Tuesday, August 1, 2017

Can Comcast/Xfinity Publish Your Trade Secrets and Letters to Grandma?

The answer looks like yes, but ask a lawyer for a legal opinion.
I have confirmation from a lawyer that I am correct.

Comcast’s most recent Terms of Service (ToS) state

“Authorization. Comcast does not claim any ownership of any material that you publish, transmit or distribute using XFINITY Internet. By using XFINITY Internet to publish, transmit, or distribute material or content, you (1) warrant that the material or content complies with the provisions of this Agreement, (2) consent to and authorize Comcast, its agents, suppliers, and affiliates to reproduce, publish, distribute, and display the content worldwide and (3) warrant that you have the right to provide this authorization. You acknowledge that material posted or transmitted using XFINITY Internet may be copied, republished or distributed by third parties, and you agree to indemnify, defend, and hold harmless Comcast, its agents, suppliers, and affiliates for any harm resulting from these actions.”

 Sending data in email clearly is transmitting material. For example, if an employee or an independent contractor who uses their Comcast account to communicate something confidential with authorized people, it appears that Comcast retains the right to publish such information  on a worldwide basis.

If a child writes an email to grandma, fair game for worldwide publication? A suicide note? Spouses exchanging love letters and/or pictures? Letters to congress people. Your attorney? The FBI?

The answer is yes.

If I am reading this wrong please let me know so I can update this blog and inform others of what it means.

Randy Abrams
Independent Security Analyst


  1. A three letter acronym springs to mind. VPN. And migrate your email to Protonmail or Tutanota. If Comcast doesn't capture your in the clear communications, google/gmail will. Encrypt or die...metaphorically speaking.

  2. Yep. I use a VPN and recently started using Tutanota. The weakness of Tutanota and ProtonMail currently is that they do not have a mechanism for offline access.

    www.duckduckgo.com is another privacy enhancer ,although they need a lot more support to improve their search engine. Still, they are my default search engine and homepage.

  3. Startpage is a good "shield" between your search and the gaping maw of google, as an alternative to DuckDuckGo... and while you're correct that Tutanota has no offline mechanisms, ProtonMail is now pushing imap out from beta, although to my mind, that kinda negates the whole point of having your entire email setup encrypted and unreadable except at the server end!