Verizon Removes FTP Access For Security... Well, Security Of Its Revenue At Least

from the lame dept

Tue, Aug 30th 2011 7:55am — Mike Masnick

It's really amazing that companies don't recognize that taking away features to charge for them almost never goes over well. Adding features that can be charged for will work, but removing features that were free and widely used is rarely a good idea. It appears that Verizon is still learning that lesson. The company apparently provides some hosting space for all of its customers, and until recently allowed subscribers to access that space via FTP. However, it recently announced that it was doing away with FTP access and instead, users were now forced to make use of Verizon's own clunky web tools interface. That's quite a nuisance for some users.

But where this gets more interesting is that it appears Verizon is simply lying about the reasons why. The company is telling users it's for "security" reasons. But... while it's discontinuing FTP for its regular subscribers, those who pay up for a higher level hosting plan (starting at $5.95 per month) seem to still be able to use FTP. In other words, it's only a security problem if you're not paying -- suggesting that the "security" is more about Verizon's revenue than the security of your content. And while it's true that unencrypted FTP can have some security issues (mainly on untrusted networks), there are ways to deal with that with secure, encrypted FTP offerings.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: broadband, ftp, storage
Companies: verizon

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Spaceboy (profile), 30 Aug 2011 @ 8:12am

So my question to Verizon is -

What is different about the FTP access your paying customers get when compared to those you just cut off for 'security reasons'? What upgrades did you make to your FTP system that warrant cutting people off and charging for them? What specific security threats were you unable to counter that forced this decision?
[ link to this | view in chronology ]
- :Lobo Santo (profile), 30 Aug 2011 @ 8:18am
  
  Re: Upgrades
  I imaging it's some sort of expensive non-reusable "FTP Condom" which allows interface with only a tiny possibility of passing a computer virus.
  
  Obviously these "FTP Condoms" are too pricey to just let anybody use--but for paying customers the cost is justified,
  
  ;-P
  [ link to this | view in chronology ]
  - The eejit (profile), 30 Aug 2011 @ 8:49am
    
    Re: Re: Upgrades
    Bunch of freetarding consensual FTP'ers!
    [ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2011 @ 8:34am
  
  Re:
  Really, your "question" is three overarching rhetorical questions offered by the post?
  [ link to this | view in chronology ]
  - The Groove Tiger (profile), 31 Aug 2011 @ 11:15am
    
    Re: Re:
    That word. I do not think it means what you think it means.
    [ link to this | view in chronology ]
MondoGordo, 30 Aug 2011 @ 8:18am

Verizon is still learning that lesson.
Say rather NOT learning that lesson.
[ link to this | view in chronology ]
Gumnos (profile), 30 Aug 2011 @ 8:30am

They just don't detail the type of security issue...
it's for their financial security
[ link to this | view in chronology ]
Ven, 30 Aug 2011 @ 8:49am

One nit pick
In today's world all networks should be considered untrusted. Even if your laptop says that it's connected to your home wireless network you may not be. I say shame on any hosting company that is allowing any administrative access over an unencrypted link.

I wonder if Verizon is allowing paying customers a migration period to a new solution while free customers have just be cut off?
[ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2011 @ 8:52am

Who are they to claim their proprietary tools are safer than the widely known and used FTP protocol (which can be secured through SSL/TLS)? Can we have access to their "secure tools" code? Most likely not.

But it's easy to lie to your customers when:
- Most don't know any better
- Most don't have an alternative provider to sign up with (even though there are tons of cheaper hosts out there)

They simply feed of the ignorance of their "newb" users to make more money. Anyone with half a brain would just move to a 5$/month host, not like there's a shortage of those out there.
[ link to this | view in chronology ]
John Fenderson (profile), 30 Aug 2011 @ 8:52am

FTP is a real security problem
The fact that Verizon still allows it for some users gives lie to their own reasons, however...

FTP is a true security problem, and removing it is the Right Thing To Do. Forcing users to use a web interface instead is totally bogus. SCP gives all the functionality of FTP without the security problems.

Verizon seems a bit confused about this issue, but the issue is very real. Anyone running servers should not, under any circumstances, have an internet-facing FTP server.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2011 @ 8:53am
  
  Re: FTP is a real security problem
  Sorry, but SCP implies SSH. SCP = FTP over SSH. THAT is a major security issue.
  
  FTP with SSL/TLS is perfectly secure.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 30 Aug 2011 @ 8:57am
    
    Re: Re: FTP is a real security problem
    Umm, what's the difference at the machine level? SCP is essentially FTP w/SSL+TLS.
    [ link to this | view in chronology ]
    - Anonymous Coward, 30 Aug 2011 @ 9:00am
      
      Re: Re: Re: FTP is a real security problem
      Usually, web hosts do not allow SSH to anyone. A good host would only allow SSH from given IPs, and not allow it globally, which makes SCP a problem.
      [ link to this | view in chronology ]
      - Anonymous Coward, 30 Aug 2011 @ 9:16am
        
        Re: Re: Re: Re: FTP is a real security problem
        ...web hosts...
        
        We're not talking dedicated web-hosting here. Instead, this is space Verizon is providing �for all of its customers�.
        
        It's just a little convenience so you don't have to run Apache at home.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 30 Aug 2011 @ 9:22am
        
        Re: Re: Re: Re: Re: FTP is a real security problem
        No. It's web hosting only. Verizon filter port 80 to force you to use their hosting. Google it.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 30 Aug 2011 @ 9:37am
        
        Re: Re: Re: Re: Re: Re: FTP is a real security problem
        Verizon filter port 80 to force you to use their hosting.
        
        And this is advertised as �Internet service�? Why on earth do you blockheads put with this?
        
        Maybe you should all just pay for �Facebook access� and then go and live inside a happy walled-garden community with your �Friends�.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 30 Aug 2011 @ 9:39am
        
        Re: Re: Re: Re: Re: Re: Re: FTP is a real security problem
        Haha. Agreed. But lots of people use Verizon because there's no alternative where they live. So as I said before, move over to a 5$ host and you'll get better service.
        [ link to this | view in chronology ]
        
        Chronno S. Trigger (profile), 30 Aug 2011 @ 10:16am
        
        Re: Re: Re: Re: Re: Re: FTP is a real security problem
        I have Verizon residential and they don't block my port 80. That's how I transfer files from home to work if I don't have a day's notice. Verizon doesn't block any of my ports. HTTP, HTTPS, FTP, RDT, they're all open and working.
        [ link to this | view in chronology ]
  - Anonymous Coward, 30 Aug 2011 @ 9:06am
    
    Re: Re: FTP is a real security problem
    ...SSH....
    
    Dude, I have a shell account with my provider. They run Debian.
    
    You mean you don't? How much are you paying?
    [ link to this | view in chronology ]
    - Anonymous Coward, 30 Aug 2011 @ 9:20am
      
      Re: Re: Re: FTP is a real security problem
      Just because some hosts offer it doesn't mean they all do. Google "shared hosting SSH access" and see how many offer it. Only the newb ones do, or the ones with extremely good system administrators that actually monitor the servers. Not Verizon's case, obviously.
      
      That being said, I work for 3 web hosting companies. None of them offer SSH access for shared accounts. You want SSH? Get a VPS. There's no point in offering SSH access. It requires more work from your employees and down the line, it's a security issue.
      
      My ISP used to offer free hosting with SSH, 10+ years ago. As soon as it was abused, they killed it. If you don't keep you systems up to date and well protected (and even if you do) there are still tons of escalation exploits that don't get patched. You can lose your system faster than you enabled SSH.
      [ link to this | view in chronology ]
      - Anonymous Coward, 30 Aug 2011 @ 11:31am
        
        Re: Re: Re: Re: FTP is a real security problem
        I would never pay a dime for a shared host that didn't offer SSH. Sorry, but I have better things to do than to push and pull files to make minor edits - I'll stick with vi over SSH kthanks. I also have cron jobs on other servers that access content on shared hosts over SSH using public key authentication.
        
        Maybe no ssh is fine for the web design folks and other computer illiterate, but the rest of us need terminal access.
        
        Furthermore, I don't think laziness or incompetence are particularly good reasons for not allowing user SSH access.
        [ link to this | view in chronology ]
  - Anonymous Coward, 30 Aug 2011 @ 11:14am
    
    Re: Re: FTP is a real security problem
    Umm, no, SCP/SFTP are not simply FTP over SSH. They are an entirely different protocol designed from the ground up with security in mind. I would trust SCP/SFTP over FTPS (FTP w/SSL) any day of the week.
    [ link to this | view in chronology ]
  - Lawrence D'Oliveiro, 30 Aug 2011 @ 5:49pm
    
    Re: SCP = FTP over SSH!?
    No it isn�t. SCP has nothing to do with FTP. It lets you do secure copying of files over SSH.
    
    SSH also offers SFTP, which gives you FTP-style directory-browsing and upload/download functions, but since it runs over SSH, it 1) only needs one open port (port 22), and 2) is far more secure.
    
    FTP over SSL/TLS is a complicated fudge that is more trouble than it�s worth.
    [ link to this | view in chronology ]
- John Fenderson (profile), 30 Aug 2011 @ 8:54am
  
  Re: FTP is a real security problem
  A nod to the AC above: yes, you can also secure FTP through SSL, and that's acceptable from a security perspective. It's a bit clunky, though, so it's not the first option to cross my mind.
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Aug 2011 @ 8:58am
    
    Re: Re: FTP is a real security problem
    Honestly, I've been running servers for a long time. FTP with TLS has always been my first choice. However, there are basic rules to follow. Change the default port, disable all administrative privileges, and make sure e very account is chroot'ed. Also have scripts parse your logs and firewall repeat offenders. But I guess a big hosting company with lots of resources can't be bothered securing their systems if they can make extra money out of the whole thing.
    [ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2011 @ 9:26am

...and people are still going to subscribe to them so all is good in verizon's reich
[ link to this | view in chronology ]
vastrightwing, 30 Aug 2011 @ 10:07am

Money grab
They've sucked up the $0.20 (that's twenty cents or 20/100 of a dollar, since we all know about Verizon math) text messaging revenue, so they need a new source of revenue. This is about all the customers using IP cameras out there which upload images to a FTP site. Now what are these people going to do? Pay Verizon more in order to continue.
[ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2011 @ 10:18am

Your premise about taking away free features is flawed. Look at Nexflix streaming, text messaging and banking services as just 3 very profitable models of how it's a good idea to hook the suckers on a free service, then shaft 'em later. People just capitulate and pay up.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2011 @ 11:33am
  
  Re:
  There is a breaking point. Look at all the articles on here about cable service cancellation.
  
  It's just a given though that most telecom business models are not customer focused. The problem is really competition. Somewhere along the line it was okay to create monopolies subsidized by tax payer money.
  [ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2011 @ 11:54am
  
  Re:
  Netflix streaming was FREE? When was that? I've always had to pay for my Netflix to stream anything!
  [ link to this | view in chronology ]
Moshe Feder (profile), 30 Aug 2011 @ 10:47am

Typical
As a Verizon customer, this is disappointing but not surprising.

When Andrew Cuomo was NY State attorney general, he raised his political profile by scare mongering about child porn on Usenet. The result was that Verizon dropped not just for the offending news groups but all support for NNTP. Did they cut their price to compensate for dropping this long-standing service?

What do you think?
[ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2011 @ 2:39pm

Wow can you be more of an ass hat hater. There is a major security risk leaving grandma and the other little 12 year old working on bieber fansite pages having ftp access. Verizon doesn't need these completely clueless consumers who are using coffee cup ftp on malware infected pc flooding their network with random ftp traffic and causing a DoS. If you want decent hosted you should never look at your ISP in the first place. Go somewhere like bluehost or here is an even mroe novel concept, rent a server somewhere.
[ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2011 @ 3:29pm

I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links (even though they charge an arm and a leg for data). It looks like proxy server access will soon be almost essential to get full access to the internet, not just in China.
[ link to this | view in chronology ]
- Lawrence D'Oliveiro, 30 Aug 2011 @ 10:40pm
  
  Re: I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links ...
  Did you try �PASV� mode?
  [ link to this | view in chronology ]
Anonymous Coward, 31 Aug 2011 @ 3:55pm

My issue with this is that Verizon uses HTTP, not HTTPS, on any log-in pages, administrative pages or other pages, which is just as insecure as the FTP they are claiming is too insecure to support.
[ link to this | view in chronology ]