ISPs Hijacking Browser Functions, Continue Proud Tradition Of Value-Free Added Services

from the added-value-for-us-but-not-for-you dept

ISPs over the last few years have quickly rushed to embrace DNS redirection advertising. Instead of users being directed to a traditional page not found message (or Google in some browsers) should they enter a nonexistent or mistyped URL, they're redirected to an ISP-run search portal laden with advertisements. The concept creates a revenue stream out of your clumsy typing, giving ISPs an extra few bucks per month, per user (of course on top of whatever they make supposedly not selling your clickstream data). While many users don't like the practice, most ISPs provide some kind of opt-out mechanism (though they often don't work well), and users can often choose alternative DNS servers. Slashdot directs our attention to the fact that users continue to be surprised when they find out their ISP is hijacking user location bar results:

"Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden (sic) search result from another website. I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes me wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?"

Here in the States one ISP (Windstream Communications) was recently busted for taking this concept one step further, going so far as to actually hijack Firefox Google search toolbar results. Windstream quickly backed away from the practice once users started to complain, insisting it was a mistake. However, the ISP wouldn't offer technical specifics about what technology they were using that created this "bug," and employees were told not to elaborate. To be clear, in Windstream's case this went well beyond DNS redirection, worked no matter what DNS servers were being used, and involved manipulating actual traffic streams using a new flavor of deep packet inspection. Whether this new layer 7/DPI is being used for copyright enforcement, surveillance, data mining or search result hijacks isn't clear -- but whatever it's being used for, it's being implemented with absolutely no transparency to the end user.

It seems unlikely that any U.S. ISP would take things further by hijacking toolbar results, given ISPs are busily trying to argue to regulators that network neutrality rules aren't necessary. Still, as deep packet inspection technology gets more sophisticated, precisely how ISPs are meddling with your traffic is something to keep a close eye on. ISPs already have a bad habit of offering value added services that fail to provide any value to consumers, and DNS redirection ads are only the latest example. ISPs were in such a hurry to grab this additional revenue, they failed to bother to make sure opt-out mechanisms for these "services" even worked, much less consider adding any kind of enhanced DNS functionality (as seen by companies like OpenDNS) that would make these services worth something to the end user. While DPI itself isn't bad, it holds a lot of potential for abuse among ISPs eager to make an extra buck at any cost.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: browsers, dns, firefox, hijacking


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Jim, 5 May 2010 @ 5:39pm

    Pleeeeezzzz, Mike!

    "The concept creates a revenue stream out of your clumsy typing, giving ISPs an extra few bucks per month, per user ..."

    It's disappointing to see you write an otherwise good post, but then loose credibility with a statement that you have to know isn't accurate. You run a Web site with ads. You know better. In order to make a "few bucks per month, per user," the average user would probably have to mistype URLs thousands of times each month. It's far more likely that the ISPs make pennies per month, per user (and perhaps less). Your data points and arguments were good enough without the egregious exaggeration, which seems to have been inserted to make the story a little bit more compelling. The problem is, when I see something like that, it makes me wonder what other liberties you're taking with the truth.

    link to this | view in chronology ]

    • identicon
      Radjin, 5 May 2010 @ 5:58pm

      Re: Pleeeeezzzz, Mike!

      It sounds like you work for one such ISP.

      I do know ad revenue is quite significant for redirections on bad URL's. Either way I think his point is quite valid that other than that, are they actually using some sort of deep inspection that is a bit more invasive?

      link to this | view in chronology ]

      • identicon
        Jim, 5 May 2010 @ 7:22pm

        Re: Re: Pleeeeezzzz, Mike!

        First, I don't work for an ISP, and I have zero affection for them. Second, the comment in question referred to mistyped URLs, not deep inspection. Third, you missed my point, which was that by grossly exaggerating, Mike hurt his credibility, at least with me.



        A decent CPM (i.e., how much advertisers pay for 1000 impressions) is about $1. That's 3,000 impressions to make a "few bucks." How many URLs do you mistype a month? Since Mike runs a Web site that gets a lot of traffic, he should know better. I was also disappointed because it seemed to me that he may have done it (perhaps subconsciously) to juice up his story. And by the way, I have no problem with just about everything else in his post.

        link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 5 May 2010 @ 7:48pm

          Re: Re: Re: Pleeeeezzzz, Mike!

          Um. I didn't write the post.

          link to this | view in chronology ]

          • icon
            chris (profile), 6 May 2010 @ 9:10am

            Re: Re: Re: Re: Pleeeeezzzz, Mike!

            Um. I didn't write the post.

            i see, just when jim has you on the ropes you start getting in to semantics.

            link to this | view in chronology ]

        • identicon
          Ryan, 5 May 2010 @ 9:37pm

          Re: Re: Re: Pleeeeezzzz, Mike!

          Yes, "an extra few bucks per month" just sounds like phenomenally overblown hyperbole, designed maliciously or perhaps just ignorantly to exploit our sympathies and inherent vulnerability to sensationalism with gross overexaggerations.

          Actually, on second thought it sounds more like a figure of speech.

          link to this | view in chronology ]

          • icon
            Mike Masnick (profile), 6 May 2010 @ 12:43am

            Re: Re: Re: Re: Pleeeeezzzz, Mike!

            Actually, on second thought it sounds more like a figure of speech.


            Yeah. I won't speak for Karl here, but I read it as a figure of speech. I don't think anyone would think otherwise, or that it's sensationalizing the topic. Do you honestly think it makes the story any different?

            link to this | view in chronology ]

            • identicon
              Jim, 6 May 2010 @ 8:16am

              Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!

              "An extra few bucks" is a figure of speech. "An extra few bucks per month, per user" is much more specific. Comcast has 25M subscribers. Your statement suggested that Comcast alone makes hundreds of millions per year on mistyped URLs. That's significant, and it's nowhere close to reality.

              I didn't say it changed the story; I said it hurt your credibility with me. I know what ad rates are. I might not know if you exaggerate about things that I'm not familiar with. Your response to my point, which I found very dismissive, makes me even less comfortable.

              link to this | view in chronology ]

              • identicon
                Jim, 6 May 2010 @ 8:33am

                Re: Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!

                PS. The subject of my original comment shouldn't have targeted "Mike" directly since he was not the author of the post. Sorry about that, Mike. And just to be clear, I agree with vast majority of the opinions expressed in all posts on Techdirt. But I stand by my comment on this one.

                link to this | view in chronology ]

    • identicon
      interval, 5 May 2010 @ 6:31pm

      Re: Pleeeeezzzz, Mike!

      Is Mike hijacking your search quests and answering them with other stuff?

      link to this | view in chronology ]

  • identicon
    abc gum, 5 May 2010 @ 5:53pm

    Was Windstream using the old man in the middle attack ?

    Vote with your dollar if there is sufficient competition in your area.

    link to this | view in chronology ]

    • icon
      silentsteel (profile), 5 May 2010 @ 6:19pm

      Re:

      Unfortunately, as Windstream is a rural ISP, there are very few alternatives in the areas they serve. The few places I have heard of that competition has come in, Windstream, Valor Telecom at that time, was pushed almost completely out.

      link to this | view in chronology ]

      • identicon
        scamp, 29 Jul 2012 @ 12:57pm

        Re: Re:

        Windstream is really our only option out here and two years after this damn article was written, Windstream is STILL redirecting my searches.

        link to this | view in chronology ]

  • identicon
    Cheong, 5 May 2010 @ 6:47pm

    PCCW has been getting increasingly ridiculous these days since 3 year ago, that's why I changed to another ISP eariler this year, when their annoyance went to a new level.

    link to this | view in chronology ]

  • icon
    justok (profile), 6 May 2010 @ 1:04am

    http://www.kcrg.com/news/local/92913249.html

    Windstream buys Iowa Telecom.

    link to this | view in chronology ]

    • identicon
      meee tooo, 6 May 2010 @ 12:26pm

      Re: Iowa Telecom

      isn't Iowa Telecom the outfit that hits telcos with exorbiant connection fees or some such fee? I remember scams that used some telco on Iowa because of a state law allowing that high fee...so if it is it fits the acquirer's business model very well!

      link to this | view in chronology ]

  • icon
    fleegle (profile), 6 May 2010 @ 3:11am

    Browser Hijacking

    Windstream is the only ISP in my area and a few months ago, our searches were being hijacked to their ad page.

    I set the DNS for all our computers and routers to google's DNS (8.8.8.8) and the problem disappeared.

    link to this | view in chronology ]

  • identicon
    RobShaver, 6 May 2010 @ 8:37am

    Tunneling

    Perhaps we need some form of VPN tunneling to a trusted portal/relay which would then give us unadulterated access to the Internet. This would thwart any deep-packet inspection or redirection. I guess there'd be a performance hit however.

    link to this | view in chronology ]

    • icon
      chris (profile), 6 May 2010 @ 9:19am

      Re: Tunneling

      Perhaps we need some form of VPN tunneling to a trusted portal/relay which would then give us unadulterated access to the Internet. This would thwart any deep-packet inspection or redirection. I guess there'd be a performance hit however.

      you can tunnel just about anything over an SSH connection, all you need is a trusted host to connect to. i do this on untrusted wifi networks.

      that said, this is something stupid that ISP's do with their DNS and it's uber easy to get around. just use a different DNS, like google mentioned above (8.8.8.8 and 8.8.4.4) or level3 (4.2.2.1-4.2.2.6).

      i normally use them because residential ISP DNS is often unreliable.

      link to this | view in chronology ]

  • identicon
    Anonymous Lily Liver, 6 May 2010 @ 1:23pm

    Greed blinds them to the inevetiable concequences.

    If you use Google as your preferred search engine, I suggest you start paying closer attention to how often you see the "Did you mean: xxx?" link at the top of your search results. Despite being good at spelling, I would say I see this at least 50% of the time. There definitely is money to be made from page hijacking. The more users you have, the harder it would be to resist too, I think.

    The thing that got me really wondering is ISP liability. With the copyright industry eyeballing them, ISP's have found themselves having to stress their "dumb pipe" defense more frequently as of late. However, when they start employing DPI strategies in more obvious (aka obnoxious) ways, one would think that the whole concept of them being a dumb pipe begins to collapse. If you are using DPI to watch users and are able to hijack anything they access, then you should easily be able to control piracy on your network. After all, that was the original intent of DPI to begin with, was it not?

    Another aspect regarding the potential for increased ISP liability for those whom use DPI is that it may finally pave the way forward for new laws. After all, DPI is not unlike wiretapping from my point of view. ISP's that use it have always claimed it is solely for the benefit of their customers. The explanation most often given is that DPI allows an ISP to better manage the health of their network by preventing "heavy" bandwidth users from eating it all up. Personally I've always felt it was just an excuse for not properly reinvesting in their network. DPI is a far less expensive proposition, plus as we can clearly see it allows them to do more than just monitor users. However, when those uses begin to cross the line more and more, how will lawmakers (undoubtedly under greater pressure from consumer groups) be able to justify continuing to stand by and do nothing? If DPI abuse becomes prevalent enough, it may force the government to finally take net neutrality seriously. Just like the copyright industry, their greed is what may undo them in the end.

    link to this | view in chronology ]

  • identicon
    Michael, 26 May 2010 @ 7:28am

    Everybody wants in on advertising

    ISP's wasting your bandwidth on sending you advertising that you werent looking for is wrong.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Dec 2013 @ 9:03pm

    And a year and a half after your post, they are STILL doing it. Interesting is that even when setting the DNS to the non-redirecting numbers, every night at approx. 11:45 p.m. EST Windtream resets to the redirecting numbers.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.