How to lose all your customers if you are a WISP
First off I better explain what a WISP , it means Wireless Internet Service Provider. For this sorry tale the WISP in question is OceanTelecom who operate in West Waterford/East Cork.
I got a call the other day from my friend’s wife who was having problems receiving mail from her eircom.net account when using POP to retreive it. Sometimes she would get some mail and other times none. Using the webmail interface to her account she could see her mail there. All this started she claimed around two weeks ago.
Strange thought I, but then she mentioned that she had gotten a few spam reports in her mail.
Even stranger thought I, so I asked her to forward one of them on to me and here’s what I saw:
This mail was generated automatically from Endian Firewall, which runs on
efw1-oceantelecom.localdomain.(none) for scanning all mails for spam and viruses.In a mail sent to you a virus has been found.
Virus name: Suspect.Bredozip-zippwd-2
Sender of the email: “DHL Manager Felipe Dove” <shipping@dhl.com>
Subject: DHL delivery problem number 25130.
Connection date: POP3 from 149.5.34.3:11778 to 159.134.198.135:110
Message File: Per instruction, the message has been deleted.Instead of the infected email this message has been sent to you.
Regardless of the fact that it was a virus, it was the very fact that it had been intercepted before it got to her PC was annoying her. Her POP session to eircom’s mail server was intercepted by her ISP. Her ISP acted as a POP proxy without her permisison. Therefore her ISP is effectively snooping on her mail. You can see clear as day in the report above that their firewall intercepted her connection to eircom’s POP3 server.
As you can imagine this really, really annoyed her so she rang ComReg (Ireland’s Communications Regulator) to find out if OceanTelecom were allowed to do this. ComReg said it was a grey area and advised her to contact the office of the Data Protection Commissioner which she duly did. The advice she received from the DPC was that they should not be snooping on her mail as her mail is not being hosted by her ISP.
With this information in hand, she rang OceanTelecom to compain and promptly received torrents of abuse from the owner! Ranting and raving about how he is protecting his network, etc, etc and if she didn’t like it she could cancel her account! How about that for customer service?
But when she informed him that she had already contacted ComReg and the DPC he terminated the call! He hung up a call from a loyal customer of over two years!
She rang me yesterday to tell me what had happened and that that she was naturally going to change her ISP which is only right IMHO.
So, for anyone looking to choose an ISP keep this information in mind. An ISP is an internet service provider. Their only obligation should at it’s most basic level to provide you with access to the internet and nothing else. Everything else should be optional. How you use your internet connection should be of no interest to your ISP once you keep within the terms of your contract, the laws of the land and adhere to their fair use policy. You can view eircom’s policy here. Some choice quotes from their policy are:
eircom net will use its reasonable endeavours to prevent unauthorised access to the Service by third parties, but shall have no liability to the Customer for any unauthorised access to the Customer’s computer system. The Customer is responsible for selecting and properly using any security procedures made available by eircom net as well as other procedures and measures necessary to safeguard and back-up the Customer’s files, data and programs or any other form of information
and
You acknowledge that eircom net has no control over the information which can be accessed by using eircom net services and that we do not examine the use to which you or other users put the Services or the nature of the information you or they are sending or uploading. We therefore exclude all liability of any kind for the transmission or reception or such information of whatever nature.
Pretty much common sense. The onus is on the customer to remain secure, eircom as an ISP only provide a service which is more than can be said for OceanTelecom.
However I understand that OceanTelecom is a privately owned business and ultimately it is their network and they can pretty much do what they want but I would not have expected that to include interfering with clients e-mail that is hosted elsewhere. I certainly wouldn’t like my ISP reading my mail before me. Some serious privacy implications there.
If you are an OceanTelecom customer or are considering becoming one, based on the above I would suggest you avoid them or terminate your subscription. If anything the shocking and abusive customer service alone should be good enough reason.
Interestingly:
- Last weekend, I had to deal with another of their customers who their systems cut off without warning.
- They removed their AP from my house as they couldn’t make the damn thing work.
If your contact is interested, I have an alternative for them.
Ruairi
Cheers Ruairi,
I’d be interested in the alternative. I’ll be in touch shortly.
Good post Robert, they must be some shower eh!
would this only affect port 110? i wonder what other kind of snooping they are doing. probably some port 80 stuff as well. this is almost as bad as meteor and trying to disable STARTTLS on port 25 even though they will probably say its for preventing spam
They are probably proxying as well Dan, I know quite a few ISP’s provide transparent proxying to their customers.
That’s not necessarily a bad thing as it can actually speed things up a bit for the customers. Modifying that content is another story though!
they aint cheap either! 100 Quid for 3mb connection…
i remember NTL used to have a hidden proxy for web serving years ago, but lucky its gone now… why are eircom still using insecure pop3 though? if your ISP can take your details and pass them on as their own, and take the response, mess with them and pass them back to you, its not very secure on eircom’s part either… Gmail have secure pop3 and secure imap so this cant happen… why dont eircom?
Tiernan,
POP3 is comparitively insecure anyway. Sending plaintext passwords etc.
For the average user setting up a POP3 account is relatively simple plus don’t forget that a large majority of people with eircom.net mail addresses are probably using eircom as their ISP. Setting up an encrypted POP account is adding an extra level of complexity for people who can’t/don’t want to know about these sort of things. They just want to access their mail.
In the case above she had already made her connection to eircom, her ISP’s firewall is busy listening to all traffic on port 110. It can probably scan all other traffic too.
can she not use TLS on the POP3?
Shite! I missed your comment until now Dan, Sorry!
I don’t think eircom support TLS on POP3 yet.