ISPs Hijacking Browser Functions, Continue Proud Tradition Of Value-Free Added Services

from the added-value-for-us-but-not-for-you dept

ISPs over the last few years have quickly rushed to embrace DNS redirection advertising. Instead of users being directed to a traditional page not found message (or Google in some browsers) should they enter a nonexistent or mistyped URL, they're redirected to an ISP-run search portal laden with advertisements. The concept creates a revenue stream out of your clumsy typing, giving ISPs an extra few bucks per month, per user (of course on top of whatever they make supposedly not selling your clickstream data). While many users don't like the practice, most ISPs provide some kind of opt-out mechanism (though they often don't work well), and users can often choose alternative DNS servers. Slashdot directs our attention to the fact that users continue to be surprised when they find out their ISP is hijacking user location bar results:

"Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden (sic) search result from another website. I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes me wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?"

Here in the States one ISP (Windstream Communications) was recently busted for taking this concept one step further, going so far as to actually hijack Firefox Google search toolbar results. Windstream quickly backed away from the practice once users started to complain, insisting it was a mistake. However, the ISP wouldn't offer technical specifics about what technology they were using that created this "bug," and employees were told not to elaborate. To be clear, in Windstream's case this went well beyond DNS redirection, worked no matter what DNS servers were being used, and involved manipulating actual traffic streams using a new flavor of deep packet inspection. Whether this new layer 7/DPI is being used for copyright enforcement, surveillance, data mining or search result hijacks isn't clear -- but whatever it's being used for, it's being implemented with absolutely no transparency to the end user.

It seems unlikely that any U.S. ISP would take things further by hijacking toolbar results, given ISPs are busily trying to argue to regulators that network neutrality rules aren't necessary. Still, as deep packet inspection technology gets more sophisticated, precisely how ISPs are meddling with your traffic is something to keep a close eye on. ISPs already have a bad habit of offering value added services that fail to provide any value to consumers, and DNS redirection ads are only the latest example. ISPs were in such a hurry to grab this additional revenue, they failed to bother to make sure opt-out mechanisms for these "services" even worked, much less consider adding any kind of enhanced DNS functionality (as seen by companies like OpenDNS) that would make these services worth something to the end user. While DPI itself isn't bad, it holds a lot of potential for abuse among ISPs eager to make an extra buck at any cost.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Jim, May 5th, 2010 @ 5:39pm

    Pleeeeezzzz, Mike!

    "The concept creates a revenue stream out of your clumsy typing, giving ISPs an extra few bucks per month, per user ..."

    It's disappointing to see you write an otherwise good post, but then loose credibility with a statement that you have to know isn't accurate. You run a Web site with ads. You know better. In order to make a "few bucks per month, per user," the average user would probably have to mistype URLs thousands of times each month. It's far more likely that the ISPs make pennies per month, per user (and perhaps less). Your data points and arguments were good enough without the egregious exaggeration, which seems to have been inserted to make the story a little bit more compelling. The problem is, when I see something like that, it makes me wonder what other liberties you're taking with the truth.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Radjin, May 5th, 2010 @ 5:58pm

      Re: Pleeeeezzzz, Mike!

      It sounds like you work for one such ISP.

      I do know ad revenue is quite significant for redirections on bad URL's. Either way I think his point is quite valid that other than that, are they actually using some sort of deep inspection that is a bit more invasive?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Jim, May 5th, 2010 @ 7:22pm

        Re: Re: Pleeeeezzzz, Mike!

        First, I don't work for an ISP, and I have zero affection for them. Second, the comment in question referred to mistyped URLs, not deep inspection. Third, you missed my point, which was that by grossly exaggerating, Mike hurt his credibility, at least with me.



        A decent CPM (i.e., how much advertisers pay for 1000 impressions) is about $1. That's 3,000 impressions to make a "few bucks." How many URLs do you mistype a month? Since Mike runs a Web site that gets a lot of traffic, he should know better. I was also disappointed because it seemed to me that he may have done it (perhaps subconsciously) to juice up his story. And by the way, I have no problem with just about everything else in his post.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Mike Masnick (profile), May 5th, 2010 @ 7:48pm

          Re: Re: Re: Pleeeeezzzz, Mike!

          Um. I didn't write the post.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Ryan, May 5th, 2010 @ 9:37pm

          Re: Re: Re: Pleeeeezzzz, Mike!

          Yes, "an extra few bucks per month" just sounds like phenomenally overblown hyperbole, designed maliciously or perhaps just ignorantly to exploit our sympathies and inherent vulnerability to sensationalism with gross overexaggerations.

          Actually, on second thought it sounds more like a figure of speech.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Mike Masnick (profile), May 6th, 2010 @ 12:43am

            Re: Re: Re: Re: Pleeeeezzzz, Mike!

            Actually, on second thought it sounds more like a figure of speech.


            Yeah. I won't speak for Karl here, but I read it as a figure of speech. I don't think anyone would think otherwise, or that it's sensationalizing the topic. Do you honestly think it makes the story any different?

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Jim, May 6th, 2010 @ 8:16am

              Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!

              "An extra few bucks" is a figure of speech. "An extra few bucks per month, per user" is much more specific. Comcast has 25M subscribers. Your statement suggested that Comcast alone makes hundreds of millions per year on mistyped URLs. That's significant, and it's nowhere close to reality.

              I didn't say it changed the story; I said it hurt your credibility with me. I know what ad rates are. I might not know if you exaggerate about things that I'm not familiar with. Your response to my point, which I found very dismissive, makes me even less comfortable.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Jim, May 6th, 2010 @ 8:33am

                Re: Re: Re: Re: Re: Re: Pleeeeezzzz, Mike!

                PS. The subject of my original comment shouldn't have targeted "Mike" directly since he was not the author of the post. Sorry about that, Mike. And just to be clear, I agree with vast majority of the opinions expressed in all posts on Techdirt. But I stand by my comment on this one.

                 

                reply to this | link to this | view in chronology ]

    •  
      identicon
      interval, May 5th, 2010 @ 6:31pm

      Re: Pleeeeezzzz, Mike!

      Is Mike hijacking your search quests and answering them with other stuff?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    abc gum, May 5th, 2010 @ 5:53pm

    Was Windstream using the old man in the middle attack ?

    Vote with your dollar if there is sufficient competition in your area.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      silentsteel (profile), May 5th, 2010 @ 6:19pm

      Re:

      Unfortunately, as Windstream is a rural ISP, there are very few alternatives in the areas they serve. The few places I have heard of that competition has come in, Windstream, Valor Telecom at that time, was pushed almost completely out.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        scamp, Jul 29th, 2012 @ 12:57pm

        Re: Re:

        Windstream is really our only option out here and two years after this damn article was written, Windstream is STILL redirecting my searches.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Cheong, May 5th, 2010 @ 6:47pm

    PCCW has been getting increasingly ridiculous these days since 3 year ago, that's why I changed to another ISP eariler this year, when their annoyance went to a new level.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    justok (profile), May 6th, 2010 @ 1:04am

    http://www.kcrg.com/news/local/92913249.html

    Windstream buys Iowa Telecom.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      meee tooo, May 6th, 2010 @ 12:26pm

      Re: Iowa Telecom

      isn't Iowa Telecom the outfit that hits telcos with exorbiant connection fees or some such fee? I remember scams that used some telco on Iowa because of a state law allowing that high fee...so if it is it fits the acquirer's business model very well!

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    fleegle (profile), May 6th, 2010 @ 3:11am

    Browser Hijacking

    Windstream is the only ISP in my area and a few months ago, our searches were being hijacked to their ad page.

    I set the DNS for all our computers and routers to google's DNS (8.8.8.8) and the problem disappeared.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    RobShaver, May 6th, 2010 @ 8:37am

    Tunneling

    Perhaps we need some form of VPN tunneling to a trusted portal/relay which would then give us unadulterated access to the Internet. This would thwart any deep-packet inspection or redirection. I guess there'd be a performance hit however.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      chris (profile), May 6th, 2010 @ 9:19am

      Re: Tunneling

      Perhaps we need some form of VPN tunneling to a trusted portal/relay which would then give us unadulterated access to the Internet. This would thwart any deep-packet inspection or redirection. I guess there'd be a performance hit however.

      you can tunnel just about anything over an SSH connection, all you need is a trusted host to connect to. i do this on untrusted wifi networks.

      that said, this is something stupid that ISP's do with their DNS and it's uber easy to get around. just use a different DNS, like google mentioned above (8.8.8.8 and 8.8.4.4) or level3 (4.2.2.1-4.2.2.6).

      i normally use them because residential ISP DNS is often unreliable.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Lily Liver, May 6th, 2010 @ 1:23pm

    Greed blinds them to the inevetiable concequences.

    If you use Google as your preferred search engine, I suggest you start paying closer attention to how often you see the "Did you mean: xxx?" link at the top of your search results. Despite being good at spelling, I would say I see this at least 50% of the time. There definitely is money to be made from page hijacking. The more users you have, the harder it would be to resist too, I think.

    The thing that got me really wondering is ISP liability. With the copyright industry eyeballing them, ISP's have found themselves having to stress their "dumb pipe" defense more frequently as of late. However, when they start employing DPI strategies in more obvious (aka obnoxious) ways, one would think that the whole concept of them being a dumb pipe begins to collapse. If you are using DPI to watch users and are able to hijack anything they access, then you should easily be able to control piracy on your network. After all, that was the original intent of DPI to begin with, was it not?

    Another aspect regarding the potential for increased ISP liability for those whom use DPI is that it may finally pave the way forward for new laws. After all, DPI is not unlike wiretapping from my point of view. ISP's that use it have always claimed it is solely for the benefit of their customers. The explanation most often given is that DPI allows an ISP to better manage the health of their network by preventing "heavy" bandwidth users from eating it all up. Personally I've always felt it was just an excuse for not properly reinvesting in their network. DPI is a far less expensive proposition, plus as we can clearly see it allows them to do more than just monitor users. However, when those uses begin to cross the line more and more, how will lawmakers (undoubtedly under greater pressure from consumer groups) be able to justify continuing to stand by and do nothing? If DPI abuse becomes prevalent enough, it may force the government to finally take net neutrality seriously. Just like the copyright industry, their greed is what may undo them in the end.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Michael, May 26th, 2010 @ 7:28am

    Everybody wants in on advertising

    ISP's wasting your bandwidth on sending you advertising that you werent looking for is wrong.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 22nd, 2013 @ 9:03pm

    And a year and a half after your post, they are STILL doing it. Interesting is that even when setting the DNS to the non-redirecting numbers, every night at approx. 11:45 p.m. EST Windtream resets to the redirecting numbers.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This