Comcast Takes Heat For Injecting Messages Into Internet Traffic

from the meddling-and-fiddling dept

Since around 2013 or so, Comcast has been injecting warning messages into user traffic streams. Sometimes these warnings are used to notify a customer that their computer may have been hacked and is part of a botnet. Other times, the warning messages inform users that they've (purportedly) downloaded copyrighted material as per Comcast's cooperation in the entertainment industry's "six strikes" Copyright Alert System (CAS), a program that pesters accused pirates until they acknowledge their villainy and receipt of "educational" materials on copyright.

More recently, Comcast has used the system to urge customers to upgrade to a newer modem, or to warn users in capped markets that they're about to reach their monthly usage allotment and will soon be paying overage fees:
While Comcast's efforts here may be well-intentioned, the act of fiddling with user traffic and injecting any content into the user data stream has long been controversial. Pretty much like clockwork over the last three years, you see stories popping up every few months or so explaining how letting such a fierce opponent of concepts like net neutrality fiddle with user traffic just isn't a particularly smart idea. Users have also consistently complained that there's no way to opt out of the warning messages.

But in addition to being annoying and a bad precedent, many think Comcast's efforts on this front open the door to privacy and security risks. iOS developer Chris Dzombak, for example, penned a blog post last week explaining how getting broadband users used to this level of popup pestering by their ISP opens the door to hackers to abuse that expectation and trust via man-in-the-middle attacks:
"This might seem like a customer-friendly feature, but it’s extremely dangerous for Comcast’s users. This practice will train customers to expect that their ISP sends them critical messages by injecting them into random webpages as they browse. Moreover, these notifications can plausibly contain important calls to action which involve logging into the customer’s Comcast account and which might ask for financial information.

Any website could present its users an in-page dialog which looks similar to these Comcast alerts. The notification’s content could be entirely controlled by criminals hoping to harvest users’ Comcast account login information. This would give an attacker access to users’ email, which is a gateway to reset the user’s passwords on most other sites — remember, most password recovery mechanisms revolve around access to an email account.
Each time this subject pops up, Comcast's engineering folks are quick to point out that this is all perfectly ok because the company filed an informational RFC (6108) back in 2011 explaining what the company was up to. Usually this results in media outlets quieting down for a while until somebody new discovers the popups. But Dzombak is quick to correctly note that filing an RFC isn't some kind of get out of jail free card for dumb ideas:
"Comcast has submitted an informational RFC (6108) to the IETF documenting how this content injection system works. This appears to be a shady effort to capitalize on the perceived legitimacy that pointing to an RFC gives you.

First, let me point out that just publishing a memo that says you plan to do something, doesn’t mean that the thing you’re doing is acceptable.

Second, RFC6108 does not address this concern whatsoever. There’s a short section about security considerations, which largely boils down to this guidance: “…the notification must not ask for login credentials, and must not ask a user to follow a link in order to change their password, since these are common phishing techniques. Finally, care should be taken to provide confidence that the web notification is valid and from a trusted party, and/or that the user has an alternate method of checking the validity of the web notification. …"
In short, that puts the onus on customers to know that these popup notifications should not ask for login information. But most users simply aren't going to know that, and would be easily fooled by a phony popup that mirrors this dialogue but redirects users to a malicious third-party website asking for their user credentials. This is just a snippet of HTML on an unencrypted website; there's no magic bullet way of being sure the web notification you're viewing "is from a valid and trusted party." Comcast told Dzombak his points are fair on Twitter last month, but still hasn't seriously addressed the problem.

Comcast has your e-mail address for notifications. There's really no reason to fiddle with user traffic. It's a horrible precedent that's not only annoying, but a potential privacy risk. Fortunately the problem may self-resolve as Comcast can't inject the messages into encrypted streams -- and encryption use overall is on the rise. Still, it's still not a particularly great precedent to let a company with a long, proud history of fighting net neutrality fiddle with data streams, however purportedly noble the intention.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dpi, message injection, net neutrality, packet injection
Companies: comcast


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 29 Nov 2016 @ 6:37am

    I don't pay you to inject things, I pay you to deliver what I requested. If I want fancy messages on my quota you can give me the option but that's it.

    This is just getting people used to this till they start injecting ads. Just wait.

    link to this | view in thread ]

  2. icon
    tom (profile), 29 Nov 2016 @ 6:44am

    Way to go Comcast, train your customers that weird pop up messages are ok and can be safely ignored. Ignore the established methods of email, text messages and phone calls.

    The average person will have no way to tell the difference between malware popups from Comcast and malware popups from others. How long until the bad guys start formatting popups that resemble the Comcast popups?

    link to this | view in thread ]

  3. icon
    DannyB (profile), 29 Nov 2016 @ 6:45am

    It's all okay, because we posted a public notice

    It's okay if we sneak into your (and everyone's) home and post notices on your refrigerator. We posted a public notice about what we were up to, so it's okay.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 29 Nov 2016 @ 6:59am

    I still don't see how this isn't violating the CFAA.
    It's obvious that it "exceeds authorized access", if I can not opt out of such notifications. If I want to go to the local county website, and it's blocking information, that's directly related to the government requirements.

    Now the CFAA is really broad and should be fixed, but the DOJ should swing both ways if they want to prosecute others for it.

    The main issue though is that it's just bad practice, and encourages others to use these notifications to hack into people's accounts. We've already seen this with SSO on Facebook, Google, et al logins and XSS attacks.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:12am

    “…the notification must not ask for login credentials, and must not ask a user to follow a link in order to change their password, since these are common phishing techniques..."

    So an authentic looking Comcast popup with a link to the Comcast password reset page with an iframe that injects a keylogger.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:15am

    Yet one more reason why EVERYONE should be using a VPN.

    link to this | view in thread ]

  7. identicon
    Chris, 29 Nov 2016 @ 7:15am

    Re:

    Even worse than that, the security guideline you cite would only be useful if users already knew that these notifications shouldn't ask for login credentials. Users don't know that; how could they? They haven't read this RFC.

    So most people won't even think it's suspicious for a plausible-looking Comcast notification to ask them to login directly.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:19am

    Re: Re:

    "Your Comcast credentials are expiring! Please log in to continue using your Comcast Xfinity service."

    link to this | view in thread ]

  9. identicon
    Jason, 29 Nov 2016 @ 7:19am

    Re: It's all okay, because we posted a public notice

    All the documents were posted for public display in the basement of the local planning office.

    (Caution: Stairs inoperative.)

    (Warning: No Lights)

    (Beware of the leopard.)

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:31am

    Re: opens the door to hackers

    hackers? I fail to distinguish how they are different from the carriers in this regard. And frankly, most state computer intrusion laws, could be reasonably interpreted to regard this behavior as a crime.

    IMHO the fact that they are even touching the frame at or above OSI layer 4, is an intrusion into a communication between two parties who may or may not have contractual relationships with the carrier. And even if they do have a contract, the customer is probably in a monopoly market. So performance of the contract is under duress against the users 1st amendment rights, and therefore void.

    IOW, it is criminal wiretapping. This is equivalent to the post office, opening your mail because they don't like the style of the writing, reading the contents, and leaving a comment INSIDE the envelope.

    A lot of this shit derives from false advertising practices. They advertise shared capacity instead of CIR, or SLA based rates for individual users, and then fuck the users on overages for using the capacity the carrier advertised. And to do this, they have to actually use MORE equipment to keep track of who they are fucking over.

    So now they are monitoring traffic, they never technically needed to monitor, and the MPAA, RIAA and the FED start making demands of the monitoring capacity, and they start billing for consumer surveillance, turning it into a product.

    This doesn't get solved until the carriers are separated from the content providers. It is just going to get worse with IOT.

    So what is going to happen, is the fed will start wailing: "OMG, the Internet is falling! Whatever shall we do", and the carriers will step up and say: "Sure, WE'LL take care of that for you" which will put them in a position to implement regulatory capture over the IOT industry.

    And Congress will high five, and return to being malevolently ignorant about the relationship between modern technology, and the Constitution.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:35am

    "Fortunately the problem may self-resolve as Comcast can't inject the messages into encrypted streams -- and encryption use overall is on the rise."

    Until Comcast forces all of its users to use a Comcast rented modem that they completely control.

    link to this | view in thread ]

  12. icon
    PaulT (profile), 29 Nov 2016 @ 7:44am

    Re:

    I'd assume it's not a violation since they're technically adding information to data they're providing rather than interfering with 3rd party comms or hardware. That is, although unsolicited, they're providing information you requested via their service, only with an additional item attached. I'd imagine the argument would be if the postal service adds an extra postcode with information on it, that doesn't count as mail tampering.

    Silly analogy and everyone posting here probably knows the many things wrong with that argument, but I'd bet that's how it's presented.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:47am

    So when they send one of these messages, does that count against your monthly data usage, or are they exempting their traffic from their caps?

    link to this | view in thread ]

  14. identicon
    Lurker Keith, 29 Nov 2016 @ 7:47am

    not just Comcast

    This isn't just a Comcast thing. Charter does it, too.

    Once, & only once, when I was trying to switch back to my old modem/ router hybrid, IIRC, because the new router I bought didn't work properly & put up massive security flags for wanting online access JUST TO CHANGE THE SETTINGS (have since gotten a different router that lets me in offline, & am using Charter's free modem, to limit liability for connection problems), I saw a similar message about the connection (don't remember what it said), assumed it was suspicious & called Charter to question it.

    Next time, since I just have internet & there's no need for them to require anything of me to supply it, I might demand some kind of opt-out. I may also question it's legality.

    Luckily, I never provided them with my E-mail & don't have one with them. It's a wire into my place, all they should need is payment of the bill. However, I think I had to confirm my name. Wasn't comfortable with that already being in the message (not sure if it was part of the original popup or a page I clicked something to open).

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 29 Nov 2016 @ 7:56am

    Re: Re:

    "I'd assume it's not a violation since they're technically adding information to data they're providing rather than interfering with 3rd party comms or hardware."

    In what world does this make sense? Adding, changing, removing, or even just LOOKING is interference at a technical level. Hell, there is interference from the natural world that is already a problem we have to deal with in networking, lets not add fucking more!

    Doing anything other than passing the data along like a good network device is interference!

    link to this | view in thread ]

  16. identicon
    Baron von Robber, 29 Nov 2016 @ 8:07am

    Re:

    I don't think the modem can prevent that. 1) The tunnel will at least be at your router or the computer itself to endpoint of the tunnel outside your ISP's domain. 2) More and more people are using VPNs to do work from home. They will slit their own throats if the ISP interferes with this.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 29 Nov 2016 @ 8:07am

    Re:

    It doesn't matter. They can't keep accurate track of anyone's monthly data usage to begin with.

    link to this | view in thread ]

  18. icon
    Grey (profile), 29 Nov 2016 @ 8:17am

    As the son of a pair of hippies, (My Mother not being an unintelligent one as she and her co-workers built most of the pacific NW's initial internet backbone for GTE (now Verizon) back when the company thought the net was a fad, but I digress...)

    Fuck that noise... They've trusted random strangers to walk up to the house and cut the corner off their station wagon to fix damage... and paid them in advance because "they didn't have the right paint" (vanished with the money), they've fallen for curb painting scams, after Dad died, Mom let some asshole talk her out of an antique, concert-grade double bass worth 8 grand at it's last valuation... (in the mid 80's... ) for $3k. (After she told me how happy she was to sell it, I had to point out she had just been screwed out of $10-15k,)

    I have enough trouble keeping my flaky family from screwing themselves over as it is, they do NOT need to be acclimated to accepting random windows that pop up.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 29 Nov 2016 @ 8:17am

    Well, it's not any worse than sites using flash/java to identify people behind proxy servers in an effort to moderate their remarks eh TechDirt?

    link to this | view in thread ]

  20. icon
    PaulT (profile), 29 Nov 2016 @ 8:24am

    Re: Re: Re:

    I didn't say it made sense, I just said that's how it's probably interpreted.

    "Doing anything other than passing the data along like a good network device is interference!"

    But, not "wrong" if you're the one in control. They *are* adamantly against being classed as common carriers and dead set against net neutrality...

    link to this | view in thread ]

  21. icon
    PaulT (profile), 29 Nov 2016 @ 8:26am

    Re:

    Why would they need to use Flash and Java for that? Another technically clueless, paranoid moron unaware that their own actions are getting their trolly spam flagged as trolly spam, I see...

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 29 Nov 2016 @ 8:31am

    Re: Re:

    I'd assume it's not a violation since they're technically adding information to data they're providing rather than interfering with 3rd party comms or hardware.

    Would you be happy if they injected a voice into your phone calls to warn you that you were about to run out of purchased minutes?

    link to this | view in thread ]

  23. identicon
    Indy, 29 Nov 2016 @ 8:35am

    Can you imagine?

    Why hasn't any attorney sued them on this? Seems like service manipulation. Can you imagine if your water turned red when the water company thought you were using too much?

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 29 Nov 2016 @ 8:37am

    Re: Re:

    I turn flash on, I get moderated. I turn it off, my posts go through fine.

    I'm using a Australian proxy now (I think), but I tried 10 different countries proxy servers. All moderated. I couldn't get one post through regardless of the server. I did a bit of research and found out that they can use flash to bypass the proxy. I thought it was bullshit, so i tried it. I turn flash on and I get moderated, I turn it off and my posts went through fine.

    Don't be a dick PaulT, I'm only following logic here. If there is a reasonable explanation for it then fine, hit me with it. I'll admit I'm wrong if that's the case. But I've been testing it all morning, that data doesn't lie.

    link to this | view in thread ]

  25. identicon
    Baron von Robber, 29 Nov 2016 @ 8:55am

    Re: Can you imagine?

    And water is a limited resource. Bits, not so much, as they get cheaper and cheaper by the hour (Moore's law still kicking).

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:03am

    Re: Re: Re:

    "Would you be happy if they injected a voice into your phone calls to warn you that you were about to run out of purchased minutes?"

    Didn't they used to do that on pay phones? (People still remember pay phones, right? I used one maybe twice in my life as a kid, so I might remember wrong.)

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:06am

    Re:

    Or a Comcast-looking notification that says your computer is compromised, please click this link to clean it up.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:09am

    Re:

    The encryption is from the content provider all the way the user's browser. So who has control of the cable modem is irrelevant.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:19am

    Re: Re: Re: Re:

    In the U.K., you got some warning pips just before the call was cut unless you inserted more coins. That was a simple timer function. Here they have to look at the web traffic contents, so that they can modify it insert their message.

    link to this | view in thread ]

  30. icon
    DannyB (profile), 29 Nov 2016 @ 9:52am

    How big of an issue is this with HTTPS? (TLS)

    How many sites are still using HTTP instead of HTTPS?

    I can understand how Comcast can inject anything into an HTTP result. But what about when you are using TLS?

    Aren't more and more sites secure against this type of attack? And Comcast's injection of anything IS an attack! At least in its implementation, even if the motivation is different.

    Even traffic in other protocols, how much is in plain text these days?

    Any useful or informative information?

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:54am

    Re:

    “…the notification must not ask for login credentials

    What happens when the user "clicks here" on that dialog to upgrade their service? Does that upgrade really go through without them having to log in?

    Can a web page's javascript read the Comcast dialog box and push the buttons itself?

    Where's the content for this dialog box coming from? Does everyone get an iframe referring to the same server? That could be interesting—by compromising one web server you could compromise most of Comcast's customer base.

    link to this | view in thread ]

  32. identicon
    Brakeing Down Security Podcast, 29 Nov 2016 @ 9:54am

    Canadian ISPs have been doing it for years.

    Our show talked about this with Lee Brotherston almost 2 years ago. He found an ISP up in his neighborhood was injecting 'you are almost at your bandwidth cap' on sites he'd visited previously. We discussed how to block it... apparently, the tech was patented and is created in San Antonio, Texas.

    Listen to us talk about it with Lee Brotherston... http://traffic.libsyn.com/brakeingsecurity/2015-006_ISP_MiTM-Lee-Brotherston.mp3

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:56am

    Re: Re:

    Do browsers even enable Java by default anymore?

    link to this | view in thread ]

  34. identicon
    Lurker Keith, 29 Nov 2016 @ 10:07am

    Re: How big of an issue is this with HTTPS? (TLS)

    I can't comment on Comcast, but I don't think that makes a difference with how Charter does it. When I encountered whatever they're doing, it prevented me from accessing the net at all, until I clicked through their page. It might be something that preempts even the DNS look up, so encryption might be useless to stop it.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 29 Nov 2016 @ 10:09am

    Re: Re: Re:

    Mine did. I will agree with PaulT on one thing, I should have definitely known better than to have it on. Shame on me for that.

    But you know what; I've been lurking this site for 10 years or so. I've had some knock down drag out's with people, but never targeted for moderation like this. I was hurt at first, now I'm just disappointed. I wasn't cussing anyone, I was arguing the hell out of my point and bam... moderated. On that particular subject, I'm very Right leaning, I hope that wasn't the reason but it sure as hell looks like it.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 29 Nov 2016 @ 11:06am

    Re: Re: How big of an issue is this with HTTPS? (TLS)

    That's a walled garden. Basically they redirect all traffic to a specific server to notify customers of something. IMHO, much better than high jacking traffic destined to another server and manipulating that data.

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 29 Nov 2016 @ 11:55am

    There were a few free (dial-up) ISPs that were doing this in the 1990s, injecting banner ads into web pages. It was better than other free ISP alternatives like Netzero, which forced people to run proprietary software and get a permanent banner ad that took up a third of the screen.

    link to this | view in thread ]

  38. icon
    orbitalinsertion (profile), 29 Nov 2016 @ 1:50pm

    Re: Canadian ISPs have been doing it for years.

    Don't tell me, it was Rodgers. They started DPI and injection with products of a few shady companies that changed their names a few times since. Quite a while back now, isn't it?

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 29 Nov 2016 @ 2:08pm

    Re:

    > I still don't see how this isn't violating the CFAA.

    *Selective Enforcement*

    You don't really the laws to be enforced on those who paid for them, do you?

    link to this | view in thread ]

  40. icon
    mb (profile), 29 Nov 2016 @ 2:45pm

    Wiretap

    I'm not sure this is actually a CFAA violation, since they aren't technically accessing your computer, but it IS a violation of the Wiretap Act.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 29 Nov 2016 @ 5:42pm

    Dear XFINITY Executive,

    You have reached 100% of your f**ing plan for your
    XFINITY significant other. Further f**ing will
    incur f**ing usage overage charges on your account.

    To avoid overage charges and sign up for the
    Unlimited F**ing option, click here.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 29 Nov 2016 @ 6:50pm

    Re: Re: Re:

    "I'd assume it's not a violation since they're technically adding information to data they're providing rather than interfering with 3rd party comms or hardware."

    Actually they are. If they are interjecting traffic in HTTP, at minimum they have to read the frame header and recalculate the length, and THEN they have to inject plain text into the the actual HTML, which would require reading, at the very least the first few lines of the document.

    So it is a direct interception and modification of a document transmitted between two parties, who may not have any contractual relations with Comcast whatsoever. (as in a house guest, or minor) It is not significantly different than intercepting a fax transmission, modifying it and retransmitting it. From a technological perspective, these two things are only marginally different. The fact that they identify themselves, doesn't preclude it from being a crime.

    But the bigger issue, is that if they can do line rate modification at this level they have specifically built network infrastructure to do line rate modification for other reasons. This activity is not a feature that came with the network hardware.

    What makes this work is infrastructure (expensive infrastructure) built specifically for intercepting consumer traffic, and MIM'ing it on demand. Which is to say, a stupid popup is not what justified the capital layout to build an overlay network for intercepting consumer traffic.

    So what else is it being used for? My expectation, is that they are using it for state, and privately sponsored computer intrusion. Which makes them an agency of state, for all practical intents and purposes.

    link to this | view in thread ]

  43. icon
    Eldakka (profile), 29 Nov 2016 @ 7:21pm

    Re: Re: It's all okay, because we posted a public notice

    In a locked filing cabinet.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 29 Nov 2016 @ 9:24pm

    Re: Wiretap

    > they aren't technically accessing your computer

    I'm pretty sure they're interfering with the normal operation of your computer to cause it to display their message instead of what you intended. Not all that different from the website defacements the DOJ has prosecuted people for under the CFAA.

    > but it IS a violation of the Wiretap Act.

    That too, then. That's probably how the DOJ would stack the charges against a peon.

    link to this | view in thread ]

  45. icon
    PaulT (profile), 30 Nov 2016 @ 12:37am

    Re: Re: Re:

    Again, I didn't say I approved or agreed with the stance, I'm just saying that's how I think they see it. Save your anger for people who actually believe this is a good thing.

    link to this | view in thread ]

  46. icon
    PaulT (profile), 30 Nov 2016 @ 12:42am

    Re: Re: Re: Re:

    "So it is a direct interception and modification of a document transmitted between two parties, who may not have any contractual relations with Comcast whatsoever"

    It depends on how the law sees it, and the law and technical reality don't often see eye to eye. All I know is that the recipient has agreed to get their data delivered by Comcast, and the TOS probably has a clause allowing them to do this. I don't believe the sender of information has any say if the recipient has agreed to tampering or monitoring, but I could be wrong.

    If you think this is criminal activity, go ahead and get their customers to sue. But, I think it'll be a long uphill battle and likely to be judged a civil violation at best.

    "So what else is it being used for?"

    Could be anything, the problem again here being that lack of competition means that Comcast know their customers have few places to go even if they completely lose all trust in them.

    link to this | view in thread ]

  47. icon
    PaulT (profile), 30 Nov 2016 @ 12:43am

    Re: Re: Re: Re: Re:

    As I recall it (also in the UK), they certainly did have a warning that credit was going to run out.

    link to this | view in thread ]

  48. icon
    PaulT (profile), 30 Nov 2016 @ 12:48am

    Re: Re: Wiretap

    "I'm pretty sure they're interfering with the normal operation of your computer to cause it to display their message instead of what you intended"

    No, they're not. The browser is displaying what it's instructed to display, as normal. It's just that the instructions to display this message have been altered between sender and recipient.

    "Not all that different from the website defacements the DOJ has prosecuted people for under the CFAA."

    Well, I'm not sure of a specific case but I'm sure that defacement would have been prosecuted as altering the code on the server. Nobody's accessing the server in this case. Nothing's being changed on any computer here, in fact, it's a change during transit.

    As for wiretap act, I'm sure that's more applicable, but again it depends on how the law and court sees it. If Comcast's TOS allows them to do this and they're not currently injecting malware, I'm not sure it's actually criminal activity (however much you wish it may be). Comcast customers are welcome to take them to court and prove me wrong, however.

    link to this | view in thread ]

  49. icon
    PaulT (profile), 30 Nov 2016 @ 1:10am

    Re: Re: Re:

    "I turn flash on, I get moderated. I turn it off, my posts go through fine. "

    What is the content of the posts moderated, have you posted a lot that day, copied a lot of links, been flagged a lot by the community, etc?

    I'm not saying it's absolutely not happening, but there are many other factors. The only times I've ever been held for moderation is when I've forgotten to log in and I'm posting from a new location with a bunch of links. That's a spam filter, not a grand conspiracy. It might just be that you've been flagged so many times on your proxied IPs that your own comments are what's causing them to be moderated.

    "Don't be a dick PaulT, I'm only following logic here"

    I hope you'll forgive me, but I find that whining about being flagged and moderated usually comes from people who have it happen because they're trolling or similar, not because of the software they're using. If that's not the case for you, I hope you get it sorted out

    Although I admit, the first thing that comes to mind here is "why are you so intent on using a proxy to hide your IP to post anonymously on this particular site?". My second thought is that you're acting suspiciously, so of course your comments will be moderated as such. My third is what these comments actually are that you're so desperate to get through and if they do indeed deserve moderation.

    "that data doesn't lie"

    However, sadly, a lot of ACs posting here do. If TD are indeed using extra protections to detect and restrict the trolls whose mission it is to derail every conversation here with fiction, I can't blame them.

    link to this | view in thread ]

  50. icon
    PaulT (profile), 30 Nov 2016 @ 1:12am

    Re: Re: Re:

    Java, absolutely not. He might mean Javascript, which is more likely, but if so that call into question the extensive research he claims to have carried out since he can't get the name of the technology he's working with correct.

    link to this | view in thread ]

  51. icon
    PaulT (profile), 30 Nov 2016 @ 1:19am

    Re: Re: Re: Re:

    "I've had some knock down drag out's with people, but never targeted for moderation like this"

    Again, perhaps it's what you were saying (or the community's reaction to it) during those arguments that's caused you to get flagged.

    "I was arguing the hell out of my point and bam... moderated"

    Oh, there it is. Since you insist on commenting anonymously (quick hint - in my experience, logged in accounts are subject to far less moderation), we can't verify the argument without you linking to it. But, at a guess - you were flagged as a troll so you were moderated. You continued the same argument on different IPs, got flagged again on those, and now your entire pool of IPs has been flagged. So, the filter correctly causes flagged IPs to be moderated. No client-side coding required.

    There could be another explanation, but I find that people here whining about censorship and unequal treatment are usually those who are just being flagged as trolls. Whether you agree with that label or not, I fear that's the reality.

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 30 Nov 2016 @ 4:39am

    Re: Re: Re: Re: Re:

    "in my experience, logged in accounts are subject to far less moderation"

    So you agree they are censoring based anonymity? Way to make my point ass hole.

    Your such a piece of shit. You don't know the first thing about what your talking about or the VPN service I use so your just tossing out insults and guesses. I have a lot more than a handful of IP's to choose from you retard. Take your arrogance and your complete lack of understand of what the fuck your talking about and shove them both up your ass.

    "But, at a guess - you were flagged as a troll so you were moderated."

    That's all you can do? Fucking guess? Nice contribution to the discussion.

    "There could be another explanation, but I find that people here whining about censorship and unequal treatment are usually those who are just being flagged as trolls."

    Unlike yourself, I'm not guessing. I spent quite a bit of time testing my theory against their website.

    I suggest you learn a little about how this shit works before you open your pie hole and confirm the fact that your an idiot.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 30 Nov 2016 @ 4:44am

    Re: Re: Re: Re:

    Your arrogance is seconded only by your stupidity. Someone abbreviates and suddenly they don't know what their talking about? You post on this website all day passing insults and putting your arrogance on full display to the world. Your the worst kind of troll. One without a fucking life.

    link to this | view in thread ]

  54. icon
    PaulT (profile), 30 Nov 2016 @ 4:54am

    Re: Re: Re: Re: Re: Re:

    "So you agree they are censoring based anonymity?"

    No, I'm saying that without any verification of who you are, they can only filter based on your IP. If your IP is regularly flagged, it gets moderated. If it's been flagged in the past, but your account wasn't flagged at that time, then it can be presumed that it wasn't your comments that caused the flag. If the Ip stops being flagged, it doesn't get moderated no matter how anonymous or otherwise the author is.

    It's not discrimination or censorship if you've chosen not to provide the data to distinguish you.

    It's not hard to make the distinctions here, but you have to base your response on facts.

    "Way to make my point ass hole."

    Oh, so you're one of those fools who devolves into name calling when they can't argue on facts. It's not really a mystery why you're getting flagged by the community, is it?

    "That's all you can do? Fucking guess? Nice contribution to the discussion."

    While you're continuing your descent into whining swearing toddler tantrum, you might wish to consider that this is all you've been doing as well.

    "Unlike yourself, I'm not guessing. I spent quite a bit of time testing my theory against their website"

    No, you tested a single criteria, and all you managed to prove is that the IPs you use on your proxy have flagged for moderation. Probably due to behaviour similar to that displayed here. Did you consider not acting like this, at all?

    "I suggest you learn a little about how this shit works before you open your pie hole and confirm the fact that your an idiot"

    Sorry, I don't talk to children while they're making a scene. Come back when you pass puberty.

    link to this | view in thread ]

  55. icon
    PaulT (profile), 30 Nov 2016 @ 4:56am

    Re: Re: Re: Re: Re:

    "Someone abbreviates and suddenly they don't know what their talking about?"

    Yes. Java and Javascript are completely different technologies with different uses and implementations. Mixing the two up means you have no idea what you're talking about. I apologise for exposing your ignorance, but this is why I questioned your claim to begin with. Java doesn't get used for things like the action you claim, which makes your claim wrong..

    "Your the worst kind of troll"

    Stating facts is not trolling. I'm sorry that you lack the knowledge you claim to have, but that's not my problem.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 30 Nov 2016 @ 5:36am

    Re: Re: Re: Re: Re:

    " All I know is that the recipient has agreed to get their data delivered by Comcast, and the TOS probably has a clause allowing them to do this."

    No, the recipient hasn't in all cases. Home WIFI is often used by parties who have no contract with Comcast. So the closest thing to authorization, would be if the TOS requires the customer to act as agent, and indemnify Comcast for violations of the rights of the house guest.

    But of course that is B.S. because as a monopoly market provider, (in most cases) the TOS is not a contract. A contract requires mutual consideration. If service is denied based on refusal of the terms in the TOS, then the 1st amendment rights of the consumer are effectively held hostage, due to the lack of availability of a suitable replacement. This makes the TOS an agreement under duress, and therefore no agreement at all.

    And really there should be some thought given to whether this is precisely the intent of the monopoly regulations written by the various states. Do monopoly telecom relations derive from simple graft? Or is the purpose of these regulations, to effect upon the citizens a state of duress, and a mechanism of control for interfering with the citizens Constitutional rights, making these regulations a tool of tyranny as well?

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 30 Nov 2016 @ 5:43am

    Mediacom does the same thing. Drives me crazy every time I get one.

    link to this | view in thread ]

  58. icon
    Niall (profile), 30 Nov 2016 @ 6:10am

    Re: Re: Re: Re: Re: Re:

    He's already admitted to being far-right and so he obviously lives in a post-truth, non-factual universe. And badly needs to feed his persecution complex that goes along with his general nominal cowardice.

    link to this | view in thread ]

  59. icon
    PaulT (profile), 30 Nov 2016 @ 7:55am

    Re: Re: Re: Re: Re: Re:

    "No, the recipient hasn't in all cases. Home WIFI is often used by parties who have no contract with Comcast."

    Well, that depends on what you class as "recipient". I'm sure that Comcast would consider it to be the router that logs into their network, not the individual devices connected to it. They're altering the packets that go between their servers and the device logged into their network, not the internal network controlled by the router.

    Put it this way - my apartment building receives mail to the security desk, and the local security staff take responsibility for distributing it to the correct mailboxes across the complex. I'm sure that the postal service would consider the security desk the end of their responsibility, not the person who opens the envelope.

    Again, you can argue whether this attitude is moral or even legal, but I'm sure that's how it's set up. Until such ideas are battled in court, all I'm saying is that saying that Comcast are criminally liable for inserting messages as they do is something of a stretch as I understand the situation.

    link to this | view in thread ]

  60. icon
    PaulT (profile), 30 Nov 2016 @ 8:01am

    Re: Re: Re: Re: Re: Re: Re:

    Most likely, but I've been in a mood to keep nudging. His response here really does say it all, though. He's been wrong about basic facts but won't admit it, he won't accept the most likely explanation about what's happening (because it involves taking personal responsibility) and instead invents a conspiracy against him and throws a tantrum that would embarrass most playgrounds when cornered by facts and logic.

    I'd laugh if I hadn't spent the last few months watching people like this get elected to prominent positions that will shape the next decade of my life, at bare minimum, and probably much more than that.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 30 Nov 2016 @ 9:57pm

    Re: Re: Re: Wiretap

    No, they're not. The browser is displaying what it's instructed to display, as normal. It's just that the instructions to display this message have been altered between sender and recipient.

    So, as long as a computer is following instructions, no crime has been committed, even if those instructions have been altered without authorization. Interesting theory, but one wholly without any legal basis whatsoever that I can see.

    Nothing's being changed on any computer here

    Umm, so? Aaron Swartz didn't change anything on MIT's computers either. I suggest anyone unfamiliar with the story go look it up.

    link to this | view in thread ]

  62. icon
    PaulT (profile), 1 Dec 2016 @ 12:13am

    Re: Re: Re: Re: Wiretap

    "So, as long as a computer is following instructions, no crime has been committed, even if those instructions have been altered without authorization. Interesting theory, but one wholly without any legal basis whatsoever that I can see"

    That's why I've repeatedly said you should wait for someone to sue and follow the court case. I'm simply, as a layman, explaining how I think Comcast can justify this not being illegal. I notice that people are just trying to shoot down me and my ideas without evidence or explanations of how it actually is in violation of the suggested laws.

    The point is - if you're trying to apply laws that refer specifically to hacking a computer to this, you're on the wrong track and it's pretty dumb to think that Comcast haven't already consulted lawyers to see if they can get away with it. It's also dangerous to start applying those laws to such things if they're not the best tool. Wiretapping laws, more likely but it really depends on who is considered the originator and requester, and how the TOS and other agreements apply. That will take lawsuits and time in court.

    "Aaron Swartz didn't change anything on MIT's computers either."

    No, but he gained access to them in a manner that was deemed unauthorised, whether or not you agree with that assessment or the result (I don't, of course). The point is, the data is being changed *after* it has left the originating server and so the CFAA's rule about unauthorised computer access doesn't apply, no matter how strongly you feel it should compare to Swartz or any other victim of that act.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 1 Dec 2016 @ 6:45am

    Re: Re: Re: Re: Re: Wiretap

    That's why I've repeatedly said you should wait for someone to sue and follow the court case.

    We're talking about criminal law, not civil.

    I notice that people are just trying to shoot down me and my ideas without evidence or explanations of how it actually is in violation of the suggested laws.

    People have provided examples of how the law has been interpreted and applied in the past as way of explanation. I don't know why you are ignoring that.

    it's pretty dumb to think that Comcast haven't already consulted lawyers to see if they can get away with it.

    Comcast knows that they can get away it with because of who they are, not because what they did couldn't be prosecuted if done by someone less powerful. That's the point being made.

    No, but he gained access to them in a manner that was deemed unauthorised,

    And Comcast is gaining unauthorized to the destination computer to display their messages. Let me ask you this, do you really think that if, for example, someone were to hack into the FBI's computers to cause them to start displaying unauthorized on-screen messages that they wouldn't be charged under the CFAA? Or is it all different, depending on who's computer it is? Again, that's the point people are making: unequal application of the law.

    link to this | view in thread ]

  64. icon
    PaulT (profile), 1 Dec 2016 @ 7:25am

    Re: Re: Re: Re: Re: Re: Wiretap

    "We're talking about criminal law, not civil."

    As am I, only people are bitching at me for trying to provide ideas as to why they're not being prosecuted for it.

    "People have provided examples of how the law has been interpreted and applied in the past as way of explanation. I don't know why you are ignoring that."

    I'm not, I just haven't seen anything relevant. Most claims have not been followed with citations or examples. The only one definitely mentioned is the Swartz case, which is irrelevant because it involved ACCESS to the originating SERVER. Which did NOT happen here. It's not being prosecuted under the CFAA because it's not relevant - unless someone can be bothered to give me a citation rather than whining. Get it yet?

    "Comcast knows that they can get away it with because of who they are, not because what they did couldn't be prosecuted if done by someone less powerful. That's the point being made."

    I agree, but nothing I've said changes that. I merely answered the person stating "I still don't see how this isn't violating the CFAA." - and nothing said to me had altered what I said. Absent an explanation of how the CFAA applies here, the examples given are utterly different cases to the one discussed here

    "And Comcast is gaining unauthorized to the destination computer to display their messages."

    How? They are changing information in transit, between its own servers and those controlled by the requesting customer. They are NOT changing any data on the originating server, only data as it passes through the network they own, en route to the computer that requested the original information. Therefore, how EXACTLY are they gaining unauthorised access to the originating server?

    link to this | view in thread ]

  65. icon
    DannyB (profile), 1 Dec 2016 @ 8:12am

    Re: Re: How big of an issue is this with HTTPS? (TLS)

    Can you just change your DNS server to Google's 8.8.8.8 ?

    link to this | view in thread ]

  66. identicon
    Lee Brotherston, 2 Dec 2016 @ 6:09am

    Re: Re: Canadian ISPs have been doing it for years.

    Yes, it was Rogers, at least that's where I encountered it. For what it's worth I searched out the specific injection tools that they were using on Shodan and noted management boxes for these on Bell et al also, so I think they're most places.

    Rogers actually still do this, they're just less obvious about it now. But their warnings about going over your bandwidth usage, for example, use this technique.

    Last time I checked they were using the PerfTech platform, but that could have changed since.

    As Bryan mentioned I did a little research project and talk on this. If you're interested here's some links to what I found:

    mini-summary: https://blog.squarelemon.com/2014/11/corporation-in-the-middle-blog-edition/

    bsides talk:
    https://www.youtube.com/watch?v=_YeaYIPM-QI

    me chatting with Bryan about this: http://traffic.libsyn.com/brakeingsecurity/2015-006_ISP_MiTM-Lee-Brotherston.mp3

    link to this | view in thread ]

  67. identicon
    Anonymous Coward, 2 Dec 2016 @ 7:36am

    Re: Re: Re: Re: Re: Re: Re:

    "Well, that depends on what you class as "recipient". I'm sure that Comcast would consider it to be the router that logs into their network, not the individual devices connected to it."

    The computer is not an entity legally able to contract. Only the sender, and recipient are. The TOS is presumed to be a contract for rendering of services, but it isn't since the services are natural law rights. The TOS can no more deny you the right to privacy, and the right to communicate privately and free from molestation, than it can deny you the right to breathable air.

    As far as the technical means of interception; it is not articulated in computer crimes law in my state, only the act of interception is. The demarcation point of the communication is not generally relevant.

    The only way that I can conceive of the demarcation point being legally relevant, is if the consumer was not in a monopoly market. In such a case it could be reasonably argued that the TOS articulated a contracted service, rather than an attempt to defraud the consumer by portraying a public utility as one.

    link to this | view in thread ]

  68. icon
    Selvia (profile), 12 Mar 2017 @ 3:08am

    Nonton Film Online

    Situs Nonton Movie terbaru, dan terlengkap yang telah menyediakan beragam Film Bioskop, hanya ada di http://www.movie303.com

    link to this | view in thread ]

  69. identicon
    HGPOKER, 26 May 2017 @ 3:30am

    Judi Poker Online

    Bermain judi poker dini aja ,, 100% player tanpa bot ..
    Bonus terbanyak dari seluruh poker yang ada ...

    http://hgpoker1.com
    http://nontonmovie.com
    http://salmonpoker.com
    http://hokibet.online
    http://12goal .com
    http://jamhoki.com

    link to this | view in thread ]

  70. icon
    alvin putra (profile), 29 May 2017 @ 11:22pm

    Situs nonton film online subtitle Indonesia

    Thank you for sharing this article. For those who like to watch movies online visit our site at : http://hokimovie.com

    and visit our other website.
    http://hokisport1.com - for sportsbook
    http://bukatogel - for togel online

    link to this | view in thread ]

  71. identicon
    Mabosbola, 31 May 2017 @ 11:13pm

    Thanks for the Information

    Few things catch me and bring me to a new understanding of what I thought I know and then inspire me to own it in a whole new way. Thank you for another fantastic post.

    link to this | view in thread ]

  72. identicon
    mike mike mike, 19 Jul 2017 @ 6:06pm

    Comcast - rape is ok when you know it's coming

    Comcast analogy on doing shady things.

    -"It's ok to rape you because I told you I was going to rape you" - Comcast
    -"It's okay to steal from you because the government got a notice that we were about to rob you and they did nothing to stop us"

    Should I keep going with how Comcast excuses sound like?

    Slow clap for Comcast, and no it's still not ok

    As much as I love the internet, I will laugh pretty hard when a solar flare fries all the cables. =) Comcast you are terrible.

    link to this | view in thread ]

  73. identicon
    Sand, 23 Aug 2017 @ 1:31pm

    Creepy Comcast.

    The popups are SO DAMN creepy. Very pathetic way to remind. I was on a webex with 10 customers when I happen to be working from home and my shared screen shows this pop-up. Terrible. So creepy. So Comcast has a way to track the usage (this part is ok wfif) then go the personal online device they see online then know what browser I have open and then insert this popup. What else are you monitoring??? Now, looking at options to move away from Comcast. BTW been their internet customer for 7 years and bought more services like phone and then they ding me with this cap! Way to go Comcast.

    link to this | view in thread ]

  74. identicon
    dbasia, 22 Jul 2018 @ 10:06pm

    Website Taruhan Judi Bola Online Sbobet Terpercaya

    Situs Website Bandar Agen Taruhan Judi Bola Online bandar agen taruhan judi bola online dilengkapi dengan server kecepatan dan enkripsi tingkat tinggi menjamin keamanan data dari member kami, juga memberikan Anda kenyamanan dan keamanan untuk melakukan taruhan online.

    link "https://dewasport.net

    link to this | view in thread ]

  75. identicon
    Situs Judi Online Resmi, 20 Sep 2018 @ 1:54am

    Situs Judi Online Resmi

    Berikut daftar judi online resmi terpercaya 2018 yang memiliki reputasi bagus di mata para pecinta judi online Indonesia :

    <a href="http://www.alexawin.org/">NagaBola</a>
    <a href="http://67.225.207.107/">AsikQQ</a>
    <a href="http://96.30.29.11/">Ceme Online</a>

    link to this | view in thread ]

  76. icon
    ayu putry (profile), 9 Sep 2019 @ 3:33am

    daftara agen togel

    Kumpulan Link Alternatif Situs Bandar Agen Judi Togel Online Hongkong Singapore sydney LahorePools ZairePools di Seluruh Indonesia

    Kami Menghadirkan Kumpulan website link alternatif judi Togel Online di indonesia agar memudahkan anda untuk bermain di website kesayangan yang telah terblokir

    Link Alternatif yang kami sajikan resmi langsung dari situs officialnya Anda Hanya perlu Mencari Situs kesayangan Anda disini

    Kami Hanya Menyediakan Link Alternatif Situs judi Togel Online yang terpercaya dan Admin Didalamnya yang sebelumnya sudah kami uji terlebih dahulu

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.