ISPs Hijacking Browser Functions, Continue Proud Tradition Of Value-Free Added Services
from the added-value-for-us-but-not-for-you dept
ISPs over the last few years have quickly rushed to embrace DNS redirection advertising. Instead of users being directed to a traditional page not found message (or Google in some browsers) should they enter a nonexistent or mistyped URL, they're redirected to an ISP-run search portal laden with advertisements. The concept creates a revenue stream out of your clumsy typing, giving ISPs an extra few bucks per month, per user (of course on top of whatever they make supposedly not selling your clickstream data). While many users don't like the practice, most ISPs provide some kind of opt-out mechanism (though they often don't work well), and users can often choose alternative DNS servers. Slashdot directs our attention to the fact that users continue to be surprised when they find out their ISP is hijacking user location bar results:
"Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden (sic) search result from another website. I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes me wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?"
Here in the States one ISP (Windstream Communications) was recently busted for taking this concept one step further, going so far as to actually hijack Firefox Google search toolbar results. Windstream quickly backed away from the practice once users started to complain, insisting it was a mistake. However, the ISP wouldn't offer technical specifics about what technology they were using that created this "bug," and employees were told not to elaborate. To be clear, in Windstream's case this went well beyond DNS redirection, worked no matter what DNS servers were being used, and involved manipulating actual traffic streams using a new flavor of deep packet inspection. Whether this new layer 7/DPI is being used for copyright enforcement, surveillance, data mining or search result hijacks isn't clear -- but whatever it's being used for, it's being implemented with absolutely no transparency to the end user.
It seems unlikely that any U.S. ISP would take things further by hijacking toolbar results, given ISPs are busily trying to argue to regulators that network neutrality rules aren't necessary. Still, as deep packet inspection technology gets more sophisticated, precisely how ISPs are meddling with your traffic is something to keep a close eye on. ISPs already have a bad habit of offering value added services that fail to provide any value to consumers, and DNS redirection ads are only the latest example. ISPs were in such a hurry to grab this additional revenue, they failed to bother to make sure opt-out mechanisms for these "services" even worked, much less consider adding any kind of enhanced DNS functionality (as seen by companies like OpenDNS) that would make these services worth something to the end user. While DPI itself isn't bad, it holds a lot of potential for abuse among ISPs eager to make an extra buck at any cost.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Pleeeeezzzz, Mike!
It's disappointing to see you write an otherwise good post, but then loose credibility with a statement that you have to know isn't accurate. You run a Web site with ads. You know better. In order to make a "few bucks per month, per user," the average user would probably have to mistype URLs thousands of times each month. It's far more likely that the ISPs make pennies per month, per user (and perhaps less). Your data points and arguments were good enough without the egregious exaggeration, which seems to have been inserted to make the story a little bit more compelling. The problem is, when I see something like that, it makes me wonder what other liberties you're taking with the truth.
[ link to this | view in chronology ]
Re: Pleeeeezzzz, Mike!
I do know ad revenue is quite significant for redirections on bad URL's. Either way I think his point is quite valid that other than that, are they actually using some sort of deep inspection that is a bit more invasive?
[ link to this | view in chronology ]
Re: Re: Pleeeeezzzz, Mike!
A decent CPM (i.e., how much advertisers pay for 1000 impressions) is about $1. That's 3,000 impressions to make a "few bucks." How many URLs do you mistype a month? Since Mike runs a Web site that gets a lot of traffic, he should know better. I was also disappointed because it seemed to me that he may have done it (perhaps subconsciously) to juice up his story. And by the way, I have no problem with just about everything else in his post.
[ link to this | view in chronology ]
Re: Re: Re: Pleeeeezzzz, Mike!
[ link to this | view in chronology ]
Re: Re: Re: Re: Pleeeeezzzz, Mike!
i see, just when jim has you on the ropes you start getting in to semantics.
[ link to this | view in chronology ]
Re: Re: Re: Pleeeeezzzz, Mike!
Actually, on second thought it sounds more like a figure of speech.
[ link to this | view in chronology ]
Re: Re: Re: Re: Pleeeeezzzz, Mike!
Yeah. I won't speak for Karl here, but I read it as a figure of speech. I don't think anyone would think otherwise, or that it's sensationalizing the topic. Do you honestly think it makes the story any different?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!
I didn't say it changed the story; I said it hurt your credibility with me. I know what ad rates are. I might not know if you exaggerate about things that I'm not familiar with. Your response to my point, which I found very dismissive, makes me even less comfortable.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!
[ link to this | view in chronology ]
Re: Pleeeeezzzz, Mike!
[ link to this | view in chronology ]
Vote with your dollar if there is sufficient competition in your area.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Windstream buys Iowa Telecom.
[ link to this | view in chronology ]
Re: Iowa Telecom
[ link to this | view in chronology ]
Browser Hijacking
I set the DNS for all our computers and routers to google's DNS (8.8.8.8) and the problem disappeared.
[ link to this | view in chronology ]
Tunneling
[ link to this | view in chronology ]
Re: Tunneling
you can tunnel just about anything over an SSH connection, all you need is a trusted host to connect to. i do this on untrusted wifi networks.
that said, this is something stupid that ISP's do with their DNS and it's uber easy to get around. just use a different DNS, like google mentioned above (8.8.8.8 and 8.8.4.4) or level3 (4.2.2.1-4.2.2.6).
i normally use them because residential ISP DNS is often unreliable.
[ link to this | view in chronology ]
Greed blinds them to the inevetiable concequences.
The thing that got me really wondering is ISP liability. With the copyright industry eyeballing them, ISP's have found themselves having to stress their "dumb pipe" defense more frequently as of late. However, when they start employing DPI strategies in more obvious (aka obnoxious) ways, one would think that the whole concept of them being a dumb pipe begins to collapse. If you are using DPI to watch users and are able to hijack anything they access, then you should easily be able to control piracy on your network. After all, that was the original intent of DPI to begin with, was it not?
Another aspect regarding the potential for increased ISP liability for those whom use DPI is that it may finally pave the way forward for new laws. After all, DPI is not unlike wiretapping from my point of view. ISP's that use it have always claimed it is solely for the benefit of their customers. The explanation most often given is that DPI allows an ISP to better manage the health of their network by preventing "heavy" bandwidth users from eating it all up. Personally I've always felt it was just an excuse for not properly reinvesting in their network. DPI is a far less expensive proposition, plus as we can clearly see it allows them to do more than just monitor users. However, when those uses begin to cross the line more and more, how will lawmakers (undoubtedly under greater pressure from consumer groups) be able to justify continuing to stand by and do nothing? If DPI abuse becomes prevalent enough, it may force the government to finally take net neutrality seriously. Just like the copyright industry, their greed is what may undo them in the end.
[ link to this | view in chronology ]
Everybody wants in on advertising
[ link to this | view in chronology ]
[ link to this | view in chronology ]