Acceptable Use Policy

You may NOT use DeskBoot to:

Attack others

• Launch DoS or DDoS attacks against any system, including ours.
• Scan, probe, or attempt to penetrate networks you don't own or have written permission to test.
• Mass-target hosts (port-sweeping, credential-stuffing, brute force, etc.).
• Distribute malware, viruses, ransomware, worms, or any malicious code.
• Mine cryptocurrency without prior written approval — abuse vector, not policy preference.

Send spam or abuse messaging

• Send unsolicited bulk email, SMS, or push notifications.
• Phishing, smishing, or impersonating any person, brand, or government.
• Operating mail relays, open SMTP servers, or services that exist to spam.

Host illegal content

• Anything that exploits or sexualizes minors — we will report to NCMEC and law enforcement.
• Content that incites violence, terrorism, or genocide.
• Pirated software, copyrighted media without rights, or sale of stolen credentials.
• Markets for illegal drugs, weapons, identity documents, or financial fraud kits.

Abuse the platform

• Farm welcome credits with multiple accounts (we detect via card fingerprint, device fingerprint, phone).
• Charge back legitimately consumed services — this is fraud.
• Resell raw DeskBoot capacity to third parties without a partner agreement.
• Reverse-engineer, scrape, or systematically probe our APIs to harm the Service.
• Circumvent rate limits, security controls, or fraud measures.

You SHOULD:

• Use the Service for security testing only against systems you own or have written authorization to test. Kali sessions exist for legitimate research, CTF practice, and authorized engagements.
• Terminate sessions you're no longer using — saves you money, saves us capacity.
• Treat the credentials we issue like passwords. Don't commit them to public repos. Don't share screenshots with the password visible.
• Report abuse — if you see something hosted on us that's wrong, email abuse@deskboot.store.

Bandwidth & resource use

100 GB/account/month of egress is included free. Beyond that, $0.05/GB. Persistent sustained-100% CPU at the smallest size for weeks (i.e., running the box as a cheap dedicated server permanently) violates the spirit of on-demand pricing — we'll reach out before suspending and offer you a reserved-pricing path.

Enforcement

For low-severity issues we usually email first and give you a chance to fix it. For active attacks, CSAM, fraud, or anything causing immediate harm: instant suspension, full investigation, possible referral to law enforcement, and account termination. We don't refund balances of suspended accounts.

Reporting abuse

See something? Tell us: abuse@deskboot.store. Include the offending IP, timestamps (UTC), and what you observed. We respond to credible reports within 24 hours.

Changes

We update this policy as new abuse patterns emerge. Material changes go out by email. By using the Service after the effective date, you accept the updated policy.