Broadband ISP CenturyLink Is Blocking Users' Internet Access Just To Show An Ad

from the ill-communication dept

US telco CenturyLink is under fire for temporarily disabling the broadband connections of broadband customers in Utah unless they click on an ad for CenturyLink security software. Even more oddly, the telco is repeatedly (and falsely) trying to blame a new Utah law for its ham-fisted behavior.

It began when a CenturyLink user in Utah posted to Twitter that his CenturyLink broadband line suddenly and mysteriously stopped working. Using what appears to be JavaScript ad injection (an already contentious practice), Centurylink then sent the user a notice stating his broadband connection would not be restored until he acknowledged receipt of the message, which appears to be a glorified advertisement for CenturyLink’s @Ease filtering and security software:

In a blog post first spotted by regional Utah news outlets and subsequently Ars Technica, the user explains how he was initially under the impression that CenturyLink had tried to block him from visiting a phishing website, only to realize later that the ISP was really just temporarily holding his connection hostage until he engaged with a product ad:

“At first glance I was worried that I had somehow been redirected to a malicious website and that this was some kind of phishing attempt… After all, I didn’t navigate here. I attempted to do another search but still ended up at this same notice. I considered the idea that maybe my ISP had detected some kind of threat coming from my network and that’s why I was seeing this official looking page. Eventually, after reading over the page several times, I clicked “OK” and my internet was back.”

When criticized, CenturyLink repeatedly told the user and many reporters (myself included), that it had to block user access in this fashion due to a new Utah law:

Except that’s false. Utah is, Techdirt readers will be aware, home of what has been a near-constant stream of ridiculous efforts to filter porn, a technically impossible task (something backers of the idea refuse to learn). And while this new law in question is dumb, it’s not quite that dumb. The law requires ISPs to inform users that filtering software is available to them as a sort of half-measure toward combating porn. ISPs can do this in a number of ways; the law specifically recommends either including mailers in user bills or sending an email.

The law does not require that ISPs sever access to the internet in order to show them ads for an ISP’s own software, something CenturyLink executives appear to have come up with on their own. That’s something the bill’s author himself confirmed when asked by the impacted user on Twitter:

Users on Reddit indicate this wasn’t isolated to just this user — all Utah CenturyLink customers appear to be experiencing this unnecessary, heavy-handed nonsense. Now it’s possible CenturyLink could argue it was just over-complying to adhere to the law, but since the law is pretty clear an email is ok, this argument doesn’t hold up. More likely, CenturyLink executives either thought they’d use the law as a marketing opportunity, or wanted to bring attention to the dumb new law. Unfortunately that’s not really accomplished by behaving stupidly yourself.

Of course this is the kind of ISP behavior our since-discarded net neutrality rules were designed specifically to prevent. And while a few days of press shame may drive Centurylink away from the policy if users are lucky, that’s really no substitute for an attentive FCC that actually cares about keeping the internet free from idiotic monopoly ideas exactly like this one. The battle over net neutrality has always been about slippery slopes, and letting an ISP interrupt internet traffic to market its own products–and then lie about it–is slippery as hell.

Filed Under: , , , , , ,
Companies: centurylink

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Broadband ISP CenturyLink Is Blocking Users' Internet Access Just To Show An Ad”

Subscribe: RSS Leave a comment
Anonymous Coward says:

“I’m sorry you are having problems. SB134 did not require that — and no other ISP has done that to comply with the law. They were only required to notify customers of options via email or with an invoice. “

This is the third article which dismisses the true problem: why did Utah’s legislature make this a law to begin with.

*THAT* should be the focus, not an ISP blocking the internet (a daily occurrence).

James Burkhardt (profile) says:

Re: Re:

Why isn’t the problem, nor is it a mystery. Utah is a state with a massively Mormon population and being Mormon is as much a benefit to a political career (on either side of the isle) in Utah as being explicitly Christian is to Republican Candidates in most US elections.

Mormonism, like most Christ-derived religions, dislikes pornography from a moral standpoint. It also disapproves of masterbation. Porn bans have not stood up to legal challenge. But a ‘for the children’ law designed to remind consumers, like parents, the existence of optional filters to protect them from ‘objectionable’ material, via email or letter, but requires the consumer start the process, is pretty benign and so is something no one wants to spend resources fighting.

I suppose that legislating morality is an issue, but it is also one Techdirt covers regularly. This law, while strange, is not one that impacts the speech of consumers, or their viewing habits.

Given that the ISP choose instead to block the internet and blame the law for hijacking a customer’s internet session, that is news. The why and how of the blocking is important.

You must be burnt out on net neutrality. That’s understandable. But it is how corporations rule us. By violating our norms until we accept that the norms will always be violated, and the violation becomes the norm. Techdirt remains vigilant. I remain vigilant. You, clearly, refuse.

Anonymous Coward says:

Re: Re:

an ISP blocking the internet (a daily occurrence).

They were also using some kind of traffic hijacking to redirect people to the page, which to me is the bigger problem. (They deny DNS hijacking but don’t say how they got the popup to appear; the only other option I know is to redirect and rewrite port 80 traffic.)

It also indicates a serious problem on the customer’s end. "Eventually I turned to a Google search on my phone only to be immediately greeted with an official looking notice"—what? Google has been encrypted for years now. How did the customer accidentally end up on a site vulnerable to the ISP’s hijacking? claims to use HSTS to force encryption; it shouldn’t have been possible.

And I didn’t see a comment about this yet: CenturyLink is giving out the customer’s account number. If they had open wifi, anyone driving by could have that number now.

Anonymous Coward says:

Re: Re: Re: Re:

That does not protect the initial DNS request, and the ability to put up a page if the name does not resolve.

HSTS is meant to protect exactly that. If your browser has a record of you having gone to, and it had HSTS, the browser will automatically convert all http requests to https. And DNS-redirection will cause any https connection to throw an error, because CenturyLink shouldn’t have a valid cert. (Try it: put a record in your hosts file that points to the IP of an unrelated https server, then go to

Otherwise, any random wifi AP could redirect your bank’s DNS elsewhere and grab your password.

Anonymous Coward says:

Re: Re: Re:2 Re:

I suspect that the errored the DNS request, and used the error page for their advert, as an error page can say anything. That would fit with their claim that they did not use DNS redirect. The way to test that would be to use any DNS server other than the ISPs. Googles is easy to remembers being or

Anonymous Coward says:

Re: Re: Re:3 Re:

I suspect that the errored the DNS request, and used the error page for their advert, as an error page can say anything.

That doesn’t make sense. You cannot send an arbitrary error page back in response to a failed https connection. If you could, the phishers would do exactly that. And you can’t send a "page" back from a DNS request.

Anonymouse Cupboard says:

Re: Re: Re:

It was probably done in the same way that when you forget to pay your internet bill, they reboot your modem and give it a new IP address with a designated range that redirects all traffic to a “pay your bill” webpage.

They most likely had an account check. Anyone that had not yet checked the agree box would have the “pay your bill” webpage, but if you hit the check box, they’d reboot you back to the regular internet.

Anonymous Coward says:

Re: Re: Re: Re:

give it a new IP address with a designated range that redirects all traffic to a "pay your bill" webpage.

Sure, easily done, but any https connection is supposed to throw an error if redirected to an unauthorized server. Unless you mean they’re working with a browser’s built-in captive portal detection feature somehow. (Is that standard? There were talks.)

Nick-B (profile) says:

Got it too

Had this happen to me as well once I came back from out of town. Loaded up my usual daily blogs, and half of them or so loaded this page, while the other half seemed to run a bit slow.

What’s odd is that it doesn’t block all traffic, as some big name sites (google, yahoo, etc) still work, but most minor sites load the “ad”.

I’d gotten this before when I downloaded some… less than legal audiobooks once. Same method done as here, where most sites are down and showing a notice from the ISP.

Anonymous Coward says:

Apple lawsuit in the making?

I wonder if Apple will sue CenturyLink over the product? They own the trademark on AtEase as a software security product, as well as on @me. There’s definitely room for product confusion here. Of course, since neither mark is being used anymore, it’s possible they don’t care, but that doesn’t sound like the Apple I know.

Anonymous Coward says:

Testing the waters...

CenturyLink probably decided they would use this opportunity to test this kind of ad injection while having an “excuse”. It will probably happen again, and soon if there is not enough backlash this time.
My guess is that they will wait a period of time, then do another trial-run… wait a shorter period of time and then do another… so on and so forth until people are used to it.
If that doesn’t work out they will probably make regular ad-free internet connections more expensive while offering “cheap” connections with ad injections like this (cheap meaning almost, or exactly, same price as connections now).
Long have they looked envious at TV stuffing more and more ads into every hour and I am betting it is in their long-term strategy to stuff the internet just as full of them.

Anonymous Coward says:

Interesting … perhaps Utah has made a mistake here.

What are the laws about 911 access, I don’t think states have much say in this.

Some people, by choice, do not have plain old telephone service and they rely upon their internet connection for telephony related functions, including 911 service that Centurylink blocked.

Agammamon says:

Jesus Christ.

Its not to ‘show an ad’ Its to comply with a state government mandate.

You can say the legislature ‘never intended’ for them to comply with the legislature’s mandate in this manner – but the ISP is still required to contact users to inform them about porn filter software the ISP is mandated to offer them.

This way at least no one – especially the legislature – can come back later and say ‘we didn’t know, you didn’t put enough effort in to contacting people’.

Lostinlodos (profile) says:

Nothing new here

I’m not seeing anything worth a story; beyond possible user stupidity.
First this is a big fat nothing of a story. Years ago when I had AT$T I would get occasional notices of service changes that disconnected the internet until I agreed. Charter did the same to me even earlier. A mandatory click through for each TOS change. That goes back to old telephone DSL days.
Second, the filter option was just that, an option.
Third, the law requires that filters be made available and that the customer be made aware. A one button click through seems as good a route as any.
Fourth: they pushed their own tool. So what. Anyone unskilled enough to set up their internet connection with an included software cd already knows that communications companies are going to push their software, be it by partnership or rebranded. The fear mongering in clicking to disable installing inferior software such as Symantec or Eset makes people install it anyway.
So why not look at the far more underhanded tactics like those install discs?!? Not a click through notification.
And really, are you so caught up in looking for something, anything, to prove the regulatory changes caused harm somewhere that you resort to this.
This has nothing to do with net neutrality! No traffic was redirected. You weren’t charged to do something previously free. You weren’t blocked from using the services of your choosing! You were prompted with a notification from the provider. One that required a simple click through to access. A process I’m sure was easier than registering to post here. Where you get a page. Another page. Go to your email for code. Enter code. Finds article again. All you had to do was click through and acknowledge you were made aware that draconian filtering was available to you. Where’s the story?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...