Forgot your password?
typodupeerror
Privacy

Reasonable Expectation of Privacy From Web Hosts? 287

Posted by Soulskill
from the it's-my-internet-i'll-do-as-i-please dept.
Shafted writes "I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong. Regardless of the fact that they missed the boat with regards to the support question, I found it surprising that they would access my database data without my consent. When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?" Read below for the rest of the question.
Shafted continues: "I did get a response from one of the higher-ups, who said it was ok - they were perfectly within their rights, and their privacy policy supports that. Problem is, I've read the privacy policy, terms of service and acceptable use policy, and nowhere does it make mention that they have the right to look at files or data. It does indicate that I am the one who owns the data (presumably to cover copyright infringement). Another fellow indicated he felt that, as site admin, he had the right to look at whatever he wanted on the site, whether it's his data or a customer's (he, from what I can tell, is not an employee). I can understand looking at data to determine whether it violates the AUP or TOS, provided that it's justified (i.e. a scanner or audit indicates that something fishy is going on). But since I haven't violated the AUP or TOS, do they have this right? Is this something all web hosting companies do? If it isn't expressly stated, either that they do or do not have the right, does that automatically give them the right? Is this an industry norm, or did someone make a mistake and they're simply unwilling to admit to it? I'd really like to hear what some of you have to say, knowing that many of you probably have sites hosted by third-parties, and some of you may work for web hosting companies. Since this is the first one I've ever dealt with, I'm unsure whether I should expect this anywhere else, and if so I may end up going back to self-hosting."
This discussion has been archived. No new comments can be posted.

Reasonable Expectation of Privacy From Web Hosts?

Comments Filter:
  • by NynexNinja (379583) on Sunday July 27, 2008 @11:25AM (#24358155)
    there isn't much you can do. if you choose to co-locate your server at another location, be prepared to have other people looking at your stuff all day. If you have issues with that, either encrypt your private data, or dont co-locate your data at some hosting provider.
    • by blane.bramble (133160) on Sunday July 27, 2008 @12:17PM (#24358713) Homepage
      Not sure what the situation is in the US, but here in the UK if it's co-location (i.e. you own the box) the ISP has no right to log into your box without your permission.
      • by wtfispcloadletter (1303253) on Sunday July 27, 2008 @01:03PM (#24359125)

        Every colo I've seen in the US has a similar policy. In a colo situation it's your hardware in their facility. Some places have it setup so if a drive (or some other piece of hardware, RAM, power supply, etc) they can replace it for you, if you have a spare and you pay for that service. But other than that, they don't and can't (well not suppose to) touch your server.

        This guy was in a colo, but decided to move to a webhost. It's no longer his hardware, just his data. Even if he has a "dedicated server" plan it's still their hardware. If your site is causing performance problems on their network, they can and do look into things without ever asking for your permission. They probably won't even inform you unless they determine it is your site causing problems. Then most hosts will shut you down or disable the script/database causing the problem, THEN inform you of the problem.

      • RTF Summary at least (Score:4, Informative)

        by theshowmecanuck (703852) on Sunday July 27, 2008 @01:34PM (#24359385) Journal

        About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem.

        He said he switched from colo to hosted to avoid having to take care of his own server.

      • Re: (Score:3, Insightful)

        by hedwards (940851)

        Whether or not the co-location could access it or not, I doubt they would do so. Every time you're logging into a box in that situation you're opening yourself up for liability if something goes wrong later or just because.

        If the policy is to not touch the boxes without written authorization the facility can push responsibility for those sorts of issues to the box's owner or employees should they get sued.

        It's a lot easier to just focus on keeping the facilities in proper order and billing than to worry abo

    • by mcrbids (148650)

      And this is why, as an outsourced provider, we don't outsource *our* hosting. Even if there is a significant cost benefit, we'll still have our own systems. I'd rather know who's looking at what and remain in (some) control of the information flow.

      We do offer a rather strong privacy policy, but we do still retain the right to look at information of our clients. Look - it's their equipment, their server, their bandwidth. Your information is yours, but they are free to look at it for pretty much any reason th

  • by fishthegeek (943099) on Sunday July 27, 2008 @11:26AM (#24358161) Journal
    that no matter what, when you sacrifice control for convenience there is always going to be a chance that someone is going to poke around your stuff. It's a risk of the business.
    • Re: People looking (Score:5, Insightful)

      by TaoPhoenix (980487) * <TaoPhoenix@yahoo.com> on Sunday July 27, 2008 @11:36AM (#24358285) Journal

      Isn't this the great flaw of Cloud Computing?

      Playing in the clouds is convenient, but should probably be focused that way. Do serious stuff locally and transmit it as needed.

      • by BPPG (1181851)

        Only post what you want others to see, encrypt things that you want a particular group of people to see. Private data? Don't post it at all.

        For a cloud-computer based netbook or webtop or whatever you want to call them; if you have lots of private data, get an unmountable external usb harddrive.

      • Re: People looking (Score:5, Interesting)

        by Legion_SB (1300215) on Sunday July 27, 2008 @02:07PM (#24359627) Homepage

        Isn't this the great flaw of Cloud Computing?

        No, because that's what encryption is for. I use Jungle Disk to mount my Amazon S3 data as a network share on all of my systems.

        Jungle Disk allows me to encrypt my data before it is sent to Amazon's servers. Short of cracking the 256-bit AES key the data is encrypted with, Amazon can't dig through my data.

        Maybe for a web-based application, this wouldn't make sense, but at least in terms of storing my data in the "cloud" for retrieval and use by various client-side apps, there's no "great flaw".

      • Re: (Score:3, Interesting)

        by Nelson (1275)

        I don't know if it's the great flaw. There are multiple costs you have to weigh.

        It seems to me that vendors would key into it and charge premiums for more protection. That's the solution I would expect, the googles of the world will just charge more of more privacy, and that's kind of fair. The fact that those people were reading your database wasn't too alarming, the fact that they could do so so easily is a bit more, all it takes is one flawed SQL statement and they might not your application down

  • Slippery Slope? (Score:5, Insightful)

    by Kneo24 (688412) on Sunday July 27, 2008 @11:26AM (#24358165) Homepage

    Hmm... I can see your point. Nothing anywhere in their policies that you agreed state they have that right. And you also seem ok with it IF they suspect or even have proof that someone broke the agreement that both parties made.

    Often times people will put private stuff on a server they rent/own and make the files/folder private so that they and a select few can only view the files. So what right does hosting company have to look at information that's private without my consent?

    I think this goes beyond the "well I own it!". Guess what? When you rent out a house to other people, you don't have the right to snoop on your renter's. You can't just access their house whenever you please. There's an expectation of privacy and I think the same applies here.

    My suggestion? Kindly tell them to fuck off and find another hosting company. I would suggest you make it public who this company is and what their practices are so the rest of us can avoid them too.

    • Re:Slippery Slope? (Score:4, Insightful)

      by ScrewMaster (602015) on Sunday July 27, 2008 @11:44AM (#24358371)
      You can't just access their house whenever you please.

      Well, in my State landlords have the right of "reasonable access". Maybe they can't just snoop as they please, but they do have the right (upon 24 hours notice, I believe) to enter their premises.
      • Re:Slippery Slope? (Score:5, Insightful)

        by DrEldarion (114072) on Sunday July 27, 2008 @11:52AM (#24358459)

        They also have the right to enter when the tenant makes a maintenance request. If you think that "support call" = "maintenance request" then, well, there you go.

        • by bishiraver (707931) on Sunday July 27, 2008 @02:09PM (#24359653) Homepage
          Yeah, but what self-respecting landlord would, upon a maintenance request for a leaky pipe under the kitchen sink, come in and: snoop through your financial documents, put on your wife's dress and dance around in it before putting it back, sniff your underwear, switch your toothpaste with your foot cream, and possibly - while they're at it - poke holes in all your condoms?
        • Re:Slippery Slope? (Score:5, Insightful)

          by Anonymous Coward on Sunday July 27, 2008 @02:28PM (#24359793)

          That's not the same. Imagine that you call your landlord because, I don't know, a window's broken. He comes in while you're at work and fixes it (which is fine), but then you find out that he also went to your bedroom and read your diary.

          This is exactly the same situation. Your landlord doesn't need to read your diary to replace the window, and despite the fact that he owns the property and despite the fact that he's there with your knowledge and consent, he doesn't have the right to read it, either.

          The same goes for the webhoster.

          • Re: (Score:3, Insightful)

            by mgblst (80109)

            It is more like he read your diary, notice you have been having some problems with your girlfriend, and rang up to offer some advice later that day.

      • Re:Slippery Slope? (Score:5, Insightful)

        by topham (32406) on Sunday July 27, 2008 @12:24PM (#24358771) Homepage

        Keep reading the legal requirements and you'll find out that 24hr access also requires a legitimate reason, not just any reason. Generally this means they need to justify it, even if it is afte the fact. They have the right the deal with emergency situations immediately, even without 24hr notice. This would include such things as smoke/fire as well as visible signs of a water leak. Still wouldn't give them the right to go through your dresser.

        It is entirely unacceptable to access a customers database without explicit permission. Period.
        Maybe they were trying to be helpful, that unfortunately isn't the point in this case. They have no business accessing it now without some more direct permission. I usually handle such things by talking with the appropriate customer on the phone and telling them what I am going to do. I let them ride along to the extent possible (shared screens, whatever) so they can see what I am doing. If that level of their involvement isn't possible I still ask for permission and do what's required then.

        If they refuse then they are left with the possibility of losing access to the server, or its data, etc, as required to protect my servers and my business. That still doesn't give me the right to access their data because I feel like it. Even if they asked for help.

        note: I will say that I've had understanding with specific customers in the past that let me do what was necessary whenever it was necessary. This is followed up by a report of what was done, giving them an opportunity to complain about it if they so choose. If they were to complain I accessed their data without permission then they would receive an apology, I would refer to the previous understanding, and confirm that it would not happen again without their explicit permission. Period. Anything else is unprofessional.

        The problem here is the tendency of admins to feel like they OWN a server, instead of them having certain, specific responsibilities for that server. It's an industry wide problem, and is somewhat exhibited by the recent issue in San Francisco. (Of which I believe both parties are significantly in the wrong. It's a pissing match and the system admin is not entirely right. Without explicit cause (imagination isn't cause) you do NOT configure a device without storing it's configuration in Flash. If you do that on a number of routers and there is a power failure it would take far to long to get everything back up and running.)

        If, by nature of trying to track down an unknown problem an admin sees data that is otherwise not theirs to see I expect them to keep it to themselves. Not to discuss or disclose the contents. Depending on the nature of the data I would, however, expect them to disclose that such an incident occurred. I don't want them hiding the fact they saw 100 credit card numbers while packet sniffing for a specific problem. However, actual disclosure of those credit card numbers make them subject to termination.

        You own the box, not it's data. You are responsible for keeping it running to the best possible, if that means deactivating a clients access, or applications then so be it. It doesn't mean you can go digging through their files.

        I don't get why people don't understand this.

      • by coyote-san (38515)

        That's residental rentals/leases.

        Commercial leases have different rules. IIRC from my business law book, they generally don't have any blanket access provisions, although that's negotiable.

        A website is clearly not residential. A lease colo box would clearly be analogous to a commercial lease, although I doubt the law sees them as such. A simple hosting provision... who knows.

      • Exactly -- they are required to notify you. That way you can cancel any drug-fueled homosexual orgies you may have been planning, hide your growing marijuana plants, clean the cocaine off of the dining room table, and so forth. Doesn't seem unreasonable to me.
    • If you ask your landlord to check on a blocked drain, you can't very well complain if he happens to find the porno magazines you stashed under the sink.

      When you ask him to come, the place becomes fair game.

      • Re: (Score:2, Insightful)

        by Kneo24 (688412)

        The problem here is that the hosting company was looking at something that was unrelated to their problem (so they assume). You can ask your landlord to fix your sink, and whatever is under it is your problem if you don't want them seeing it, but that doesn't give them the right to go into your bedroom and rifle through your underwear drawer.

        • Re:Slippery Slope? (Score:4, Informative)

          by Bogtha (906264) on Sunday July 27, 2008 @12:02PM (#24358567)

          The problem here is that the hosting company was looking at something that was unrelated to their problem (so they assume).

          Where does he say that? It's unusual to have mail configuration depend upon a database, but it's not unheard of. For example, the simplest way of setting up a web interface to SpamAssassin is to configure it to read rules from a database. The only thing the Ask Slashdotter says on the matter is:

          they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong.

          It sounds like he has put some mail-related configuration in his database and they looked at it because his mail wasn't working correctly and they suspected he had screwed it up somehow.

        • According to the question, there was some misunderstanding involved. If your landlord goes peeking through your underwear drawer because he thought you said that the plugged drain was in there, you have no grounds for a privacy complaint, although you may well have a reasonable case for saying that he needs to listen better.

          For whatever reason this hosting provider thought that the database was relevant to the question being asked, so they looked at it. You may be able to fault them for being dumb but you c

    • by rob1980 (941751)
      Guess what? When you rent out a house to other people, you don't have the right to snoop on your renter's. You can't just access their house whenever you please. There's an expectation of privacy and I think the same applies here.

      If I make a "support call" to the owner of the house/apartment I'm renting - say I tell them the air conditioning isn't working - at that point I'd half expect them to go just about anywhere in inside making sure vents aren't closed, and that cooled air is making it into every r
    • by houghi (78078)

      When I have a leak in my house, the landlord can enter the house. Also when they think that the water coming out of your house is due to a leak. They enter the house and will do everything that is needed.

      It is nice that my landlord leaves a note that they had enterd the house, even though nothing was wrong in the end.

  • I've had worse. (Score:5, Interesting)

    by Archon-X (264195) on Sunday July 27, 2008 @11:27AM (#24358179)

    We had some affiliate software, X, on our servers.
    The internal mailing script was buggy, so I'd written another one, scrapeX.php.

    We had some unrelated problems, which required them to have access to parts of the box.

    All of a sudden, I'm receiving confirmations of email receipts: their incompetant 'tech' had fixed the problem, then poked around, found a script scrapeX.php and thought: well, I'd better run this, to see what it did - and ended up mailing all our clients.

    Action taken: a virtual shrug.

    You have to bear in mind that on hosts that are geared towards entry-level users, that the clients have a tendancy to destroy things in ways possible, which is why they probably did a look around, similarly how when you call your ISP for issue X, they normally give the list: is your power on, can you ping this, can you do that..

    • Re:I've had worse. (Score:4, Insightful)

      by Splab (574204) on Sunday July 27, 2008 @11:43AM (#24358363)

      Wouw... Just wouw, he runs some code without knowing what it is supposed to do on a live server?

      In a company I used to work we had an object with the function "destroyDatabase" which did exactly what it said (well cleaned up data for testing purposes). For some reason someone allowed this to get on to the live servers.

      Several generations of coders later some smart guy decides to run this function on the live server, because he was wondering what the function did...

      • by Archon-X (264195)

        It's exactly as you say: it sounds too interesting to avoid.

        I can understand that 'scrapeX.php' might sound a little dubious, so I bet this guy thought he was doing his company a service by running it...

        • by Allicorn (175921) on Sunday July 27, 2008 @12:17PM (#24358711) Homepage

          REN Now, listen, Cadet. I've got a JOB for you. See this button? (Stimpy reaches for the button) DON'T TOUCH IT! It's the HISTORY ERASER button, you FOOL!

          STIMPY So... what'll happen?

          REN That's just IT! We don't KNOW! Maayyyybeeee something bad?... Mayyyybeeee something good! I guess we'll never know! 'Cause you're going to guard it! You won't TOUCH it, will you?

          (Stimpy salutes. Ren leaves.) REN Hehhhh... hehhhh... hehhhh... hehhhh...

          (Stimpy marches back and forth, staring at the button.) ANNOUNCER Oh, how long can trusty Cadet Stimpy hold out? How can he possibly resist the diabolical urge to push the button that could erase his very existence? Will his tortured mind give in to its uncontrollable desires?

          (Announcer grabs Stimpy, forces him closer to button) Can he resist the temptation to push the button that, even now, beckons him ever closer? Will he succumb to the maddening urge to eradicate history? At the MERE... PUSH... of a SINGLE... BUTTON! The beeyootiful SHINY button! The jolly CANDY-LIKE button! Will he hold out, folks? CAN he hold out?

          STIMPY NO I CAN'T!!! EEEEEYAAAHHHH! (pushes button)

        • Re: (Score:2, Insightful)

          by HereIAmJH (1319621)

          I can understand that 'scrapeX.php' might sound a little dubious, so I bet this guy thought he was doing his company a service by running it...

          Not really. If he suspects a script, he shouldn't run it until fully understanding what it does. If the script does something bad, he has now executed it rather than preventing it. On top of that, he's most likely doing so from a privileged account.

        • I can understand that 'scrapeX.php' might sound a little dubious, so I bet this guy thought he was doing his company a service by running it...

          Considering the quality of entry-level techs at many ISPs, I'd be willing to bet that he ran it to see what it'd do, nothing more...

          Never underestimate the boredom of an underpaid cubicle dweller.

        • by Valdrax (32670)

          You know, the interesting thing about scripts is that there are ways of understanding them other than executing them -- like, say, I dunno, READING THEM FIRST.

          So many bored, lazy, or stupid admins don't think to try that first. I'll bet that's what happened here.

      • Re: (Score:3, Funny)

        by sjames (1099)

        A zillion years ago, I had a shell account at an ISP. One day I saw evidence that a program in my directory had been run by root (it created several files as a result of running). That, in itself, didn't much matter, there were no privacy implications in that case, but the idea that root ran some unknown binary laying around in a customer's home directory was concerning.

        Resolution: I left another binary in plain sight that when run immediately spawned several copies of itself and claimed it would wipe the f

  • by Vellmont (569020) on Sunday July 27, 2008 @11:30AM (#24358195)

    Who is this hosting company, and why are you protecting them? People should know what they're getting into when they enter into an agreement, and it sounds like this company isn't doing that. I don't know if this is "industry standard", legal, or whatever, but I'd run away very fast from this hosting company. Find another hosting company that'll give you assurances in writing that they won't look at your data without your permission. They can't ALL be douche bags.

    • It depends on the motive. From the text it seems as if they looked at the database to determine whether the data in it was causing the problem. I would say that it is reasonable for any sysadmin to look at data when it pertains to the smooth running of their system unless there was some explicit agreement that under no circumstances whatsoever were they to look at data.

      Certainly in most places I have accounts the usual rule for sysadmins is: do not look at private data unless required for problem diagnos
      • by Vellmont (569020) on Sunday July 27, 2008 @01:06PM (#24359145)

        It depends on the motive. From the text it seems as if they looked at the database to determine whether the data in it was causing the problem. I would say that it is reasonable for any sysadmin to look at data when it pertains to the smooth running of their system

        I don't agree. I don't think it's ever ethical to look at private data without permission, even if you're trying to "fix" the customers problem. If the customers website is interfering with the smooth operation of the hosting business, disable the website and get your customer to fix it. If they don't know how/can't, then ask permission to fix it.

        unless there was some explicit agreement that under no circumstances whatsoever were they to look at data.

        That should be the norm, not the other way around. It's their hardware, and their system, but it's your data. It may not be legally defined like this but I'd never use a provider that didn't have this as part of the explicit agreement. It's rather sad that the attitude around here seems to be that admins can and should do whatever they please because "it's our hardware".

  • Unusual (Score:4, Insightful)

    by Bogtha (906264) on Sunday July 27, 2008 @11:32AM (#24358231)

    I've never had this happen as far as I know (obviously hosts can snoop without telling you). I'd say that this was quite unusual, if for no other reason that hosting companies rarely help you diagnose problems that are likely of your own making. They'll usually just tell you to revert to a supported configuration.

    It seems quite odd that they'd be poking around in your database to debug a mail configuration unless you are doing something unusual. But if it is indeed technically related, I doubt you could support the argument that they shouldn't be inspecting your configuration when you ask them to help you debug something. If the database can cause your problem, then how do you expect them to help you without giving them access to it?

  • Let's have the company name and a copy of the response from that higher up who said it was perfectly OK. I think you'd see some backpedaling. I would hope the terms of service don't say anything about you needing to refrain from criticizing their service.
  • by Bob of Dole (453013) on Sunday July 27, 2008 @11:35AM (#24358275) Journal

    Dreamhost repeatedly did this to me when I was hosting with them. They even modified my databases more than once. Mainly adding indexes (including ones that already existed...), but they changed the type of a column once.

    That's one of the many reasons I'm not using them anymore.

    • by ameyer17 (935373)

      Except the OP had a "reseller account" which is something Dreamhost doesn't offer (although they do allow reselling).
      Actually, reading through the question, I kinda wondered the same thing.

    • Re: (Score:2, Informative)

      by Y2K is bogus (7647)

      They probably added indexes because your DB was bringing the server to it's knees. The only reason to add an index is to improve query performance. They may have changed the column for a technical reason, or it could have been another naive type choice on your part.

      They should have contacted you about the problem first, suggested a solution, and allowed you to take action. If you chose not to take action (on the index), they may likely do it on your behalf if it's a quality of service issue.

      Webhosts look

    • by kestasjk (933987)
      Dreamhost is shared hosting, not colo. What do you expect?

      If your database is performing inefficiently and slowing my site down I'm glad they try to improve things without just taking the whole lot down until you sort it out.
  • From home? (Score:4, Informative)

    by corychristison (951993) on Sunday July 27, 2008 @11:37AM (#24358291)

    I run a few servers here at home that are web-facing.

    I have never found a provider that will accommodate me in any ways that I see fit, so the home solution has won me over every time I go looking.

    I host my own work as well as customers. I'm running it all on a Business Class 7Mbit ADSL line... never any problems as most sites are pretty low on bandwidth.

    I've recently got a new client (signed and sealed -- working on the project right now, actually). Their project is going to require their own server(s -- Yay redundancy!) for some power behind their project... if all goes well I'm going to lease some office space outside of my home and upgrade the connection to whatever the best is I can get.

    The 'at home' solution offers total control. If you're making enough money off your clients, it's worth it in my opinion.

    • Re:From home? (Score:5, Insightful)

      by Bogtha (906264) on Sunday July 27, 2008 @12:13PM (#24358675)

      The 'at home' solution offers total control. If you're making enough money off your clients, it's worth it in my opinion.

      So long as "enough money" is enough to employ multiple competent administrators. If a server goes down, somebody needs to bring it back up in a reasonable timeframe. Being on call 24/7 is not fun. What if you are sick or injured? What if you want to go on holiday? As you said, "Yay redundancy!" It's not just hardware that needs redundancy to be reliable, wetware needs it too.

      • Apparently you didn't even read my post, just picked parts out so you can criticize.

        I've been running servers out of my home for years now. I'm trying to think of how long and I'd say it's been about 5 years now.

        Only issue I've ever had was a power outage that lasted a good couple hours (apparently most of the province was out as well as the whole northern part of the state below it)... that was unavoidable. My UPS's lasted all but 20 mins of the outage. Which is fine for me. 20 minutes of 5 years down the

        • Re:From home? (Score:5, Insightful)

          by Bogtha (906264) on Sunday July 27, 2008 @12:42PM (#24358941)

          Apparently you didn't even read my post, just picked parts out so you can criticize.

          Yes, because I can't possibly have read your post and disagreed with it too, right? Get over yourself.

          Only issue I've ever had was a power outage that lasted a good couple hours

          Lucky you. Just because the gamble paid off for you, it doesn't automatically mean that it's a good idea to do it.

          When you take on the burden of hosting, that involves making sure somebody is around to fix any problems that arise. Sure, you can cut corners and gamble that nothing is going to go wrong, but that's a big risk, and it can result in a lot of stress and downtime.

  • by DigitalSorceress (156609) on Sunday July 27, 2008 @11:38AM (#24358301)

    I'd say that any instance where you don't fully own/control the hardware (managed servers or shared hosting), that the contract can SAY whatever it wants, but if they want to see your data, they can.

    Now, I'm sure most tech support folks have better things to do than to nose through your data or read your email. There is a certain level of trust that you have to give your hosting service, or else it's just not going to work.

    It's been my experience that if you want more change / access control in place, you can get it, but it's not going to be cheap. The hosting facility my previous employer used had tech support folks who always asked permission and told us what they were going to do and/or what they did, but that was a $50,000/month hosting contract.

    Anyhow, You're going to have to choose... is your privacy more important than having to buy/handle your hardware? if so, then go back to a colo and be prepared for those occasional 4:00am calls. If the support is what's more important, then find a hosting provider where you have some faith in the folks involved. I maintain a very good working relationship with the main support guy where my own server is hosted. I have a lot of faith in him, and I never get redirected to the "Bangalore Bargain Bin" cuz they're not doing that outsourced support thing. To me, this is a comfortable arrangement.

    In the end, security versus convenience is always going to be a give-and-take arrangement.

  • Web hosting? (Score:2, Insightful)

    by TheRaven64 (641858)
    If you are buying 'web hosting' then you are essentially buying a managed server - someone else is the administrator, you are a user. You have no control over it and should have no expectation of control. If you want an expectation of privacy then you should get a dedicated server. If you are a reseller then you could probably do this quite easily - get your own co-located dedicated server somewhere and sell vhosts to your clients. If the hosting company wants the root password for your machine, run awa
  • by b4upoo (166390) on Sunday July 27, 2008 @11:41AM (#24358329)

    Your question should be taken up with a good lawyer. These days things are quite unclear as to what snooping is reasonable.
            I am not a lawyer and my opinion is that anyone looking at your files acquires certain legal liability if anything at all is going on through your servers that breaks civil or criminal law. Not looking at files by you or anyone else leaves you with a great deal of legal protection.
            Recently I learned that a vague acquaintance was arrested for possession of child pornography as a popular music- file sharing site runs search
    programs looking for copyrighted materials and they happened to key in on certain words or images within those porn files.
            He may have had some expectation of privacy. I really don't know. But what I do know is that famous site now has a problem if other porn passes through their site and they fail to catch it. Not doing a good enough job carries legal penalties whereas not doing any job at all relieves them of responsibility. Color that spying can be foolish, expensive and dangerous.

  • by Animats (122034) on Sunday July 27, 2008 @11:42AM (#24358353) Homepage

    It's a difficult issue. I have a dedicated server at APlus in Phoenix, and for the first six months, they didn't have any of the passwords for the box. Then they had a big outage and had to move the servers to another data center, and asked the users to tell them the root password so the could shut down the server, move it, and reconfigure the networking. So now they have the root password, and they did use it once without asking me first when I called in with a later problem.

    It's not a big issue for this particular application, because it doesn't have any proprietary or personal data and it doesn't do credit card transactions. But for anyone selling something, it could be a very big deal.

    This is to some extent a lack of Linux system administration capability. There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup. APlus uses the Plesk control panel, which can do most of those things, but its security isn't designed to give the co-location operator a limited login.

    • It's a difficult issue. I have a dedicated server at APlus in Phoenix, and for the first six months, they didn't have any of the passwords for the box. Then they had a big outage and had to move the servers to another data center, and asked the users to tell them the root password so the could shut down the server, move it, and reconfigure the networking. So now they have the root password, and they did use it once without asking me first when I called in with a later problem.

      Assuming this is a Linux Box

    • by TheRaven64 (641858) on Sunday July 27, 2008 @11:56AM (#24358505) Journal

      There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup

      Actually, there is. First thing to note is that 'root' is just a name. It is UID 0 that is powerful, not the user named 'root'. You can create an account called root which has a different UID and it is just another user - give this account / password to the colo company and they will only find out that it's not root if they try to do something evil. Then, just give them permissions to modify the network config files and run shutdown / reboot as root and you're set.

      Alternatively, you can create a 'colo' user which has write access to the network config files and has sudo access to the shutdown command, which might be cleaner, and if they complain about this limited access then move hosts.

    • by Dionysus (12737)

      This is to some extent a lack of Linux system administration capability. There's no standard way to give out a permission that allows only the operations a co-location facility might need to perform - startup, shutdown, IP address change, and maybe encrypted backup.

      Why wouldn't sudo work for this purpose? Or if you are really on the cutting edge, ACL

    • by houghi (78078)

      Well as others have pointed out, sudo can be your friend for access to certain commands. However I think here I would have just changed the password and change it back once all was ready. Also I would look at the logfiles and see that all logfiles are untouched and lokk in .bashrc what they had done as well as anything else.

      Still the easiest bet would have been to change the password for the timebeing and change it back once all is done. You can do that for both root and for plesk.

    • by straponego (521991) on Sunday July 27, 2008 @01:58PM (#24359567)
      Others have mentioned sudo, and indeed it can be very useful, but it's not as secure as many think. For example, if you give some access to vim or other editors, or less/more, they can escape to a root shell. So you have to be very careful with what you allow. I think of sudo more as an tool for accountability and audit trail for non-malicious users. It can keep honest people from making mistakes, and sometimes help you figure out what happened when mistakes were made.

      Sudo in combination with a script that would modify your network config might work in your case. You'd also want to allow shutdown and reboot.

  • by mosb1000 (710161) <mosb1000@mac.com> on Sunday July 27, 2008 @11:42AM (#24358355)

    Some customers will get upset with you if you wait to fix the problem, others will get mad if you don't wait and ask them first. It is a no-win situation.

  • Your rights here are largely determined by the contract between you and the hosting company. Typically, these things will list the conditions under which they will access private data stored on their server. If the contract is silent, then at best they're probably just limited to not selling data to your competitors or posting your naked pictures to porn sites.

    If you are a reseller for this group, you should have more paper than just the website's terms of use and privacy policy -- those are all generally

  • possession is nine-tenths of the law. They physically possess your data ... regardless of any terms-of-service or other contractual issues, if they want to look at your data they will and there's not a lot you can do about it. As others have said, about the only guarantee you can have of privacy in this case would be encryption.
  • by hyades1 (1149581) <hyades1@hotmail.com> on Sunday July 27, 2008 @11:56AM (#24358511)

    This strikes me as one of those situations where what actually happened is less important than the company's reaction to your questions. The initial silence, followed by a response from a company official that is not in harmony with their published policy, screams "guilty conscience". They got caught with their hand in the cookie jar (yours, in this case), and they're just hoping you'll shut up and go away. I find myself wondering whether they routinely snoop databases hoping to find information that might be of use to them.

    Three recommendations: Encrypt everything that matters if you decide to stay with this company; publish their name, along with a factual account of their actions and links to your documentation; if there is a relevant regulatory body or professional association, send your story to them and ask whether the company's actions and response are reasonable under the circumstances.

  • by np_bernstein (453840) on Sunday July 27, 2008 @12:06PM (#24358609) Homepage

    So, a while back - 2001 according to whois, I registered my personal domain at a small webhost. It was my personal domain, and, as such, not something I was to concerned, where reliability was concerned. Anyway, I picked this place off an ad on kuro5hin (heh, remember them?) and did so based *only* on price. It turned out it was running by one guy. Over the years we exchanged a number of emails and got to know each other by name. Now, I address my support emails directly to him, and I know they're not going to screw with my stuff.

    So my advice is this: If you're going to use a webhost, use somewhere small, and take the time to get to know the admins. They'll value you a lot more than some huge conglomerate.

    As for legality, look to the terms of use. If they offered you virtual private hosting, well, there's an assumption of privacy. Otherwise, look at that "terms of service" document you most likely clicked right though.

    And to give the a quick plug (I neither work there, nor have a financial relationship outside of paying) http://ion-web.com/ [ion-web.com] is pretty good. Feel free to tell them Nick Bernstein recommended them, maybe they give me an even better deal.

  • by NitroWolf (72977) on Sunday July 27, 2008 @12:10PM (#24358635)

    Half of you people replying are completely missing the point of the post. He is NOT Co-Locating a server, he is a reseller. He is using the companies equipment and hardware. He owns absolutely nothing hardware wise.

    As such, the company is perfectly within their rights to inspect what data is being stored on their servers, in a SHARED database. He's not the only customer using that MySQL server. He is not the only customer using that CPU, that hard drive, that webserver.

    The hosting company has every right to be sure there is nothing in the database or elsewhere that is going to compromise the other customers.

    That's why you colo a server. Then it's YOURS and YOU control access to it. No one is going to be inspecting anything on it without your consent or at worst, if they hack your password and/or reboot it without your consent into single user mode. Either way, then you'll know something hinky was going on. Whereas if you are just a "reseller," the hosting provider can do whatever they want as root on a box you do NOT own.

    So yeah... if the original poster doesn't like it, he needs to colo a server. If he doesn't want the hassle of that, then you're at the mercy of the system admin.

    • I don't buy that 'compromise other users' argument. It might be a shared database SERVER, but every customer should be at least one distinct database user and should get their own database on that server(*)(**). Nobody should be able to see anybody else. If the database server can't handle it, find one that does. If the hosting company doesn't bother giving everyone their own database user accounts, find one that does.

      The only reason the hosting company should ever look at the contents of a customer's d

      • Re:bad database (Score:4, Insightful)

        by NitroWolf (72977) on Sunday July 27, 2008 @03:43PM (#24360507)

        I don't buy that 'compromise other users' argument. It might be a shared database SERVER, but every customer should be at least one distinct database user and should get their own database on that server(*)(**). Nobody should be able to see anybody else. If the database server can't handle it, find one that does. If the hosting company doesn't bother giving everyone their own database user accounts, find one that does.

        The only reason the hosting company should ever look at the contents of a customer's database is 1) court order or 2) to do transparent optimization to eliminate real performance hits on other users, as permitted by hosting contract. This would cover the case somebody else mentioned where the hosting company added indexes to his database. The hosting company should have kept him informed, though.

        (*) you want multiple users so that the owner of the database tables is different from the web app. You might still get hit by SQL injection if you aren't careful, but you won't have some bozo altering your tables.

        (**) the exception is if the host provides certain tools to all users, e.g., an interface to a credit card processing engine. In this case the app might have a common backend database, but should still be designed so that one user can't see any other user's data.

        So are you under the mistaken impression that because each user has a separate and distinct database and/or database user that that separate and distinct user can't bring down the entire server with crazy tables or poor SQL statements?

        I've seen exactly that many times, and often times you have to dig into the separate and distinct database and find out which table if fucking it up for everyone. On a shared server, such as the one in question, with neophytes creating applications, tables and queries, you are going to run into crazy stuff all the time.

        Before you say "Just disable that users account/application." Yes, that's all well and good, but then you have other problems to deal with. Either way you are going to be dealing with problems. Some people choose to fix the problem, some people choose to disable the problem. Whatever you personally would choose doesn't matter - this particular company and many like it choose to potentially fix the problem (or think they are fixing the problem), and as such they find it acceptable to access user data. Since it's a legitimate way to go about solving the problem, complaining about it is ridiculous.

        If he doesn't like the policy, get a co-lo server and secure the data. Then when something fucks up, you know it's your own fault.

    • by petes_PoV (912422)
      > in a SHARED database.

      He said it was MySQL. the almost universal approah is to provide discrete databases (i.e. files) for each database instance. It's therefore very unlikely that the database itself is shared. Although I agree, the hardware and resources (CPU, memory, bandwidth etc.) will be shared.

  • To provide good support, you need to understand the customer's situation and what the customer is trying to achieve.

    To gain that understanding, you need to look at the customer's actual setup and actual data. If you rely only on the customer's own explanations, you are just setting yourself up for inevitable misunderstandings. No amount of careful explanation is a substitute for looking at the actual data. Also keep in mind the good doctor's advice: Everybody lies. To cure the patient, you simply have to

  • If you wanted them to fix your programming/software/data/configuration issue on a machine they own and manage, then to me, that implies that they have to be able to look at the data itself on at least an as-needed basis. Hopefully they are discrete about it and comply with appropriate privacy requirements (e.g. never disclose what they see to anyone else besides other staff that are also working on your problems).

    What if you owned the machine(s) and they were physically located in your own office space in

  • Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server?

    IMO everyone should expect privacy, however, even with strict privacy policies and expectations in place there should be no surprise that any data which you make accessible is accessed.

    Far to many web application developers are lax on security when developing their applications and storing data. End users running t

  • I'm not sure I see the problem here.

    You said that they looked at your data "presumably, in order to tell me what I was doing wrong." It sounds to me that you were asking for help and they were trying to provide it. I'm having trouble seeing the problem here, either practically or legally. Most privacy policies that I've seen quite reasonably say that the host can look at data as directly needed to provide you the service in question. That's sort of implied by your asking for the service - in this case your

  • by Pedrito (94783) on Sunday July 27, 2008 @12:22PM (#24358765) Homepage

    You're hosting on their servers. I don't think you have much expectation of privacy, frankly. I'm all for privacy, and if you own the box, then nobody should be allowed to look at it, but if you're renting the box, just like a landlord, they should have a right to inspect it for whatever reasons. They are, to some degree, responsible for what that box contains.

    On a slightly different topic, you say they're pretty good except for... And then you have a list of issues with them. I don't know who your host is, but I'd recommend CrystalTech [crystaltech.com]. I have no affiliation with them other than having hosted some sites with them over the past decade or so. Other than the occasional technical problem, for example an upgrade several years ago that broke one of my apps, or one of the two times in the past 10 years when my e-mail went down, they've been solid as rock. Additionally, when I've needed help, both their online tech support as well as their phone tech support were amazing and responsive. I'll never host with anyone else as long as they continue the way they are.

    • Re: (Score:3, Informative)

      by whitroth (9367)

      "...just like a landlord, they should have a right to inspect it for whatever reasons."

      As someone who's lived in rental properties a good bit, in Philly, Austin and Chicago, let me tell you, this is *BULLSHIT*. Every city ->mandates- that a landlord can *not* come in whenever they want, that they are *required* to give you at least a day's notice.

      This prevents large abuses (like walking into your apt when you're female and taking a shower), and small (like the freakin' little old lady, when I was a lot y

  • I don't expect any privacy with my webhost.

    partly because I realize I'm using their hardware on their site.

    but mostly because it's a shared server.

    If I got a dedicated server, I could set my own root password and lock them out. but then, I wouldn't get support.

    If you want their support, you grant them access to the machine and its data to aid in their troubleshooting.

  • by petes_PoV (912422) on Sunday July 27, 2008 @12:35PM (#24358861)
    You lose control over your system.

    While you can discuss the ethics or morality of having strangers accessing (or worse, changing or "accidentally" destroying it - ooops, there goes another database), the fact is that once it's off your site, it's out of your control.

    Wasn't there a case recently of some politician who got their records "snooped" by an outsourced operation - consider yourself lucky that all they're doing is looking. It's not impossible to think that they could take any code you written, or sell off credit card details from your database.

    Second law of outsourcing: you're tacitly admitting that someone else can run your operation better/cheaper than you can.

  • by mckyj57 (116386) on Sunday July 27, 2008 @12:55PM (#24359049)

    You are way overreacting here.

    As an ISP, I look at anything and everything that I think may be related to the problem. Absolutely I look at databases.

    The expectation of privacy is that I won't repeat this information to anyone else. If you have a doctor, it is the same thing. You have no privacy as to the contents of an X-ray, or as to your medical condition. You have expectations of privacy as to disclosure. And if you were damaged, even due to negligence like en clair data streams used by the ISP for their inspection, then you would have a basis for court action.

    If you want privacy from the vendor, seek encryption and take all the upside and downside that it entails. Don't expect support that requires your constant attendance to grant permission. "May I look at this file? At this one? And how about this one?" If you hosted with me and wanted calls like this every ten minutes, I would charge you $200.00 per hour from the moment my hand reached for the phone dial (or IM key, or whatever.)

    • Re: (Score:3, Insightful)

      by mgblst (80109)

      If you have a doctor, it is the same thing.

      Please tell us where you work so we can all avoid it like the plague. This is nothing like a doctor, a doctor is limited by laws put on him, and Hippocratic oath. There is nothing like that for IT, so you shouldn't be looking at the data.

      If it is a shared database, that is one thing. If it is a separate database, then it is off limits.

  • by spinkham (56603) on Sunday July 27, 2008 @01:01PM (#24359101)

    I assume you're using shared hosting. It's a cheap and easy option, but you give up all control of who is on your server, and what they are doing.
    I primarily use VPSes for many reasons including this one. It's a great middle ground between colo and shared hosting, where the host is in charge of giving me hardware and network support, and that is all.
    There are many good VPS providers out there. I personally prefer XEN based hosts to OS level virt like OpenVZ that powers most of the market.
    http://vpslink.com/xen-vps/ [vpslink.com] and http://slicehost.com/ [slicehost.com] are some of the better services I've used, but there's plenty more out there.

  • by mrsbrisby (60242) on Sunday July 27, 2008 @01:03PM (#24359121) Homepage

    If you brought your computer in to Best Buy and said you couldn't play videos- and the techs there saw your naughty pictures in "Your Documents" you took with your wife (or husband), you'd be feeling similarly embaressed.

    You could probably expect that the Geek Squad would not upload your pictures to 4chan. You should also be able to count on your hosting provider to show a similar level of discretion.

    However you can't say the Best Buy was violating your privacy- not intentionally, not clearly. It seems what happened with your mysql was likely an accident- I see no reason to believe otherwise, and you don't seem to either- you're just grasping around their privacy policy like it somehow matters.

  • You didn't specify in your question whether they *needed* to access your database to answer a support related question.

    I used to work for a webhost, first doing low level frontline support, then later I was the system engineer and head escalation handler.

    We never had to detail an official policy on customer data, because it never became and issue. However, it was implied that employees act ethically during the course of business. It is ethical to access your data for the purposes of support, sometimes acc

  • As an systems administrator, you bet your life I'll look at anything when I have reason to. You call with a problem, it's reasonable to look where I reasonably (even if wrongly) think the problem might be. (It's not required, but I do say "I'll need to look at X. OK?")

    I won't go repeating any of that, nor make copies of it (other than backups you are entitled to), or use it in any way - UNLESS you are violating TOS/AUP/or as required by Law Enforcement. It's NOT my data.

    If that bothers you, what would YOU d

  • I am fed up with people and a "reasonable expectation of privacy" in all sorts of areas where you simply cannot REASONABLY EXPECT privacy.

    Data stored ON A SERVER YOU DO NOT ADMIN? Come on!!! SA's have total access to the box.

    Telephone conversations? Sorry, that's going over who knows how many networks to reach the end of the line. Any number of people can easily listen in, and that's not including the government!

    Email? Pretty much the same boat as your email travels through multiple servers you have ze

  • I think it's a cultural thing. I used to live one place and the general idea of the people I there was if you act like you're hiding something, then something's going on but no one really asks about it. However, that wouldn't stop people from prying silently, looking in your window and stuff. It was just what was normal there.

    Where I've moved to now, everyone seems to leave each others' business to themselves and no one seems to care if you hide anything. It doesn't seem the idea to suggest visiting someone

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...