Comcast Takes Heat For Injecting Messages Into Internet Traffic

from the meddling-and-fiddling dept

Since around 2013 or so, Comcast has been injecting warning messages into user traffic streams. Sometimes these warnings are used to notify a customer that their computer may have been hacked and is part of a botnet. Other times, the warning messages inform users that they’ve (purportedly) downloaded copyrighted material as per Comcast’s cooperation in the entertainment industry’s “six strikes” Copyright Alert System (CAS), a program that pesters accused pirates until they acknowledge their villainy and receipt of “educational” materials on copyright.

More recently, Comcast has used the system to urge customers to upgrade to a newer modem, or to warn users in capped markets that they’re about to reach their monthly usage allotment and will soon be paying overage fees:

While Comcast’s efforts here may be well-intentioned, the act of fiddling with user traffic and injecting any content into the user data stream has long been controversial. Pretty much like clockwork over the last three years, you see stories popping up every few months or so explaining how letting such a fierce opponent of concepts like net neutrality fiddle with user traffic just isn’t a particularly smart idea. Users have also consistently complained that there’s no way to opt out of the warning messages.

But in addition to being annoying and a bad precedent, many think Comcast’s efforts on this front open the door to privacy and security risks. iOS developer Chris Dzombak, for example, penned a blog post last week explaining how getting broadband users used to this level of popup pestering by their ISP opens the door to hackers to abuse that expectation and trust via man-in-the-middle attacks:

“This might seem like a customer-friendly feature, but it?s extremely dangerous for Comcast?s users. This practice will train customers to expect that their ISP sends them critical messages by injecting them into random webpages as they browse. Moreover, these notifications can plausibly contain important calls to action which involve logging into the customer?s Comcast account and which might ask for financial information.

Any website could present its users an in-page dialog which looks similar to these Comcast alerts. The notification?s content could be entirely controlled by criminals hoping to harvest users? Comcast account login information. This would give an attacker access to users? email, which is a gateway to reset the user?s passwords on most other sites ? remember, most password recovery mechanisms revolve around access to an email account.

Each time this subject pops up, Comcast’s engineering folks are quick to point out that this is all perfectly ok because the company filed an informational RFC (6108) back in 2011 explaining what the company was up to. Usually this results in media outlets quieting down for a while until somebody new discovers the popups. But Dzombak is quick to correctly note that filing an RFC isn’t some kind of get out of jail free card for dumb ideas:

“Comcast has submitted an informational RFC (6108) to the IETF documenting how this content injection system works. This appears to be a shady effort to capitalize on the perceived legitimacy that pointing to an RFC gives you.

First, let me point out that just publishing a memo that says you plan to do something, doesn?t mean that the thing you?re doing is acceptable.

Second, RFC6108 does not address this concern whatsoever. There?s a short section about security considerations, which largely boils down to this guidance: ??the notification must not ask for login credentials, and must not ask a user to follow a link in order to change their password, since these are common phishing techniques. Finally, care should be taken to provide confidence that the web notification is valid and from a trusted party, and/or that the user has an alternate method of checking the validity of the web notification. ?”

In short, that puts the onus on customers to know that these popup notifications should not ask for login information. But most users simply aren’t going to know that, and would be easily fooled by a phony popup that mirrors this dialogue but redirects users to a malicious third-party website asking for their user credentials. This is just a snippet of HTML on an unencrypted website; there’s no magic bullet way of being sure the web notification you’re viewing “is from a valid and trusted party.” Comcast told Dzombak his points are fair on Twitter last month, but still hasn’t seriously addressed the problem.

Comcast has your e-mail address for notifications. There’s really no reason to fiddle with user traffic. It’s a horrible precedent that’s not only annoying, but a potential privacy risk. Fortunately the problem may self-resolve as Comcast can’t inject the messages into encrypted streams — and encryption use overall is on the rise. Still, it’s still not a particularly great precedent to let a company with a long, proud history of fighting net neutrality fiddle with data streams, however purportedly noble the intention.

Filed Under: , , ,
Companies: comcast

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Comcast Takes Heat For Injecting Messages Into Internet Traffic”

Subscribe: RSS Leave a comment
78 Comments
tom (profile) says:

Way to go Comcast, train your customers that weird pop up messages are ok and can be safely ignored. Ignore the established methods of email, text messages and phone calls.

The average person will have no way to tell the difference between malware popups from Comcast and malware popups from others. How long until the bad guys start formatting popups that resemble the Comcast popups?

Anonymous Coward says:

I still don’t see how this isn’t violating the CFAA.
It’s obvious that it “exceeds authorized access”, if I can not opt out of such notifications. If I want to go to the local county website, and it’s blocking information, that’s directly related to the government requirements.

Now the CFAA is really broad and should be fixed, but the DOJ should swing both ways if they want to prosecute others for it.

The main issue though is that it’s just bad practice, and encourages others to use these notifications to hack into people’s accounts. We’ve already seen this with SSO on Facebook, Google, et al logins and XSS attacks.

PaulT (profile) says:

Re: Re:

I’d assume it’s not a violation since they’re technically adding information to data they’re providing rather than interfering with 3rd party comms or hardware. That is, although unsolicited, they’re providing information you requested via their service, only with an additional item attached. I’d imagine the argument would be if the postal service adds an extra postcode with information on it, that doesn’t count as mail tampering.

Silly analogy and everyone posting here probably knows the many things wrong with that argument, but I’d bet that’s how it’s presented.

Anonymous Coward says:

Re: Re: Re:

“I’d assume it’s not a violation since they’re technically adding information to data they’re providing rather than interfering with 3rd party comms or hardware.”

In what world does this make sense? Adding, changing, removing, or even just LOOKING is interference at a technical level. Hell, there is interference from the natural world that is already a problem we have to deal with in networking, lets not add fucking more!

Doing anything other than passing the data along like a good network device is interference!

PaulT (profile) says:

Re: Re: Re: Re:

I didn’t say it made sense, I just said that’s how it’s probably interpreted.

“Doing anything other than passing the data along like a good network device is interference!”

But, not “wrong” if you’re the one in control. They are adamantly against being classed as common carriers and dead set against net neutrality…

Anonymous Coward says:

Re: Re: Re:

I’d assume it’s not a violation since they’re technically adding information to data they’re providing rather than interfering with 3rd party comms or hardware.

Would you be happy if they injected a voice into your phone calls to warn you that you were about to run out of purchased minutes?

Anonymous Coward says:

Re: Re: Re: Re:

“Would you be happy if they injected a voice into your phone calls to warn you that you were about to run out of purchased minutes?”

Didn’t they used to do that on pay phones? (People still remember pay phones, right? I used one maybe twice in my life as a kid, so I might remember wrong.)

Anonymous Coward says:

Re: Re: Re: Re:

“I’d assume it’s not a violation since they’re technically adding information to data they’re providing rather than interfering with 3rd party comms or hardware.”

Actually they are. If they are interjecting traffic in HTTP, at minimum they have to read the frame header and recalculate the length, and THEN they have to inject plain text into the the actual HTML, which would require reading, at the very least the first few lines of the document.

So it is a direct interception and modification of a document transmitted between two parties, who may not have any contractual relations with Comcast whatsoever. (as in a house guest, or minor) It is not significantly different than intercepting a fax transmission, modifying it and retransmitting it. From a technological perspective, these two things are only marginally different. The fact that they identify themselves, doesn’t preclude it from being a crime.

But the bigger issue, is that if they can do line rate modification at this level they have specifically built network infrastructure to do line rate modification for other reasons. This activity is not a feature that came with the network hardware.

What makes this work is infrastructure (expensive infrastructure) built specifically for intercepting consumer traffic, and MIM’ing it on demand. Which is to say, a stupid popup is not what justified the capital layout to build an overlay network for intercepting consumer traffic.

So what else is it being used for? My expectation, is that they are using it for state, and privately sponsored computer intrusion. Which makes them an agency of state, for all practical intents and purposes.

PaulT (profile) says:

Re: Re: Re:2 Re:

“So it is a direct interception and modification of a document transmitted between two parties, who may not have any contractual relations with Comcast whatsoever”

It depends on how the law sees it, and the law and technical reality don’t often see eye to eye. All I know is that the recipient has agreed to get their data delivered by Comcast, and the TOS probably has a clause allowing them to do this. I don’t believe the sender of information has any say if the recipient has agreed to tampering or monitoring, but I could be wrong.

If you think this is criminal activity, go ahead and get their customers to sue. But, I think it’ll be a long uphill battle and likely to be judged a civil violation at best.

“So what else is it being used for?”

Could be anything, the problem again here being that lack of competition means that Comcast know their customers have few places to go even if they completely lose all trust in them.

Anonymous Coward says:

Re: Re: Re:3 Re:

” All I know is that the recipient has agreed to get their data delivered by Comcast, and the TOS probably has a clause allowing them to do this.”

No, the recipient hasn’t in all cases. Home WIFI is often used by parties who have no contract with Comcast. So the closest thing to authorization, would be if the TOS requires the customer to act as agent, and indemnify Comcast for violations of the rights of the house guest.

But of course that is B.S. because as a monopoly market provider, (in most cases) the TOS is not a contract. A contract requires mutual consideration. If service is denied based on refusal of the terms in the TOS, then the 1st amendment rights of the consumer are effectively held hostage, due to the lack of availability of a suitable replacement. This makes the TOS an agreement under duress, and therefore no agreement at all.

And really there should be some thought given to whether this is precisely the intent of the monopoly regulations written by the various states. Do monopoly telecom relations derive from simple graft? Or is the purpose of these regulations, to effect upon the citizens a state of duress, and a mechanism of control for interfering with the citizens Constitutional rights, making these regulations a tool of tyranny as well?

PaulT (profile) says:

Re: Re: Re:4 Re:

“No, the recipient hasn’t in all cases. Home WIFI is often used by parties who have no contract with Comcast.”

Well, that depends on what you class as “recipient”. I’m sure that Comcast would consider it to be the router that logs into their network, not the individual devices connected to it. They’re altering the packets that go between their servers and the device logged into their network, not the internal network controlled by the router.

Put it this way – my apartment building receives mail to the security desk, and the local security staff take responsibility for distributing it to the correct mailboxes across the complex. I’m sure that the postal service would consider the security desk the end of their responsibility, not the person who opens the envelope.

Again, you can argue whether this attitude is moral or even legal, but I’m sure that’s how it’s set up. Until such ideas are battled in court, all I’m saying is that saying that Comcast are criminally liable for inserting messages as they do is something of a stretch as I understand the situation.

Anonymous Coward says:

Re: Re: Re:5 Re:

“Well, that depends on what you class as “recipient”. I’m sure that Comcast would consider it to be the router that logs into their network, not the individual devices connected to it.”

The computer is not an entity legally able to contract. Only the sender, and recipient are. The TOS is presumed to be a contract for rendering of services, but it isn’t since the services are natural law rights. The TOS can no more deny you the right to privacy, and the right to communicate privately and free from molestation, than it can deny you the right to breathable air.

As far as the technical means of interception; it is not articulated in computer crimes law in my state, only the act of interception is. The demarcation point of the communication is not generally relevant.

The only way that I can conceive of the demarcation point being legally relevant, is if the consumer was not in a monopoly market. In such a case it could be reasonably argued that the TOS articulated a contracted service, rather than an attempt to defraud the consumer by portraying a public utility as one.

Anonymous Coward says:

Re: Re: Wiretap

they aren’t technically accessing your computer

I’m pretty sure they’re interfering with the normal operation of your computer to cause it to display their message instead of what you intended. Not all that different from the website defacements the DOJ has prosecuted people for under the CFAA.

> but it IS a violation of the Wiretap Act.

That too, then. That’s probably how the DOJ would stack the charges against a peon.

PaulT (profile) says:

Re: Re: Re: Wiretap

“I’m pretty sure they’re interfering with the normal operation of your computer to cause it to display their message instead of what you intended”

No, they’re not. The browser is displaying what it’s instructed to display, as normal. It’s just that the instructions to display this message have been altered between sender and recipient.

“Not all that different from the website defacements the DOJ has prosecuted people for under the CFAA.”

Well, I’m not sure of a specific case but I’m sure that defacement would have been prosecuted as altering the code on the server. Nobody’s accessing the server in this case. Nothing’s being changed on any computer here, in fact, it’s a change during transit.

As for wiretap act, I’m sure that’s more applicable, but again it depends on how the law and court sees it. If Comcast’s TOS allows them to do this and they’re not currently injecting malware, I’m not sure it’s actually criminal activity (however much you wish it may be). Comcast customers are welcome to take them to court and prove me wrong, however.

Anonymous Coward says:

Re: Re: Re:2 Wiretap

No, they’re not. The browser is displaying what it’s instructed to display, as normal. It’s just that the instructions to display this message have been altered between sender and recipient.

So, as long as a computer is following instructions, no crime has been committed, even if those instructions have been altered without authorization. Interesting theory, but one wholly without any legal basis whatsoever that I can see.

Nothing’s being changed on any computer here

Umm, so? Aaron Swartz didn’t change anything on MIT’s computers either. I suggest anyone unfamiliar with the story go look it up.

PaulT (profile) says:

Re: Re: Re:3 Wiretap

“So, as long as a computer is following instructions, no crime has been committed, even if those instructions have been altered without authorization. Interesting theory, but one wholly without any legal basis whatsoever that I can see”

That’s why I’ve repeatedly said you should wait for someone to sue and follow the court case. I’m simply, as a layman, explaining how I think Comcast can justify this not being illegal. I notice that people are just trying to shoot down me and my ideas without evidence or explanations of how it actually is in violation of the suggested laws.

The point is – if you’re trying to apply laws that refer specifically to hacking a computer to this, you’re on the wrong track and it’s pretty dumb to think that Comcast haven’t already consulted lawyers to see if they can get away with it. It’s also dangerous to start applying those laws to such things if they’re not the best tool. Wiretapping laws, more likely but it really depends on who is considered the originator and requester, and how the TOS and other agreements apply. That will take lawsuits and time in court.

“Aaron Swartz didn’t change anything on MIT’s computers either.”

No, but he gained access to them in a manner that was deemed unauthorised, whether or not you agree with that assessment or the result (I don’t, of course). The point is, the data is being changed after it has left the originating server and so the CFAA’s rule about unauthorised computer access doesn’t apply, no matter how strongly you feel it should compare to Swartz or any other victim of that act.

Anonymous Coward says:

Re: Re: Re:4 Wiretap

That’s why I’ve repeatedly said you should wait for someone to sue and follow the court case.

We’re talking about criminal law, not civil.

I notice that people are just trying to shoot down me and my ideas without evidence or explanations of how it actually is in violation of the suggested laws.

People have provided examples of how the law has been interpreted and applied in the past as way of explanation. I don’t know why you are ignoring that.

it’s pretty dumb to think that Comcast haven’t already consulted lawyers to see if they can get away with it.

Comcast knows that they can get away it with because of who they are, not because what they did couldn’t be prosecuted if done by someone less powerful. That’s the point being made.

No, but he gained access to them in a manner that was deemed unauthorised,

And Comcast is gaining unauthorized to the destination computer to display their messages. Let me ask you this, do you really think that if, for example, someone were to hack into the FBI’s computers to cause them to start displaying unauthorized on-screen messages that they wouldn’t be charged under the CFAA? Or is it all different, depending on who’s computer it is? Again, that’s the point people are making: unequal application of the law.

PaulT (profile) says:

Re: Re: Re:5 Wiretap

“We’re talking about criminal law, not civil.”

As am I, only people are bitching at me for trying to provide ideas as to why they’re not being prosecuted for it.

“People have provided examples of how the law has been interpreted and applied in the past as way of explanation. I don’t know why you are ignoring that.”

I’m not, I just haven’t seen anything relevant. Most claims have not been followed with citations or examples. The only one definitely mentioned is the Swartz case, which is irrelevant because it involved ACCESS to the originating SERVER. Which did NOT happen here. It’s not being prosecuted under the CFAA because it’s not relevant – unless someone can be bothered to give me a citation rather than whining. Get it yet?

“Comcast knows that they can get away it with because of who they are, not because what they did couldn’t be prosecuted if done by someone less powerful. That’s the point being made.”

I agree, but nothing I’ve said changes that. I merely answered the person stating “I still don’t see how this isn’t violating the CFAA.” – and nothing said to me had altered what I said. Absent an explanation of how the CFAA applies here, the examples given are utterly different cases to the one discussed here

“And Comcast is gaining unauthorized to the destination computer to display their messages.”

How? They are changing information in transit, between its own servers and those controlled by the requesting customer. They are NOT changing any data on the originating server, only data as it passes through the network they own, en route to the computer that requested the original information. Therefore, how EXACTLY are they gaining unauthorised access to the originating server?

Chris (user link) says:

Re: Re:

Even worse than that, the security guideline you cite would only be useful if users already knew that these notifications shouldn’t ask for login credentials. Users don’t know that; how could they? They haven’t read this RFC.

So most people won’t even think it’s suspicious for a plausible-looking Comcast notification to ask them to login directly.

Anonymous Coward says:

Re: Re:

“…the notification must not ask for login credentials

What happens when the user "clicks here" on that dialog to upgrade their service? Does that upgrade really go through without them having to log in?

Can a web page’s javascript read the Comcast dialog box and push the buttons itself?

Where’s the content for this dialog box coming from? Does everyone get an iframe referring to the same server? That could be interesting—by compromising one web server you could compromise most of Comcast’s customer base.

Anonymous Coward says:

opens the door to hackers

hackers? I fail to distinguish how they are different from the carriers in this regard. And frankly, most state computer intrusion laws, could be reasonably interpreted to regard this behavior as a crime.

IMHO the fact that they are even touching the frame at or above OSI layer 4, is an intrusion into a communication between two parties who may or may not have contractual relationships with the carrier. And even if they do have a contract, the customer is probably in a monopoly market. So performance of the contract is under duress against the users 1st amendment rights, and therefore void.

IOW, it is criminal wiretapping. This is equivalent to the post office, opening your mail because they don’t like the style of the writing, reading the contents, and leaving a comment INSIDE the envelope.

A lot of this shit derives from false advertising practices. They advertise shared capacity instead of CIR, or SLA based rates for individual users, and then fuck the users on overages for using the capacity the carrier advertised. And to do this, they have to actually use MORE equipment to keep track of who they are fucking over.

So now they are monitoring traffic, they never technically needed to monitor, and the MPAA, RIAA and the FED start making demands of the monitoring capacity, and they start billing for consumer surveillance, turning it into a product.

This doesn’t get solved until the carriers are separated from the content providers. It is just going to get worse with IOT.

So what is going to happen, is the fed will start wailing: “OMG, the Internet is falling! Whatever shall we do”, and the carriers will step up and say: “Sure, WE’LL take care of that for you” which will put them in a position to implement regulatory capture over the IOT industry.

And Congress will high five, and return to being malevolently ignorant about the relationship between modern technology, and the Constitution.

Lurker Keith says:

not just Comcast

This isn’t just a Comcast thing. Charter does it, too.

Once, & only once, when I was trying to switch back to my old modem/ router hybrid, IIRC, because the new router I bought didn’t work properly & put up massive security flags for wanting online access JUST TO CHANGE THE SETTINGS (have since gotten a different router that lets me in offline, & am using Charter’s free modem, to limit liability for connection problems), I saw a similar message about the connection (don’t remember what it said), assumed it was suspicious & called Charter to question it.

Next time, since I just have internet & there’s no need for them to require anything of me to supply it, I might demand some kind of opt-out. I may also question it’s legality.

Luckily, I never provided them with my E-mail & don’t have one with them. It’s a wire into my place, all they should need is payment of the bill. However, I think I had to confirm my name. Wasn’t comfortable with that already being in the message (not sure if it was part of the original popup or a page I clicked something to open).

Grey (profile) says:

As the son of a pair of hippies, (My Mother not being an unintelligent one as she and her co-workers built most of the pacific NW’s initial internet backbone for GTE (now Verizon) back when the company thought the net was a fad, but I digress…)

Fuck that noise… They’ve trusted random strangers to walk up to the house and cut the corner off their station wagon to fix damage… and paid them in advance because “they didn’t have the right paint” (vanished with the money), they’ve fallen for curb painting scams, after Dad died, Mom let some asshole talk her out of an antique, concert-grade double bass worth 8 grand at it’s last valuation… (in the mid 80’s… ) for $3k. (After she told me how happy she was to sell it, I had to point out she had just been screwed out of $10-15k,)

I have enough trouble keeping my flaky family from screwing themselves over as it is, they do NOT need to be acclimated to accepting random windows that pop up.

Anonymous Coward says:

Re: Re: Re:

I turn flash on, I get moderated. I turn it off, my posts go through fine.

I’m using a Australian proxy now (I think), but I tried 10 different countries proxy servers. All moderated. I couldn’t get one post through regardless of the server. I did a bit of research and found out that they can use flash to bypass the proxy. I thought it was bullshit, so i tried it. I turn flash on and I get moderated, I turn it off and my posts went through fine.

Don’t be a dick PaulT, I’m only following logic here. If there is a reasonable explanation for it then fine, hit me with it. I’ll admit I’m wrong if that’s the case. But I’ve been testing it all morning, that data doesn’t lie.

PaulT (profile) says:

Re: Re: Re: Re:

“I turn flash on, I get moderated. I turn it off, my posts go through fine. “

What is the content of the posts moderated, have you posted a lot that day, copied a lot of links, been flagged a lot by the community, etc?

I’m not saying it’s absolutely not happening, but there are many other factors. The only times I’ve ever been held for moderation is when I’ve forgotten to log in and I’m posting from a new location with a bunch of links. That’s a spam filter, not a grand conspiracy. It might just be that you’ve been flagged so many times on your proxied IPs that your own comments are what’s causing them to be moderated.

“Don’t be a dick PaulT, I’m only following logic here”

I hope you’ll forgive me, but I find that whining about being flagged and moderated usually comes from people who have it happen because they’re trolling or similar, not because of the software they’re using. If that’s not the case for you, I hope you get it sorted out

Although I admit, the first thing that comes to mind here is “why are you so intent on using a proxy to hide your IP to post anonymously on this particular site?”. My second thought is that you’re acting suspiciously, so of course your comments will be moderated as such. My third is what these comments actually are that you’re so desperate to get through and if they do indeed deserve moderation.

“that data doesn’t lie”

However, sadly, a lot of ACs posting here do. If TD are indeed using extra protections to detect and restrict the trolls whose mission it is to derail every conversation here with fiction, I can’t blame them.

Anonymous Coward says:

Re: Re: Re: Re:

Mine did. I will agree with PaulT on one thing, I should have definitely known better than to have it on. Shame on me for that.

But you know what; I’ve been lurking this site for 10 years or so. I’ve had some knock down drag out’s with people, but never targeted for moderation like this. I was hurt at first, now I’m just disappointed. I wasn’t cussing anyone, I was arguing the hell out of my point and bam… moderated. On that particular subject, I’m very Right leaning, I hope that wasn’t the reason but it sure as hell looks like it.

PaulT (profile) says:

Re: Re: Re:2 Re:

“I’ve had some knock down drag out’s with people, but never targeted for moderation like this”

Again, perhaps it’s what you were saying (or the community’s reaction to it) during those arguments that’s caused you to get flagged.

“I was arguing the hell out of my point and bam… moderated”

Oh, there it is. Since you insist on commenting anonymously (quick hint – in my experience, logged in accounts are subject to far less moderation), we can’t verify the argument without you linking to it. But, at a guess – you were flagged as a troll so you were moderated. You continued the same argument on different IPs, got flagged again on those, and now your entire pool of IPs has been flagged. So, the filter correctly causes flagged IPs to be moderated. No client-side coding required.

There could be another explanation, but I find that people here whining about censorship and unequal treatment are usually those who are just being flagged as trolls. Whether you agree with that label or not, I fear that’s the reality.

Anonymous Coward says:

Re: Re: Re:3 Re:

“in my experience, logged in accounts are subject to far less moderation”

So you agree they are censoring based anonymity? Way to make my point ass hole.

Your such a piece of shit. You don’t know the first thing about what your talking about or the VPN service I use so your just tossing out insults and guesses. I have a lot more than a handful of IP’s to choose from you retard. Take your arrogance and your complete lack of understand of what the fuck your talking about and shove them both up your ass.

“But, at a guess – you were flagged as a troll so you were moderated.”

That’s all you can do? Fucking guess? Nice contribution to the discussion.

“There could be another explanation, but I find that people here whining about censorship and unequal treatment are usually those who are just being flagged as trolls.”

Unlike yourself, I’m not guessing. I spent quite a bit of time testing my theory against their website.

I suggest you learn a little about how this shit works before you open your pie hole and confirm the fact that your an idiot.

PaulT (profile) says:

Re: Re: Re:4 Re:

“So you agree they are censoring based anonymity?”

No, I’m saying that without any verification of who you are, they can only filter based on your IP. If your IP is regularly flagged, it gets moderated. If it’s been flagged in the past, but your account wasn’t flagged at that time, then it can be presumed that it wasn’t your comments that caused the flag. If the Ip stops being flagged, it doesn’t get moderated no matter how anonymous or otherwise the author is.

It’s not discrimination or censorship if you’ve chosen not to provide the data to distinguish you.

It’s not hard to make the distinctions here, but you have to base your response on facts.

“Way to make my point ass hole.”

Oh, so you’re one of those fools who devolves into name calling when they can’t argue on facts. It’s not really a mystery why you’re getting flagged by the community, is it?

“That’s all you can do? Fucking guess? Nice contribution to the discussion.”

While you’re continuing your descent into whining swearing toddler tantrum, you might wish to consider that this is all you’ve been doing as well.

“Unlike yourself, I’m not guessing. I spent quite a bit of time testing my theory against their website”

No, you tested a single criteria, and all you managed to prove is that the IPs you use on your proxy have flagged for moderation. Probably due to behaviour similar to that displayed here. Did you consider not acting like this, at all?

“I suggest you learn a little about how this shit works before you open your pie hole and confirm the fact that your an idiot”

Sorry, I don’t talk to children while they’re making a scene. Come back when you pass puberty.

Anonymous Coward says:

Re: Re: Re:2 Re:

Your arrogance is seconded only by your stupidity. Someone abbreviates and suddenly they don’t know what their talking about? You post on this website all day passing insults and putting your arrogance on full display to the world. Your the worst kind of troll. One without a fucking life.

PaulT (profile) says:

Re: Re: Re:3 Re:

“Someone abbreviates and suddenly they don’t know what their talking about?”

Yes. Java and Javascript are completely different technologies with different uses and implementations. Mixing the two up means you have no idea what you’re talking about. I apologise for exposing your ignorance, but this is why I questioned your claim to begin with. Java doesn’t get used for things like the action you claim, which makes your claim wrong..

“Your the worst kind of troll”

Stating facts is not trolling. I’m sorry that you lack the knowledge you claim to have, but that’s not my problem.

PaulT (profile) says:

Re: Re: Re:5 Re:

Most likely, but I’ve been in a mood to keep nudging. His response here really does say it all, though. He’s been wrong about basic facts but won’t admit it, he won’t accept the most likely explanation about what’s happening (because it involves taking personal responsibility) and instead invents a conspiracy against him and throws a tantrum that would embarrass most playgrounds when cornered by facts and logic.

I’d laugh if I hadn’t spent the last few months watching people like this get elected to prominent positions that will shape the next decade of my life, at bare minimum, and probably much more than that.

DannyB (profile) says:

How big of an issue is this with HTTPS? (TLS)

How many sites are still using HTTP instead of HTTPS?

I can understand how Comcast can inject anything into an HTTP result. But what about when you are using TLS?

Aren’t more and more sites secure against this type of attack? And Comcast’s injection of anything IS an attack! At least in its implementation, even if the motivation is different.

Even traffic in other protocols, how much is in plain text these days?

Any useful or informative information?

Lurker Keith says:

Re: How big of an issue is this with HTTPS? (TLS)

I can’t comment on Comcast, but I don’t think that makes a difference with how Charter does it. When I encountered whatever they’re doing, it prevented me from accessing the net at all, until I clicked through their page. It might be something that preempts even the DNS look up, so encryption might be useless to stop it.

Brakeing Down Security Podcast (user link) says:

Canadian ISPs have been doing it for years.

Our show talked about this with Lee Brotherston almost 2 years ago. He found an ISP up in his neighborhood was injecting ‘you are almost at your bandwidth cap’ on sites he’d visited previously. We discussed how to block it… apparently, the tech was patented and is created in San Antonio, Texas.

Listen to us talk about it with Lee Brotherston… http://traffic.libsyn.com/brakeingsecurity/2015-006_ISP_MiTM-Lee-Brotherston.mp3

Lee Brotherston says:

Re: Re: Canadian ISPs have been doing it for years.

Yes, it was Rogers, at least that’s where I encountered it. For what it’s worth I searched out the specific injection tools that they were using on Shodan and noted management boxes for these on Bell et al also, so I think they’re most places.

Rogers actually still do this, they’re just less obvious about it now. But their warnings about going over your bandwidth usage, for example, use this technique.

Last time I checked they were using the PerfTech platform, but that could have changed since.

As Bryan mentioned I did a little research project and talk on this. If you’re interested here’s some links to what I found:

mini-summary: https://blog.squarelemon.com/2014/11/corporation-in-the-middle-blog-edition/

bsides talk:
https://www.youtube.com/watch?v=_YeaYIPM-QI

me chatting with Bryan about this: http://traffic.libsyn.com/brakeingsecurity/2015-006_ISP_MiTM-Lee-Brotherston.mp3

mike mike mike says:

Comcast - rape is ok when you know it's coming

Comcast analogy on doing shady things.

-“It’s ok to rape you because I told you I was going to rape you” – Comcast
-“It’s okay to steal from you because the government got a notice that we were about to rob you and they did nothing to stop us”

Should I keep going with how Comcast excuses sound like?

Slow clap for Comcast, and no it’s still not ok

As much as I love the internet, I will laugh pretty hard when a solar flare fries all the cables. =) Comcast you are terrible.

Sand says:

Creepy Comcast.

The popups are SO DAMN creepy. Very pathetic way to remind. I was on a webex with 10 customers when I happen to be working from home and my shared screen shows this pop-up. Terrible. So creepy. So Comcast has a way to track the usage (this part is ok wfif) then go the personal online device they see online then know what browser I have open and then insert this popup. What else are you monitoring??? Now, looking at options to move away from Comcast. BTW been their internet customer for 7 years and bought more services like phone and then they ding me with this cap! Way to go Comcast.

ayu putry (profile) says:

daftara agen togel

Kumpulan Link Alternatif Situs Bandar Agen Judi Togel Online Hongkong Singapore sydney LahorePools ZairePools di Seluruh Indonesia

Kami Menghadirkan Kumpulan website link alternatif judi Togel Online di indonesia agar memudahkan anda untuk bermain di website kesayangan yang telah terblokir

Link Alternatif yang kami sajikan resmi langsung dari situs officialnya Anda Hanya perlu Mencari Situs kesayangan Anda disini

Kami Hanya Menyediakan Link Alternatif Situs judi Togel Online yang terpercaya dan Admin Didalamnya yang sebelumnya sudah kami uji terlebih dahulu

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
06:23 The New York Times (Falsely) Informs Its 7 Million Readers Net Neutrality Is 'Pointless' (51)
15:34 Facebook's Australian News Ban Did Demonstrate The Evil Of Zero Rating (18)
04:58 'Net Neutrality Hurt Internet Infrastructure Investment' Is The Bad Faith Lie That Simply Won't Die (11)
05:48 Dumb New GOP Talking Point: If You Restore Net Neutrality, You HAVE To Kill Section 230. Just Because! (66)
06:31 DOJ Drops Ridiculous Trump-Era Lawsuit Against California For Passing Net Neutrality Rules (13)
06:27 The Wall Street Journal Kisses Big Telecom's Ass In Whiny Screed About 'Big Tech' (13)
10:45 New Interim FCC Boss Jessica Rosenworcel Will Likely Restore Net Neutrality, Just Not Yet (5)
15:30 Small Idaho ISP 'Punishes' Twitter And Facebook's 'Censorship' ... By Blocking Access To Them Entirely (81)
05:29 A Few Reminders Before The Tired Net Neutrality Debate Is Rekindled (13)
06:22 U.S. Broadband Speeds Jumped 90% in 2020. But No, It Had Nothing To Do With Killing Net Neutrality. (12)
12:10 FCC Ignores The Courts, Finalizes Facts-Optional Repeal Of Net Neutrality (19)
10:46 It's Opposite Day At The FCC: Rejects All Its Own Legal Arguments Against Net Neutrality To Claim It Can Be The Internet Speech Police (13)
12:05 Blatant Hypocrite Ajit Pai Decides To Move Forward With Bogus, Unconstitutional Rulemaking On Section 230 (178)
06:49 FCC's Pai Puts Final Bullet In Net Neutrality Ahead Of Potential Demotion (25)
06:31 The EU Makes It Clear That 'Zero Rating' Violates Net Neutrality (6)
06:22 DOJ Continues Its Quest To Kill Net Neutrality (And Consumer Protection In General) In California (11)
11:08 Hypocritical AT&T Makes A Mockery Of Itself; Says 230 Should Be Reformed For Real Net Neutrality (28)
06:20 Trump, Big Telecom Continue Quest To Ban States From Protecting Broadband Consumers (19)
06:11 Senators Wyden And Markey Make It Clear AT&T Is Violating Net Neutrality (13)
06:31 Net Neutrali-what? AT&T's New Streaming Service Won't Count Against Its Broadband Caps. But Netflix Will. (25)
06:23 Telecom's Latest Dumb Claim: The Internet Only Works During A Pandemic Because We Killed Net Neutrality (49)
13:36 Ex-FCC Staffer Says FCC Authority Given Up In Net Neutrality Repeal Sure Would Prove Handy In A Crisis (13)
06:27 Clarence Thomas Regrets Brand X Decision That Paved Way For The Net Neutrality Wars (11)
06:17 The FCC To Field More Comments On Net Neutrality. Maybe They'll Stop Identity Theft And Fraud This Time? (79)
08:56 AT&T, Comcast Dramatically Cut Network Spending Despite Net Neutrality Repeal (16)
06:18 Ajit Pai Hits CES... To Make Up Some Shit About Net Neutrality (24)
06:24 Mozilla, Consumer Groups Petition For Rehearing of Net Neutrality Case (22)
06:49 AT&T Exec Insists That No Broadband Company Is Violating Net Neutrality Even Though AT&T Is Absolutely Violating Net Neutrality (19)
06:45 Shocker: ISPs Cut Back 2020 Investment Despite Tax Breaks, Death Of Net Neutrality (61)
06:28 Ajit Pai Whines About The Numerous State-Level Net Neutrality Laws He Just Helped Create (47)
More arrow