main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal
Menu Toggle

Welcome to Vodafone Community

Pay monthly

Website security certificate coming from vodafone content control even though it's off.

4: Newbie

Am I ever going to get a straight answer?

 

Why is it taking so long?

View more options
3: Seeker

Just reported an identical issue. Have been told I will be called back. Based on this thread I'm not holding out much hope. If any of the users who have contributed to this thread have heard back from Vodafone, any updates for the rest of us? 

If it's not fixed very soon I shall be cancelling the service on security grounds. I shouldn't be having to worry about mitm attacks from my isp! 

View more options
2: Seeker

kovacs wrote:

Am I ever going to get a straight answer?

 

Why is it taking so long?


No.

 

Because hiding a MiTM attack like this and making these invalid certificates valid, is impossible, for very good security reasons.

 

The tech's have probably tried to explain this many, many times, including to the government that demands you are spied on. The solution is not to use Vodafone's compromised DNS and instead switch to another party such as Google DNS.

View more options
4: Newbie

Someone in our flat has spoken to them over the course of a couple of months. As can be seen here, they promise that their 'team' is on it, but do absolutely nothing. I think it's a scandal

View more options
3: Seeker

Had another call back from Vodafone. Still no progress, starting to sound like the same responses others in this thread are getting. Lots of "we are looking into it" etc, but no time frames. 

Changing the DNS seems to work, bit shouldn't be necessary. If content control is off, it should be completely off. If it is still on somewhere and messing with https traffic, that's unacceptable to me! Any excuses about particular websites hosting content that is unacceptable is bs, you can access the same websites on all other Internet connections, including Vodafone 4G!

What's more worrying is the amount of users of Vodafone broadband that are unaware of the issue. 

View more options
3: Seeker

Had our final call back from support this afternoon. After removing the content control and reapplying it the issue remains. While the rep we have been talking to has been very good, unfortunately the issue still isn't fixed. Our ticket has now been closed, which I assume means that vodafone have now washed their hands of the issue and will not pursue further, even though there are several in this thread that are in the same boat. No explanation offered, and it seems no further action taken. 

I am looking into the relevant authorities to report this to, as it is a security issue as well as potential mis-selling of the product (having random sites blocked over https was not part of the deal!). 

It seems from both the dismissive reply from Vodafone reps in this thread, and the closed ticket from our case, that this simply isn't being taken seriously. 

View more options
4: Newbie

Count me in.  Absolutely appalled at Vodafones shoddy business pracitices.  As can be seen on this forum, they

have no intention whatsoever of fixing their broken service.

View more options
Moderator

@kovacs and @adx1000 - We’ve not had an update yet, so I’ve chased this up for you today.

We’ll post back here as soon as we have any further information.

View more options
4: Newbie
View more options
2: Seeker

kovacs wrote:

Why is it taking so long?


There is no way to MiTM (spy on) an encrypted connection without serving an invalid certificate.

 

They keep asking their techs, they keep telling them it's impossible.

 

The solution is two fold:

 

a) Use another DNS server such as Google.

b) Lobby your government to remove censorship from your internet.

 

 

View more options
Moderator

Hi @kovacs, we're continuing to chase for an update on this. We'll post more details as soon as we receive them.

View more options
2: Seeker

Natasha wrote:

Hi @kovacs, we're continuing to chase for an update on this. We'll post more details as soon as we receive them.


Don't be rediculous.

 

There is no happy answer to this, simply explain the politics which see you serving forged certificates in order to censor your users.

 

View more options
4: Newbie
View more options
2: Seeker

They won't let me reply... but contact your politicians about the hacking of your connection in an attempt to censor you, if not spy on you. Nothing Vodafone can do seeing they've decided to be complicit in implementing such systems.

View more options
Administrator

@kovacs I understand that this is taking a while - unfortunately we're unable to answer why it's taking so long, however we're chasing updates. 

We highly appreciate your patience with this issue and I do apologise for the inconvenience. 

View more options
2: Seeker

Stop ##~## your users.

 

Just be straight up and honest with them.

 

Inform them this is government mandated censorship and the solution is to lobby politcians.

View more options
4: Newbie

'unfortunately we're unable to answer'

 

Not curious why it's taken 18 months without one solitary update?

Why don't you ask someone

View more options
4: Newbie

A load of posts by you have just appeared. I kept receiving emails saying you were posting, but apparantly you were being censored?

View more options
Moderator

@kovacs While we don't have a timescale at the moment, we are continuing to chase for information from the team. We'll update the thread once we receive further information.

View more options
3: Seeker

The government does not require Vodafone or any other communication service provider to monitor users' internet usage by filtering it through an insecure proxy. The use of the Internet Watch Foundation URL list, as referred to in this thread by KD, Administrator, ‎27-02-2017 07:55 AM, is 100% voluntary. The Investigatory Powers Act that you cannot opt out of has been in the news recently, but is separate to this.

Vodafone needs to stop applying 'protection' when the account holder has selected 'No content control.' Two years have passed, but Vodafone has been unwilling to spend the money to fix this. Other ISPs respect net neutrality and don't route your traffic through insecure proxy servers.

Vote with your wallets.

View more options