Internal testing here at ProPrivacy and comment threads on British Telecom’s (BT) own support forums seem to suggest that the venerable UK telecoms provider has taken steps to restrict access to its webmail platform if you connect through a VPN.
Comment threads on BT’s support forums first appeared in November 2021, with customers complaining they were getting a weird error message when trying to log into BT’s webmail service . The webmail service is available free of charge to current and former BT customers via a web-based application. However, unlike other webmail services such as Gmail and Yahoo, only past or current BT customers can use these email accounts, no anonymous signups are allowed.
Error code TS-003
When customers attempt to connect to the BT webmail portal while connected through a VPN, they are presented with the following message:
Our tests have confirmed that this error code affects a number of well-known VPN providers, including ExpressVPN, NordVPN, Private Internet Access and PrivateVPN – even users of the Puffin Secure Browser have reported issues. The protocol used doesn’t seem to matter (we tested both OpenVPN and WireGuard), and even trying obfuscated servers or multi-hop connections results in the same issue. Some providers with a large number of UK-based servers, like Nord, still have locations that work, and others like PrivateVPN and ExpressVPN, have a few locations that still work.
BT Forum Posts
The issue was first reported by a customer complaining they couldn’t access BT’s webmail via their PC. The initial response from a BT forum moderator seemed to suggest that BT was blocking specific IP addresses on suspicion that they were being used for malicious activity.
This error message will appear if the IP address you are using appears to be potentially bad. It protects you from possible identity theft or malicious networks.
Another BT moderator, StuartH, was much more blunt in another thread, stating that the reason for this message was that the user was trying to connect with a VPN.
I looked up this error message and it tells me this is caused by accessing through a VPN, I see from your previous post that the Puffin Browser is acting like a VPN.
It’s disappointing to see that BT has apparently taken steps to prevent users from accessing their service when connected through a VPN. VPNs aren’t illegal in the UK, and there are plenty of legitimate reasons for someone to use them – a desire for privacy and security above all else. Thus, claiming that the reason for this blocking is due to some kind of “malicious activity” is dishonest.
Upon discovering this, we reached out to BT for answers. Was it something they did on purpose or was it an accident, a side effect of some other change? They got back to us to explain that this was an issue they were looking into and offered a solution on the morning of the 25th after some VPNs that had failed on the 24th were able to connect.
However, after testing BT’s claims, we noticed that some VPNs were still having connection issues and contacted again as it looked like they were ready to fix the issue and push the privacy through users first. The response we received was disappointing, to say the least.
Our priority is to guarantee the security of our customers’ data. We constantly monitor traffic and will block suspicious activity to protect our customers.
It’s a shame that BT has chosen to flag the traffic as “suspicious” simply because someone is using a VPN, forcing paying customers to choose between accessing the site or compromising their online privacy and security. We can only hope that this unwanted and unwelcome change is removed as quickly and quietly as it was introduced.
Test results as of 02/28/2022
- east london
- The connection launches “PR_End_of_File” and the site will not load. This affects all tested servers, regardless of location or country.
Some of Nord’s servers are blocked, some are OK. There are too many to realistically test each one, but people might have to search a bit to find one that works.
It’s disappointing to see BT joining what appears to be a growing movement to limit and restrict the use of VPN connections over broadband internet. In the UK, websites like Just Eat and Smyths Toys also deny access to anyone using a VPN. The boilerplate explanation of these companies is that these connections are “suspicious” or “malicious” and therefore prohibited.
It’s such a shame to see the use of a VPN being considered something undesirable in a time when our online identities are increasingly important and more and more threatened by theft or surveillance.