Verizon Removes FTP Access For Security... Well, Security Of Its Revenue At Least
from the lame dept
It's really amazing that companies don't recognize that taking away features to charge for them almost never goes over well. Adding features that can be charged for will work, but removing features that were free and widely used is rarely a good idea. It appears that Verizon is still learning that lesson. The company apparently provides some hosting space for all of its customers, and until recently allowed subscribers to access that space via FTP. However, it recently announced that it was doing away with FTP access and instead, users were now forced to make use of Verizon's own clunky web tools interface. That's quite a nuisance for some users.But where this gets more interesting is that it appears Verizon is simply lying about the reasons why. The company is telling users it's for "security" reasons. But... while it's discontinuing FTP for its regular subscribers, those who pay up for a higher level hosting plan (starting at $5.95 per month) seem to still be able to use FTP. In other words, it's only a security problem if you're not paying -- suggesting that the "security" is more about Verizon's revenue than the security of your content. And while it's true that unencrypted FTP can have some security issues (mainly on untrusted networks), there are ways to deal with that with secure, encrypted FTP offerings.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
What is different about the FTP access your paying customers get when compared to those you just cut off for 'security reasons'? What upgrades did you make to your FTP system that warrant cutting people off and charging for them? What specific security threats were you unable to counter that forced this decision?
[ link to this | view in chronology ]
Re: Upgrades
Obviously these "FTP Condoms" are too pricey to just let anybody use--but for paying customers the cost is justified,
;-P
[ link to this | view in chronology ]
Re: Re: Upgrades
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Verizon is still learning that lesson.
[ link to this | view in chronology ]
They just don't detail the type of security issue...
[ link to this | view in chronology ]
One nit pick
I wonder if Verizon is allowing paying customers a migration period to a new solution while free customers have just be cut off?
[ link to this | view in chronology ]
But it's easy to lie to your customers when:
- Most don't know any better
- Most don't have an alternative provider to sign up with (even though there are tons of cheaper hosts out there)
They simply feed of the ignorance of their "newb" users to make more money. Anyone with half a brain would just move to a 5$/month host, not like there's a shortage of those out there.
[ link to this | view in chronology ]
FTP is a real security problem
FTP is a true security problem, and removing it is the Right Thing To Do. Forcing users to use a web interface instead is totally bogus. SCP gives all the functionality of FTP without the security problems.
Verizon seems a bit confused about this issue, but the issue is very real. Anyone running servers should not, under any circumstances, have an internet-facing FTP server.
[ link to this | view in chronology ]
Re: FTP is a real security problem
FTP with SSL/TLS is perfectly secure.
[ link to this | view in chronology ]
Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: Re: Re: FTP is a real security problem
We're not talking dedicated web-hosting here. Instead, this is space Verizon is providing “for all of its customers”.
It's just a little convenience so you don't have to run Apache at home.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: FTP is a real security problem
And this is advertised as “Internet service”? Why on earth do you blockheads put with this?
Maybe you should all just pay for “Facebook access” and then go and live inside a happy walled-garden community with your “Friends”.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: FTP is a real security problem
Dude, I have a shell account with my provider. They run Debian.
You mean you don't? How much are you paying?
[ link to this | view in chronology ]
Re: Re: Re: FTP is a real security problem
That being said, I work for 3 web hosting companies. None of them offer SSH access for shared accounts. You want SSH? Get a VPS. There's no point in offering SSH access. It requires more work from your employees and down the line, it's a security issue.
My ISP used to offer free hosting with SSH, 10+ years ago. As soon as it was abused, they killed it. If you don't keep you systems up to date and well protected (and even if you do) there are still tons of escalation exploits that don't get patched. You can lose your system faster than you enabled SSH.
[ link to this | view in chronology ]
Re: Re: Re: Re: FTP is a real security problem
Maybe no ssh is fine for the web design folks and other computer illiterate, but the rest of us need terminal access.
Furthermore, I don't think laziness or incompetence are particularly good reasons for not allowing user SSH access.
[ link to this | view in chronology ]
Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: SCP = FTP over SSH!?
SSH also offers SFTP, which gives you FTP-style directory-browsing and upload/download functions, but since it runs over SSH, it 1) only needs one open port (port 22), and 2) is far more secure.
FTP over SSL/TLS is a complicated fudge that is more trouble than it’s worth.
[ link to this | view in chronology ]
Re: FTP is a real security problem
[ link to this | view in chronology ]
Re: Re: FTP is a real security problem
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Money grab
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
It's just a given though that most telecom business models are not customer focused. The problem is really competition. Somewhere along the line it was okay to create monopolies subsidized by tax payer money.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Typical
When Andrew Cuomo was NY State attorney general, he raised his political profile by scare mongering about child porn on Usenet. The result was that Verizon dropped not just for the offending news groups but all support for NNTP. Did they cut their price to compensate for dropping this long-standing service?
What do you think?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links ...
[ link to this | view in chronology ]
[ link to this | view in chronology ]