Vultr - now claiming full, perpetual, commercial rights over all hosted content
-
In their latest Terms of Service
https://old.reddit.com/r/selfhosted/comments/1bouuv7/warning_vultr_a_major_cloud_provider_is_now/
"If you've got any servers running on Vultr, you may not want to accept the new terms of service.
Vultr's new agreement requires its customers to fork over rights to our apps/software/data/anything hosted on the Vultr cloud platform. That goes way too far. No other datacenter company requires this.
Here is the relevant section from Vultr's new TOS:
information, text, opinions, messages, comments, audio visual works, motion pictures, photographs, animation, videos, graphics, sounds, music, software, Apps, and any other content or material that You or your end users submit, upload, post, host, store, or otherwise make available (“Make Available”) on or through the Services (collectively, “Your Content,” “Content” or “User Content”). ... You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you.
This is NOT standard contract language for web services. I don't know of anywhere else that requires this.
For comparison, Digital Ocean specifically limits this clause to uploads on their website (ie, for community articles, forum posts, etc), not for all hosted services (which would include virtual machines, databases, etc). Additionally, commercialization rights are not granted and it is not perpetual:
Digital Ocean TOS Excerpt:
We will periodically differentiate between our websites such as digitalocean.com (which we will refer to collectively as the “Websites”) and all of our other services, such as our cloud infrastructure and other paid services (which we will refer to collectively as the “Services”). ... By providing your User Content to or via the Websites, you grant DigitalOcean a worldwide, non-exclusive, royalty-free, fully paid right and license (with the right to sublicense) to host, store, transfer, display, perform, reproduce, modify for the purpose of formatting for display, and distribute your User Content, in whole or in part, in any media formats and through any media channels.
Though requesting limited permissions for the purposes of user uploads on a forum or other community site is fairly standard, it is not reasonable for a service provider partner to require full, irrevocable commercial rights of anything hosted on their services. That'd let Vultr take and monetize customer databases, apps, software, etc. which almost every business and personal user would likely find objectionable. Vultr needs to restrict their request as is done elsewhere in the industry.
Here is another example -- AWS does not have such broad terms, except for their generative AI product:
50.12.7. PartyRock Apps. “PartyRock App” means any application created or remixed through PartyRock, including any app snapshot and all corresponding source code. By creating or remixing a PartyRock App, you hereby grant: (a) AWS and its affiliates a worldwide, non-exclusive, fully paid-up, royalty-free license to access, reproduce, prepare derivative works based upon, transmit, display, perform and otherwise exploit your PartyRock App in connection with PartyRock; and (b) anyone who accesses your PartyRock App (“PartyRock Users”), a non-exclusive license to access, reproduce, export, use, prepare derivative works based upon, transmit, and otherwise exploit your PartyRock App for any personal purpose. We may reject, remove, or disable your PartyRock App, PartyRock alias, or PartyRock account at any time for any reason with or without notice to you. You are responsible for your PartyRock Apps, PartyRock Data, and use of your PartyRock Apps, including compliance with the Policies as defined in the Agreement and applicable law. Except as provided in this Section 50.12, we obtain no rights under the Agreement to PartyRock Data or PartyRock Apps. Neither AWS, its Affiliates, nor PartyRock Users have any obligations to make any payments to you in connection with your PartyRock Apps. You will defend and indemnify AWS and its Affiliates for any and all damages, liabilities, penalties, fines, costs, and expenses (including reasonable attorneys’ fees) arising out of or in any way related to Your PartyRock Apps or your use of PartyRock. Do not include personally identifying, confidential, or sensitive information in the input that you provide to create or use a PartyRock App.
Note how the license grant doesn't infect the rest of AWS offerings, but is only restricted to their AI product offering "PartyRock".
It's possible Vultr may want the expansive license grant in order to do AI/Machine Learning based on the data they host. Or maybe they could mine database contents to resell PII. Given the (perpetual!) license, there's not really any limit to what they might do. They could even clone someone's app and sell their own rebranded version, and they'd be legally in the clear.
I sent my objection to Vultr support, but I've just been getting the run around so far. I've been trying to get them to at least let me access my account without agreeing to the new TOS so I can migrate out to another provider, but I'm now on day 5 of being locked out with no end in sight. Migrating all my servers and DNS without being able to login to my account is going to be both a headache and error prone. I feel like they're holding my business hostage and extorting me into accepting a license I would never consent to under duress. I'm self employed and the product I host (currently) on Vultr is what pays my rent, so not being able to manage it is a pretty serious concern for me.
Anyway, I don't know what Vultr's plans are, but I think it's definitely worth pushing back on this overly expansive license grant they're giving to themselves. If Vultr gets away with it, other cloud providers may try to sneak it into their contracts, too
" -
ccfureplied to LoudLemur on Mar 27, 2024, 5:34 PM last edited by ccfu Mar 27, 2024, 5:42 PM
I am very sure this clause would be illegal in EU countries under unfair contract terms legislation. At least for contracts with consumers. Not to mention potential conflicts with the GDPR. If this change also affects EU customers it won't be long before they find themselves in very hot water.
What are they trying to achieve here though? No business in its right mind is going to host anything with them if that means consenting to such a license for anything they host.
-
This is some alternate universe sh*t.
-
All to fill their LLMs (or license out their content to someone creating an LLM)
-
@LoudLemur WTF?
That's absolutely amazing I'm on my ..., almost, and indeed that is MORE than totally unacceptable, and indeed strongly QUESTIONABLE as for me this is just simply an attempt to STEAL intellectual property rights in a f...ng LAME manner. Crooks!FLEE Vultr if they refuse to reason. There are so much good alternative nowadays let's teach the dummies to behave and stop their abuse.
Even DigitalOcean is NOT acceptable on my book! Flee them as well, it's time to show they do not own monopoly these crappy idiots... sorry for the words I'm pissed off... 25 years in the hosting industry never seen such thing before, where is this all going, I'm flabbergasted...
That means, it's time to start to read MORE carefully the nitty-gritty little notes of the TOS of the provider to see if the thread gets spread.
-
https://www.crn.com/news/cloud/2024/cloud-prodiver-vultr-has-bone-to-pick-after-reddit-post
Private cloud provider Vultr is clearing the air after a widely viewed Reddit post claimed the company had changed its terms of services in a way that would give it ownership of all of the data stored or used on its network.
“We do think this person knows better,” Vultr Chief Marketing Officer Kevin Cochrane told CRN Thursday. “We’re HIPAA compliant. If our terms of service meant we owned your data, we wouldn’t be HIPAA compliant. We’re GDPR compliant. If we owned your data, we wouldn’t be GDPR compliant.”
Cochrane said that the terms of services cited in the Reddit post referred specifically to content posted to a public message board that has not been active in some time.
“The content that you deploy on Vultr servers is wholly owned by you,” said Cochrane (pictured above).
-
As far as I can see there was never a question about ownership of the data (the TOS specifically doesn't claim ownership), it was about granting them the unrestricted right to use it. The TOS is just badly worded then as it is not immediately clear that this clause only refers to posts to public message boards. To be fair, anything else seemed somewhat unlikely - it would have been damaging for the company if it concerned data deployed to servers as that would of course then not be GDPR or HIPAA compliant.
-
Here's the official clarification - https://www.vultr.com/news/A-Note-About-Vultrs-Terms-of-Service/
7/10