Phones
Mobile + Broadband
Unlimited
SIM only
Wearables
Mobile broadband
Deals
Broadband + Mobile
Support
Billing & payments
My products
Settings
Vodafone apps
Costs and charges
Support
Network
More
Discover 5G
Welcome to Vodafone Community
Support won't be able to answer you.
Most likey you've just ran into their MiTM attack against users on mobile. Not exactly sure why they do it, but support aren't even aware of how great an issue this is so unlikely you'll get any help here.
Maybe a Class Action would sort it.
So. I've been with Vodafone less than a month, what are my rights here, I've read all 9 pages of this complete shambles and I knew something was very fishy when I saw the certificate in my browser.
I see some people mention a one month cooling period?
I'll be honest I know you can change the Dns and I normally do but I'm also locked into using one of their routers so who's to say they are not monitoring things there too. Basically I've lost all trust and I want to leave.
I don't want Vodafone to give me one of these standard BS messages about contacting support or sorry I want to leave. If someone can tell me my rights I'm leaving and I'm taking Both my broadband connections with me! All traffic from this day forwards is going through my vpn
This is a Complete disgrace
Hi @slacksmeridian if you're within 30 days of your contract, you do have the right to leave. Granted it would be a shame for you to do so, but you can. You'd be charged for the amount of services that you've used up until your final cancellation date.
If you wanted to cancel you'd need to call us on 191 from a Vodafone mobile or another UK number 03333 040 191.
Too true mate! You can use Googles DNS servers but who knows, wether they are stil monitoring you
Maybe wireshark might give you an insite in to this
I have unfortunatly gone past my 30 days, but would ignore any charges from vodaphone anyway, as i do not believe that they make it clear in the terms that they would be inserting there own certicate inbetween the request and the reponse (Man in the middle), attack and stop us going to thousands of websites
Vodaphoe are crap
I'm also having problems with this since switching to Vodafone.
It is unacceptable that Vodafone still pass data through content control even if you disable content control. That is false advertising, as I was told content control could be switched off.
It is also ethically wrong to do a man in the middle attack to insert their own security certificates in this way.
Why are they still doing this after users have complained for years about this?
Hi all
I've been having this problem for a while. A few days ago I read through this entire thread so understand the problem. As Vodafone have not properly resolved this at all over the few years it appears to have been a problem, I have raised this with Ofcom, the communications regulator, as an issue.
I will update here as this proceeds.
Would be good to know what the policy is with this breach of security.
It obviously only applies to certain sites.
Ofcom seems to be the only way to go because none of the mods here seem to know.
I added the security workaround to Firefox by adding the vodafone certificate. Even that seems to be breaking. I get this error from the proxy server roughly 50% of the time which breaks Imgur files.
<<
The following error was encountered while trying to retrieve the URL: http://i.imgur.com/3SRSVYw.gifv
ICAP protocol error.
The system returned: [No Error]
This means that some aspect of the ICAP communication failed.
Some possible problems are:
The ICAP server is not reachable.
An Illegal response was received from the ICAP server.
Generated Fri, 14 Dec 2018 08:01:38 GMT by iwffilter.broadband.vodafone.co.uk (squid)
>>
Please can you stop intercepting websites?
I find this absolutely incredible. It's hard to believe that this is not a bigger story.
For what it's worth i suspect this is something to do with the IWF blacklisting some images on Imgur, and the fact that https obfuscates the URL. So the only way VF can think of to block the specific URLs is to intercept all the traffic to that domain, decrypt it, then re-encrypt it.
But telling people that it's OK to accept certificates that are not valid is dangerous.
I'm gald Vodafone aren't my ISP.
My brain training puzzle site - It's good go look
> I added the security workaround to Firefox by adding the vodafone certificate
Why would you do this? You have just compromised your entire chain of trust, if I understand it correctly. I'm not even sure if you can rectify this by simply removing the certificate, because you can't be sure others have been installed. Someone with more knowledge can clarify please!
I don't think it's possible to install a certificate directly from a website without user interaction. At least i can't think of a way to do it. But then the kind of person who is willing to do the VF suggested workaround probably OKs everything.
@dm319 wrote:> I added the security workaround to Firefox by adding the vodafone certificate
Why would you do this? You have just compromised your entire chain of trust, if I understand it correctly. I'm not even sure if you can rectify this by simply removing the certificate, because you can't be sure others have been installed. Someone with more knowledge can clarify please!
My brain training puzzle site - It's good go look
Hi flagpole,
Looking through my certificates I have loads of certificates under 'authorities', and a few under 'servers'. I don't really remember ever adding these manually or agreeing to them - I thought they were added on the basis of a chain of trust?
Not a security expert, so I get a bit confused with the details.
Just wanted to add that I was having issues with images on websites as well. Imgur was one, but also those hosted at i1.wp.com too. The error message seemed to indicate they were being filtered by Vodafone content control, even though I have that turned off. Solved by changing my router to use Google DNS servers, but it really is ridiculous that this hasn't been solved by Vodafone yet, and the suggestion to call support is ludicrous. I can just imagine trying to explain all this to someone on the end of a phone!
In case anyone technical from Vodafone is reading, though:
"i1.wp.com uses an invalid security certificate. The certificate is only valid for contentcontrol.vodafone.co.uk The certificate expired on Monday, December 10, 2018, 12:00 PM."
For what it's worth, you are correct about this having to do with poorly implemented IWF compliance.
As far as the rest of this thread goes, what I will say is this:
As a privacy advocate myself, this is a rare case where I can quite confidently remove my tinfoil hat and say that I do not believe Vodafone is "monitoring" anything meaningful using the Vodafone-branded Huawei routers beyond the usual error management stuff and so on. It is correct that accepting the MitM certificates discussed in this thread means that the associated traffic can be tracked, however using different DNS servers circumvents this completely and I have seen no evidence whatsoever that there is anything nefarious going on within the router. On the contrary, I do not believe for a moment that what Vodafone has in place is anywhere near sophisticated enough to achieve something like that.
Ultimately, the rather large problem this thread pertains to is not indicative of malicious intent; rather, it is a symptom of the company's ineptitude as a relatively new ISP (although you'd think they'd have this down after years of supplying business broadband, but never mind).
Thanks for your comment pipefan413. I agree not to ascribe to malice what can be easier blamed on incompetence. Apologies if that has caused a linguist to be sick. It's also interesting to see what you have to say about the router.