I hadn't heard of Vultr before, so out of curiosity I had a look. I am actually in the market for some lower-end cloud services.
- On their homepage, they list "Cloud Compute - starting at $2.50/month". However, you can't actually look at any details without creating a "free" account. Annoying.
- So I created an account. The first thing that pops up is "enter a payment method". What was that about being a "free account"?
- You can click away from that and go to "Deploy New Instance". Choosing the cheapest options and disabling all the automatically selected extras, the lowest possible price seems to be twice that advertised "starting at" price.
Ok, I looked around. Now I would like to delete that account I had to create. No such option. Asking Google, apparently you can only delete an account by submitting a support ticket.
My first impressions are not particularly positive...
I found this by spelunking deeply into... the main menu where there's a Pricing option. I'm not a Vultr customer and I don't have an account with them.
I was curious and I made an account. And the "enter credit card" thing you complain about is just part of the onboarding flow, along with things like "set up your profile". Is it so crazy that you might want a fast track to put your card in for a hosting service? It's all optional anyway.
Ignoring that (I didn't enter a credit card), there's a prominent Deploy button you can hit.
The issue you see about pricing is that they only offer that cheap price in some data centers. Atlanta has it, but the current default selection of Miami does not. They could definitely do better to make this obvious since they are advertising that minimum, but this is not at all surprising to me who has used tons of cloud provisioning UIs. I don't think it's reasonable to expect the same pricing in all regions, no one actually does that.
Once Atlanta is selected, they also auto select a better compute class by default ("AMD High Performance"). Setting that to "Regular Cloud Compute" gets you down to that $2.50/mo price.
Except for one more thing, they default select Backups for it, and that's another $1/mo.
They could do better about this stuff but it's barely something to get upset about. Before you spin up the server, the final price is listed right there in both hourly and monthly units, which is better than AWS does.
That's not true. The pricing page I link does not require an account, and after you create an account, you can access the actual provisioning UI without entering a credit card. I just did it.
The two factor is a check that you actually control the email you purport to own, it's a perfectly fine thing to do. Are you arguing against two factor by default? Are you arguing that a service shouldn't validate email addresses? Seems especially important for a service that can be used for hacking or DDOS attacks, no?
That's also not true, two factor works before putting in a credit card, as I've said in a related post. I completed an email based two factor request when I did my test and I still have not given them a credit card.
> The issue you see about pricing is that they only offer that cheap price in some data centers. Atlanta has it, but the current default selection of Miami does not. They could definitely do better to make this obvious since they are advertising that minimum, but this is not at all surprising to me who has used tons of cloud provisioning UIs. I don't think it's reasonable to expect the same pricing in all regions, no one actually does that.
They have a one year free-tier you can sign-up for during your trial. I am on that plan now. Still I always forget to search different regions when attempting to launch a free VM, so there is some delay until I remember to choose Atlanta.
Free compute attracts bitcoin miners. Payment methods are a sort of proof that the user is less likely to be abusive, or at least it's much easier to deduplicate accounts by preventing reuse of payment methods across free accounts. In these cases, nothing will be charged, the payment method is just a way of delegating trust to the financial system for having authenticated a human being.
If that’s the problem for them, should at least be communicated to potential customers before they put in their payment info.
But, realistically, they should simply change the onboarding process in order to avoid that issue transparently. Allow free signup and access but require a payment method to spin up a server, for example. Or showing all the features+benefits+pricing without signup.
Something similar happened to me. I was in a hurry so I even put some money in my account, then the $2.50/mo offering was nowhere to be found. I'm guessing they have limited numbers of these and only make them available sometimes... definitely a case of false advertising.
not trying to be facetious or anything, but I doubt their product team is worried about customers that are mad they have to click a few extra buttons to save 1 or 2 dollars per month
For every person who comments there are thousands and thousands who are reading. This is their target customer base -- highly sophisticated technical professionals who have the potential to influence many more non-technical people who take their expertise and opinions as a given. If they aren't worried about it then maybe they should think about it a bit more.
On the other hand, a competent team would care about a negative message being listed first on a popular internet forum frequented by their target demographic.
The corporate leviathan has to first detect that event and analyze it for sentiment. Before any loss mitigating response can be possible in the first place.
Digital Ocean now and Linode in the past have been considered viable providers at the companies I've worked with. Never have I ever heard the same about this company.
> Your loss as a potential customer will certainly go unnoticed, and life will go on for all parties involved.
Do you have an interest in this company or something? Oddly passive aggressive comment.
Vultr is pretty well known amongst the small technically innovative "cloud" hosting companies, and IMO has better offerings than DO. They also have a peering agreement with Backblaze and Cloudflare; no transfer costs between any of the three.
No financial ties, just annoyed by the mob that comes out of the woodwork to pick apart every shitty dark pattern as if that's evidence that this company is overtly malicious, instead of just being stuck in the middle of an accidental PR nightmare.
Really depends on what you expect for 1 Euro. A single CPU core of an Intel Xenon Gold 6230R isn't much but it handles small loads very well. 1 GB memory is okayish. 10 GB SSD? Meh. A dedicated IPv4 address? That's hot! The uptime is flawless and it's fine to host or forward requests and serve as VPN gateway for my personal stuff or host a few small services. For 1 Euro/month it's a good offer. I used it to encode videos for months. No complaints or something from them.
But according to Reddit, once you get into trouble, the support is the biggest weakness. I'm just parroting what other people probably also parroted.
The cheap instances are ipv6 only and only a couple of their regions have them. Atlanta, I think, does. But yeah, it's a teaser that isn't realistic. At least for me.
There are a lot of low-end cloud services, for example you should take a look at virtono.com. They have good prices and they are running promotions all the time.
This entire saga could be reframed as "5-day old Reddit account wildly misinterprets Vultr ToS, causing drama-thirsty social media users to spread it far and wide, generating the company a ton of negative press." — Vultr has released a statement explaining, they clarified their point yet the news is still going around the block.
Those Terms and Conditions could have been clearer, but no one has betrayed anybody, no one is stealing your hosted content and nobody would have said anything if its was not for a redditor with far too much time in their hands trying to interpret legalese, badly.
Disclaimer: I have never used Vultr, I do not care what happens to them because of this, but everybody would benefit from taking every drama-du-jour with a pinch of salt, especially when it comes from a new reddit account.
> "It's clearly causing confusion for some portion of users. We recognize that the average user doesn't have a law degree," Kardwell said.
Making a mistake by stuffing their terms of use with vague boilerplate legalese which could apply to anything is one thing, not taking responsibility for that mistake and clearly stating "we made a mistake" instead just means they ended up rubbing in the stain. People are forgiving of mistakes; hubris, not so much.
As others have pointed out: that line of text was not harmless, and whether you have a law degree or not is not the issue there. It was not malicious in intent, but it was wrong and overreaching nonetheless.
We do not know if it was malicious in intent or not.
It is entirely possible that they felt that they could allow all of their private servers to be crawled by whoever was willing to pay - perhaps with terms to make it palatable (only be used for LLM weights, no human will see it, content may not be regurgitated wholesale, etc).
It could be that this change in the ToS was made to cover their backs. In fact - they may actually have already crawled all of the servers.
They claim this was not their intent. But when it comes to abusing PII that is hovered up by providers, I have been burned too often to assume a mistake.
Can you name one example where the context was not someone who was handling/processing/had the data as a part of their platform (i.e. FB) but rather a hosting provider where you've been burned assuming?
If a ToS is going to be a contract, it has to be interpretable by the person hitting 'agree', no? If someone is confused about what it means and reaches out to the company and they respond by locking the user out of their account which they use to generate their livelihood, it has stopped being an 'oopsie' and become a 'we don't care about our customers, we only care what they give us and will use strangely worded legalese and extortion to get it'.
The response of 'why would they ever assume bad intention by a startup tech company which pivoted recently to focus on AI offerings' crocodile tears just makes it worse.
At this point, barring the existence of an impeccable and long-running reputation, if you assume that any place you store your data is not going to screw you the moment they can to make a buck, then you are hopelessly naive.
Get a life. You can’t go through an average day without using a dozen services that you’d have to hire a lawyer to interpret their TOS.
If you want to hire a full-time personal counsel, go for it.
The rest of us insist on something else. Understandable agreements is something that should be forced on all companies unless we can perhaps win the fight against TOS being legally enforceable in the first place. That would be the best world.
The issue of legalese in ToS is the same issue of "bad code" or "bad engineering". The law is just another system, another conceptual language of communication, except one filled with way more vaguaries, edge cases and grey areas than any software we make.
Companies like they do not want to pay for "good engineering" don't want to pay for "understandable contracts".
However the company itself doesn't want to allocate resources regardless of the actual cost.
Because regardless at your $/hr, a contract that protects the company in the same way and is understandable by the user takes MORE HOURS, than one that just protects the company and fuck the user.
Lots of these lawyers at companies with internal council could do this are a resource that is over utilized already. There's no room for more hours.
Nobody likes legalese so leadership teams just ask legal and ship it. But there's another way, you can just write what you actually want. You can say "we want to be able to use the text content of any post in tool X to train a model".
Yes, you'll need to update your ToS more often if you just say what you want to do instead of "bulletproofing" something forever by making it so abstract it applies to anything in perpetuity - but if you want that, the price you pay is that people will sometimes call you out on it, misinterpretation or not.
Where I live you cannot enter a contract that you cannot be expected to have understood. In fact TOS that are not written in clear understandable language are generally considered to be invalid by courts.
If that many people are misunderstanding the TOS, that's a bad sign.
I mean, I've heard of them now, and hadn't before, and had assumed by the name it was some dumb Buzzfeed-like site. Possibly they'll get some extra business out of it.
Fair enough, though it would be a VERY risky marketing strategy to create a sockpuppet Reddit account to scare senseless their most naive customers, just to generate some publicity :)
While I don’t expect the company to do such PR themselves, from my experience in China it is indeed the case that many major public figures or products began their explosive growth from negative comments like this
https://www.vultr.com/legal/tos/
Section 12:
You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense
through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit
and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known
or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or
compensation to you or to any third parties, for purposes of providing the Services to you.
On top Vultr gives all the liabilities to the v̶i̶c̶t̶i̶m̶ ... customer:
> As between you and us, you own your User Content and you have full responsibility for all User Content you make or submit, including its legality, reliability and appropriateness, while using the Services.
I am not a lawyer but I have seen startups distort/rationalize legal language as their tech services evolve to grandfather new situations into old language.
I don’t know if vultr language is worse than others, but my concern would be that someone selling you out can squeeze a lot in that clause for a long time, particularly if you never find out. Arguably that’s in bad faith, but…
Say that to provide the Services to you, vultr has to supplement its income by (old school) selling your videos to a dvd publishing company, or (newer) creating their own streaming tv channel, or providing them to an AI model training company, or providing them to an “affiliate” advertising-serving broker who slurps your created content and slaps one or more segmentation labels about your content (“kink”, “religion(X)”, “gamer”) tied to your email which it then resells to world+dog?
Ie is selling you out part of what vultr needs to do to provides the Services to you?
I find it very hard to trust companies based solely on their legal language when that language is viewed from an adversarial position. But I am not lawyer to know what kinds of “misreadings” are “beyond the pale”/not legally defensible.
"an adversarial position" is the only position you should assume when interpreting legal texts. After all, if push comes to shove, your the actual adversary. And in any other case the legal text is not needed.
They do offer relatively inexpensive solutions, though. And LinkedIn is a good example of a business whose revenues are largely made from sharing and harvesting data from both paid and free users for the benefit of some of those paying users, and some third parties, too.
Vultr is just even cheekier than LinkedIn.
Who's to say if they'll actually act on this, but them setting themselves up to legally do this is all a bit gross.
"Vultr [will own] [all of your] User Content [and do whatever Vultr wants with] the User Content [...] for the purposes of providing the Services to you."
You could read that as: "if you want to work with us we will own all of your user content".
If you ask your parents if you can stay up late to finish your homework essay, it should follow that you only gain that right until the essay is finished.
If you ask if you can stay up late for the rest of your life, it should follow that you gain that right for the rest of your life.
If you ask for both at the same time, in the same sentence, you might grow up to write TOS for vultr.
> A Reddit post incorrectly took portions of our Terms of Service out of context, which only pertain to content provided to Vultr on our public mediums (community-related content on public forums, as an example) for purposes of rendering the needed services – e.g., publishing comments, posts, or ratings. This is separate from a user’s own, private content that is deployed on Vultr services.
> In order to simplify and further clarify our ToS, we are removing the following sentence from Section 12.1(a) of our ToS
This doesn't seem to be true though. In the Terms of Service[1], "User Content" is defined as this in 12.a:
> (a) You are responsible for the information, text, opinions, messages, comments, audio visual works, motion pictures, photographs, animation, videos, graphics, sounds, music, software, Apps, and any other content or material that You or your end users submit, upload, post, host, store, or otherwise make available (“Make Available”) on or through the Services (collectively, “Your Content,” “Content” or “User Content”)
What is the "Services" then? It's explained here (first paragraph[1]):
> The Terms explain how you are permitted to use the services provided by and through our platform and website(s) (main url located at www.vultr.com) as well as all of our associated internet and online properties [...] Collectively, the Site, the Materials, and the services provided therein are referred to as the “Services”.
Is a website I host in Vultr an "associated online property"? When I upload or modify some of my website content through vultr.com, does it become User Content? This is very over-reaching on purpose (as most legalese tends to be) but not in a good way, I wouldn't want to have to go to court to prove that their non-binding blog post is correct and the binding legal terms are incorrect, neither should I nor anyone.
> Is a website I host in Vultr an "associated online property"?
No, I don't think a reasonable person would read what you've quoted and come away with that interpretation. Maybe I'm a hopeless optimist about what reasonable person means.
Sorry for your downvotes, but they are earned. Predatory TOS [can be|will be|have been] abused by companies regardless of whether “reasonable people” created them or not.
Imagine your car dealer pushed over a 100pg finance contract with a first paragraph that said “we will take all your property if you miss a payment” but the dealer assured you that “we don’t really do that, it’s just lawyer stuff.” then said “you don’t need to read the rest, just sign here”.
How much of a great person would they have to be, and how much of an optimist would you have to be to sign it without reading the rest?
Ah ha, that explains my downvotes. I am not claiming the hosting provider are reasonable people. I'm referring to the reasonable person standard of contract law.
> The Terms explain how you are permitted to use the services provided by and through our platform and....
Platform = hosting.
There's no small text, there's no restrictions, there's no qualification. It said nothing about "public mediums" or "for purposes of rendering the needed services".
The relevant section is taken from part 12 (User Content) where User Content is specifically and narrowly defined as stuff you upload to the website services.
I actually think there is an attempt in the ToS as written to keep the definition narrow in the way that the parent comment quotes, but it is unfortunately not super well drafted, because there is a partially-explicit distinction between "platform" and "services" that may make sense to a legal person, but is not sufficiently clear for a technical person.
So not quite good enough, IMO, but a distinction is being made in the relevant section, and this can be seen if you read the paragraphs in question.
> "[...] and any other content or material that You or your end users submit, upload, post, host, store, or otherwise make available (“Make Available”) on or through the Services (collectively, “Your Content,” “Content” or “User Content”)"
1. the definition of "User Content" includes "your end users", something you can only have when using their cloud platform services, not when you're using their community forum.
2. It refers to "Services", not "website services"
> (a) If You use Our Services for any site, sub-domain, page or business model that allows Your end users or customers to control or upload material to Internet space assigned to You by Us, You shall be deemed to be acting as a "Service Provider" with respect to such services and/or customers. Service Providers include but are not limited to customers which; (i) resell bandwidth as hosts to third parties; (ii) operate user-generated content sites such as forums, "tube" sites, review sites, and online classified advertising sites; [...]
3. This paragraph refers to their hosting/platform services as just "Services", again.
Not only are those terms overreaching, they are copied from elsewhere. Search with Google for "a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers)" and you get quite a few hits. Mostly from small businesses.
Primrose Schools, Rita's Ice, Small's Sliders, Transom Capital, and quite a few other small companies use exactly those words. The first three are franchisors, and the last one is a private equity company. None are in the social media business, for which that clause is clearly intended.
Do all those companies use the same low-budget legal drafting service?
> Do all those companies use the same low-budget legal drafting service?
Yes. Boilerplate rules the legal world as far as I can see. As well as always sneaking in things in the hopes that people will fail to notice and not notice.
Part of the reason for legal boilerplate, however, is that in case of litigation specifics do matter. A "known good" phrasing, therefore, will always be preferred by a lawyer giving you good advice, rather than an original and untested one. In some juristictions (such as Germany), the courts even _require a specific phrasing_ (even if it is bad/confusing for the lay person) in order for something to be legally effective.
This is not laziness on the lawyers' part, it is them doing what is correct, given the priorities they have been given.
I had a professor who founded a few startups, one of which was funded by Microsoft after he had the opportunity to speak with Bill gates.
Regarding ToS and similar things, he told us that especially for startups, they were heavily "inspired" by other startups and other companies and made minor adjustments, so yeah, I don't find it hard to believe it's all a game of copy pasting
We need regulation around this sooo bad. Nobody reads TOS, or at least 99.9999% of people don't because it's simply too much. It's unreasonable to expect people to read these long documents and understand what they mean. We need requirements of high-level overviews in very plain language. Slimming this stuff down and removing BS lawyer fluff is the only way in my eyes.
> Nobody reads TOS, or at least 99.9999% of people don't because it's simply too much.
Huge opportunity for a service using AI that does, then reports on a public site businesses using shady language or hiding traps, possibly assigning a score.
In a way it's a failure of precedent rather than regulation, since ideally the judge would throw some of these contracts out the same as if they had special clauses in microscopic font.
From their statement: "We recognize that the average user doesn't have a law degree" or in other words "you are too stupid" to understand words. Isn't it a bit of catch-22, we put an agreement for you to sign and accept[understanding is implied], but we also understand that you are too stupid to understand it.
Also how is perpetual irrevocable links to commercialize your content in any way they want is required for providing the service?
You hereby grant to Vultr a non-exclusive, *perpetual*, *irrevocable*, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, *prepare derivative works*, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and *otherwise use and commercialize the User Content in any way that Vultr deems appropriate*, without any further consent, notice and/or compensation to you or to any third parties, *for purposes of providing the Services to you*._
Note the part that even you, an apparently not stupid person, are failing to recognize:
> for purposes of providing the Services to you
It's not about being too stupid. Legalese is very specific, not lay language, and you always should refer to your legal counsel for interpretation.
An example that always comes to mind is "hostile workplace". It has a very, very specific legal definition that is different from a lay understanding of such. It's not hard for pitchforks to be raised when the rabble misinterprets a legal term.
Let's be clear. I'm not saying Vultr has done nothing wrong or hasn't overreached here. I'm only responding to your comment in general terms.
Their statement is a utter nonsense and should be treated with as much respect as verbal diarrhea.
They're running a business, and in business these kinds of asinine decisions hurt the bottom line.
Fuck them. Move to a different VPS host. I won't be doing business with them ever again, nor do I have the time to re-read their ToS at some point in the future.
was reading the comments before the article again. never heard of Vultr and assumed by the terms that it was some kind of niche social network. those terms are basically identical to Reddit's so it would make sense.
but a *VPS host*? that's absurd. it's like someone there asked ChatGPT for a new TOS without telling it what the TOS would be for.
> You are responsible for the information, text, opinions, messages, comments, audio visual works, motion pictures, photographs, animation, videos, graphics, sounds, music, software, Apps, and any other content or material that
That's the prefix to your first paragraph, meaning you as the user is responsible for that, not that Vultr is responsible for that.
Your second paragraph is explicitly about "for purposes of providing the Services to you" which it'd be really hard to argue that "using your user's uploaded photo for Vultr's marketing promotion" is for the purpose of providing a service to you, so I don't think you have to be afraid of that.
I'm sure Vultr's terms and conditions contain horrible shit, just like any other terms and conditions. But I don't think those two paragraphs highlight anything more nefarious than usual.
You missed the "in any way that Vultr deems appropriate" clause. This is a classic weasel phrase which means they can do as they please.
"Why did you sell my data to an AI company?" "We deemed it appropriate."
There is also the sublicensing clause, which means they can sell it to anyone, and "process, adapt, [...] modify, prepare derivative works", which has nothing to do with hosting, but allows them to change your data and reuse it for any purpose they "deem appropriate".
"Deemed" in particular doesn't require any sort of reasoning or argument for the company to make any decision it likes. And "appropriate" is not a synonym for "necessary".
"Why did you sell my data?" "We deemed it appropriate for the purposes of providing the Services to you."
What's your legal refutation to this under US law?
(In the EU, this whole clause would possibly be unenforceable from the start, but I know a lot less about EU law.)
That’s remarkable. I’m a huge fan of vultr and I don’t want to believe that this has been done in bad faith, but of course long experience sadly suggests otherwise.
That said, due to the type of service they provide, vultr customers like myself don’t necessarily even have the right to grant them the rights that they claim here. If I run a SaaS and people are uploading photos for work (eg photos of property damage for the purposes of identifying and repairing it), those photos are not my property and must not become public. The idea that this could ever be OK is batshit insane.
So I hope/suspect this policy is going to be reverted pretty quickly, since it seems quite incompatible with their core business.
No way can I risk my customers data being “publicly displayed”!
"Betrayed"? This is so sensational for what amounts to a misunderstanding of a sentence in legal terms that is just long enough for customers (well, Reddit at least) to lose the context. But not for a court, "for purposes of providing the Services to you" is an important part that you shouldn't gloss over just because it's at the end of the sentence.
"Just"? A blog post written this week for terms that have been there since 2021?
A hosting provider suddenly gave themselves a license to do anything they want with the stuff you put on their server. How is that not a betrayal? You trusted them to host your stuff without, for example, re-selling it. They broke that trust.
Even if Services included the actual hosting service (it doesn't in this case, see tons of other commenters quoting the definition for Services in this agreement), it still wouldn't give them a license to use your stuff beyond what's necessary to provide hosting to you.
And anything they do with the content can be explained away as "necessary to provide the service". That's the problem: they're not constraining themselves in any way. They need money to provide the service, so why couldn't they decide that taking art I put on my server and selling it to people is "necessary to provide the service"? It seems like they could at any time decide that their pricing is unsustainable, so monetising customer content is "necessary to provide the service".
And what if they, say, introduce a new generative machine learning feature into the Service which necessitates training on customer content?
If this was truly just about giving themselves the right to do what's technically necessary to provide the service, then 1) doesn't that mean that they were operating illegally before? and 2) they would've just given themselves the rights to do the specific things they need, not literally anything they could want as long as it can be argued to be "necessary to provide the service"
> And anything they do with the content can be explained away as "necessary to provide the service". That's the problem: they're not constraining themselves in any way. They need money to provide the service, so why couldn't they decide that taking art I put on my server and selling it to people is "necessary to provide the service"? It seems like they could at any time decide that their pricing is unsustainable, so monetising customer content is "necessary to provide the service".
Firstly, as I've said in posts that you've replied to, the Services here are their forums and website. Your Vultr account is used both to purchase VMs and to post comments on their forums. "Services" in the agreement refers to their websites, pretty clearly.
Secondly, if we go hypothetical and redefine Services to mean the actual hosting service, if they do that stuff, they get sued. And I think there'd be a good case that the uses you outline would fall outside of that what's needed to provide that service.
You are free to take the pessimistic interpretation, I just don't think it's a reasonable interpretation, especially since even a single legal battle in this area would probably ruin this company.
I haven't seen any comments quoting the TOS that support this being non-hosting services only, even though the CEO is saying that's the case. When looking at the TOS it seems to make very clear that it's talking about all of its services, including hosting services.
That said I do think the intention of the section was just to allow them do what you're paying them for, but the lawyers just got a little too zealous.
> Edit: As an EU customer, and having called my lawyer really quickly, we don't even think that this is legal / would hold up in court in the EU. Also they'd have been required to summarise the TOS changes as by our local law.
While companies can write whatever they want in their TOS, I would wary using the rights I just gave to myself. It can be devastating.
I'm conflicted on comments like that. On one hand, companies make mistakes otherwise they'd never lose in court, but they do from time to time. On the other hand, Vultr has their own lawyers, presumably higher paid and better armed than an individual would have access to, so how confident can one be that their personal lawyer has a better legal theory than the corporate lawyers?
Well I think the Reddit commentator is probably right, but these TOS significantly increase the risk of using Vultr, regardless of the legality in whichever jurisdiction.
The problem is that if Vultr really thinks it can exercise these rights, then there is a risk that proprietary information stored on their servers will be made public -- despite what EU or any other laws might say.
It doesn't really matter if you can take them to court if Vultr causes a data leak that results in the loss all your customers. And most of us don't have the resources to be able to do that anyway.
All of that said. I've found Vultr really good to work with and I am crossing my fingers, though not assuming, that this is a mistake.
I've raised a ticket with them, and I'll give them a couple of weeks before I make plans to pull out. Fortunately I'm still in stealth mode and have zero customers, so I can afford to wait. I'd be absolutely freaking out right now if I had live customers.
What a company write in their TOS is an indication of what they intend to do. Broad scopes also means broad intentions (like startups).
You could read into that, that Vultr is intending to break the law in the EU, however little there is to do about it.
Its a liability for the customers knowing this. But it is also a liability for Vultr who will see it more difficult to establish in the EU, should that ever be wanted.
Happens a lot, mostly when US Companies with a majority of their customers in the US make changes without thinking about other countries/ taking them seriously.
Additionally, ToS really don't count for much in the EU, they're usually not enforcable anyway, if there's anything out of the ordinary at all. There's a whole lot of stuff in ToS nobody is ever going to be able to enforce at all.
They probably expected to fly under the radar, without making sure it's even okay everywhere. Well, that's not going to happen I guess.
I suppose it doesn't make a material difference if it's enforceable, since if you have personal data on their platform right now you have to assume it's been accessed or consumed in some form.
They obviously had an inent to start using the data for something, and given what I know about tech businesses, I wouldn't assume they only started once the ToS change was made. I would consider my data compromised.
It's not even about how much paid/skilled they are.
The new ToS were surely a big project with tens of hours (or more) of research done for it.
The redditor's lawyer just picked up a phone and offered some gut response. My lawyer friends are happy to share their thoughts, but they usually tell me that they need to do research to provide reliable guidance.
If Vultr thinks they have the rights, they will use my data.
The odds that they will ever be found out, that if found out they will be successfully sued, and that if that happens I will be made whole for whatever damage I have suffered, are slim.
The clause implies it is in their mind that they can play these games.
Better use a competitor that explicitly claims that you are renting the server for .. yourself.
I don't use Google Compute, but wonder if their terms are better. It would not surprise me at all if you allow Google to crawl all of your Compute instances and combine that with data from their many other sources (Chrome, Chrome OS, Android services, DNS servers, analytics, usage on their properties such GMaps/Youtube, etc.)
Both of the above TOS explain intent, for example, to monitor data services for metrics. Vultr's clause (12.1) does not explain intent. The phrase "for purposes of providing services" is a vague intent.
>> You and your End Users (as such term is defined in the Privacy Policy) will retain all right, title and interest in and to any data, content, code, video, images or other materials of any type that you or your End Users transmit to or through the Services (collectively, “Customer Content”) in the form provided to Cloudflare. Subject to the terms of this Agreement, you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services.
but doesn't state as Vultr did: "and otherwise use and commercialize the User Content in any way that Vultr deems appropriate" and Cloudflare uses the term "to the extent necessary" which to me seems more specific than a vague wording of "for providing services".
I'm not a lawyer, I'm interpreting this to the best of my abilities. In general, if something feels odd, it's best to back away.
Cloudflare's license grant is quite appropriate because the whole point of a CDN is to make copies of your content and cache them closer to your users. Cloudflare also provides numerous tools that modify, and create derivative works of, your code and images on the fly.
Vultr on the other hand is just a bunch of compute/storage resources hooked up to pipes. They have a rudimentary CDN offering, but that's about it.
If you’re looking for a new GPU cloud because of this, we’ve put all these providers in on place, console, and API so you can find a new one for your needs at https://shadeform.ai
“You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you.”
I was a vultr user for years. I’ve spent thousands of dollars on their services.
When I was setting up my email server I requested to have port 25 opened, but instead of getting it opened I got some copy pasta reply from some senior director, how it can’t be done…
I moved to Hetzner, after 1 month and after the first bill was paid, I requested the same port opened and immediately it was opened.
When was this? My request to get outgoing port 25 opened was approved without questions in a couple of hours back in 2017-ish. (since re-blocked because I changed server)
I assume you submitted the ticket after seeing their support page, and mentioned why you were sending email.
Let's do one thing, host Nintendo content and since vultr now has commercial rights over "my uploads" let's see how Nintendo bites them in the ass. This can be done and dusted in a few days given enough traction
So are they afraid that Warner uploads Dune 2 torrent to their servers and immediately sues them for distribution? And to protect against that, they reserve the right to create Dune 3 out of it using Sora and distribute that themselves?
I once asked Hetzner, do they have protections in place against a rogue employee peeking at data inside my servers, as I was worried about some sensitive data stored in there. Their response was: "If you are asking that question, you are probably mining crypto, so we'll ban you".
Similar experience with Hetzner. They seem to be extremely ban-happy. I get banned when I first sign up for no particular reason other than I tend to have my VPN on. After emailing support and providing identification, I still got banned after changing my billing to use privacy.com
I suppose you could stick with AWS or Azure. I ended up using the VPS that sponsors mailcow (eth-services.de) which is slightly more expensive by a few cents
If this is the case, is there a way to protect against it? Is there a way to keep the data encrypted? Thinking along the lines of bitlocker on windows.
i also opened a ticket about it and support rep responded about it being addressed.
it's still hilarious and absurd for them to lose some customers on something like this, they provide top notch service that competes very well with digitalocean linode scaleway etc.
Seems to be a chicken-with-its-head-cut-off outrage day on HN today. There's tons of other places to spend your outrage, especially since their blog post is right, my first reading of the passage in question ending in "for the purposes of delivering the Service to you" was enough to understand it was a limited license.
I mean hey, could it be more clear and more ironclad that they aren't trying to steal your content? Yeah. But this is a customer service complaint, not a sensational news story.
If they decided that re-selling is necessary for providing the service (for cash flow reasons, for example), what would stand in the way of them doing that?
Because the law doesn't care about your cash flow, and a reasonable person would expect that the fee you pay to upkeep your server is sufficient, since that's how it works in general.
Trying to claim an extraordinary right to hosted works would require extraordinary language in the agreement so that it would not be debatable that they could use the content for whatever they want. Just the fact we disagree about what it means puts it on a bad legal footing if their intent is to have unlimited license to everything in a VM. And that's not a position any company should put itself in. But if they don't do what you worry about, they are on perfectly fine legal footing.
> a reasonable person would expect that the fee you pay to upkeep your server is sufficient, since that's how it works in general
A reasonable person would expect their fees or one-off payments for a myriad of technology products and services sufficient to cover their costs, and yet so many of these are being discreetly subsidised by the selling of customer data. The customer (knowingly or not) ostensibly agreed to that when agreeing to the EULAs.
Arguably that's how it works in general. What's stopping a hosting service from using the same modus operandi to allegedly be able to offer more competitive prices to their customers?
That new URL still just goes to a login screen. I believe this is due to recent reddit policy change.
> whoa there, pardner! Your request has been blocked due to a network policy. Try logging in or creating an account here to get back to browsing.
It seems that reddit has now followed Xitter with requiring logins to drive engagement numbers, effectively rejecting the open web. Extractive screw turning was probably inevitable with the naive central-server design of webapps, but going through the destruction part of creative destruction still sucks.
Hmm the new URL doesn't do that for me; whereas the previous URL did. If the links sometimes do that and sometimes don't, it's going to be hard to figure out what to do, short of banning the site. Boo.
I'm not seeking to defend Vultr here, but perhaps people need to think about this in a sensible manner.
Given the way of today's internet, with GPT-bots crawling your stuff without your permission to use in their services, and with search-engines crawling and generally providing means of content removal that have limited effect .... what else are Vultr supposed to do ?
If you are granting them permission to, for example, "display" your content. Then there's not much they can do if you cancel your Vultr account but your content remains part of the GPT training material ?
I run my private nextcloud server on vultr. Everything is behind a login wall. They absolutely do not have my permission to use my years of notes, legal documents, calendar information, and photos (most of which have never been posted publicly) in any way!
> what else are Vultr supposed to do ?
Continue providing the services they do, with reasonable terms, or die. No, you can't just up and take all my photos and sell them to some AI training dataset because you wanted more money. Sorry!
Maybe it's time that basement servers should be the norm for self hosters.
I bought a HardKermel x64 servers and happy that I have no ToS to worry about. I can send encrypted back ups to utilize any cloud out there without a concern.
Could've tried Pi but some docker packages don't run on Arm.
What are you planning to do? I'm in the same situation, but without accepting the terms i'm no even able to "delete" my server/account. (already backing up things to move away)
That particular Vulture certainly won't fly in the EU.
Without a simple summarization for end users you can't just hide "unexpected" things in ToS-updates. And, well, a cloud-hoster deciding randomy to own your content hosted on servers you pay for is certainly neither expected nor typical.
I'm not a lawyer, I don't know what that means, but it is disturbing enough to make me leave. If they don't want me to leave, they should clarify their intent.
>You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you.
Emphasis mine. They have a perpetual license, but only for the purpose of providing services to you. This is a clause and many TOS, presumably to avoid copyright suits.
>You and your End Users (as such term is defined in the Privacy Policy) will retain all right, title and interest in and to any data, content, code, video, images or other materials of any type that you or your End Users transmit to or through the Services (collectively, “Customer Content”) in the form provided to Cloudflare. Subject to the terms of this Agreement, you hereby grant us a non-exclusive, fully sublicensable, worldwide, royalty-free right to collect, use, copy, store, transmit, modify and create derivative works of Customer Content, in each case to the extent necessary to provide the Services.
>10.2 Permitted Uses and Customer License Grant. Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses”): (i) consistent with this Agreement and as required to perform our obligations and provide the Services; (ii) in accordance with our Privacy Statement; (iii) as authorized or instructed by you; (iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines. You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Uses.
>3.1 Customer Data. Customer and its licensors own the Customer Data, including all Intellectual Property Rights therein. No ownership rights in the Customer Data are transferred to Notion by this Agreement. Customer hereby grants Notion a worldwide, non-exclusive, irrevocable, royalty-free, fully-paid, sublicensable (to Notion’s third-party service providers) license to host, store, transfer, display, perform, reproduce, modify, create derivative works of, and distribute Customer Data in connection with its provision of the Services to Customer. [...]
>You hereby grant us a worldwide, royalty-free and non-exclusive license to use, display, publish, reproduce, distribute, and make derivative works of such Content to provide Services and as otherwise permitted under these Terms and our Privacy Policy; and,
I will argue that each of these examples you've listed has a clearer intent listed. "for purposes of providing the Services" versus "solely to provide and support the Software".
None of them go so far as to say: "and otherwise use and commercialize the User Content in any way that Vultr deems appropriate"
Again, I'm not a lawyer, nor looking to become one, so anything that seems unusual, should be taken with caution in order to protect myself and my IP. I've seen what companies have done to independent developers, and I don't want to suffer a similar fate, only because I couldn't interpret TOS accurately.
Services is a very generic term for anything they offer. They can, for example, offer a free non optional AI tool that allows you to ask questions about the data in your database.
My non-lawyer understanding of the policy is that, for the purpose of providing you with this service, they have the right to use your entire database to train and test the tool. They can even make a contract with OpenAI and sell your data to them for the purposes of building the AI service.
And it’s perpetual and irrevocable, so they can keep their models trained with your data if you decide to leave.
> I am now investigating alternatives for hosting FreeBSD and OpenBSD systems. Preferably that take custom installs.
Hetzner. I am a customer of them. I run FreeBSD on the servers I rent.
The way that I got it installed was I did the following on each of the servers:
1. I booted the Hetzner Linux based recovery image on each of the servers. You can do this from the “Robot” web ui that Hetzner gives you access to for managing your servers.
2. Then I used dd to write an mfsBSD image to one of the HDDs and then rebooted
3. I then sshed into the server now running mfsBSD and then I used that to install FreeBSD.
Section 15c in the ToS seems different from the quote in the article:
As between You and Vultr, Vultr acknowledges that it claims no proprietary rights in or to Your Content. You hereby grant to Vultr a non-exclusive, worldwide and royalty-free license to copy, make derivative works, display, perform, use, broadcast and transmit on and via the Internet Your Content, solely for the benefit of You and to enable Vultr to perform its obligations under these Terms.
Sometimes I feel like I'd be okay with all terms of service and privacy policies changing to "We can do what we want, and you can do nothing, forever" just so we never have to deal with Reddit's finest legal minds attempting to read them.
That's a silly exaggeration, of course. But you've certainly lost your right to make fun of admiralty-fringe style legal theories if you give things like this any credence.
Do you think people should be accepting contracts that are difficult to understand?
Is it people's duty to default to 'I'm sure its fine' if they don't understand the wording, even if it reads to a normal person as if it is doing something against their interests?
If the default is 'assume good intentions' why have a contract at all, or why does the company not make it less far reaching and more accessible?
This 'blame the victim for being to dumb to understand what they must agree to, without being give notice or a chance to option out without being locked out of their account' is kind of misanthropic.
Would anyone work with these people after they did this? They pivoted because they got caught, not because they are trust worthy. They clearly thought a lot, in concert with counsel, about how they could try to steal people's IP. Geniuses thought no one would read the TOS.
The good thing about this outrage is that it creates a downside to just slapping piles of bullshit into your ToS. Hopefully, this will make companies more careful with what they write there, leading to shorter, more understandable, and less user-hostile terms.
My law professor told me to never sign a contract I didn't modify in some way, so I usually change these to be something I like better before hitting accept.
i just migrated to vultr cause of minial api and interface. really hate it when stakeholders make founders take foolish decision :/. guess I'll use linode or something now
The ramifications implied by a certain interpretation (often uncharitable or dishonest) of this terms of service are startling. Imagine a mere virtual server hosting company using the data of small business owners for unintended activities. If that is the case, then the best businessmen must resort to encrypting the code and data they upload to the Internet. Life gets harder for those trying to survive with a startup. So much for a lot of dreams and aspirations...
I disclaim that "the Services" referred to in the Vultr hosting service's terms of service are mostly about social media forum data. It's therefore not really part of an alarming trend of sleazy business practices and scams of, basically, stealing enterprise user data. But what if? Then the neo-hacker reaction I introduced seems like a good lifestyle to embark on.
If you have a valid API key, this still works. If you delete node in the dev tools, you can see the page behind it - but it still comes back on the next page.
Everyone (maybe rightfully) up in arms, but I imagine you would need an agreement like this is they were finally getting on board with something like elastic compute. Everytime they spin up a new machine on your behalf they're essentially redistributing all the files on that machine. I understand everyones gun shy, but I've been using Vultr for years and I'm much less suspicious of them than the likes of google/amazon. I've personally never had an issue with them, but I definitely think it's a healthy response to go fight or flight when you're essentially signing all your rights away.
This passage is a clause from a legal agreement, typically found in the terms of service for a platform or service provider like Vultr. It outlines the rights you, as a user, are granting to Vultr regarding any content you create or upload while using their services. Let's break it down for clarity:
Non-exclusive: Vultr does not have exclusive rights to your content. You can grant similar rights to others.
Perpetual: The rights you grant are everlasting.
Irrevocable: You cannot take back these rights once they are granted.
Royalty-free: Vultr does not have to pay you for the use of your content.
Fully paid-up: No future payments will be required from Vultr to you for the use of your content.
Worldwide license: Vultr can use your content anywhere in the world.
Right to sublicense through multiple tiers: Vultr can grant these rights to other parties, who can then grant them to further parties, and so on.
To use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit, and distribute your content: Vultr can do just about anything with your content, including modifying it and sharing it, in any current or future media or format.
In any way that Vultr deems appropriate: Vultr has the discretion to use your content however it sees fit.
Without any further consent, notice, and/or compensation to you or to any third parties: Vultr does not need to ask for your permission, inform you, or pay you or anyone else to exercise these rights.
For purposes of providing the Services to you: The clause often stipulates that these rights are granted to Vultr so they can operate, improve, and promote their services effectively.
This type of clause is common in the terms of service for online platforms and services. It essentially allows the service provider to operate their platform efficiently, showcase user-generated content, and adapt and improve services without needing to seek permission from users each time they need to handle content. It’s important for users to understand these terms, as they significantly affect how one's content can be used and shared by the service provider.
[typically found in the terms of service] [Let's break it down for clarity] [This type of clause is common in the terms of service for online platforms] [It’s important for users]
This comment reeks like ChatGPT generated content, tbh.
> typically found in the terms of service for a platform or service provider like Vultr
> showcase user-generated content
What? Am I unaware of some service they offer? I don't want an infrastructure provider doing anything with my content. They shouldn't even have access to anything that's not publicly accessible unless someone needs one-off access to help with a support incident.
It's not "content" for a lot of customers. It's private, proprietary information. What if someone is using Vultr to host an app for a company that requires an NDA from the webdev? Are they stuck in limbo as of right now?
The Vultr account owner might not even be the owner of the data hosted in the account. The whole thing is crazy. How are there people here defending this as "normal"?
I mean, it does read badly, and maybe the worst should be assumed, but at the same time:
> You hereby grant to Vultr a non-exclusive, worldwide and royalty-free license to copy, make derivative works, display, perform, use, broadcast and transmit on and via the Internet Your Content, solely for the benefit of You and to enable Vultr to perform its obligations under these Terms.
Given Vultr has a distributed CDN service, could not the "copy", "display", "broadcast" and "transmit" parts be charitably interpreted as part of that agreement? i.e. them serving your content via the CDN?
Edit: it looks like they've updated it already from what the blog post quotes it as?
This is caused by a misunderstanding of legalese. Unfortunately there's no easy cure for this. But I do suggest a dose of ChatGPT to provide perspective (tho, in a nod to pedants and pearl-clutchers, I must concede that you should not sell everything you own, abandon your worldly cares and trust your entire legal stack to ChatGPT, just in case you were instigated to do so by my prior sentence).
The quoted sentence is literally just licensing Vultr to actually serve your content. It may seem baroque but this is the reality of engineering back-translated into legalese to comply with centuries of common law precedent. So, excuse our byzantine APIs but that's how we've always done things around here, so sayeth the lawyerfolken.
My experience with Vultr has been excellent. Very affordable pricing for on demand PAYG VMs and bandwidth. Good service, and as responsive service as you can expect from a small customer team.
Abundant reliability (not to conflagrate any Linodials, but the reliability of their systems appears better than that now-spawn-of Akamai).
On top of all this you can't access your account without accepting new ToS. After login web page show full window modal form with one button "confirm" so you can't reject it. I'm sure most of HN readers can handle this minor obstacle ;-)
After I asked vultr for access to my account without acceptance of new ToS they wrote me back legal slur suggesting I may host questionable content:
>(...) you take the necessary measures to protect minors from accessing harmful material on your website.
>(...) requirements apply to you, including removing any infringing content and safeguarding minors.
I wish people stopped posting threads from Reddit, because they are either full of unverifiable claims (like a post from some time ago that claimed a coworker was messing around with their computer for the last five years), or in this case, outrage sought for the sake of outrage and disregarding the context due to which it has arisen.
In this case, I believe this is due to the introduction of their CDN product, though it would also apply to their object storage product as well.
And while we’re at it, people should automatically disregard what others say because human beings are known to be dishonest. See the problem?
Your blanket claim regarding unverifiability is especially astounding because this one is easily verifiable. The evidence is right here, for everyone to see.
To be fair to vultures, they are majestic creatures who serve an important part in many ecosystems and they are some of the most endangered birds (often due to habitat loss and/or persecution, poisoning).
They should not be seen as negative (as owls and crows are in many cultures) but as the nature cleaners that they are.
How so? They're in the same ballpark as digital ocean and linode who would be their primary competitors, each of which are roughly a 3rd of the cost of AWS/GC/Azure.
A Note About Vultr's Terms of Service - https://news.ycombinator.com/item?id=39865941