Pay monthly

So. I've been with Vodafone less than a month, what are my rights here, I've read all 9 pages of this complete shambles and I knew something was very fishy when I saw the certificate in my browser. 

I see some people mention a one month cooling period?

I'll be honest I know you can change the Dns and I normally do  but I'm also locked into using one of their routers so who's to say they are not monitoring things there too. Basically I've lost all trust and I want to leave.

I don't want Vodafone to give me one of these standard BS messages about contacting support or sorry I want to leave. If someone can tell me my rights I'm leaving and I'm taking  Both my broadband connections with me! All traffic from this day forwards is going through my vpn

This is a Complete disgrace 

Hi @slacksmeridian if you're within 30 days of your contract, you do have the right to leave. Granted it would be a shame for you to do so, but you can. You'd be charged for the amount of services that you've used up until your final cancellation date. 

If you wanted to cancel you'd need to call us on 191 from a Vodafone mobile or another UK number 03333 040 191.

Too true mate! You can use Googles DNS servers but who knows, wether they are stil monitoring you

Maybe wireshark might give you an insite in to this

I have unfortunatly gone past my 30 days, but would ignore any charges from vodaphone anyway, as i do not believe that they make it clear in the terms that they would be inserting there own certicate inbetween the request and the reponse (Man in the middle), attack and stop us going to thousands of websites

Vodaphoe are crap

I'm also having problems with this since switching to Vodafone.

It is unacceptable that Vodafone still pass data through content control even if you disable content control. That is false advertising, as I was told content control could be switched off.

It is also ethically wrong to do a man in the middle attack to insert their own security certificates in this way.

Why are they still doing this after users have complained for years about this?

Hi all

I've been having this problem for a while. A few days ago I read through this entire thread so understand the problem. As Vodafone have not properly resolved this at all over the few years it appears to have been a problem, I have raised this with Ofcom, the communications regulator, as an issue. 

I will update here as this proceeds. 

Would be good to know what the policy is with this breach of security.

It obviously only applies to certain sites.

Ofcom seems to be the only way to go because none of the mods here seem to know.

I added the security workaround to Firefox by adding the vodafone certificate. Even that seems to be breaking. I get this error from the proxy server roughly 50% of the time which breaks Imgur files.

<<

PS. Actual URL would obviously be

https://i.imgur.com/3SRSVYw.gifv

I find this absolutely incredible. It's hard to believe that this is not a bigger story.

For what it's worth i suspect this is something to do with the IWF blacklisting some images on Imgur, and the fact that https obfuscates the URL. So the only way VF can think of to block the specific URLs is to intercept all the traffic to that domain, decrypt it, then re-encrypt it.

But telling people that it's OK to accept certificates that are not valid is dangerous.

I'm gald Vodafone aren't my ISP.

> I added the security workaround to Firefox by adding the vodafone certificate

Why would you do this?  You have just compromised your entire chain of trust, if I understand it correctly.  I'm not even sure if you can rectify this by simply removing the certificate, because you can't be sure others have been installed.  Someone with more knowledge can clarify please!

---

@dm319 wrote:

> I added the security workaround to Firefox by adding the vodafone certificate

 

Why would you do this?  You have just compromised your entire chain of trust, if I understand it correctly.  I'm not even sure if you can rectify this by simply removing the certificate, because you can't be sure others have been installed.  Someone with more knowledge can clarify please!

---

Hi flagpole,

Looking through my certificates I have loads of certificates under 'authorities', and a few under 'servers'.  I don't really remember ever adding these manually or agreeing to them - I thought they were added on the basis of a chain of trust?

Not a security expert, so I get a bit confused with the details.

Just wanted to add that I was having issues with images on websites as well. Imgur was one, but also those hosted at i1.wp.com too. The error message seemed to indicate they were being filtered by Vodafone content control, even though I have that turned off. Solved by changing my router to use Google DNS servers, but it really is ridiculous that this hasn't been solved by Vodafone yet, and the suggestion to call support is ludicrous. I can just imagine trying to explain all this to someone on the end of a phone!

In case anyone technical from Vodafone is reading, though:

"i1.wp.com uses an invalid security certificate. The certificate is only valid for contentcontrol.vodafone.co.uk The certificate expired on Monday, December 10, 2018, 12:00 PM."