As part of a package with DSL and telephone service, TDS Metrocom offers 5 e-mail accounts, 5 Mb of file storage including a personal_html folder which is served by their web servers, a customizable web portal, and on-line account management.
Neat.
To access e-mail, TDS offers a web form.
In plain-text HTTP.
A link at the bottom allows one to switch from "standard mode" to "secure mode", i.e. via encrypted HTTPS.
I asked TDS whether this isn't backwards, and whether they would consider making HTTPS the default. They said they would not.
Within less than a minute of activating my e-mail account on their system using their secure site, that account began receiving spams--the usual kind, about shady stock investments, sexual enhancers, etc.
Access to the TDS-hosted 5 Mb of file space is via plain-text FTP. That means that if I wish to use that space, there is no encryption-secured option to prevent sending my username and password across the internet in plain text.
I asked TDS whether they would consider offering the securely encrypted SFTP service in the future. They said absolutely NOT.
The FTP service shares usernames and passwords with e-mail and the selection of services and billing. The unwary customer is virtually guaranteed to expose their username and password to sniffers on the Internet.
It is my opinion that TDS is not doing its part of the job to ensure that customer accounts are not compromised by the use of the services TDS has promised. Chances are good that customer accounts have been compromised by this lack of security and will continue to be compromised by it, at great expense.
Matthew H. Fields