If you search Twitter for the hashtag #softwarepirateconfession you'll find a stream of tweets stating, "How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession." There are many dozens of these tweets in the past day alone, all identical. So what's happening? It turns out that Enfour, the maker of a variety of dictionary apps, is auto-posting tweets to users' accounts to shame them for being pirates. But the auto-tweeting seems to be affecting a huge portion of its paid user base, not just those who actually stole the apps.

"Apparently, even though I paid nearly $25.00 for it, something in the code of this app identified me a owning a pirated copy. It then asked for access to my Twitter account through my iPhone. I gave it access because, it's the American Heritage Dictionary! If any app can be trusted with my Twitter account, it ought to be my expensive dictionary app. But no, it tweeted the following message:

"How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession"

all the ISPs involved have now called a halt to the practice. They continue to intercept some queries – those from Bing and Yahoo – but are passing the searches on to the relevant search engine rather than redirecting them.

This lawsuit is without merit, and harmful to our business and that of our partners. Let me respond to the two major accusations in the lawsuit.

"First, the lawsuit alleges that Paxfire collects, analyzes and sells user information. This is completely false and has absolutely no basis in fact.

"Paxfire does not and has never distributed or sold any information on users, either individually or collectively. Paxfire does not analyze end user searches, does not hold any history or database of user browsing or search, and does not profile users in any way. Moreover, Paxfire has no plans to change this policy. To repeat: We never, ever collect, monitor, store or sell personal data on users, collectively or as individuals, and we never have.

"Second, Paxfire does not hijack searches or 'impersonate search engines.'

"This would be fundamentally contrary to our service mission, which is to improve the user experience by helping users arrive at their intended website after having mistyped a web address. We are all about helping customers navigate the web, and not about searches. We partner closely with our ISP customers to ensure the service is operated not only in full accordance with the law and end user agreements, but also in a way that provides a good user experience. For example, when we have to guess the intended destination from a bad address, our results page includes an explanation of how they landed there and provides an option to opt-out of the service.

"Finally, we want to make clear that while it is without merit, this lawsuit and its allegations are extremely harmful to our reputation and those of our partners. Under Rule 11 of the Federal Rules of Civil Procedure, a party has an obligation to ensure a foundation for his or her allegations. Clearly, this was not done adequately by the plaintiff in this case. Accordingly, Paxfire intends to seek the full sanctions available to it under the law, to vindicate the organization and to make it whole from the damages caused by this lawsuit.

"Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden (sic) search result from another website. I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes me wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?"

Here in the States one ISP (Windstream Communications) was recently busted for taking this concept one step further, going so far as to actually hijack Firefox Google search toolbar results. Windstream quickly backed away from the practice once users started to complain, insisting it was a mistake. However, the ISP wouldn't offer technical specifics about what technology they were using that created this "bug," and employees were told not to elaborate. To be clear, in Windstream's case this went well beyond DNS redirection, worked no matter what DNS servers were being used, and involved manipulating actual traffic streams using a new flavor of deep packet inspection. Whether this new layer 7/DPI is being used for copyright enforcement, surveillance, data mining or search result hijacks isn't clear -- but whatever it's being used for, it's being implemented with absolutely no transparency to the end user.

It seems unlikely that any U.S. ISP would take things further by hijacking toolbar results, given ISPs are busily trying to argue to regulators that network neutrality rules aren't necessary. Still, as deep packet inspection technology gets more sophisticated, precisely how ISPs are meddling with your traffic is something to keep a close eye on. ISPs already have a bad habit of offering value added services that fail to provide any value to consumers, and DNS redirection ads are only the latest example. ISPs were in such a hurry to grab this additional revenue, they failed to bother to make sure opt-out mechanisms for these "services" even worked, much less consider adding any kind of enhanced DNS functionality (as seen by companies like OpenDNS) that would make these services worth something to the end user. While DPI itself isn't bad, it holds a lot of potential for abuse among ISPs eager to make an extra buck at any cost.