12ft.io has been banned by Vercel
twitter.comIt's understandable to ban the site given it does break Vercel's terms, but the allegation that Vercel hasn't let the owner transfer the domain away is a serious concern. Removing a customer is always hard but you have to do it in a way that ends in a clean break between your business and the customer. Keeping a domain fails to achieve that in a big way.
This is why you shouldn't combine your registrar with whatever services you have your domains pointed at. Domains should be delegated to services using a simple OAuth2 protocol. DomainConnect is technically close but very corporate and not good for self-hosted services.
> Domains should be delegated to services using a simple OAuth2 protocol
Maybe i'm missing something, but why not do this using simple DNS? Nameservers at the registrar, or nameservers at some simple dns-only thing, and point hostnames to whatever you want at the moment.
The barrier to entry to using a domain name is way too high. Even just to use a domain with email you have to manually enter a bunch of DNS records. That should be a quick OAuth2 flow from your email provider that gives them a token they can use to set the records for you.
And they shutdown all his other projects.
They presumably shut down his account, and that indirectly resulted in shutting down everything. I'd put that on the customer - if you run a risky project that could get your account banned you should partition things better.
This part doesn’t seem unreasonable to me, however the domains being held does seem unreasonable.
I absolute believe that Vercel does not like to host it and they have the freedom to restrict the service. But I _am_ curious which term of the TOS it violated.
Vercel's terms are at https://vercel.com/legal/terms. A handful of possible violations from section 6, Acceptable Use:
- The Services may only be used for lawful purposes.
- You shall not attempt to undermine the security or integrity of computing systems or networks of Vercel, its partners, or any other person, and must not attempt to gain unauthorized access.
- You may not use the services or Vercel's infrastructure for proxying, scraping, to create virtual private networks, or to create virtual private servers.
Reasonable people might disagree whether 12ft.io is being unlawful, undermining the integrity of a computing system, gaining unauthorized access, or proxying/scraping. So the TOS also says:
- The final decision of whether an account is in violation of any of these acceptable use terms is at the sole discretion of Vercel.
> - The final decision of whether an account is in violation of any of these acceptable use terms is at the sole discretion of Vercel.
Seems like it's not safe to host on Vercel, then. They're giving themselves absolute control with zero recourse.
Looks like you're opted into arbitration too. Classic hostile, anti-consumer behavior.
Don't they know who they exist to serve?
Every mainstream cloud platform has substantially the same term in their user agreement, including the big hyperscalers. Abuse is a constant challenge for cloud providers; it would be an untenable problem if abusers had legal recourse to account closure.
> You may not use the services or Vercel's infrastructure for proxying, scraping
I think that's pretty clear cut then.
Looking at archive.org, I think this was only added in their most recent May 1, 2023 TOS update.
He might be the reason it now exists in the TOS. :)
I just realized that archive.org might also in violation of Vercel's ToS given its ability to bypass paywall.
Why would they care? They are not hosted on Vercel.
Since the service alters the data before delivery, a strong argument can be made that it’s not a proxy per se. Say I did something similar with the goal of assisting vision-impaired users. That’s not just a proxy.
It’s the weekend. He’ll talk to them on Monday.
> a strong argument can be made that it’s not a proxy per se.
I suppose, although lots of proxies make changes.
Either way, he should probably change the URL that it uses if he intends to argue it's not a proxy of any kind. ;) I still have a tab open with an article, and the URL is:
https://12ft.io/proxy?q=https%3A%2F%2Fwww...
I'd be OK with them taking up to 30 days to do this, but I too expect that they let the owner transfer their domain away. I am not currently concerned, because I think they will let the owner transfer it away probably in less than a week if the owner has a constructive dialogue with them.
so they seized the domain kinda like you do with malware?
it's unfortunate that the only button for Vercel admins is "seize everything in this account", as that's a bit imprecise if one domain is hacked
but if it's a person willfully violating TOS, then it's not really a hacked box, it's an intentionally created thing - and maybe that means that person shouldn't be a customer of Vercel anymore.
Of course an account running a site based on violating copyright is eventually going to be suspended. Any service provider in US jurisdiction will do the same. It's not a matter of opinion or policy for Vercel, or unusual terms of service. It’s critical for Vercel’s business continuity.
Services are protected from copyright claims under the DMCA “safe harbor” laws as long as they pass along copyright notices to their users, and take down content if the user is unresponsive. Otherwise Vercel would become liable for the copyright violation in addition to the user.
If Vercel doesn’t honor the DMCA safe harbor requirements, then Vercel’s providers will shut down Vercel itself. AWS could suspend Vercel’s use of Lambda/EC2, Vercel’s DNS provider could stop answering DNS queries for hosted domains, etc.
I’ve worked twice at service providers protected by DMCA safe harbor (first at UC Berkeley’s ISP, now at Notion) and can tell you that for service providers the consequences of losing DMCA safe harbor are just as severe than the consequences for the user. Early in my days at Notion, we missed a DMCA takedown notice for a public page, the copyright holder escalated to Amazon, and Amazon threatened to terminate the EC2 instances running our service.
https://www.copyright.gov/512/#:~:text=Overview%20of%20Secti...
> Worst yet, they took down all my projects and confiscated all my domains
Never put all your eggs in one basket.
Keep your domains at one company. Your DNS with another. Hosting, a third.
If you have activist-type projects that might attract the attention of powerful people or companies, keep those segregated from your more banal projects in their own isolated accounts.
It sucks seeing people learn this the hard way.
> Keep your domains at one company. Your DNS with another. Hosting, a third.
This just means that there are three companies that can shut you down.
Domains and hosting are usually seen very differently. Your domain is a lot closer to property, while the hosting is commonly shut down anytime it is seen as inconvenient by the provider.
If you combine them on the same provider you risk loosing access to the former because you lost the latter, the providers that host all the services also tend to have blurred lines between disabling one service and disabling your whole account.
But not completely, at the same time
Yes, completely. If you lack any of these things you are shut down completely
It's typically a lot easier to recover from the loss of one of those than all of them at once.
This saga clearly is a counterpoint.
I agree on hosting, but what additional advantage does separating your DNS from domain registry add?
If the person who is trying to get you shut down targets the DNS provider, and they decide "Yup, let's shut them down," if they also happen to be your registrar, you could end up with your domain name confiscated or locked up.
Tangential, but I quite like the error page. Informative, concise and avoids any confusion as to what is going on.
> This Deployment has been disabled.
> Your connection is working correctly.
> Vercel is working correctly.
> If you are a visitor, contact the website owner or try again later.
> If you are the owner, please contact support.
I prefer Heroku's, at least for its own subdomains: https://muchwow.herokuapp.com/
Compare to: https://muchwow.vercel.app/
That information isn't actually useful, especially the ID
Of course there are others, it would make for a good blog post. Maybe throw ChatGPT with plugins and https://publicsuffix.org/ on it.
Sounds like it’s resolved. Author just got angry after getting back from holiday, and seeing their access to every site they own is cut. Which is reasonable given it seems Vercel doesn’t have site level granularity of restricting access.
Which is worrisome.
What other level of granularity are they missing? Do I need to worry about security and access controls?
It's probably not a technical issue with granularity. Vercel probably decided they don't want to do business with someone who broke their ToS and nuked the entire account.
Can you link to any resolution? All I can see on X/Twitter is the one submitted post.
It is online at 1ft.io
I read that from recent magnolia commits, it falls back to {12,1}ft for some websites (apparently, some techniques cannot be done on client-side, perhaps, they require proxies in particular countries or google network to impersonate googlebot better)
The top reply is from Vercel:
> Hey Thomas. Your paywall-bypassing site broke our ToS and created hundreds of hours of support time spent on all the outreach from the impacted businesses. > Our support team reached out to you on Oct 14th to let you know this was unsustainable and to try to work with you.
The poster immediately misunderstood them and thought the hundreds of hours were for talking to him. But they also sounded reasonable afterwards.
> I’ve received 4 emails from vercel support in 2023, I don’t think that constitutes hundreds of hours of work > But tbf I get it if you want to be an opinionated hosting provider and not host 12ft. No worries here, just restore my other projects and give me my domains back and we chill
A couple of platform providers have burned me so bad that I will absolutely move my business and tell others about my bad experiences.
In 2008, GoDaddy let an associate transfer StrategyWiki.org and a bunch of other domains out of my account while I was on a college trip with no internet. I'd spent half a decade building up these projects, and they were stolen away without my knowledge. GoDaddy offered no recourse or apology. The guy that performed the heist was 15 years my senior and from a family of lawyers, which he absolutely threatened me with if I tried to fight him. Even though GoDaddy ownership has changed, I do not like them to this day.
Over the past few years, I maintained a personal Netlify account for hosting a bunch of personal websites. When I started building my startup on Netlify, they moved my personal websites out of their free tier (despite them being in a different account) and into a paid plan. They started charging my card (which I wasn't aware of), and when I changed my billing info they deleted my websites entirely. There was no option to restore them, and their support was incredibly rude. They kept telling me what I had to do to undo their mistake without offering to do it themselves.
Netlify is horrible. Rude and unhelpful.
I was just about to move over to Vercel, but if they're no better than Netlify, I may as well stay put.
If Vercel is working for the "impacted businesses" so much then why aren't they charging them for the hours worked entrenching their market position and busting their business model critics? Why send the bill for that time to him if it's not in ultimate service of him? He rightly sees through their incorrect billing stance. Seems like Vercel takes sides in every industry so you better hope your business has no impact on any other if you go with them.
We need little guys out there correcting the record of these "elusive content" publishers trying to claim exclusive access is all they offer when moments before it was available for free to anyone listening. He just proves they value bot access more than human audience. Maybe he does to, maybe he only wants bots to access his website. Vercel says no, only big business can get away with that freedom to choose one's audience makeup.
DEPLOYMENT_DISABLED
Saw this in the HTTP response yesterday. 12ft.io had not been working correctly for months anyway, e.g., for ft.com.
Now I just use on.ft.com URLs and find FT articles syndicated on other sites. Works fine.
When are people gonna learn you need to keep domain ownership, DNS, and where you host your website fully separate.
I'm not sure if anyone actually does this despite your claim.
Most people who go AWS for hosting, also use their domain/DNS services.
Likewise for the others.
What was the site? What’s the context?
12ft.io is a paywall buster. Not sure on the context other than it might be against their ToS?
12ft hasn't worked against many prominent U.S.-based site paywalls for a while now even though other paywall-bypassing methods still work on those sites. So I had presumed the author had already been catering to some of these angry letters sent to him. Author did mention he had received at least 4 E-mails regarding such matters from Vercel in the past year. Vercel probably resorted to the nuclear option to finally get his focused attention.
I wonder if this is the first time the author has heard from Vercel.
I suspect Vercel never wanted to host this persons content given the amount of legal requests they likely had to deal with.
It probably would have been better business from Vercel to reach out and say, “Hey, it costs us too much money in legal fees dealing with your content. We’re not Amazon. Can you move somewhere else?”
Asking the question and not waiting until it’s too late to deal with it would have been the way to go.
Vercel has known about this site for a long time. Seems a weird way to deal with it, and tells me that their CS team don’t do much proactive support.
According to the thread the author was given two weeks notice by Vercel.
Sure, but 12ft has been around for years. They’ve likely spent hundreds of hours answering copyright and legal questions and inquiries.
I was wondering where I had heard of that domain name. Then it finally clicked. First time I am hearing about vercel. What would constitute as breach of TOS? Is it because he is providing it as a service (free/paid not sure exactly)? I also thought it was based on cached content!? Also, did he not have any backups elsewhere? I could never solely rely on the cloud services. They can change their TOS anytime and screw you over.
12ft.io never worked well for me.
But archive.is generally always works.
12ft.io accepts money from websites that want to be blacklisted from their service.
Archive.is goes in captcha loops everytime I try to open it.
I've resorted to just using reader mode and bookmarklets that others have made.
I'm getting the same Captcha loops with Archive, although I had originally blamed my out-of-date browser. What alternative sites are there?
I actually figured out my problem after replying to your original comment. There's some issue with DNS over HTTPS, so you have to whitelist their sites in your settings, or turn off DNS over HTTPS (which I don't recommend).
To whitelist, on Firefox: Hamburger menu > settings > privacy and security > DNS over HTTPS > Manage exceptions > Add "archive.is", "archive.ph", and "archive.today"
If you don't want to do that, or it doesn't work, use Firefox's reader mode or the google cache bookmarklet I added below.
Google Cache Bookmarklet:
javascript:void(open("https://webcache.googleusercontent.com/search?q=cache:" + document.location))
> But tbf I get it if you want to be an opinionated hosting provider and not host 12ft. No worries here, just restore my other projects and give me my domains back and we chill
Why would you want to continue to do business with them? Unless of course you built your site in such a way that they are your only (practical) hosting option, which seems like a bad approach no matter apps you're building.
Once a company does this, that company is basically fully done in my mind. The damage is done to their brand and is irreversible.
For an iOS/Mac alternative:
I made a shortcut called Trebuchet that pulls up the archived version of articles and opens up in reader mode.
https://www.icloud.com/shortcuts/0df29c2c9aba44d48de1025fc8e...
Used to worked well, stopped recently for me. "Too many requests".
> confiscated all my domains
Please always separate registrar from DNS provider!
The reason is this:
* Registrars are your legal contract partner regarding the domain name.
* DNS providers are you technical partner for making something available under the domain name.
Using a more lenient host, and publishing the un-paywalled content on IPFS could be a more sustainable option that would also be harder to take down.