Loker
Premium
join:2004-07-11
Fargo, ND
clubs:
| reply to Authority
Re: wtf? comcast asked us not to use VPN
said by Authority  :said by Loker :because they do care about VPN But WHY? If the total bandwidth used i less than someone else who doesn't use VPN at all what's the difference? because they want you on a business package....
--
"While preceding your entrance with a grenade is a good tactic inQuake, it can lead to problems if attempted at work." -- C Hacking |
|
DSL Oberst
join:2001-11-29
| reply to deblin
I can understand that, but since it's not a guaranteed service, isn't this already understood? That is, the person is incurring the risk of using a residential internet connection to work from home and therefore if it does down, they have to live with it or get business service. You'd like to think so, but many...clients didn't see that way. Since I dealt primarily with ADSL escalations for the majority of my time there, I got to talk with a number of clients with complaints in regard to VPN and outages of one sort or another. Example in short form:
- Line got cut by utility
- Telco reconnects line, ADSL is gone, needs reprovisioning.
- Guy calls up, gets reprov, learns of 2-3 week timeframe through Covad, screams bloody murder. Starts talking about how he relys on VPN for business and ZOMG HE'S GOING TO SUE FOR BUSINESS LOSSES.
- I advise TOS.
- Guy doesn't care about TOS, he uses it for business so for him it's a business account, ZOMG SUE!
- Circle. Repeat. 1 hour passes.
- Guy hangs up, files suit, maybe doesn't file suit.
- If suit filed, Earthlink legal beagles present evidence that TOS denies suit, ask for summary judgement, case gets tossed out.
I got maybe 3-7 calls like that a week. That's out of the thousands of disconnects/installs/reprovisions/relocations we were doing. The policy involving business usage was essentially created to isolate the possibility of loss via the OMG SUE, uh, rear-end chapeaus.
Why aren't other ISPs preventing VPN, if it's simple a way to cover their butt? As far as I am aware, ALL ISPs have this boilerplate somewhere in their TOS. However, most of the time, they don't care. When someone (who wasn't screaming their damnfool head off) told me they used it for business, I would say "I didn't hear that, sir/ma'am."
If they got belligerent and demanded that we support business usage - and there would be people calling in and demanding stridently that TS troubleshoot their VPN connection - we had authority to cancel the account immediately, dump their email, and disconnect them. This was to protect the company from liability, nothing more. I can remember twice in four years that I actually felt it necessary to do that. *shrug*
Oh, and then there is the "'Always On' internet means GUARANTEED!!! SUE!!!" argument. Ha, that was always one for chuckles. 
There you have it. I don't believe either side is right, but that's how it worked at ELNK. Notes I compared with reps from other companies never said different there either. |
|
Authority
Obama Biden '12
join:2000-03-29
Beverly Hills, CA
 ·AT&T Yahoo
 ·Packet8
·magicjack.com
| reply to Loker
said by Loker :because they do care about VPN But WHY? If the total bandwidth used i less than someone else who doesn't use VPN at all what's the difference?
--
"Canada" = economically, militarily, politically, and culturally irrelevant. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to DSL Oberst
said by DSL Oberst :The official reason was a) residential accounts had no guaranteed uptime - a person could be down weeks and that would be TOS-compliant, b) said VPN could thus be down for weeks (as in the case of a reprovisioning the phone line to a house) and c) that means that Earthlink could be held legally liable for all business losses incurred by not having VPN available on the account. Thus, Earthlink only supported VPN connections on business accounts, which had a guaranteed uptime of 98%. I can understand that, but since it's not a guaranteed service, isn't this already understood? That is, the person is incurring the risk of using a residential internet connection to work from home and therefore if it does down, they have to live with it or get business service.
Why make it a policy to only allow it for business service? If the user wants to save $50/mo and be able to login to work (let's assume for the sake of argument that said person does not work from home daily, but uses it maybe 10 hours a week total to get some extra work done), why shouldn't they be able to assume that risk?
It's pretty clear from the TOS that, in general, the service has no guaranteed uptime. Which is true for all residential connections. Why aren't other ISPs preventing VPN, if it's simple a way to cover their butt? Their butt is already covered as far as I'm concerned, since it's not a guaranteed service with any guarantee of uptime.
--
"Hey honey! Do you think KFC's still open?" |
|
LeftOfSanity
join:2005-11-06
Felton, DE
| reply to NetFixer
said by NetFixer :said by ecjp :In other words, telecommuting is violating the TOS!? said by rody_44 :thousands use vpn so we know they dont have a problem with it. As has already been posted by quatrix , the Comcast TOS for it's residential HSI service does indeed contain a prohibition against using VPN for commercial purposes. The link posted was not directly to the Acceptable Use Policy, so perhaps that confused some readers. Here is the direct link to the Acceptable Use Policy. And here, is the relevant section of that policy for the hyperlink impaired: said by Comcast High-Speed Internet Acceptable Use Policy :
Prohibited Uses and Activities
Prohibited uses include, but are not limited to, using the Service, Customer Equipment, or the Comcast Equipment to:
ix. resell the Service or otherwise make available to anyone outside the Premises the ability to use the Service (i.e. wi-fi, or other methods of networking), in whole or in part, directly or indirectly, or on a bundled or unbundled basis. The Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider or for any business enterprise or purpose, or as an end-point on a non-Comcast local area network or wide area network;
Whether or not Comcast routinely and actively enforces this prohibition might be debated, but the prohibition itself is clear enough to anyone with a reasonable understanding of the English language. Yea, really it just means...If you can't get it working or have problems with it, we can't help you.
I don't blame them. |
|
DSL Oberst
join:2001-11-29
| reply to deblin
said by deblin :And I'm sorry, but that doesn't sound like a connection TO a VPN violates the AUP. It sounds like you can allow people to VPN _to_ you. Not vice versa. Show me proof that VPN'ing to work from a residential line is a violation of the TOS, then maybe I'll believe it. It doesn't make sense, and if it IS true (which I'm beginning to doubt), it's the most absurd policy I've heard in a while. I do not know about Comcast, but I am able to verify that policy was standard for Earthlink during my lengthy tenure there. The wording of the AUP was essentially the same. The reason that was given for the policy was not for bandwidth problems; Earthlink could have cared less about that.
The official reason was a) residential accounts had no guaranteed uptime - a person could be down weeks and that would be TOS-compliant, b) said VPN could thus be down for weeks (as in the case of a reprovisioning the phone line to a house) and c) that means that Earthlink could be held legally liable for all business losses incurred by not having VPN available on the account. Thus, Earthlink only supported VPN connections on business accounts, which had a guaranteed uptime of 98%.
I would suspect, as this same policy exists with both Bellsouth and Qwest, that this is the reason behind Comcast's policy. |
|
back on topic
@comcast.net
| reply to Authority
the "end point" in the TOS is speaking to a network exit point, not specifically about vpn. A network exit point would be the "upstream" provider for a business or commercial entity. They dont want a residential connection to be a valid exit route (or network end point) for packets leaving a business destined to the general internet. |
|
TOPDAWG
Premium
join:2005-04-27
Midland, ON
·TekSavvy Solutions..
1 edit | reply to Authority
Common sense has no place in big business. Anyway if you were under 100GB I see no big deal. I would use over 200GB back in the day and no a word from comcast.
I paid for the service and comcast was OK with me using that much data so everything was a-ok. I never had a issue with comcast.
Anyway why do people think he is a liar? Maybe he is a verizon spy out to get comcast.
Also I hate no idea working from home to control a work PC was braking the TOS. think it it no more then connecting to wow to control my guy. Hm you learn something new everyday I guess.
Also word to the wise don't ever say what your dong with your net to anyone. |
|
Loker
Premium
join:2004-07-11
Fargo, ND
clubs:
1 edit | reply to Authority
said by Authority :said by back on topic :
Guys lets get this back on topic. Comcast wont shut down vpn, they don't care or monitor vpn usage. Everyone here getting worked up thinking comcast will come knocking on their door cause the use vpn has missed the point. And is getting worked up over nothing.
What we have is the classic bandwidth case. If it's about bandwidth and not VPN one has to wonder why their TOS even mentions VPN at all? Wouldn't it be easier for them just to limit overall bandwidth regardless of application? because they do care about VPN but they do not monitor what applications are doing what...
they want you to sign up for a business package if you are using VPN....but the plain and simple fact is unless you tell them or a technician who really cares sees it they wont ever know....
--
"While preceding your entrance with a grenade is a good tactic in
Quake, it can lead to problems if attempted at work." -- C Hacking |
|
Authority
Obama Biden '12
join:2000-03-29
Beverly Hills, CA
·AT&T Yahoo
·Packet8
·magicjack.com
| reply to back on topic
said by back on topic :
Guys lets get this back on topic. Comcast wont shut down vpn, they don't care or monitor vpn usage. Everyone here getting worked up thinking comcast will come knocking on their door cause the use vpn has missed the point. And is getting worked up over nothing.
What we have is the classic bandwidth case. If it's about bandwidth and not VPN one has to wonder why their TOS even mentions VPN at all? Wouldn't it be easier for them just to limit overall bandwidth regardless of application?
--
"Canada" = economically, militarily, politically, and culturally irrelevant. |
|
back on topic
@comcast.net
| reply to hobgoblin
Guys lets get this back on topic. Comcast wont shut down vpn, they don't care or monitor vpn usage. Everyone here getting worked up thinking comcast will come knocking on their door cause the use vpn has missed the point. And is getting worked up over nothing.
What we have is the classic bandwidth case. If the original poster truly believes that he cannot possibly have logged more traffic than comcast allows then there is either:
1. multicast/broadcast packets hitting through the vpn. Many companies who use IP based phones are based on this. It's common in some situations to see a constant 1mbit or more of phone traffic going through the vpn during business hours.
2. compromised network. The home network is compromised allowing attackers to spam/fxp bounce/botnet and use up resources. Could be a cracked wireless signal, trojaned pc or whatever.
3. His modem has been cloned. His modem mac may be cloned and used by a bandwidth hog. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to hobgoblin
said by hobgoblin :Its clearly not true..... Well apparently quatrix doesn't think so...I just want to know why he thinks so, because while the TOS is ambiguous in the passage he quoted, it still doesn't sound like it's forbidding connect to a VPN.
--
"Hey honey! Do you think KFC's still open?" |
|
hobgoblin
Sortof Agoblin
Premium
join:2001-11-25
Orchard Park, NY
clubs:
| reply to deblin
"It doesn't make sense, and if it IS true (which I'm beginning to doubt), it's the most absurd policy I've heard in a while"
Its clearly not true.....
Hob
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson
|
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to quatrix
said by quatrix :said by Comcast :
Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network. Even if "commercial use" didn't include VPN, VPN would be "an end-point on a non-Comcast local area network or wide area network". And I'm sorry, but that doesn't sound like a connection TO a VPN violates the AUP. It sounds like you can allow people to VPN _to_ you. Not vice versa. Show me proof that VPN'ing to work from a residential line is a violation of the TOS, then maybe I'll believe it. It doesn't make sense, and if it IS true (which I'm beginning to doubt), it's the most absurd policy I've heard in a while.
--
"Hey honey! Do you think KFC's still open?" |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to quatrix
said by quatrix :And making you get a more expensive account to use VPN is about as much extortion as the water company shutting off my service for not paying the bill. They provide a service under their conditions, and you can pay for it or not. Logging into work from home is a very common thing these days, so I'm sorry but I have to disagree. How does logging into a VPN to catch up on some work affect Comcast's network? If a few KB/s to keep the VPN tunnel alive is taxing their network so much, they have serious problems.
There is no legitimate reason why a residential customer shouldn't be able to connect to their place of work. They're not serving anything, they're not selling anything on the connection. They're simply logging into work remotely to be more productive in their job.
I'd love to hear a reasonable justification for this policy. I can't think of a single good reason for not allowing VPN. Yes, Comcast can do whatever they want with their network/service. And people can chose not to use the service or go elsewhere. That doesn't mean it's a justified policy. The only fathomable reason I can think of is to sucker people that work from home into forking over twice as much money to Comcast.
--
"Hey honey! Do you think KFC's still open?" |
|
quatrix
Premium
join:2005-02-11
Davie, FL
1 edit | reply to DMS1
said by Comcast :
Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network. Even if "commercial use" didn't include VPN, VPN would be "an end-point on a non-Comcast local area network or wide area network".
And making you get a more expensive account to use VPN is about as much extortion as the water company shutting off my service for not paying the bill. They provide a service under their conditions, and you can pay for it or not.
All that said, if you use VPN but not too much bandwidth, Comcast likely doesn't care. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to DMS1
said by DMS1 :Before everyone gets on their high horses, I suspect that the term "commercial purposes", which the TOS explicitly outlaws, has a very particular meaning. I take it to mean "in connection with running a business". In other words, you cannot use a residential account as the internet connection for a business. I would argue that an individual connecting into their place of work via a VPN is just a form of personal use. A similar distinction arises with car insurance, where a typical policy prohibits using ones car for business while not prohibiting using it to get to and from work. That's what I hope, too. But the wording is ambiguous and probably intentionally so. I just don't see how they could prohibit connecting to work over a VPN to work from home. If they do that, it's 100% extortion.
--
"Hey honey! Do you think KFC's still open?" |
|
DMS1
join:2005-04-06
Carrollton, TX
| reply to deblin
Before everyone gets on their high horses, I suspect that the term "commercial purposes", which the TOS explicitly outlaws, has a very particular meaning. I take it to mean "in connection with running a business". In other words, you cannot use a residential account as the internet connection for a business. I would argue that an individual connecting into their place of work via a VPN is just a form of personal use. A similar distinction arises with car insurance, where a typical policy prohibits using ones car for business while not prohibiting using it to get to and from work. |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
| reply to NetFixer
No I understand you were just quoting Comcast. I just think it's extortion to require business service just to VPN into work.
--
"Hey honey! Do you think KFC's still open?" |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
3 edits | reply to deblin
I didn't write, nor do I enforce Comcast's TOS, I only posted the relevant section regarding corporate teleworker usage of their residential HSI accounts. Anyone who wants to setup a VPN over a Comcast residential HSI account to their company's LAN is free to do so as far as I am concerned, but don't pretend to be surprised if Comcast decides to enforce the TOS and shut your service off.
The screen capture below, taken from »https://www.comcast.com/business/teleworker.html shows Comcast's official service for teleworkers.
EDIT: I originally posted the wrong link and image.
--
We can never have enough of nature. We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
