Internal testing here at ProPrivacy, and comment threads on British Telecom’s (BT) own support forums, would appear to suggest that the venerable UK telecoms provider has taken steps to restrict access to its webmail platform if you are connecting over a VPN.
Comment threads on BT’s support forums first showed up in November of 2021, with customers complaining that they were receiving an odd error message when trying to connect to BT’s webmail service. The webmail service is available free to both current and former customers of BT through a web app. However, unlike other webmail services like Gmail and Yahoo, only past or present BT customers can use these email accounts, no anonymous sign-ups are allowed.
TS-003 error code
When customers try to login to the BT webmail portal while connected through a VPN, they are presented with the following message:
Our testing has confirmed that this error code impacts a number of well-known VPN providers, including ExpressVPN, NordVPN, Private Internet Access, and PrivateVPN – even users of the Puffin secure browser have reported issues. It does not seem to matter what protocol is used (we have tested both OpenVPN and WireGuard), and even trying obfuscated servers or multi-hop connections results in the same issue. Some providers with a huge number of UK-based servers, such as Nord, still have locations that work, and others such as PrivateVPN and ExpressVPN, have a couple of locations that do still work.
BT’s forum posts
The issue was first flagged by a customer complaining that they could not access BT webmail through their PC. The initial response from a BT forum moderator appeared to suggest that BT were blocking specific IP addresses on the suspicion they were being used for malicious activity.
This error message will appear if the IP address that you are using shows up as being potentially bad. It’s protecting you from possible identify theft or malicious networks.
Another BT moderator, StuartH, was far more blunt in another thread, stating that the reason for this message was that the user was trying to connect with a VPN.
I looked up this error message and it tells me it’s caused due to accessing via a VPN, I see from your previous post that the Puffin Browser acts as a VPN.
It is disappointing to see that BT has seemingly taken steps to restrict users from accessing their service while connected through a VPN. VPNs are not illegal in the UK, and there are many legitimate reasons for someone to be using them – a desire for privacy and security foremost amongst them. So, to claim that their reason for this block is due to some sort of “malicious activity” is disingenuous.
On discovering this, we reached out to BT for answers. Was this something they had done deliberately or was it an accident, a side-effect of another change? They got back to us to explain that this was an issue they were looking into, and offered something of a fix on the morning of the 25th after some VPNs that had failed on the 24th were now able to connect.
However, after putting BT’s claims to the test, we noticed some VPNs still had issues connecting, and reached out again as it appeared they were willing to fix the issue and put users’ privacy first. The response we received was disappointing, to say the least.
Our priority is to ensure our customers’ data is safe. We monitor traffic constantly and will block any suspicious activity to protect our customers.
It is a shame to see that BT has chosen to flag traffic as “suspicious” simply because someone uses a VPN, forcing paying customers to choose between access to the site or compromising their online privacy and security. We can only hope that this unwanted and unwelcome change is removed as quickly and quietly as it was introduced.
Results of testing as of 28/02/2022
- East London
- Connection throws “PR_End_of_File” error and the site won’t load. This impacts all servers tested, regardless of location or country.
Some of Nord’s servers are blocked, some are OK. There are too many to realistically test every single one, but folks might need to hunt around a little to find one that works.
It is disappointing to see BT joining in with what seems to be a growing movement to limit and restrict the use of VPN connections across a large swathe of the internet. In the UK, websites like Just Eat and Smyths Toys are also denying access to anyone using a VPN. The boilerplate explanation from these companies is that these connections are “suspicious” or “malicious” and so they are barred.
It’s truly a shame to see the use of a VPN being viewed as something undesirable in an age where our online identities are more and more important, and ever more at risk from theft or surveillance.