Can Your Web Hosting Provider See All Your Data?

Jul 1
09:22

2014

Alex HD

Alex HD

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Most email users and web hosting customers think that their hosting service does not have the ability to track or read their emails. This article clarifies this myth and reveals more about the user data that web hosts have access to.

mediaimage

As technology develops and privacy becomes an ever-increasing concern,Can Your Web Hosting Provider See All Your Data? Articles web hosting customers are becoming more conscious about their digital data and its security. So, how much of your information can your web hosting company see? Just your website files? Or your databases? Or your emails too?

When we asked these questions to customers of randomly picked web hosting providers, in an informal survey, almost all the customers thought that the web host could not see any data of the customers. On second thoughts they thought that maybe their website files which are available through FTP may be visible. The participants of the survey having accounts with the "Giant Corporations" like Google, Apple, Yahoo, Microsoft felt that they were better off than others who were hosted with smaller providers, since these "Giant Corporations" were larger and more accountable. But the question of "How much data can your hosting provider actually see" was easily misplaced. If you haven't thought about this topic before, think again. You will probably understand what this article is getting at.

Nowadays, many nerdy and tech-savvy youngsters have their own domain names with a customized email address to suit the image they want to portray. They also keep a blog which details their daily musings. They also push out an occasional tweet and a Facebook update. Their customized email address is a talking point. Is their email data visible to their web host. The short answer is Yes. Every bit of your hosted information can be made visible to the web hosting provider or the person who is controlling the network(s) through which your data is flowing. This includes your ISP - the people who provide you the internet access.

Your web hosting provider however big or small can see all the traffic going through your account. Resellers of a web hosting service may have limited access to the end-users data, but sometimes may be able to see a significant amount of information. The owner of the hosting server has full access to all your files, emails, pictures, and databases whether you like it or not. This is how it has always been and probably will always be.

The next question that comes up is whether they "need" to have full access to the end-users account data or not? It is essential that at all times, the server owner has full access to each and every file on his server and also has the ability to monitor all the incoming and outgoing traffic to and from his server. It is more for self-defence rather than for invading privacy. The owner must have full authority to block or prevent any activity which may cause harm to or through his server. Whether the server is used as a tool or a target for any anti-social, criminal or harmful activity, the owner should be able to control and prevent such activity at will.

Email abuse is a common example of why a web host needs to know what is going on through his server and to prevent any malicious activity. Most web hosts have automated systems to prevent spam mail going out from their systems or coming into their server. Most of the systems "read" the contents of the email and rate the email based on suspicious keywords or patterns which are indicative of spam mail. The same form of "scanning" the contents of an email can be used to breach the privacy of a user too.

Your website files are clearly visible and should be visible to the server owner when he accesses or browses the file system from his control panel. Thats the only way that malware and virus attacks can be mitigated at the micro level. So, now that we know that your web hosts have the ability to browse through your data, do they actually see your emails or browse through your database tables? Most probably not. Out of the hundreds of accounts on the same shared server or system, your data is lost in the crowd. It is most likely so insignificant that it will never be intruded into. Even a small web host has better things to do than rummage through your love-letters and party pictures on email. Even in a single account, the information overflow is so overwhelming that its just not worth the effort. Unless of course, some government agency or surveillance authority has requested your account to be monitored or "tapped", the likelihood of a nosy web host is very small.

Many users often ask us whether our service offers better privacy protection or confidentiality of information as compared to the "Giant Corporations". Its only a matter of who sees your data. Would you like a Google staff member to see it? Or a Yahoo employee? Or an Amazon employee? It may also boil down to whom you feel is more accountable to you. Most of the free email services actually make money by selling your data or using it to indirectly generate revenue. Their terms and conditions for use of their service cover this aspect and insulates them from any risk or liability. They do "read" your data, but it is mostly an automated bot which sifts through your emails to form a pattern of your interests and activities.

Well, then what is the solution? Should you use carrier pigeons instead of email? The ability of your email account being visible to your web host or the server administrator is analogous to your bank account transactions being seen by the cashier at the bank counter. Both are as important or as trivial. Passwords in the database should always be encrypted. Encryption ensures that the password is translated into a long string of an alphanumeric word, which is difficult to reverse engineer. That alphanumeric word is what is actually visible to your web host in the database and not your plain text password. Similar encoding techniques can be used to encrypt the source code of your website or web applications. The file will just contain junk symbols and text, which will make no sense unless it is decoded in the appropriate way. The same applies to email as well. Email can also be encrypted, but needs some technical know-how and is not easy for an average user.

This article is not meant to make users of "cloud" or internet based services paranoid, but to give clarity to what has silently or unknowingly been accepted by most people as the norm. The author wishes to create awareness on this topic as to what is the reality. This factor as such may make little difference to the choice of email or web hosting, but the aim was to empower the user with knowledge.