Vultr is now claiming full perpetual commercial rights over all hosted content
Problematic ToS Clause
- Main focus is a Vultr ToS clause granting the company a perpetual, irrevocable, sublicensable, royalty‑free worldwide license over “user content,” including rights to modify, create derivative works, distribute, and “commercialize” it.
- Clause ends with “for purposes of providing the Services to you,” but also says “in any way [Vultr] deems appropriate,” which many see as contradictory and dangerously broad.
Interpretations and Legal Debates
- One camp argues this is standard service-provider boilerplate to legally allow caching, CDN, backups, and similar operations.
- Others counter that phrases like “perpetual,” “irrevocable,” “commercialize,” and “any way deemed appropriate” go far beyond what is technically necessary.
- EU‑based commenters say such ToS terms would likely be unenforceable or heavily limited there, but note that legal unenforceability does not prevent misuse or data leaks in practice.
- Debate over whether “Services” and “User Content” refer only to public community content (forums, marketplace) or also to all data on hosted VMs; text is seen as ambiguous.
Privacy, AI, and Data Use Concerns
- Strong concern that Vultr could use private data (e.g., SaaS customer data, Nextcloud instances, legal documents, photos) for AI training, resale, or other commercial uses.
- Some see this as part of a wider trend where hosted data is treated as free input for AI or advertising, even in paid services.
Technical Limits of Protecting VPS Data
- Discussion notes that encrypting disks on a VPS does not protect against a hostile provider: snapshots can include RAM (and keys), and decrypted data can be inspected in-flight.
- Conclusion: if you don’t trust the provider, you should self‑host or only send encrypted backups where keys never touch the VPS.
Customer Reactions and Alternatives
- Several users report planning or starting migrations to other hosts (Hetzner, Linode, DigitalOcean, smaller VPS providers).
- Hetzner is praised for price and performance but criticized as “ban‑happy” and sometimes unfriendly in support.
- Some argue that all cloud use ultimately requires trust; others now view Vultr as too risky regardless of legal nuance.
Vultr’s Response and ToS Change
- Later in the thread, it’s noted that Vultr removed the controversial sentence and published a statement claiming it was meant only for public community content.
- Many remain skeptical, seeing this as backtracking under pressure rather than evidence of benign intent, and worry it could quietly return.
Broader Reflections on ToS and Legalese
- Strong sentiment that ToS are too long, vague, and one‑sided for non‑lawyers who must still “agree.”
- Calls for regulation or norms requiring plain‑language summaries, clearer scoping (e.g., “only what’s technically necessary”), and penalties for overreaching clauses.
- Some appreciate the backlash as a useful deterrent against stuffing maximalist rights into boilerplate contracts.