Reasonable Expectation of Privacy From Web Hosts?

Shafted writes "I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong. Regardless of the fact that they missed the boat with regards to the support question, I found it surprising that they would access my database data without my consent. When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?" Read below for the rest of the question.

Shafted continues: "I did get a response from one of the higher-ups, who said it was ok - they were perfectly within their rights, and their privacy policy supports that. Problem is, I've read the privacy policy, terms of service and acceptable use policy, and nowhere does it make mention that they have the right to look at files or data. It does indicate that I am the one who owns the data (presumably to cover copyright infringement). Another fellow indicated he felt that, as site admin, he had the right to look at whatever he wanted on the site, whether it's his data or a customer's (he, from what I can tell, is not an employee). I can understand looking at data to determine whether it violates the AUP or TOS, provided that it's justified (i.e. a scanner or audit indicates that something fishy is going on). But since I haven't violated the AUP or TOS, do they have this right? Is this something all web hosting companies do? If it isn't expressly stated, either that they do or do not have the right, does that automatically give them the right? Is this an industry norm, or did someone make a mistake and they're simply unwilling to admit to it? I'd really like to hear what some of you have to say, knowing that many of you probably have sites hosted by third-parties, and some of you may work for web hosting companies. Since this is the first one I've ever dealt with, I'm unsure whether I should expect this anywhere else, and if so I may end up going back to self-hosting."

Re:You're a dumbshit.

[Anonymous Coward]

Wow.. I think this is the first time I've seen an Ask Slashdot so comprehensively addressed in the first comment. Nice going, dude!

As this issue has been so speedily resolved, I propose this discussion be archived immediately and we all move on to more contentious, problematic issues in other stories.

Re:I've had worse.

[Allicorn]

REN Now, listen, Cadet. I've got a JOB for you. See this button? (Stimpy reaches for the button) DON'T TOUCH IT! It's the HISTORY ERASER button, you FOOL!

STIMPY So... what'll happen?

REN That's just IT! We don't KNOW! Maayyyybeeee something bad?... Mayyyybeeee something good! I guess we'll never know! 'Cause you're going to guard it! You won't TOUCH it, will you?

(Stimpy salutes. Ren leaves.) REN Hehhhh... hehhhh... hehhhh... hehhhh...

(Stimpy marches back and forth, staring at the button.) ANNOUNCER Oh, how long can trusty Cadet Stimpy hold out? How can he possibly resist the diabolical urge to push the button that could erase his very existence? Will his tortured mind give in to its uncontrollable desires?

(Announcer grabs Stimpy, forces him closer to button) Can he resist the temptation to push the button that, even now, beckons him ever closer? Will he succumb to the maddening urge to eradicate history? At the MERE... PUSH... of a SINGLE... BUTTON! The beeyootiful SHINY button! The jolly CANDY-LIKE button! Will he hold out, folks? CAN he hold out?

STIMPY NO I CAN'T!!! EEEEEYAAAHHHH! (pushes button)

Re:Slippery Slope?

[bishiraver]

Yeah, but what self-respecting landlord would, upon a maintenance request for a leaky pipe under the kitchen sink, come in and: snoop through your financial documents, put on your wife's dress and dance around in it before putting it back, sniff your underwear, switch your toothpaste with your foot cream, and possibly - while they're at it - poke holes in all your condoms?

Re:You're a dumbshit.

[Anonymous Coward]

Try to understand: 4chan is down.

Re:Slippery Slope?

[cdrudge]

I see we've lived in the same apartment complex...

Re:I've had worse.

[sjames]

A zillion years ago, I had a shell account at an ISP. One day I saw evidence that a program in my directory had been run by root (it created several files as a result of running). That, in itself, didn't much matter, there were no privacy implications in that case, but the idea that root ran some unknown binary laying around in a customer's home directory was concerning.

Resolution: I left another binary in plain sight that when run immediately spawned several copies of itself and claimed it would wipe the filesystem in 10 seconds. Of course, when the countdown reached zero, all it did was say "Don't run random things as root, you don't know where they've been" and then cleanly terminated.

Re:Slippery Slope?

[Anonymous Coward]

You do realize that in your analogy, you went to a doctor with a headache and ended up with a camera shoved up your ass WITHOUT ANY FURTHER INPUT FROM YOU, and you're implying that that's just peachy. This is, of course, ludicrous in the extreme, and serves only to hammer home the point you're opposing, quite effectively actually. I would have chosen the exact analogy you used to drive the opposing point.

You do realise that you just claimed that you would have chosen the exact same analogy as quantumplacet? Or to put it another way, not only is quantumplacet sitting around thinking about doctors ramming cameras up peoples' asses, so are you! Now if you two want to sit around daydreaming about doctors shoving cameras up patients' rectums, that's your own personal problem. Maybe it'd be better for you to get a private chatroom where you can discuss your medico-photographical fantasies and leave Slashdot out of it.

Re:encrypt your data or dont co-lo

[Geak]

"Reasonable Expectation of Privacy" and "Web" in the same sentence. Feeling optomistic?