Have You Really Read Your ISP's TOS?

NewtonsLaw writes "XTRA, New Zealand's largest ISP is in the process of losing customers in droves after it announced its new Terms of Service which seek to claim rights over customers intellectual property (see the Slashdot discussion). Now, if that wasn't enough, Aardvark Daily reports that the ISP is also banning its users from saying bad things (anything 'detrimental to our reputation or to our brand') about it. I wonder how many slashdotters have actually read their own ISPs' terms of service in detail? Is this type of IP-grab and clampdown on free speech is unique to Xtra or is it slowly pervading the whole industry, right across the globe?" Read on for Xtra's amendments to the original IP-grab terms, though.

Reader THX1138 points out that "After the very recent story on Xtra (New Zealand's version of AOL) they changed the IP section to include 'Xtra does not claim ownership of any content or material you provide or make available through the Services. However...' at the start and 'in each case for the limited purposes for which you provided or made the Customer Materials available or to enable us and our suppliers to provide the Services.' at the end."

My ISP's terms are very simple...

[Anonymous Coward]

With the legalese stripped out, they say: We're not responsible for what you do. Don't do anything illegal under local, state, or federal law. Don't use up enough processor time on the shell box that other customers can't. Don't screw with the network.

giving up common carrier status

[PD]

If they give up common carrier status and start controlling and owning everything on their network, does this mean that if terrorist sites or kiddie porn appear on their network, their CEO and board of directors will be habeas corpused off to Cuba? Or whatever the equivalent thing that New Zealand does to people they don't like.

What TOS?

[LamerX]

When I signed up for my ISP, I just called a number out of the phone book. After giving them my CC number, they just gave me a username and account... They never mailed me anything, I've never read any TOS, nor did they tell me to read anything over the phone... Does this mean that I've agreed to something? Could I have sold my soul to them without ever actually saying or signing anything?

In Breach

[mvdw]

Before today, I'd only given the TOS a cursory glance, and I found that I am regularly in breach of a couple of the terms:

1. "You must not maintain or permit multiple concurrent connections to the Internet Access." - I connect through a smoothwall firewall, which is connected to several computers, quite often two of these are in use concurrently;
2. "never recording Your password on Your computer, and safely storing Your password"; - The password is stored on the smoothwall (encrypted, but still), so that anyone that knows the smoothwall password can access the internet... contrary to TOS above, it seems ;-)

I don't really care too much, though, because it's only a dial-up connection, so the connection is inherently throttled...

Kinda OT: NAT/PAT

[Bios_Hakr]

My local ISP just started to roll out DSL. Our current service is 56k dialup limited to 90 hours per month. We pay about $30 for that.

The new DSL is 1.5mbps "best effort". They have not mentioned any download caps, but they will probably be on the way soon. The worst part of the TOS is the restriction on NAT/PAT.

They say that they can detect how many computers are on a network. For each computer, you have to pay an additional $60 for the exact same bandwidth. They don't even give you another modem for the extra $60.

Anyway, how do you think they are detecting NAT/PAT? Is there any way to stop this detection? I had planned on running Gentoo or *BSD as a firewall, but paying more money for the exact same thing seems harsh to me.

The T&C changes

[Anonymous Coward]

The important bit is that they have said they don't own it, but that...

you grant to Xtra a perpetual, royalty-free, non-exclusive, irrevocable, unrestricted, worldwide licence to do the following in respect of the Customer Materials:

• use, copy, sublicence, redistribute, adapt, transmit, publish, delete, edit and/or broadcast, publicly perform or display, and
• sublicence to any third parties the unrestricted right to exercise any of the rights granted,

Atlanta ISP changes

[Lord Bitman]

ISPs change-hands so often here, it's hard to keep up. When my ISP spontaneously became Comcast one month, I asked them to send me a new TOS. They said that their TOS was the same as AT&T's, but have refused to provide them. Am I bound to something they won't give me?

Re:"clampdown on free speech"

[alister]

Indeed. [theregister.co.uk]

Re:The T&C changes

[Anonymous Coward]

And the good part would be that you promise that any material you download from other parts will have to be transfered to Xtra ownership by your account.

Re:Have your read Network Solutions Terms of Servi

[Jason1729]

You complain about the agreement, but by agreeing to it, you mearly re-enforce that it's okay for them to do it. There are countless registrars out there now. Most will allow you to transfer a domain name for their annual fee and then include a 1 year extension so the transfer is basically free.

By clicking you agree, you're voting with your dollars, and that's all that matters to these companies.

Jason
ProfQuotes [profquotes.com]

AOL has a new TOS for you....

[ajs]

An interesting take on TOS agreements is AOL's new policy of imposing one on the rest of the Net by rejecting any connection to their MX servers on port 25 (incoming mail) before even negotiating far enough for the client to issue a greeting IF you are coming from an IP address that AOL considers to to be "dynamically assigned" (I have no idea how they define this, since my host is not in the MAPS DUL or any other blacklist I can find, and AOL's "tester" page refuses to tell me what they think is the problem because they want to reverse-map my IP and send a report to that domain, rather than by connecting to the IP itself or showing me the results on a Web page).

This effectively means that no broadband, dialup or other ISP customers who get an IP address when they connect will be able to send mail directly to AOL, you wil instead be forced to use your ISPs or some other willing SMTP relay which AOL considers to be worthy of peering with. No more end-to-end TLS encryption and/or verification; no more routing around overburdoned ISP mail hubs.

There is as yet no indication that I've seen one way or the other on what they're doing about DELIVERING mail to such addresses, but if you run your own mail server, be prepared to find that AOL.com no longer exists (which you may not consider "bad", exactly, and in fact I currenly have no plans to route around this particular damage other than to get my relatives to find new ISPs, even if that means going to MSN... *shudder*).

Many have made the argument that this is reasonable for AOL to do because many ISPs have TOSes that ban servers. So far, the standard retort has been 1) no ISP bans direct-to-MX transmission of mail except where it is spam 2) most ISPs don't enforce said rule (and tacitly encourage users to roll their own) 3) not ALL ISPs have such restrictive TOSes, and of course 4) that's none of AOL's business when receiving an incoming message.

For those who are interested in details, here's the almost useless blurb I get when telneting to port 25 on any random AOL MX host:

550-The IP address you are using to connect to AOL is either open to
550-the free relaying of e-mail, is serving as an open proxy, or is a
550-dynamic (residential) IP address. AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to
550-free relaying/proxy, or your ISP removes your IP address from their
550-list of dynamic IP addresses. For additional information,
550-please visit http://postmaster.info.aol.com.
550 Goodbye

Good luck!

Re:Kinda OT: NAT/PAT

[Technician]

Terms of service? Um, I don't worry about the TOS. I contact the ISP and let them know what I am going to do. I let them tell me what packages are provided for the service desired. I take bids. It levels the playing field quickly. You can get exceptions written into your TOS. When I was on Dial up, I even got permission to have an ocassional dual connection at no extra charge. I told them due to my work schedule, I may be home during the day while the wife is at work. She may check e-mail while at work while I was home surfing the web. No problem. Got it in writing. This doesn't mean sharing the account with all my extended family. That would be a violation of the TOS. It pays to ask for any exceptions you need to the TOS. Your milage is better with small local ISP's and not national mega ISP's. Mega ISP's legal department are too busy to consider the exceptions.

Post each others' sites

[PhilHibbs]

If I upload someone else's data, I have no right to grant the ISP the rights that they claim, therefore they don't have those rights. What I'm unsure about, however, is whether their terms of service prohibit me from posting material that I do not have the right to grant rights over. If so, then I probably can't post any GPL'd software. Let's look.

Hmmm, this is interesting:

You agree that all content, software, personal identifiers (including addresses) and anything else we make available to you in connection with our Services (together "Works") are protected by copyright, trade marks and other intellectual property rights and laws.

So no posting Project Gutenberg texts, then. Taken literally, anything I post has to be trademarked.

You warrant that you will not:

• license, assign, otherwise transfer, make available or grant any interest in any part of the Works to any other person

So, no GPL'd software that I wrote then, but presumably other peoples' GPL'd software is ok.

Xtra does not claim ownership of any content or material you provide or make available through the Services ("Customer Material"). However, by placing any Customer Material on our Websites or Systems (including posting messages, uploading files, importing data or engaging in any other form of communication), you grant to Xtra a perpetual, royalty-free, non-exclusive, irrevocable, unrestricted, worldwide licence to do the following in respect of the Customer Materials:

• use, copy, sublicence, redistribute, adapt, transmit, publish, delete, edit and/or broadcast, publicly perform or display, and
• sublicence to any third parties the unrestricted right to exercise any of the rights granted,

in each case for the limited purposes for which you provided or made the Customer Materials available or to enable us and our suppliers to provide the Services.

Seems reasonable, they need the right to distribute the data, they might want to keep an archive, and they might want to sell that archive as an asset. Note the limiting nature of the last paragraph.

IMO, there's nothing sinister here, although the first section I quoted is just incompetently written.

Prestel was doing that in 1986

[Alioth]

The thing about 'no derogatory comments about our service' is nothing new - in the mid to late 1980s, Micronet (and Prestel), an online service in Britain, also had the same thing. And they did threaten to kick off a friend of mine for complaining about Micronet in one of the message boards.

Their AUP also didn't allow any kind of profanity in the message boards, either!

They did have some good things (such as Shades the MUD, which is *still going* - telnet games.world.co.uk, yes, it's on port 23).

That's not to say it's right. The "you must only say good things about us" clause was incredibly dumb, and people often pushed at them, just to see how far they could go.

Re:Prestel was doing that in 1986

[MavEtJu]

You need to create an account before you can play Shades, and to
enable us to register you, we need to ask five simple questions:

1) Your real name:
2) Your sex:
3) Your age:
4) Where do you live? :
5) Your e-mail address:
6) Where did you find out about us:
7) What password do you wish to use (5-10 characters):

count that!

Re:For those that need it spelled out...

[Zemran]

Go to Speaker's Corner in Hyde Park, London... You can give a speech there for free!!! and you can listen to one for free!!!

On a more serious note, Speaker's Corner is really the historic start of free speech as British people have been legally allowed to get up at Speaker's Corner and say what they like for centuries, long before America was was even an idea.

Legal hacking

[NoBlock]

Just read the TOS for my ISP again and was reminded why I chose this ISP [xs4all.nl] (even though it is not the cheapest available). One of the clauses says (roughly translated):

All customers are

allowed to hack the system. The first custormer that manages to get 'root' status will receive 6 months free use of the system. In return customer will explain how the system was hacked. Customers will take pains not to damage the system. Customers hereby give other customers to hack the system.

I feel that this should be a standard clause in any ISP's TOS.

Westhost looks okay

[Quila]

This made my check my hosting service since I haven't looked in a few years. Clear terms:

• Don't hack the servers or gain unauthorized access to accounts
• No originating spam
• No running chats without approval
• Allows background scripts and self-written CGI as long as they don't screw with the system
• If your scripts are resource hogs, they may ask you to upgrade your service
• No IRC or IRC bots
• No illegal stuff
• No porn/obscene, etc.

There is the phrase "or any other material which we deem to be objectionable" to include Satanic materials. However, that's a catch-all that I don't believe has been used. I'll ask.

Why reading TOS is important

[chrysalis]

Indeed, I never read TOS.

But I really enjoyed my ISP. Fast, reliable, not that expensive, and my IP address didn't change as long as the gateway renewed the lease.

But one day, friends using the same ISP told me that all their incoming connections got firewalled. They couldn't connect to their host any more, even through POP, SMTP or SSH.

I checked it, and they were right. The ISP firewalled everything without any prior notice.

A look at the TOS revealed that indeed, customers don't have the right to host any server. No SSH, no SMTP, nothing.

I moved to another ISP since. The new ISP is a bit more expensive, but that's the price to pay to read in their TOS that servers are allowed, and NAT is allowed as well.

Compuserve customer

[rednuhter]

I used to work (partner) for Compuserve in the UK and as a tech/supervisor I was used to telling customers that although they did not use their account they had agreed to pay monthly by clicking the "i agree" button during signup.
Until one day I went through all this and the guy said "no i did not", taken aback, I advised him that to get a compuserve account he MUST have clicked "I agree", he said not.
Turned out that when buying the system the helpfull salesman set him up with the account (credit card details and all) and he had clicked "I agree", I advised the customer to take up this issue with the salesman ;)
Never heard from the customer again.

One good point in the TOS

[gujo-odori]

There is one bright spot in that impossibly awful TOS (maybe that should be "toss"). Their customers may not:

knowingly or negligently transmit any virus or other disabling feature or any other similar software or programs that may damage the operation of another's Systems, data or other property

In other words, you are responsble for the basic security of your computer. If you have an id10t problem and open up every attachment asking for your advice and get absolutely every virus that comes along - a pretty good definition of negligent, in this context - they can hold your feet to the fire for it.

Anyone who has ever worked for an ISP would feel joy at having such a clause, b/c it would allow you dump a certain group of problem customers, should you choose to do so. Finally, being grossly stupid is a crime, or least a TOS violation. Woohoo! :-)

Re:A *GREAT* ISP

[Anonymous Coward]

My ISP has similar good qualities, and one extra:

They state in their TOS that if you manage to become 'root' on one of their machines, and you do not look at, alter or delete any other cutomers data or disrupt the ISP's services, and you prove this to them they will give you a free subscription for a year.

Nifty huh?

- Bart

Re:dull

[Hellkitten]

And how does that affect the logic behind "When you work for someone they have the right to your work.

I was arguing that signing away copyright can't be made illegal, because that would make it impossible for companies (big or small) that create IP (developers, newspapers, research ...) to exist, since any employee could quit and take the copyright to the companys product with him.

That doesn't mean that we should accept giving away copyright to anyone. Your ISP shouldn't take over any copyright. Nor should your job have any stake in IP you create on your spare time, unless it can be proven that it originated from your work

I just read them and...

[tijsvd]

No such thing in the terms of my ISP [xs4all.nl] (dutch). However, I noticed another interesting passage (article 4.4, freely translated):

"Customers are allowed to hack into the XS4ALL systems. The first customer to gain administrator rights gets a 6-month account for free. The requirement is that no damage is done, privacy of other customers is not broken, and that the full procedure is explained."

Now that's what I call a provider.

Pacific Bell aka SBC

[tres3]

I am a broadband customer of SBC since I couldn't get Earthlink at the time and there is no other choice here. It is against their terms of services to speak truthfully about them; I mean tell the world what kind of arogant assholes they are. A suggestion: don't EVER tell them that you use Linux. The last time I mentioned it they threatened to cut me off. I had to convince them that my primary box was Windows. And yes I know that I'm breaking my terms of service but I don't think they want to give anyone a reason to write the Public Utilities Commission.

SBC is also trying to get everyone to switch to Yahoo/SBC Broadband. A service where Yahoo provides you with all kinds of extra crap you don't need. Yahoo's terms of service start out by telling you that they are going to monitor everything that you do "so they can provide you with a better service." Can you believe that crap. I wonder how many people are just signing up and how many people are objecting. My guess is that the ones that take the time to read their TOS are objecting and the others are signing!

Re:Legality

[Sycraft-fu]

Well it kinda depends. For something like purchased software, no it probably isn't legally binding. It hasn't really been tested in court but my suspicion is that it probably wouldn't stand up. Manufacturers can try and place all kinds of crazy restrictions on stuff you buy but it doesn't work in general (legally speaking) because what's yours is yours.

Now services are a little different. You aren't actually buying anything, you are just paying for the right to use something owned by someone else. This gives them quite a bit more latitude. When they spell out their ToS to you, it's more of a dictation than a contract. They are laying out for you how their service works and what is expected if you want to use it. If you don't like it, you are perfectly free not to use the service, but I don't have to change my rules for you just because you didn't sign a contract.

To try an analogy suppose you need transportation: So I'm a car dealer, you go to me and buy a car. Wehn you purchase it I tell you "Now if you want to buy this, you have to agree not to play rap music with it". You agree, and then later I catch you playing rap on it. Not anything I can do, your verbal agreement means nothing. However suppose instead I run a car service. You contract me to drive you around. I tell you "Ok, you can play anything you like on the stereo except rap". You then proceed to play rap, and I terminate your service. I can do this since it's my car, and I'm just letting you use it.

The first case is like what they try to do with software liscences, the second is like ISP ToSes. Now like I said, the software click-thru liscence is largely untested in court, but I have a feeling it won't really hold up. However the ISP ToS is no different than ToSes on many other kinds of service and there is little you can do about it. If you don't like it, don't use the service.

Express Network TOS

[Fratz]

The TOS for the Express Network basically says that you are not allowed to use Express Network. For anything.

Specifically, they prohibit "machine-to-machine" connections, which, as far as I can tell, limits you from connecting your Express Network enabled computer to any other computer.

Oddly, they say you can use it to read email and surf the web, which I have a hard time reconciling with the whole part about how I'm not allowed to actually connect to the mail servers and web servers.

Here's my story of ISP abuse

[Anonymous Coward]

Here's my story. [bewellweb.com]
The page in question [bewellweb.com].

Re:heh?

[Montreal Geek]

But in reality, what people in their right mind would do that? I mean, assuming: The hacker was benevolent and wanted the 6 monthes. If you hacked the system - you have unlimited, forever usage of the system, hence the word "0wnz," I believe?

Once upon a time (a couple of years ago) I was sysadmin for a smallish ISP up here in Montreal. While out TOS didn't spell it out, it was my policy as well. (I was blessed with intelligent bosses/owners that decided from the onset that given that I was the security, its enforcement should be left to me).

There have been a total of two compromises during the two years I worked there. Both were detected by my diagnostics within minutes. I let both play out to ascertain the intent and method, and one of the crackers was obviously a white hat given that noticing me on the box he talked me to tell me how he got in. The other was a silly warez d00d-- took me about 5 minutes to detect how he got in.

In both cases, I restored offline, plugged the hole, then put the system back up.

Having compromised a system does not give you "forever usage of the system".

Just before I started work there, where was another (major) compromise of the entirety of the DMZ-- the security wasn't set up very well and each box trusted every other box. That took a complete redesign of the infrastructure, but it was also fixed. By the white hat that broke in and went to them with "Look. Obviously you need to hire a sysadmin."

You get to guess who that was.

Not everyone is a script kiddie, you know.

-- MG

Re:Have your read Network Solutions Terms of Servi

[Blue Stone]

IANAnAnalLawyer, but, as I understand it, if you see something in a contract, you don't like, simply score it out, add whatever re-wording you want and sign the resulting contract.

I did this with a government agency that wanted to have free and unfettered access to my private medical records.

I scored that bit out, and added, that they may only have access upon contacting me first and obtaining my permission, and that I vet the information they can have access to (basically "no you can't have access", but less blunt.)

I signed the re-written contract and heard nothing more about it.