Verizon Removes FTP Access For Security... Well, Security Of Its Revenue At Least

from the lame dept

It's really amazing that companies don't recognize that taking away features to charge for them almost never goes over well. Adding features that can be charged for will work, but removing features that were free and widely used is rarely a good idea. It appears that Verizon is still learning that lesson. The company apparently provides some hosting space for all of its customers, and until recently allowed subscribers to access that space via FTP. However, it recently announced that it was doing away with FTP access and instead, users were now forced to make use of Verizon's own clunky web tools interface. That's quite a nuisance for some users.

But where this gets more interesting is that it appears Verizon is simply lying about the reasons why. The company is telling users it's for "security" reasons. But... while it's discontinuing FTP for its regular subscribers, those who pay up for a higher level hosting plan (starting at $5.95 per month) seem to still be able to use FTP. In other words, it's only a security problem if you're not paying -- suggesting that the "security" is more about Verizon's revenue than the security of your content. And while it's true that unencrypted FTP can have some security issues (mainly on untrusted networks), there are ways to deal with that with secure, encrypted FTP offerings.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: broadband, ftp, storage
Companies: verizon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Spaceboy (profile), 30 Aug 2011 @ 8:12am

    So my question to Verizon is -

    What is different about the FTP access your paying customers get when compared to those you just cut off for 'security reasons'? What upgrades did you make to your FTP system that warrant cutting people off and charging for them? What specific security threats were you unable to counter that forced this decision?

    link to this | view in chronology ]

    • icon
      :Lobo Santo (profile), 30 Aug 2011 @ 8:18am

      Re: Upgrades

      I imaging it's some sort of expensive non-reusable "FTP Condom" which allows interface with only a tiny possibility of passing a computer virus.

      Obviously these "FTP Condoms" are too pricey to just let anybody use--but for paying customers the cost is justified,

      ;-P

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Aug 2011 @ 8:34am

      Re:

      Really, your "question" is three overarching rhetorical questions offered by the post?

      link to this | view in chronology ]

  • identicon
    MondoGordo, 30 Aug 2011 @ 8:18am

    Verizon is still learning that lesson.

    Say rather NOT learning that lesson.

    link to this | view in chronology ]

  • icon
    Gumnos (profile), 30 Aug 2011 @ 8:30am

    They just don't detail the type of security issue...

    it's for their financial security

    link to this | view in chronology ]

  • identicon
    Ven, 30 Aug 2011 @ 8:49am

    One nit pick

    In today's world all networks should be considered untrusted. Even if your laptop says that it's connected to your home wireless network you may not be. I say shame on any hosting company that is allowing any administrative access over an unencrypted link.

    I wonder if Verizon is allowing paying customers a migration period to a new solution while free customers have just be cut off?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Aug 2011 @ 8:52am

    Who are they to claim their proprietary tools are safer than the widely known and used FTP protocol (which can be secured through SSL/TLS)? Can we have access to their "secure tools" code? Most likely not.

    But it's easy to lie to your customers when:
    - Most don't know any better
    - Most don't have an alternative provider to sign up with (even though there are tons of cheaper hosts out there)

    They simply feed of the ignorance of their "newb" users to make more money. Anyone with half a brain would just move to a 5$/month host, not like there's a shortage of those out there.

    link to this | view in chronology ]

  • icon
    John Fenderson (profile), 30 Aug 2011 @ 8:52am

    FTP is a real security problem

    The fact that Verizon still allows it for some users gives lie to their own reasons, however...

    FTP is a true security problem, and removing it is the Right Thing To Do. Forcing users to use a web interface instead is totally bogus. SCP gives all the functionality of FTP without the security problems.

    Verizon seems a bit confused about this issue, but the issue is very real. Anyone running servers should not, under any circumstances, have an internet-facing FTP server.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Aug 2011 @ 8:53am

      Re: FTP is a real security problem

      Sorry, but SCP implies SSH. SCP = FTP over SSH. THAT is a major security issue.

      FTP with SSL/TLS is perfectly secure.

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 30 Aug 2011 @ 8:57am

        Re: Re: FTP is a real security problem

        Umm, what's the difference at the machine level? SCP is essentially FTP w/SSL+TLS.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Aug 2011 @ 9:00am

          Re: Re: Re: FTP is a real security problem

          Usually, web hosts do not allow SSH to anyone. A good host would only allow SSH from given IPs, and not allow it globally, which makes SCP a problem.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 30 Aug 2011 @ 9:16am

            Re: Re: Re: Re: FTP is a real security problem

            ...web hosts...


            We're not talking dedicated web-hosting here. Instead, this is space Verizon is providing “for all of its customers”.

            It's just a little convenience so you don't have to run Apache at home.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 30 Aug 2011 @ 9:22am

              Re: Re: Re: Re: Re: FTP is a real security problem

              No. It's web hosting only. Verizon filter port 80 to force you to use their hosting. Google it.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 30 Aug 2011 @ 9:37am

                Re: Re: Re: Re: Re: Re: FTP is a real security problem

                Verizon filter port 80 to force you to use their hosting.

                And this is advertised as “Internet service”? Why on earth do you blockheads put with this?

                Maybe you should all just pay for “Facebook access” and then go and live inside a happy walled-garden community with your “Friends”.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 30 Aug 2011 @ 9:39am

                  Re: Re: Re: Re: Re: Re: Re: FTP is a real security problem

                  Haha. Agreed. But lots of people use Verizon because there's no alternative where they live. So as I said before, move over to a 5$ host and you'll get better service.

                  link to this | view in chronology ]

              • icon
                Chronno S. Trigger (profile), 30 Aug 2011 @ 10:16am

                Re: Re: Re: Re: Re: Re: FTP is a real security problem

                I have Verizon residential and they don't block my port 80. That's how I transfer files from home to work if I don't have a day's notice. Verizon doesn't block any of my ports. HTTP, HTTPS, FTP, RDT, they're all open and working.

                link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Aug 2011 @ 9:06am

        Re: Re: FTP is a real security problem

        ...SSH....


        Dude, I have a shell account with my provider. They run Debian.

        You mean you don't? How much are you paying?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Aug 2011 @ 9:20am

          Re: Re: Re: FTP is a real security problem

          Just because some hosts offer it doesn't mean they all do. Google "shared hosting SSH access" and see how many offer it. Only the newb ones do, or the ones with extremely good system administrators that actually monitor the servers. Not Verizon's case, obviously.

          That being said, I work for 3 web hosting companies. None of them offer SSH access for shared accounts. You want SSH? Get a VPS. There's no point in offering SSH access. It requires more work from your employees and down the line, it's a security issue.

          My ISP used to offer free hosting with SSH, 10+ years ago. As soon as it was abused, they killed it. If you don't keep you systems up to date and well protected (and even if you do) there are still tons of escalation exploits that don't get patched. You can lose your system faster than you enabled SSH.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 30 Aug 2011 @ 11:31am

            Re: Re: Re: Re: FTP is a real security problem

            I would never pay a dime for a shared host that didn't offer SSH. Sorry, but I have better things to do than to push and pull files to make minor edits - I'll stick with vi over SSH kthanks. I also have cron jobs on other servers that access content on shared hosts over SSH using public key authentication.

            Maybe no ssh is fine for the web design folks and other computer illiterate, but the rest of us need terminal access.

            Furthermore, I don't think laziness or incompetence are particularly good reasons for not allowing user SSH access.

            link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Aug 2011 @ 11:14am

        Re: Re: FTP is a real security problem

        Umm, no, SCP/SFTP are not simply FTP over SSH. They are an entirely different protocol designed from the ground up with security in mind. I would trust SCP/SFTP over FTPS (FTP w/SSL) any day of the week.

        link to this | view in chronology ]

      • identicon
        Lawrence D'Oliveiro, 30 Aug 2011 @ 5:49pm

        Re: SCP = FTP over SSH!?

        No it isn’t. SCP has nothing to do with FTP. It lets you do secure copying of files over SSH.

        SSH also offers SFTP, which gives you FTP-style directory-browsing and upload/download functions, but since it runs over SSH, it 1) only needs one open port (port 22), and 2) is far more secure.

        FTP over SSL/TLS is a complicated fudge that is more trouble than it’s worth.

        link to this | view in chronology ]

    • icon
      John Fenderson (profile), 30 Aug 2011 @ 8:54am

      Re: FTP is a real security problem

      A nod to the AC above: yes, you can also secure FTP through SSL, and that's acceptable from a security perspective. It's a bit clunky, though, so it's not the first option to cross my mind.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Aug 2011 @ 8:58am

        Re: Re: FTP is a real security problem

        Honestly, I've been running servers for a long time. FTP with TLS has always been my first choice. However, there are basic rules to follow. Change the default port, disable all administrative privileges, and make sure e very account is chroot'ed. Also have scripts parse your logs and firewall repeat offenders. But I guess a big hosting company with lots of resources can't be bothered securing their systems if they can make extra money out of the whole thing.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Aug 2011 @ 9:26am

    ...and people are still going to subscribe to them so all is good in verizon's reich

    link to this | view in chronology ]

  • identicon
    vastrightwing, 30 Aug 2011 @ 10:07am

    Money grab

    They've sucked up the $0.20 (that's twenty cents or 20/100 of a dollar, since we all know about Verizon math) text messaging revenue, so they need a new source of revenue. This is about all the customers using IP cameras out there which upload images to a FTP site. Now what are these people going to do? Pay Verizon more in order to continue.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Aug 2011 @ 10:18am

    Your premise about taking away free features is flawed. Look at Nexflix streaming, text messaging and banking services as just 3 very profitable models of how it's a good idea to hook the suckers on a free service, then shaft 'em later. People just capitulate and pay up.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Aug 2011 @ 11:33am

      Re:

      There is a breaking point. Look at all the articles on here about cable service cancellation.

      It's just a given though that most telecom business models are not customer focused. The problem is really competition. Somewhere along the line it was okay to create monopolies subsidized by tax payer money.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Aug 2011 @ 11:54am

      Re:

      Netflix streaming was FREE? When was that? I've always had to pay for my Netflix to stream anything!

      link to this | view in chronology ]

  • icon
    Moshe Feder (profile), 30 Aug 2011 @ 10:47am

    Typical

    As a Verizon customer, this is disappointing but not surprising.

    When Andrew Cuomo was NY State attorney general, he raised his political profile by scare mongering about child porn on Usenet. The result was that Verizon dropped not just for the offending news groups but all support for NNTP. Did they cut their price to compensate for dropping this long-standing service?

    What do you think?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Aug 2011 @ 2:39pm

    Wow can you be more of an ass hat hater. There is a major security risk leaving grandma and the other little 12 year old working on bieber fansite pages having ftp access. Verizon doesn't need these completely clueless consumers who are using coffee cup ftp on malware infected pc flooding their network with random ftp traffic and causing a DoS. If you want decent hosted you should never look at your ISP in the first place. Go somewhere like bluehost or here is an even mroe novel concept, rent a server somewhere.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Aug 2011 @ 3:29pm

    I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links (even though they charge an arm and a leg for data). It looks like proxy server access will soon be almost essential to get full access to the internet, not just in China.

    link to this | view in chronology ]

    • identicon
      Lawrence D'Oliveiro, 30 Aug 2011 @ 10:40pm

      Re: I recently noticed that the Telus cell phone provider in Canada blocks FTP access over their mobile internet links ...

      Did you try “PASV” mode?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Aug 2011 @ 3:55pm

    My issue with this is that Verizon uses HTTP, not HTTPS, on any log-in pages, administrative pages or other pages, which is just as insecure as the FTP they are claiming is too insecure to support.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.