ISP for their inspection, then you would have a basis for court action.
If you want privacy from the vendor, seek encryption and take all the upside and downside that it entails. Don't expect support that requires your constant attendance to grant permission. "May I look at this file? At this one? And how about this one?" If you hosted with me and wanted calls like this every ten minutes, I would charge you $200.00 per hour from the moment my hand reached for the phone dial (or IM key, or whatever.)
I assume you're using shared hosting. It's a cheap and easy option, but you give up all control of who is on your server, and what they are doing.
I primarily use VPSes for many reasons including this one. It's a great middle ground between colo and shared hosting, where the host is in charge of giving me hardware and network support, and that is all.
There are many good VPS providers out there. I personally prefer XEN based hosts to OS level virt like OpenVZ that powers most of the market.
http://vpslink.com/xen-vps/ and http://slicehost.com/ are some of the better services I've used, but there's plenty more out there.
Blessed are the pessimists, for they have made backups.
If you brought your computer in to Best Buy and said you couldn't play videos- and the techs there saw your naughty pictures in "Your Documents" you took with your wife (or husband), you'd be feeling similarly embaressed.
You could probably expect that the Geek Squad would not upload your pictures to 4chan. You should also be able to count on your hosting provider to show a similar level of discretion.
However you can't say the Best Buy was violating your privacy- not intentionally, not clearly. It seems what happened with your mysql was likely an accident- I see no reason to believe otherwise, and you don't seem to either- you're just grasping around their privacy policy like it somehow matters.
There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup. A.
sounds like a job for sudo
You didn't specify in your question whether they *needed* to access your database to answer a support related question.
I used to work for a webhost, first doing low level frontline support, then later I was the system engineer and head escalation handler.
We never had to detail an official policy on customer data, because it never became and issue. However, it was implied that employees act ethically during the course of business. It is ethical to access your data for the purposes of support, sometimes access is deeper than you would think, due to the issue. Many times support issues are not isolated and require accessing all of the affected services or resources in order to get a clear picture of the problem. When looking over a script, depending on how it was written, a support representative may require delving into additional resources to fully understand the logic flow, or what the data *should* look like when it is operation correctly.
Your question is somewhat ambiguous and leaves out some of the important details, which leads me to wonder if it was a leading question.
I don't work for a web hosting company anymore, nor do I have any alliances.
As an systems administrator, you bet your life I'll look at anything when I have reason to. You call with a problem, it's reasonable to look where I reasonably (even if wrongly) think the problem might be. (It's not required, but I do say "I'll need to look at X. OK?")
I won't go repeating any of that, nor make copies of it (other than backups you are entitled to), or use it in any way - UNLESS you are violating TOS/AUP/or as required by Law Enforcement. It's NOT my data.
If that bothers you, what would YOU do in the same situation, had you misunderstood your customer's problem? Ask first? Not ask?
Anyway, unless you don't want to get up at 4am and go find a problem, then you're pretty much limited to this sort of thing. Otherwise, drink some coffee or something before you hit the road at 4am.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I am fed up with people and a "reasonable expectation of privacy" in all sorts of areas where you simply cannot REASONABLY EXPECT privacy.
Data stored ON A SERVER YOU DO NOT ADMIN? Come on!!! SA's have total access to the box.
Telephone conversations? Sorry, that's going over who knows how many networks to reach the end of the line. Any number of people can easily listen in, and that's not including the government!
Email? Pretty much the same boat as your email travels through multiple servers you have zero control of.
Web access? Unless you are using HTTPS many people can sniff your content, and your ISP can always see what hosts you connect to.
While it may indeed be more ETHICAL for people with power in those situations not to look at what you are doing, if you care in the slightest you have to EXPECT people will, in fact, be looking at/listening to your stuff at some point. It's just common sense and a basic understanding of human nature. That's where the reasonable part comes in - it's unreasonable to expect people will never act like people, therefore in those situations you can never have a "reasonable" expectation of privacy. You cannot legislate away basic human nature and anyone who expects that to actually work is not only a fool, but a dangerous fool.
Ether encrypt or ensure you are the only person in control of the systems that house data you do not want others to see.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think it's a cultural thing. I used to live one place and the general idea of the people I there was if you act like you're hiding something, then something's going on but no one really asks about it. However, that wouldn't stop people from prying silently, looking in your window and stuff. It was just what was normal there.
Where I've moved to now, everyone seems to leave each others' business to themselves and no one seems to care if you hide anything. It doesn't seem the idea to suggest visiting someone else's house here, everyone waits for an invite.
I don't know what's legal or when it's what, but I do know it's not always considered the rude thing to do. Personally, I don't care if someone goes looking at anything I have hosted, but everything I have hosted can be viewed publicly.
I supposed if I had hundreds of people's credit card numbers or social security numbers stored in a database, I'd be a little irked to know the host I pay to be discreet would be so inconsiderate.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
IANAL and I can't speak for the USA, but, for the benefit of any UK based /.ers, you're the one who'd be in deep trouble with the Data Protection Registrar if any of your clients stored personal data on your site. The basic principle is that you can outsource data processing, but you can't outsource your legal responsibilities. If their admins can poke around personal data without due cause, legally it's your fault for not putting in proper contactual safeguards and applying due diligience.
It's probably also worth noting that UK based sites containing personal data can't be hosted on North American servers without specific authority from each person whose data is being processed. There are good reasons why cheap web hosting isn't suitable for business use.
Was it your own (as in root access) box? If so, messing with your DB is strange. However, if it was shared hosting, I'd say it's perfectly normal. I couldn't count the times admins have peeked into hosted databases or whatever to diagnose problems ("has this guy ever *heard* of indexes? CREATE INDEX... and lo and behold, load average drops 20x").
However, and that might surprise you, hardly anybody gives a flying fsck about the contents of your account. Your mailbox? I have 50k of them, you're not as special as you think. Databases? The same.
If, OTOH, this was a colo'd box, then how did the support staff even have access to your DB? And why is your DB suddenly their problem?
He said he switched from colo to hosted to avoid having to take care of his own server.
-- I ignore anonymous replies to my comments and postings.
they should let your database be without an index, another extra load on the webserver, and contribute to everyone on that box being miserable due to overloads.
if you dont want your hosting company to ADD INDEXES to your database, ADD INDEXES YOURSELF.
Read radical news here
It's not your server, you don't have ANY expectation of privacy. While I don't go snooping around people's data (got better things to do) sometimes you just HAVE to look at the source code or the database tables to track down the problem. Support may have been off track but it doesn't sound like they did anything wrong.
I assume you're a reseller on a cPanel server or a Plesk box, you could easily upgrade to a VPS if you wanted full control of the environment. You also need to stop overreacting, if the data is THAT sensitive why are you storing it on somebody else's server in an unencrypted format?
I just wanted to post one more thing, the OP seems incredibly one sided and presents no evidence. Without seeing the entire support ticket, including your host's responses, how are we supposed to know what really happened?
Unfortunately for you, since acceptable use for both parties was laid out *in a contract* your point is moot. If the contract says "we will not do x" and they then proceed to do x, they have just broken a legally binding contract.
here's a good analogy for you:
If I go to stay in a hotel, does that mean that when I go to the front desk to ask where the pool is they're allowed to search my room? No? Then the "it's their property" thing is null. In fact, since you are PAYING for this service...
Anyway, it's *his* data. Just because it's on their machines does *not* give them a right to the data, especially since he is paying them for the privelege. He's not paying them to search through his DB, he's paying them to provide hardware and support.
Show this to your friends and family that don't know what a real hacker is
Sudo in combination with a script that would modify your network config might work in your case. You'd also want to allow shutdown and reboot.
...I can tell you that there are many situations in which access to a client's data is required and unavoidable. We put a clause in our TOS that basically informs clients that because they are in a shared hosting environment (i.e. not the only web site on the server) we may need to access their data occasionally while researching and fixing a problem. This is because we can't control what the other clients are putting on their sites and sometimes vulnerable applications are being used by them. We monitor logs and processes for problems and if we notice any irregularities, we do a complete audit of every client to ensure that we eliminate the problem completely. Because of this, we recommend that all clients encrypt their data for extra security.
ANY shared hosting environment holds the same risks. You can't control what everyone is doing, all you can do is lock the server up as much as possible and keep a close eye on it to minimize the risks as much as possible. Let's face it, if you want more control, privacy and security, then owning your hardware is the way to go. That way you don't have to worry about some young, inexperienced developer from another web site opening up security holes because of bad code.
Isn't this the great flaw of Cloud Computing?
No, because that's what encryption is for. I use Jungle Disk to mount my Amazon S3 data as a network share on all of my systems.
Jungle Disk allows me to encrypt my data before it is sent to Amazon's servers. Short of cracking the 256-bit AES key the data is encrypted with, Amazon can't dig through my data.
Maybe for a web-based application, this wouldn't make sense, but at least in terms of storing my data in the "cloud" for retrieval and use by various client-side apps, there's no "great flaw".
'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%'... if you're reading this, it didn't work.
s/flaw/trade-off/
While not all of us do it (haha), most systems admins do tend to peak around their networks. Reading emails, watching plain text chatter, checking out file shares, and even source code on web servers. Slashdot has had articles in the past where sys admins were anonymously polled and asked whether the tend to poke around where they really weren't supposed to. I cannot remember the specific results, but I do know that it was an overwhelming Yes I Do result.
I guess the only real way to remain private is to continue running your own web server. And even then, you would likely look at your clients data, making you the snoop. Part of the responsibility of a sys admin is to ensure there is not malicious or illegal scripts, software, or activity going on. I would imagine this task would be difficult to accomplish without snooping around and knowing what is on your servers.
BrickerEnterprises.Com - Innovation at work
RTFA Folks - he does not have a colo server, he is merely using a hosting company for his clients. It may be a close question about rights for a colo since you may have exclusive control over the box, but its not AT ALL close for a hosting situation.
By voluntarily providing them content and putting the data on THEIR servers, you have absolutely NO reasonable expectation of privacy (in the US). The supreme court has held that you don't have an expectation of privacy in the phone number you dial on your phone. The theory is when you provide data voluntarily to others you have no REP. Period.
Try to understand: 4chan is down.
I don't know if it's the great flaw. There are multiple costs you have to weigh.
It seems to me that vendors would key into it and charge premiums for more protection. That's the solution I would expect, the googles of the world will just charge more of more privacy, and that's kind of fair. The fact that those people were reading your database wasn't too alarming, the fact that they could do so so easily is a bit more, all it takes is one flawed SQL statement and they might not your application down.
Some of this is the LAMP stack, it's just not built with auditing in mind, some of the larger databases out there will audit that kind of access. Some of it is also cheap co-location, adding that kind of auditing takes more work. I'm guessing if it was a mysql "shop" that there are one or two accounts that support uses to poke around when they get calls. Hopefully their people are trustworthy, that might be the worst of it; what you'd hope for is that they'd have an audit log of accesses to your data and should an employee be fired or quit you'd at least have some hope of tracking stolen data back to them.
A better line of questioning might be to have a list of their employees that have accessed your data. They probably won't have an answer.
You can always colocate a whole machine or build your own datacenter, there is a lot more to it that most people generally think and it's usually quite a bit more costly than the $50 a month for a "virtual server" but you can control who looks at your data a little bit more.
Another cost is just what is it you're hosting? If you're running a business, then maybe it's worth more and justifies the expense of a more private solution. If it's your blog then I don't know if I find the idea so objectionable at all.
The agreement with hosting provider would not specifically prohibit them from accessing your data. On the contrary, you should expect them to access your data for the purposes of backups and troubleshooting. In the question above, the support staff accessed the dude's MySQL database in response to his support query. Unless the contract specifically bars them from accessing customer data (which is highly unlikely), they are perfectly within their rights. The situation is the same when you own your own servers and hire a sysadmin to support them. You know he will have full access to your unencrypted data, which means you trust him.
Go up the food chain. Tell him you are looking for a provider that can meet X, Y, and Z criteria, including not snooping around your data without your permission.
Ask them if they provide such a service and if so, at what price.
If you don't like their prices or they don't offer the service, then either find someone who does or take it back in-house.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Instead of using a colo server or shared hosting, get a VPS. You get someone else dealing with the hardware and network side of things while you get the benefits of a dedicated server with the price of shared hosting. The only restriction is the inability to change the kernel, but good providers will set up a kernel for you with the features you need.
This also means that they don't have easy access to your server unless you want them to. Granted, they could always mount the virtual drives, but unless you have complete physical control over server access, you can never fully control everything.
As the Sysadmin for a medium sized hosting company, I can tell you that I do not have time these days to read your email! Are you freaking kidding me? Have you seen the volume of SPAM and Hacks going on? If you ask us a question that has something to do with your email then we look at it for you and try to fix it if we can. If it's difficult then we ask you for more info. What we DON'T do is care about the contents of your domain files and your emails. When you sign up with a hosting company, there is an expectation of privacy. You can and should expect that the company and its admins are not going to remark about, or discuss with anyone else, the contents of the domain or its associated files. The only way that we will mention something to you is if we feel you are committing a crime and using our servers to do that, and most likely we will just ask you to leave our servers and wish you well. Read your hosting companies TOS to see how they deal with your privacy and ask them questions about this directly. If you have a trust issue then you are at the wrong IHP. One more thing people, PLEASE for dog's sake, I beg you, create and use more secure passwords and pay attention to where you are when you type them in!
So my advice is this: If you're going to use a webhost, use somewhere small, and take the time to get to know the admins.
If I had mod points I'd mod you up just for that.
Also be nice to the people who hold your online existence in their hands. If they have a professional attitude even jerk clients will get the minimum service offered, but sysadmins may go the extra mile (or at least an extra several feet) for clients they've developed positive feeling and/or respect for.
Loose lips lose spit.
I work as a dedicated/colo support engineer for a local webhost and I can safely say we're much more competent than your standard technical support staff, as it's our primary focus our company offers.
That being said, how and what a support tech accesses data on your box really depends on the situation. You made the request for a 'relatively minor email-related fix', which I'll make the assumption, is something you would have all capability of doing yourself through a remote shell if you have the know-how (and being this as a co-lo box, and not a managed box, is really something that should be your responsibility.)
Taking this in mind, when a problem is brought to a tech, they need to consider all possible causes of the trouble. You didn't get into very much detail about the request, so I cant address that further.
Essentially yes, it's sometimes necessary to access data at that level. If you don't like that, then I suggest you learn to perform these tasks and 'minor fixes' yourself so that you're the only person that has a reason to access the data. In my experience, the ones that get the most upset about this sort of thing are the ones that have something to hide because of it.
For example, I had a customer a upset with us about troubleshooting intermittent connectivity issues to his database server because we had access data on his databases. The reason he was upset? They were storing un-encrypted credit card and personal information about their customers, plain text in their tables.
This is how it went down, and no, I'm not naming names simply because I don't want the account cancelled prior to being able to move sites. Perhaps in the future. However, I should first note that they've since apologized and indicated it was done in an effort to resolve the problem, which is pretty much bogus, but whatever.
The initial support ticket clearly spelled out the problem was with exim (not relaying mail from wordpress with a domain name where the MX was hosted at a different server). A copy of the "relay not permitted" message was supplied, as was output from an exim -bt trace on the address. The problem clearly indicated that exim was not permitting local relaying for addresses from a domain hosted on the site, but for which the MX record did not point at the local server. It was then supplemented with additional information and trouble-shooting steps taken on my part to create a "dummy" local user in the hopes that exim would, when doing an address lookup, see that the email address was local. That, obviously, didn't work.
The bottom line is that the exim configuration, instead of looking to see if the From address was a local address, looked to see if the domains MX record pointed to the local server. Which, in my opinion, is completely retarded. Having used exim for years, I can assure you there are better ways to ensure the legitimacy of source addresses than doing an MX lookup (and likely less intensive since there is no need to poke at DNS -- I shudder to think how much extra stress this puts on the DNS servers when a simple lsearch lookup would be more efficient).
No mail-related configuration is in the SQL database other than the blog's mail settings (which aren't even used since wordpress hard-codes the From address). IOW, he had absolutely no reason to poke in the database.
Other than the usual slow tech support, occasional server overloading, and... well... typical support staff
"Typical support staff" eh? Have you considered that you might just be a "typical customer" ?
I worked in tech-support for several years and it never ceased to amaze me just how rude and incompetent the more dramatically inclined customers were and, yet, they somehow always managed to pin it on us when they discussed it on forums.
Yeah, didn't expect gods poking around in the clouds. :)
Does anyone have a suggestion on how to find out if a host reads your files apart from leaving a couple of temptingly named scripts for them to run?
Yep, this is definitely the norm. But it sounds like the submitter is a little confused about the meaning of "managed hosting." I work at a big hosting company (possibly the one that the submitter is talking about) and if you pay for one of our managed servers, our support techs have free reign over any managed server or account in the datacenter.
This is not because we're control freaks or enjoy perusing your off-web data (we're too busy for that anyway), it's because 99% of our customers don't have a clue about hosting technology and expect us to fix any given problem immediately and without delay. They don't want us to waste time by asking for permission to look inside your database when we already have root access to your entire server. When you give your money to us and say, "here, I want to host some stuff," you're implicitly giving us permission to do anything necessary to keep your stuff working properly. Yes, that means we look at your behind-the-scenes data like email and database tables. But as the supervisor informed the submitter, our privacy policy prevents us from divulging or talking about anything that we run across. I can't speak for other hosting companies, but ours takes this very seriously.
If you want to host a dedicated server in our datacenter but still don't trust us with your data, you can always get an unmanaged server or bring in your own box to colocate. An unmanaged server is basically the same thing as a colocation except we install the OS and then rent you the hardware. We cede all administrative, monitoring, and support tasks to you. You'll pay less per month and retain the privacy of your data, but then the only thing we'll do for free is jab the reset button at your request. Support for an unmanaged box is entirely at our discretion and carries a significant hourly cost.
Those are your choices: either managed where we get access to everything in order fix problems, or unmanaged where we stay out and you take full admin responsibility.
Either you have the power to individually negotiate your contract with the service provider, or you don't.
Or you don't want to waste your time writing contracts, and/or waste your money paying lawyers.
And after that, the joke's on you: all you have achieved is cripple the quality of support you are going to get. And you can't be sure it will stop anyone from taking a peek at your sensitive data anyway.
Oh come on, the OP used punctuation and grammer, clearly they have never posted on 4chan.
There are a few rules about network security. One of the most important is, "There is no security without physical security." If you do not have positive physical control over who does or doesn't access the machine, then you have nothing at all.
I have worked with hosting environments on both sides, for many years.
Generally, your data won't be looked at, because you are one of many. This obscurity can protect you. Why would someone single out your site, from the tens or hundreds of thousands of others? Unfortunately, the answer can frequently become "just because". Maybe something caught their eye in the logs. Maybe you had an interesting username. Maybe they found a link to your site from another site, and they just wanted to take a peak around. Or in your case, you asked them to look.
I'll use an example. I worked at a startup hosting company at the very beginning of the dotcom era. We were all trying to learn what the heck we were doing, and there were no "big" hosting companies yet. We had ten thousand or so domains on our servers. There was also a strict "no adult" policy. It was a mainstream company that was bent on keeping their mainstream image. It would seem to be a pretty easy thing to do, but with ten thousand domains, there was no practical way to police every one of them. We got a support call in, and the memo was handed over to me to fix it. The site was for an escort. The phone number was her escort phone. She answered in her sexy voice, and I laughed as I told her where I was calling from, to tell her the problem was resolved. Since I didn't sign off on anything on that repair, I just let it slide.
The hosting company MAY have the policy of "your data is private". That doesn't mean that every kid in support with root access is going to follow the policy to the letter. Depending on the size of the environment you may have between 2 to hundreds of people who can at any time view your data.
Some people may suggest encrypting your data. Great, except for the fact that somewhere in your code has to be a way to decrypt it, which is also accessible to them.
Even in most colo spaces, there's the potential of a 3rd party, from site engineering to the company legal department with law enforcement in tow, who may physically access your equipment, boot into single user, and look at anything they want.
The only way to maintain a secure site is to secure your box. That is, your machine, with only you having the passwords, in a space that you can physically control.
Everything depends on how secure you want your stuff, or more importantly, how important is the stuff that you're trying to secure?
I've been subcontracted to do work on people's stuff quite a bit. For example, a little web development and DBA work. Will I look through their data? Not really. I'll make sure everything works, but I won't remember any of it when I'm done. I'm not out to steal anything. There is the very real risk that someone will. Do you have credit card numbers? Email addresses? Real names? Anything worth value, and information is worth something. The environments I work in, there's a high level of trust, but my own server, there's exactly one person with root access (myself), and exactly 3 people with physical access, all of whom I trust. I'm not holding any super secret information, but I prefer to know the exact access list, rather than "Myself, and whoever may work at hosting company X."
Serious? Seriousness is well above my pay grade.
Just make that your mantra, and you may survive.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
and using orthography, grammer might mutate to end up as grammar
We're a webhost company. Our terms of service allow us to look at any data when required for system/account maintenance but we also make it very clear that except for reportable data under U.S. law and data forbidden by our TOS we don't care. I know when I look at stuff I try hard to not read it; there aren't enough hours in the day to care what someone else is doing online; I'm doing plenty myself.
We never look at data unless required; for example when our user has us delete something specific s/he cannot reach.
It's their boxes. Your shit sits on it. If they want to look, they can look you fucking whiney ass piece of shit.
Seriously. I hope all of you slashdot bitches fucking die.
Someone asks a valid question and you come out with a response like that. I think slashdot should remove your account.
I remember vaguely seeing something about providers which quarantee the privacy of your data in writing.
I have two internet-servers. One is mine, and hosted at a provider. The other I pay rent, and they provide the hardware.
Technically both ISPs have the ability to intercept enough internet traffic to snoop enough to be able to access my machines. Even if I don't give them a password to access my machine. But are they allowed to? I don't think so.
You can rent physical space somewhere, and you're still protected by laws that punish the owner of the space if they violate your privacy. The same should hold for "a server" you rent somewhere. And similarly for a server you colocate at someone elses property.
Now, when I see 1000 EMails sitting in my mail queue, I have to diagnose the problem. So after looking at the headers and seeing that all of them seem to be from my mailer daemon, what else can I do? I need to look at the contents of the mail to find out wether someone is deliberatly bouncing mail off my server to spam around, or wether they are normal bounces. So in the course of examening a problem, you might be forced to access private data. However this should be limited to "required use only".
So when they are asked to look at a mail problem IMHO they physically can but are not allowed to access they MYSQL database.
You don't own data. Data is even more incorporeal than gas, and cannot be owned by anyone. You may have copyright to some of the data stored in your account, but if it wasn't created by you, you don't even have that.
I don't know the proper term to describe such data, I only know that ownage is not it.
"when I was asking for a relatively minor email-related fix .. I found it surprising that they would access my database data without my consent .. When I asked them why they were accessing the database without my permission, they've pretty much ignored me"
.. :)
Look, how else are they going to fix it, besides which there are multiple copies of your 'stuff' on backup tapes available to any government agency who wants them. And aren't they going to compile a list of hits to your website and sell it to a third party marketing company. If it's on the Internet then it ain't private. Besides which what else would the BOFH have to amuse hinself with if it wasn't reading other peoples e-mails
davecb5620@gmail.com
As was stated quite a few times earlier (Figured I'd respond). As a webhosting provider, they have pretty much every right to look at "your" data.
If a script you're using is causing unnecessarily high CPU load, they have a right to see what's going on. Since it's on their box, and they have other customers to deal with.
When it comes to what the issue was, very clearly you asked them for support. When there is a problem, in the investigation they are going to look at things that you may or may not want them to look at. Unfortunately that's how these things go and if you need privacy you need to look elsewhere.
That said, these guys look at so much of this stuff day-in and day-out, the techs really don't care if you are hosting porn and they don't care what e-mail addresses you guys have.
I think you're overblowing it.
If you were in Brazil, you couldn't expect privacy of your data, as they'll set-up ISPs as surveillance machines: http://www.nardol.org/2008/7/18/the-new-brazilian-internet-surveillance
That term is so fucked up, that it needs to die.
In many contexts, it's a legal term, and if some (rather arbitrary, it seems to me) conditions exist, then you have a "reasonable expectation of privacy" and violations of that are just that: violations.
Yet in Real Life, the word "reasonable" is a joke. People think they have a "reasonable expectation of privacy" in situations where it is very clearly and obviously not reasonable. They expect privacy in situations where anyone who thinks for a few seconds would quickly realize that privacy is more a matter of luck than something protected by design.
For example: these sysadmins and tech support folks clearly had access to the data. You knew this, and never took any steps to prevent it. You asked them for help, and any reasonable person would assume that they might use their access to poke around. To think you had some expectation that they would refrain from poking around, is not reasonable. And yet here we are, actually having a serious conversation about whether or not a violation occurred, because legally the situation is not immediately clear. They might have actually done a Bad Thing, even though you had no (laymen's terms, not lawyer's term) reasonable expectation that the course of events would be any different, and no efforts had been taken to protect privacy. Reason has gone right out the window.
Well said; as soon as I read the article I figured I'd post something along those lines, and you stated it well. It boils down to confidentiality; professionals are the sorts you trust to manage your stuff and not sell you out. I see private information all the time in the course of troubleshooting. Professionalism means I'm not snooping for the sake of my curiosity, and I am not going to simply forget all of the details that don't relate to my job, so long as ethics wouldn't compel me to reveal that in the name of public safety or something.
Absent a contractual obligation to the contrary (such as "We will never look at your data" in the TOS) they can look at anything on it. If you don't like that negotiate a special arrangement (not likely) or go back to a co-lo where you own the hardware.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
When I ask my phone company to fix the phone, does that give them explicit permission to enter my house and "fix it"
That is a bad analogy. A better one would be that you rent a flat in a block and the landlord enters your flat to check the gas piping/electrical cables/water pipes/phone etc. because the system failed. The Landlord may well see your private belongings when checking the pipes just like the sysadmin may see your data. However I hope you agree that it would be completely unreasonable for the Landlord to postpone the fixing things while they waited to track you down and ask permission! Apart from the safety concern all the other residents are being inconvenienced by lack of gas/electricity/water/... while they wait for you to respond.
I hope you agree that this is a far better analogy than your house owner example: Flat=machines, possessions=data, gas/water/...=OS services, safety=security.
Well.. for a web host, I don't have an expectation of privacy. I would expect a colo provider to treat my colo'ed machine (or virtual OS image if it's a virtual server) as a black box and not butt around in it. Web hosting? I fully expect someone to possibly troll around in my web site, PHP, MySQL, etc.
And, it's true -- this is a big problem with cloud computing. You ARE sending data to someone else's systems, running logic on it, and so on -- I would not use it for anything confidential.
Old school hosting -> BizIntegrators
Name them and then get a different hoster asap.