Forgot your password?
typodupeerror
Privacy Your Rights Online

Is Comcast Intercepting Packets? 403

Posted by timothy
from the wherefore-and-through-whom dept.
nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for subsidiaries or resale to marketers. Maybe they want to do their part in The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."
This discussion has been archived. No new comments can be posted.

Is Comcast Intercepting Packets?

Comments Filter:
  • by Marx_Mrvelous (532372) on Monday February 11, 2002 @11:49PM (#2992176) Homepage
    Isn't tapping internet connections the same, legally, as a phone tap? It's nto legal for the phone company to listen in on your conversations to sell to advertisers, it can't possibly be legal to sniff packets to sell to marketers!
    • by bourne (539955) on Monday February 11, 2002 @11:55PM (#2992215)

      Isn't tapping internet connections the same, legally, as a phone tap?

      Probably, but this probably isn't "tapping internet connections." I'll bet you dollars to donuts that when Comcast gets called on this, they'll explain how they're only "capturing and keeping limited information" with "aggregate identification only" so that they can "optimize their network configuration" or something like that. The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.

      They might even be telling the truth. Not that we care - who wants to be the first to write an app that makes random requests to random domains constantly so as to screw up their database?

      • Tangent (Score:4, Interesting)

        by volpe (58112) on Tuesday February 12, 2002 @12:08AM (#2992284)
        I know I'm going off on a tangent here, and it's off-topic, but please bear with me.


        The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.

        Can someone explain why the Good Guys always have to keep the Bad Guy on the line for something like three minutes in order to trace the call, when all they should have to do is call up the Phone Company (on another line) and ask them to punch up the number of the person calling this number right now?
        • Re:Tangent (Score:2, Informative)

          by djmoore (133520)
          Can someone explain why the Good Guys always have to keep the Bad Guy on the line for something like three minutes in order to trace the call, when all they should have to do is call up the Phone Company (on another line) and ask them to punch up the number of the person calling this number right now?

          Because Hollyweird is out of date. That used to be true in the days of mechanical switches, but now...pfft.

          Well, that, and it provides a lazy director three minutes worth of free suspense.

          I recently saw the modern version of this old chestnut on Fox's 24, where the Good Guys (a powerful and secretive yet benevolent government organization, hm) were unable to track down the exact physical location of a cell phone before the desperate-to-found caller was cut off.
          • Re:Tangent (Score:2, Informative)

            by dachshund (300733)
            I recently saw the modern version of this old chestnut on Fox's 24, where the Good Guys (a powerful and secretive yet benevolent government organization, hm) were unable to track down the exact physical location of a cell phone before the desperate-to-found caller was cut off.

            I recently read an interview with 24's creators. When asked how much law enforcement and intelligence agencies cooperated in the writing of the show, they said something like "We've got a great relationship with the government. We pay our taxes and they leave us alone." So don't expect enormous amounts of realism from that show (eg, people running around shouting classified info over cell and cordless phones.)

            • Re:Tangent (Score:2, Informative)

              by yintercept (517362)
              The other Hollywood twist is that the bad guy routes their phone through several different switches, making it more difficult to track down the user.
        • Re:Tangent (Score:2, Informative)

          by synx (29979)
          hollywood bullshit. With modern switches the phone system doesnt have to "trace" worth shit. It just _knows_ these things. There are limits, but with ANI and ANI2, the phone number comes down the wire with the signaling/setup.

          In the past, it used to be that someone had to go actually TRACE the path of the physical switches as they connected the outgoing trunk to the local line. Someone actually had to do this manually physically, which is probably the 3 minute thing, but thats ancient tech. Only backwards places like North Dakota uses that.
        • It's because the actual "bad guy" is using spoofing hardware and software that makes his/her call look like it's comming from somewhere else unless you actually trace it back to the source. The more spoofing programs/hardware they comendere the more hops and therefore traces the good guys need to run to get back to the real number.

          It's still in practice but now it's seconds not minutes that it takes to trace a call that's trying not to be traced.
          • I think I smell an Uplink [uplink.co.uk] player here. In reality, you can't spoof, ANI will show your originating phone number and that number gets bounced around with each successive call. It is true, however, that starting a few conference calls, chaining them together, then calling Sears, explaining that you're new in Automotive and you need the operator, getting a dialtone, and continuing the chain of calls can slow things down a little.
        • For the same reason MovieOS is so prevalent on the big screen, and the good guys can fire 50+ rounds from a jammed-open .45 auto: Hollywood knows fuckall about facts.
          • Re:Tangent (Score:3, Insightful)

            by kubrick (27291)
            Hollywood knows fuckall about facts

            Or, more to the point, facts don't make for exciting cinema.
          • Actually they know a lot about facts. Facts just aren't very interesting when it comes to computer "action" scenes. I mean, there's a misnomer if ever there was one. Likewise guns and car chases and fist fights etc. A gun fight where everyone gets to fire off hundreds of rounds is much cooler than one in which everyone has one magazine and that's it.


            Movies are there for enjoyment, not factual accuracy.

      • by Anonymous Coward on Tuesday February 12, 2002 @12:24AM (#2992339)
        "The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long."

        I work for a phone company.
        No, we sure as hell DON'T have a database. (atleast in Canada). There are only 3 times we keep track.

        1. As per customer request (traffic studies, getting prank calls)

        2. As per warrant (court order required!)

        3. For long distance billing. (we need to know how much to charge you)

        local calls are not recorded - we have to add an option in your line programming for that - after meeting one of the above requirements.

        • by pestihl (16433) on Tuesday February 12, 2002 @07:21AM (#2993228) Homepage Journal
          I work for QWEST, which is a huge phone company here in the US. It is impossible to have digital switches and not be tracking the calls in some database somewhere.
          Mostly because of one reason, Inter-State Inter-Lata rules and other smaller FCC phone line fair use rules. Qwest, Sprint, MCI and thousands of other businesses and sometimes counties own the phone lines and the switches. If I make a call, EVEN Out of country, and Go from Qwest owned phone lines to your Canada owned phone lines, Qwest and the Canadian owned company have to reach a agreement on what to charge for the usage, BY THE SECOND.
          Third party companies house these charges. The company Qwest uses is called Telview, found at http://www.telveiw.com; it's called a TARIFF library, Telview makes their money by handling these charges and selling them to telecoms. EVERY digital switch in the world uses some system like this, or in conjunction with.
          Now the database in play comes in not to track who you are calling so much. But because once your voice packet leaves Qwest lines it is not their propriety anymore and someone has to pay for the usage. Thus MCI can say you as a Qwest user, used X amount of trunk access on their lines, and charge Qwest X amount of dollars for those seconds. Qwest logs roughly about 140+ million phone calls a day, their system is considered by the FCC to be the definitively correct system, In audit type disputes The FCC will even use Qwest records as a third party advisor, because we track EVERYTHING, even all of the other telecoms, and almost all in the world. We just made it into Europe last summer. Anyway these millions and millions of minutes are charged at as low as -5 cent a minute to crazy 15+ cents a minute. It goes negative because of anti-monopoly issues regarding start up telecoms. Seconds are rounded and tracked to the nearest thousandth. On Qwest's system, an audit system HAS to be in place, this is part of FCC regulation crap, not to mention allows the FCC to more or less do their job. Generally that database doesn't have names in it. But the billing database that does have all your names in it if you subscriber to Qwest, private or not.... is a simple sql call away, it quite latterly lives in the same server farm... No stored procedures can link the two databases by LAW. Unless a search warrant is in place. Then with the officer there, we can link them. But the link has to be deleted also under the officer's super vision. Your records are tracked as up to two years, then deleted off, one month at a time. So two years ago to last month, we have no clue of whom you called, and are really glad to have a little more space.
          The rule is if you can't use a blue box on your phone line, then you are traceable down to that specific phone. Digital Switch = Trackable.

          p.s. For those who wonder, The system is Called NTU, Network Transaction Usage. We use Perl to gather data off the switches, not every switch is alike, including the os they run and the data needs to be parsed for the database. A HP/UX demon is used to process rules, and sort out how they should be poked into the database. While an oracle database floating on 36 partitions in a huge raid system is used to house the data while it lives. The machine NEVER goes down, even it does go down, monitor machines can quite literally mirror the drives and swap out so no data is ever lost. The coolest thing I've ever seen was my cowboy boss walk over to this multi-billion dollar a year machine and say, "Time to test the emergency backup units." These machines are located in other states altogether btw. Then he just pulls the power cord out of this rack mounted 8 by 8.
      • who wants to be the first to write an app that makes random requests to random domains constantly so as to screw up their database?

        a guy i know asked for something similar earlier today, but his request was...
        My vision is a tool that you download a list of "categories" such as: "pr0n", "web e-mail", "environmentalism", "news", "hacking", "mp3", etc... and for each category there are thousands of URLs that are just continuously requested

        i modified some spiders i had lying around and came up with a script that does google queries for terms you specify and then follows the searches returned. here [blackant.net] is the script. It currently does no error checking and i havent tested it that much, just wrote it this morning, but it could be easily modified to do random queries.

        i wrote something that did random queries and created pages from that a few years ago. there are other people who've done similar, like JWZ's webcollage [jwz.org], which he also integrated into Xscreensaver [jwz.org], so running that screensaver will generate constant random traffic.

      • How about something like Crowds? [att.com]
      • by Kalrand (177637) on Tuesday February 12, 2002 @01:18AM (#2992520)
        >who wants to be the first to write an app that makes
        >random requests to random domains constantly so as to screw up their database?

        You mean actually follow the links on a slashdot story?
    • by gmhowell (26755) <gmhowell@gmail.com> on Tuesday February 12, 2002 @12:00AM (#2992245) Homepage Journal
      I probably signed some BS license agreement that gave them the right to do that. Doesn't matter. With spamcop, spamassassin, and all of that (plus the fact that they STILL don't have a working email address for me) they can't send me spam. And with caller id, I haven't spoken to a salesman since I stopped answering blocked numbers. And, finally, with my hosts file, I don't even see 90% of the ads anymore.

    • by hex1848 (182881) on Tuesday February 12, 2002 @12:04AM (#2992268) Homepage
      Its all in the terms of service: [comcast.net]

      COLLECTION, USE AND DISCLOSURE OF INFORMATION ON
      SUBSCRIBER USE

      Collection of Information: Comcast collects, uses and releases information on Customer use of the Service as necessary to render the Service, to otherwise undertake legitimate business activities related to the Service and to comply with law. Comcast may collect information in accordance with applicable law concerning Customer's use of the Service and customer preferences which are reflected in the choices that a customer makes among the range of services offered as part of the Service, the time that the customer actually uses the Service, the menus and features used most often by the Customer, and other information about a customer's "electronic browsing."

      Use of Information: Collecting information contained in transmissions made by Customer through the Service directed at Comcast, its Underlying Providers, Internet web sites, or other service providers to which access is provided as part of the Service, is necessary to provide the Service. Comcast's detailed business records generally are used to help make sure customers are properly billed; to send customers pertinent information about the Service; and for accounting purposes. Customer information is also used to execute requests and orders placed by customers with advertisers, merchants, and other service providers; to understand customers' reactions to various features of the Service or the Internet; and to personalize the Service based on the interests of customers. Such information helps Comcast improve the Service and uncover unauthorized access to the Service or Customer data and may be provided to law enforcement agencies in the event of such unauthorized access.

      Confidentiality of Information: Comcast considers the personally identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personally identifiable information that Comcast maintains related to customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need, or pursuant to a court order or order of any regulatory body having jurisdiction over matters which are the subject of this Agreement. Additional information regarding disclosure of personally identifiable information is described in the Privacy Statement which can be accessed through the Comcast High-Speed Internet Service home page.
      • by yintercept (517362) on Tuesday February 12, 2002 @12:42AM (#2992411) Homepage Journal
        Comcast
        considers customer information that is collected to be confidential


        Of course they consider it "confidential". You get a lot more money when the information you're selling is confidential!!!!
      • Confidentiality of Information: Comcast considers the personally identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personally identifiable information that Comcast maintains related to customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need...

        Uh huh. Like Phase 3: Profit!
    • Depends. The only reason tapping phones is illegal [at least in most countries] is because of the explicit right and expectation of privacy.

      If you shouted in public something you can hardly feel violated when others learn about it.

      The internet is inherently non-private. If you want a private connection use crypto. Otherwise, work under the assumption that everyone else knows everything you do on the net.

      Tom
      • The only reason tapping phones is illegal [at least in most countries] is because of the explicit right and expectation of privacy. If you shouted in public something you can hardly feel violated when others learn about it. The internet is inherently non-private.

        This is absurd. Internet traffic is no more "non-private" than a telephone call. The fact that means exist for people along the traffic path to intercept communications doesn't mean that they're allowed to. If that were the case, all laws governing phone tapping would be moot since the tapping would not be technically possible.

    • The phone company keeps track of who you call and when.. is that illegal?

      Watching the traffic over their network to analyze it is certainly not illegal.

      Snarfing your passwords and reading your corporate mail.. that definately IS
    • note this bit at the end of the original article:
      >>US Code TITLE 18, PART I, CHAPTER 119, Sec. 2511. (2) (a) (i) >> "...a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks."
      About covers the question for me. See the relevant section of the US Code as specified above at this link [cornell.edu]
    • The Federal law that the original article cites to support the claim that Comcast is doing something illegal says, in one of the sections he did not cite, that it is not illegal under that law to intercept a communication when the person doing the interception is either one of the parties, or has the permission of one of the parties.

      It's a pretty safe bet that there's something in the Comcast service agreement authorizing them to do this.

  • My three hotmail accounts get quite different traffic in terms of spam. Much of it started by the inclusion of my name, and the URL for my "home page" in the same message. Certianly wasn't browsing: they think I OWN it!!!! Yeah, right.

  • by alfredw (318652) <.moc.flaeerf. .ta. .fla.> on Monday February 11, 2002 @11:50PM (#2992189) Homepage
    ... quoted in the article...

    I wonder if it prevents, say, an ISP from blocking porn sites (because that would require monitoring traffic). Perhaps it would include shutting out rival IMs or even whole parts of your network...

    Consider Joe Blow AOL Luser, who configures a gateway to AOL so that anyone can access their content. Now... if AOL is a "wire service provider" can they shut down his account? If so, how would they know without monitoring?

    Just a thought...
  • by leviramsey (248057) on Monday February 11, 2002 @11:51PM (#2992197) Journal

    ...this is the worst service in the hist -- It's the best cable provider! Sign up today! [comcastonline.com] -- ory.

    • Hehe.. the humor is appreciated but it's scary to think what companies can do with http logging software and a google-in-a-box. Intercepting passwords, compromising secure company VPN traffic...

      It's like installing a video camera in your bedroom. Best be on good behavior.
      • by cicadia (231571) on Tuesday February 12, 2002 @12:39AM (#2992398)
        Dude, they're your ISP. They are, and have always been, the first stop your packets make after they leave your local machine (or firewall, border router, or what have you).

        They've always been able to intercept your passwords, assuming they're over plain HTTP basic authentication, or some other insecure protocol (POP, FTP, etc).

        And no, they can't compromise VPN traffic or SSL-protected traffic. Those are encrypted end-to-end. It's the same thing with S/MIME or PGP email. If you use a VPN, or HTTPS, or IPSEC, then you are safe from eavesdroppers anywhere on the net, including your ISP, or whatever evil proxies they have set up to trap your packets.

        If you don't trust your ISP to be responsible with your unencrypted traffic, though, you should think about switching ISPs. And if your passwords are that important, then you shouldn't be sending them over insecure protocols.
  • by Spamuel (246002) on Monday February 11, 2002 @11:52PM (#2992199)
    I can't believe Slashdot would link to a unsubstantiated Usenet posting written by a "J Edgar Hoover", and put this as front page news. These are pretty serious allegations to be throwing around without any proof.
    • I do agree, but the editor didn't make any additional comments substantiating the claim... Even the submittor left his/her comments to a relaying of information.
      There are a good number of folks in the /. audience that may not be regulars in the circles this was posted to, but have an interest/ability in/to investigating this further, and providing more evidence in either direction...
      Just a thought! ;)
    • by $carab (464226) on Tuesday February 12, 2002 @12:07AM (#2992278) Journal
      I am a recent (unwilling) convert to Comcast from MediaOne. The net speed has fallen roughly 50%, and I am seeing an increase in 404 errors. My speed did max out about 200k(!) more when I set my MTU to 1500 from 750. Fewer packets=Less to log? Anyway, I've recorded traceroute and ping attempts on google right here [lfay.net]. As you can see secondary bounce is extremely hard to get through, this is consistent for most sites I tracert. BTW...my upstream is capped at about 120k, so that image will get swamped quickly. Then, there is the suspicious bounce through 68.42.244.50..Very close to the server reported as being the offender. As you can see, ping requests get through easily. Draw your own conclusions from this, but I think that J. Edgar Hoover might be on to something here.
      • Your traceroute and pings show really large times...my pings to google pretty consistently show 10ms, and the times for each of the hops are 20ms with one exception.

        It looks to me like you're losing a lot of packets someplace. I'd call it into tech support, and try to (somehow) get it up to at least level 2 support to take a look.
      • Your tracert/pings don't really show anything convincing. The simple fact that the first few routers don't return pings is just so that the routers cannot be DOSed as easily and they remain a little more stealth. Your ping times are about double the norm, but still not terrible.
      • Pretty brave posting a screenshot of a C:> prompt on slashdot.. your lucky you didn't get modded down -1 troll.
    • by Anonymous Coward on Tuesday February 12, 2002 @12:14AM (#2992296)
      I can't believe Slashdot would link to a unsubstantiated Usenet posting written by a "J Edgar Hoover", and put this as front page news.

      You must be new here. Welcome!

    • Ok, so playing off this... anyone have any quick & easy ways to test this sort of thing?
    • I just wanted to note that the headline says, "Is Comcast Intercepting Packets?"
      It would be quite different if "Comcast" and "is" were switched around.
      Still, your point is valid. I am sure many of us have wondered about the people who decide what is and is not posted to the front page...
  • by tupps (43964) on Monday February 11, 2002 @11:52PM (#2992200) Homepage
    Both Cable Internet Providers and I am sure many other ISP's in Australia use Transparent Proxies.

    Much easier to setup on the client side and you catch people who leave out the proxy information.

    The fact that the server has other capabilities doesn't mean that they are actually using this stuff. If someone can show me a link to the page where I can buy the marketing data, *then* i will believe you.

    This is just speculation.

  • by Anonymous Coward on Monday February 11, 2002 @11:53PM (#2992202)
    My packets are copyrighted, so legally they can't copy and resell them without my written authorization.
  • by Sloppy (14984)

    No evidence that they're doing anything wrong, just that they are using tools that "allow" them to. Boo hoo, Comcast is using a transparent cache and they could abuse it.

    Afraid they might actually do it? Then https and check your certs.

  • by DaSyonic (238637) <DaSyonicNO@SPAMyahoo.com> on Monday February 11, 2002 @11:55PM (#2992213) Homepage
    I think the fact that this was mailed to bugtraq yet it apparantly got denied is proof of that...

    Many ISPs do transparent caching. Transparent caching at ISPs is more than acceptable. It's not acceptable when major backbones do it, as has happened in the past.

    The fact that they can log what you do is just a side effect. The same can be done WITHOUT transparent caching. The 'author' says they added hardware just for this. Well of course they did! They're just trying to speed up access without needing as big of a link needed without using transparent caching.

    And at any rate, I'm surprised this got posted. It's just some guy posting to two mailing lists, which got denied at that!

    Ultimately though, I feel ISPs should provide a means to remove you from having your link transparently cached. If they do that, then you can't blame them for trying to save bandwidth. The results of a transparent cache can be substantial!
    • Many ISPs do transparent caching. Transparent caching at ISPs is more than acceptable.
      The post says "Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data" ...

      So yeah, transparent caching is good, except that's NOT what this Comcast server is doing according to the poster.

  • ...what the big deal is. This one's been coming down the road for a long time. I KNOW it's a shame that it's happening. It could be construed as an invasion of privacy, to put it mildly. But for goodness sakes. If you can't stand the heat get out of the kitchen! Use a modem. Get local DSL. You actually can, if you SEARCH for it. Yea, whatever.
  • New service packages (Score:4, Informative)

    by hex1848 (182881) on Monday February 11, 2002 @11:55PM (#2992217) Homepage
    I got forwarded this by one of my buddies at work. At this prices its plain sick that they also want to sell your usage statistics to the SPAMERS. On top of that I've been told that they want every computer on there network using proxy clients in order to connect.

    I'm glad sprint just hooked up DSL in my area, I'm switching providers.

    According to insiders at Comcast there will be three tiers of service. The current service will be called Silver and it will be 1500/128 for $49.95 plus modem rental. Yes that is true, they are planning on a $10 price increase within the next year after the transition is complete and the merger with AT&T Broadband Internet is finalized. Comcast doesn't want to mess with the rates right now until they get regulatory approval for the merger. But the S.O.P. at AT&T and Comcast is a price increase after a merger. Look at what Cable rates did after the Mediaone transition.

    Gold service will be 1500/300 and will allow VPN access and something they are calling priority traffic. This is the old Pro service. The cost will be $99.95. If you are a gamer used to the old MediaOne performance, this Gold level should get you back close to the perf you had with the old system. And yes that means you will be paying double for the same service you had last year.

    The new low price option is Bronze. Expected to be 128/64 or maybe 256/128 it should be priced at $29.95. This is the one that is most in the air. I haven't seen a bronze config file yet to see what they are planning.

    Modem rentals will be $5 and may increase to $7.
  • First of all, have their customers been notified of this? Are they aware of the monitoring? Has it been explained to the customers in understandable language, not legalese? If the answer is "No" to any of these questions, then I think this company is headed down the short path to being sued.

    Likely, they want to generate detailed customer profiles so that they can sell more targeted advertising (after all, highly targeted advertising is what sells for the most money). But even at that, it's an annoying practice that should be explained to the customers.

    Even assuming they notified their customers (which I don't believe they did), though, it's going to be a hard sell to convince customers that their passwords (which are often not encrypted) as safe with them. They'd best stop this practice while they're ahead and no one has taken legal action. It reeks of a poorly-thought-out marketing/management decision.
  • Evidence, please? (Score:5, Informative)

    by 1010011010 (53039) on Monday February 11, 2002 @11:56PM (#2992226) Homepage
    How do we not know they're just implementing a web cache to save money and provide better service? Lots of ISPs do this. Why page to get the pictures from the homepage of cnn.com 458,765 times an hour when once will do?

    This allows them to monitor and change (or insert ads into) what you read.

    Posh. Fear-mongering. Come back with some evidence -- and I'll be as against it as the next guy. And if they are actually inserting ads, then they'll probably be in court with CNN, Disney, etc, so forth, for modifying and distributing copyrighted material.

    Interestingly, regardless of what IP you address the packet to, the Inktomi Traffic-Server reads the Host: field to determine where to send the packet. I sent several packets from my home machine to one of my office machines, inside the packet was "Host: www.comcast.net". Comcast illegally intercepted, misinterpreted and altered this packet, and sent it to www.comcast.com. So, you might say there's a bug in this evil Inktomi Traffic-Server thing.


    Oh, shut up. That's how a transparent proxy works. I suppose the Linux facilities for transparent proxing -- available for years now -- are also evil?

    Where's my clue-by-four...
  • by Calrathan (114381) on Tuesday February 12, 2002 @12:00AM (#2992244) Homepage
    Now wait a second. Before we all flip out and start bashing ComCast, lets realize a couple things.

    Number one, this guy just got transitioned. A lot of people all over the country have been going through the same thing, and not everyone is seeing the same thing as him. As 'hostman' from the MESH (Michigan Engineering Software and Hardware http://misc.eecs.umich.edu/) discussion email list wrote:

    "This whole thread got me a bit peeved, so I went home and ran a few tests. I was unable to find any evidence of the packet modification described. It is possible the described issue is not an issue here in A^2, as we 'transitioned' from MediaOne's service, not @Home..."

    Secondly, your ISP has the right to monitor traffic to ensure quality of service. Just because the caching part of the server is not currently running, it does not mean that they aren't phasing it into the system. At this point it's just speculation. They might even have more rights to monitor what you're doing, depending on your service agreement. Read it.

    Lets get some REAL evidence of what's going on other than this hear-say. Someone show us some modified packet headers, and someone else reproduce those results, and MAYBE I'll believe it then.
    • Moderators, please mod the parent down! It's obvious that the poster is trying to shine the light of reason on people, and it's hurting their eyes!!

      If it weren't for jumping to conclusions, I doubt anyone whould get any excercise at all around here!
  • by tetrad (131849)
    Is this just speculation or what? There seems to be no verifiable evidence presented that Comcast is in fact logging its customers' activities. I'm a (not entirely satisfied) Comcast customer, so in a way, I'd like to believe the worst about them, but this guy doesn't describe what he's "discovered" that makes him think they are playing big brother. It's just a bunch of accusations with no proof.

    Of course, ISPs have access to pretty much all network traffic (you think your packets magically transport themselve to and back from slashdot?). And it would not be difficult at all to log everything that passes through the network. (You certainly don't need an Inktomi system, although maybe it helps, I dunno.) Probability is that there's at least some ISPs out there monitoring their customers invasively. Maybe Comcast is in fact doing it. But this article is simply not convincing.

  • by Joe Decker (3806) on Tuesday February 12, 2002 @12:03AM (#2992262) Homepage
    If they're collecting the data themselves, instead of using a third party, I believe they would be in direct violation of the Cable TV Privacy Act of 1984. [epic.org]

    While IANAL, I work in the digital television middleware industry and have been involved in making sure that we do not inadvertantly let our customers run afoul of that precise law. It's not just the law, it's a good idea.

  • I'm sure this is normal industry practice. Here in St. Louis we have to go to odd meausures to dodge Charter Cable's buggy transparent proxy. (It doesn't handle the case where you are deliberately using an authenticated proxy.) Fortunately it only looks at certain ports so you can dodge with proxies on non-standard ports.

    Say Charter, if you are reading you could reimburse me for the two hours I spent figurng out this defect in my Charter user's internet service.
  • by compumike (454538) on Tuesday February 12, 2002 @12:07AM (#2992276) Homepage
    Take a look at this thread [phillylinux.org] from the Philadelphia Linux User Group. It sounds like the new software update that Comcast has asked its users to install contains spyware and changes internet settings...

    So now they can track you from your own (Windows) machine, and also through their transparent proxy.
  • by J.D. Hogg (545364) on Tuesday February 12, 2002 @12:14AM (#2992297) Homepage
    In an effort to bring more services to you
    for your money, Comcast is committed to make
    your Internet connectivity a useful tool in
    your daily life.

    We are partnering with many industry leaders
    to ensure that you get many advantages out of
    our service. In order to server you better,
    Comcast now automatically connects you with
    your interests by analyzing your Internet
    traffic and matching it with one of our
    partners.

    Concretely, what does this bring to our
    Valued Comcast Customers ? if you shop online,
    Comcast and its partners will send you
    E-coupons[tm] to save big at your favorite
    online grocer. Do you book airline tickets
    online ? Comcast and Delta Airlines will send
    you E-coupons[tm] for incredible savings, and
    access to unlisted flights. Do you buy
    antiques on Internet Auction sites ?
    E-coupons[tm] will help you save %15 or more
    on your purchases.

    But it gets better : you don't have to wait
    for your next Value Comcast Customer
    E-newsletter[tm] to take advantage of these
    tremendous opportunities : the savings start
    right now !

    After analyzing your Internet traffic, our
    automated PatnerMatch[tm] server is able to
    send your first E-coupon :

    --8<--8<--8<--
    1 free visit to :

    Madame Tinkertoys House of Leather
    Corner of Bourbon and Toulouse
    New-Orleans, LA

    Authorization number : 5UCK-M3-PL3N7Y
    --8<--8<--8<--

    To use your E-coupon, simply print it out
    and present it to our E-Partner, and you will
    start enjoying incredible savings.

    Thank you Dear Valued Comcast Customer for
    using Comcast's services.

  • Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data.

    I'm not a fan of Comcast (or for that matter cable modems in general) BUT I must ask - Where is your proof that they aren't caching any of the pages and only using it to gather marketing data? Once can configure a transparent proxy to completely mask its existance. I do this quite often with customers on their firewalls I don't give a crap about what they are browsing, I just try to get the most/$$ for THEIR bandwidth.

    • Step 1. Create remote account to host some data. Use local account via the "transparent" proxy to download the hosted data. Check remote account logs to observe download.

      Step 2. Repeat download requests. If remote account does not have to download the data again, but the data is still received by local account, "transparent" proxy has served the data from its local cache.

      Caveat: make sure data isn't being cached by someone else's proxy inbetween the two accounts.

  • Sorry, but the /. community is so f@$%ng paranoid about people reading their packets. I have ComCast. Who cares? Oh wow, they're reading my e-mail. I hope they enjoy it. What a waste of time. If this is how big brother operates, then big brother is an idiot. Okay, so I tag my .sig with things like bombs, nitrogrlycerin, TNT, pipes, Amonia, Nitrate, etc..... Yeah, whatever.'

    Like I care.
  • Just plain stupid. (Score:2, Interesting)

    by gotak (547354)
    WTF? Why is everyone accussing comcast of spying?

    First off all your spending habit is normally kept in a database somewhere by your credit card company. How else can they bill you? What's the difference between that and this? Are you going to send your email over the net that's sensitive unencrypted?

    Further more as many have pointed out without success this sounds just like a transparent proxy. Which is a perfectly valid network influstructure.

    What is it with slashdot and the slashmob?
  • If Comcast wanted, they wouldn't have to rewrite packets in order to read all your web traffic if they're your ISP. They can just read all of your unencrypted traffic anyway, without modifying it to make you suspicious.

    If their proxy isn't standards-compliant, that's somewhat annoying. It's somewhat likely that this actually *improves* anonymity, though, because web sites cannot necessarily track users by IP address. And this doesn't seem to affect SSL-encrypted traffic (which couldn't be proxied without the user agreeing, since SSL resists man-in-the-middle), which is all of the traffic which is at all hidden. This is like looking at people's postcards-- sure, it's not polite, but the things aren't even covered in anything.

    I do wonder if this affects their common-carrier status at all, however. If they're doing non-trivial things to the traffic, they could be held liable for pages they pass on to customers.
  • by evilpaul13 (181626) on Tuesday February 12, 2002 @12:31AM (#2992370)
    No, they are just catching them, holding them for a few seconds, and then releasing them to make capped upload completely emulate dial-up.

    ...But, be on the look out for version 2.0 of this Comcast innovation!

    The all new super ultra deluxe Dream [Packet] Catcher. Just like the Native American device only it captures packets and puts the user to sleep waiting for a reply to them.
  • If thats what it takes to nab all those sickos that are rolling around in kiddie porn than that is a good thing...I think that if I were trying to run a successful ISP, I would try to identify those users who I could do without. I think in the future -- it will be easier for them to get rid of all those l33t hackers who have 9999 servers running and transfering full length movies 24/7 -- maybe then I good get some decent speed for my kernel downloads. (cable sucks when all of your neighbors decide to "get into this internet thing" ... A coworker of mine just moved to a poor neighborhood and he has about 3 times the downstream as me....(His neighbors are more concerned about eating than P2P :)

  • It's a CACHE - how do you expect them to cache frequently accessed Web information without examining GET headers and responses?? Hell, if every ISP used these things, it might eliminate the slashdot effect! But wouldn't want that, would we?
  • Crypto. (Score:4, Insightful)

    by mindstrm (20013) on Tuesday February 12, 2002 @01:26AM (#2992546)
    Folks.. it shouldn't even have to be repeated, but it does.

    When you send plaintext over the net, like HTTP reuqests..

    YOU ARE SENDING PLAIN READABLE TEXT OVER A PUBLIC NETWORK.

    Where is your expectation of privacy? That's right.. you don't really have one.

    Passwords? HTTPS.. that's what the 'secure'part means you know.

    • Re:Crypto. (Score:5, Insightful)

      by Corgha (60478) on Tuesday February 12, 2002 @03:14AM (#2992838)
      IANAL, but I'd say you have just about as much expectation of privacy as you do sending unencrypted voice over the public telephone network, which is to say a substantial expectation.

      Data on a switched network between two large ISPs is no easier to intercept than voice going between two large phone companies. In fact, I daresay it would be easier for me to tap my neighbor's phone than his cable modem (I could do it with a pair of pliers and some wire); it would, however, be illegal and IMO wrong for me to do so.

      Bottom line: even though it may be *possible* for nefarious people to tap your phone, put bugs in your living room, or even implant a chip in your brain, you can still have an expectation of privacy. Not wrapping your house in tinfoil does not mean you're giving up your right to privacy, because your home is not a public forum. The wires between you and a web server do not constitute a public forum by any stretch of the imagination (even if the server happens to be hosting a public forum). Not using HTTPS does not consitute an abdication of privacy.

      If you run a packet sniffer and look at other people's data, good luck convincing a judge that you weren't doing something bad under Section 2511 because the data wasn't encrypted.

      "Hey, his front door wasn't locked, so I didn't really steal his TV..."
      "Hey, the guy didn't use The Club, so this really isn't Grand Theft Auto..."
      "Hey, she was wearing that short skirt; she deserved it..."
  • What if I might not be a subscriber but happen to go through thier product? What if a subtle change in the headers gives the impression that I might be doing something illegal? Now along comes the FBI who has another ISP bugged and asks for details. Since comcast keeps no logs of what it does it doesn't remember or even admit to mistakes. FBI says cool and I go off to jail.
  • It's a fucking reverse proxy server. I see absolutely no proof on the site whatsoever that this guy's personal info is being stored or aggregated or anything. Where's his proof that Comcast has purchased the "specific equipment" that is used for data aggregation, and where's his proof that they're using it for that purpose?

    This is just a stupid fucking email message that, once again, when placed under the magic Slashdot Out-Of-Proportiometer, has ballooned to mega-lotta-banner-ad size.

    - A.P.
  • by Anonymous Coward

    $ telnet 1.2.3.4 80
    Trying 1.2.3.4...
    Connected to 1.2.3.4.
    Escape character is '^]'.
    get www.yahoo.com

    Yahoo! -
    501 Method Not Implemented [yahoo.com] Help [yahoo.com] Method Not Implemented
    get to /index.html not supported.

    Copyright
    © 2002 Yahoo! Inc. All rights reserved.
    Privacy Policy [yahoo.com] -
    Terms of [yahoo.com]
    Service
    Connection closed by foreign host.

    $ telnet 1.1.1.1 80
    Trying 1.1.1.1...
    Connected to 1.1.1.1.
    Escape character is '^]'.

    nmap ANY valid or invalid host and port 80 will be open. Yes folks, that IS a transparent proxy answering your calls.

    • And what will happen if the request you make (say to a Linux box with some clever scripting) has the request header like a CodeRed infected box might send out? There are a lot of things they could be doing with this. One might be to quench worms like CR. IMHO, that much would be a good thing.

      Of course there are many bad things that could potentially be done with such a thing. If it disassociates the HTTP Host: header from the original destination IP address, and tries to lookup that hostname and connect there regardless of what the IP was, that could be bad. What if you are requesting a page from a web site in an alternate DNS realm like the Open Root Server Confederation [orsc.net] ... such as http://chrono.faq/ [chrono.faq] or http://watch.gallery/ [watch.gallery] or http://baby.mart/ [baby.mart] or http://top-stories.news/ [top-stories.news]?

  • by Phrack (9361) on Tuesday February 12, 2002 @02:02AM (#2992661)
    In a previous life, I was an experienced admin of Inktomi traffic server. It's simply a proxy cache. Yes, it can do many of the things mentioned.. insert ads? Sure... capture user into private portal hell? Sure. Track usage via logs? Sure. Do most care? Ehh.. not sure about that.

    That previous life was working with a large Regional Bell company... the mere mention of selling of consumer info (even just anonymized web logs) caused the blood to run out of their faces. I don't think it'll happen there, but I don't make promises for anyone else. It's quite the panacea of information, even if just used internally.

    BTW, Novell's proxy cache is actually faster, easier and quite a bit cheaper. Squid, while free, will likely never reach the same performance levels.
  • by Kagato (116051) on Tuesday February 12, 2002 @02:06AM (#2992669)
    I've worked at a national ISP that did a trail of this hardware. The goal is to take the heat off upsteam link. It's fairly useful in a small market were your upstream has to cross a LATA incurring long distance charges.

    The logs generated for this device is not anonymous. It's pretty much reads like an Apache log. Source and destination IPs for every request. I remeber wanting to get some sample data to see if we needed to take the Cache log into account for looking at out admin server traffic reports. Small town USA pretty much surfs over 50% porn.

    At any rate. It's doubtful they use the cache box to collect internet traffic stats. Why? Well, basically, it's a money issue. Once you have the data great...except it's a freak'n huge sh*tload of data. If you want useful reporting you need to keep data for a year. Your're looking putting almost 500K into disk, CPU, and software. It's not worth it because you'd never recoup the money.

    This does NOT mean your ISP doesn't sell your data. An ISP can make some serious cash by selling your data. ISP's can and DO enter into agreements with companies that collect data. However, the ISP wash their hands of the actual process. They let a 3rd party drop a Switch or a Bridge into a POP that directs traffic to a machine that will totally transparently collect data and start collecting checks.

    Point is, the Cache is exactly what it appears. A Cache. It does collect data, but I've never heard of a National ISP use that data. They let a 3rd party company do all the work and collect the checks.
  • While comcast and other ISPs may be running a transparent proxy, note that non-transparent proxies are coming. The Open Pluggable Edge Services (OPES) [ietf-opes.org] group is working on standard framework for non-transparent proxies.

    Personally I approve of this because it will allow for a more efficient operation of many useful web services like content filtering, virus checking and ad stripping. An important part of this work will also be define a standard way for conforming OPES software to only invoke edge services after authorization from end-users and/or content providers.

  • by Perdo (151843)
    Comcast Cable Communications, Inc. (NETBLK-JUMPSTART-1)
    3 Executive Campus, 5th Floor
    Cherry Hill, NJ 08002
    US

    Netname: JUMPSTART-1
    Netblock: 68.32.0.0 - 68.63.255.255
    Maintainer: CMCS

    Coordinator:
    Zeibari, Greg (GZ64-ARIN) gzeibari@comcastpc.com
    856-661-7929

    Domain System inverse mapping provided by:

    NS01.JDC01.PA.COMCAST.NET 66.45.25.71
    NS02.JDC01.PA.COMCAST.NET 66.45.25.72

    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

    "To report network abuse incidents please send an e-mail to

    abuse@comcastpc.com. The e-mail should include a description of the incident, the source IP address and any log files, SPAM or any other applicable information. Incidents reported to any other e-mail address will not be investigated."

    Record last updated on 15-Jan-2002.
    Database last updated on 11-Feb-2002 19:56:34 EDT.

    • by Perdo (151843)
      Zeibari, Greg gzeibari@yahooo.com

      Works for solution.com owned by Voveo Marketing Group Inc. http://www.voveo.com/

      Envision a new breed of marketing...

      At Vovéo we are bringing to life a vision for a new breed of marketing. One that begins with a belief that all marketing must work toward a single goal - results. Vovéo's marketing services drive results because they are highly adaptable, in-step with the front-lines, customer-centric, extremely focused, and tightly integrated. It is our integrated approach to marketing that stands in stark contrast to the traditional "stovepipe" mentality still prevalent in many organizations, where narrowly conceived departmental lines prevent the effective integration of all marketing disciplines.

      Envision marketing with the 'technology advantage'...

      Every agency has its specialty, ours is technology. Our roots are in technology - clients and employees alike. Since day one, clients have been relying on us for our ability to apply technology to the art of marketing, and for our expertise in the high technology arena. We creatively combine traditional and online techniques. And invent new tools and solutions that utilize technology to create the greatest possible marketing impact and efficiency. Vovéo is unmatched in its ability to deliver superior marketing services with the technology advantage.

      Envision a new agency experience...

      At Vovéo we are committed to a new agency experience. One that begins with a veteran team that acts as an extension to your own, and is lead by one who has walked in your shoes. Vovéo contributes valuable outside perspectives deeply rooted in experience. Add to that lightening speed of delivery; cost effective, innovative solutions that stretch your marketing dollars and respect your budgets - all with a realistic, practical approach.
      • by Perdo (151843)
        Envision Voveo using technology to pick your pockets:

        Sales Planning

        We believe effective sales development begins with a thorough understanding and analysis of the sales process itself. Through this analysis we can determine the best possible mix of partner and direct sales resources.

        In addition, the sales process analysis provides the blueprint for determining how marketing can best work to optimize sales effectiveness. Communications materials can be constructed to work in concert with all other sales efforts - ensuring that key decision makers and influencers receive highly targeted materials at the appropriate time.

        Sales Coverage Models / Target Account List Development

        Also critical to successful sales development is a clear understanding of where sales opportunities exist geographically. Vovéo is widely known for its geographic analysis techniques, whereby models are constructed to evaluate pockets of targeted business opportunities, leading to optimal placement and deployment of sales and partner resources. Combining the sales process and geographic analyses, Vovéo will develop a universe of target accounts that will become the focus for initial sales development activities.

        Demand Creation / Sales Development

        Vovéo is passionate in its belief that successful demand creation initiatives must be tightly integrated. The veteran staff at Vovéo is renowned for its ability to develop effective campaigns with precision messaging and creative design utilizing online and traditional tactics, while incorporating high impact, audience appropriate response mechanisms.

        Whether it is a vertical market initiative, a partnership program to internal or external audiences, or a product specific campaign, Vovéo delivers high impact programs that help you achieve your sales development objectives.

  • This is what Orangatango [orangatango.com] is all about; run a virtual browser through SSL and all Comcast will ever see of your surfing is www.orangatango.com:443.
  • Copyright violation (Score:4, Interesting)

    by coats (1068) on Tuesday February 12, 2002 @06:23AM (#2993124) Homepage
    If a comcast victim/customer sends a packet to port 80 at any IP address, it is intercepted by the Inktomi Traffic-Server, the contents of the packet are examined for the GET url and the "Host:" field. The Inktomi Traffic-Server then sends the http request on to your destination from it's address with modified content and headers... This allows them to monitor and change (or insert ads into) what you read.
    Now look at that from my point of view as a content provider at the web site being requested.

    Comcast is engaged in the large-scale activity of making unauthorized derivative works (with that modified content and extra ads) of (copyrighted!) web sites for commercial gain . If a few of us web-smiths nail down the evidence solidly, the court ought to make us rich off the damages! Not to mention the fun we could have following the (M$, BSA, Scientology) precedents with ex parte orders for copyright violation search!

  • FUD? (Score:3, Insightful)

    by dreamchaser (49529) on Tuesday February 12, 2002 @08:08AM (#2993316) Homepage Journal
    I don't doubt that this could happen, but I would hardly worry about a post on a message board or mailing list. Yes, we need to be vigilant, but let us get some independant verification from a trusted source. Better yet, why doesn't one of you who has Comcast as a service provider write them a letter and ask? CC the FCC and the Better Business Bureau if you feel it necessary.

    Something about this just smells like FUD to me.
  • Transparent Proxies (Score:3, Informative)

    by frost22 (115958) on Tuesday February 12, 2002 @08:26AM (#2993344) Homepage
    So they have transparent web caches. The company I work for does this as well. And it sucks big time, for a number of reasons:
    • we have all kinds of quality problems. There's a shitload of web apps out there that break with transparent caches, one way or the other, and often in subtile ways. There's even an RFC [faqs.org] about some of them.
    • when metering traffic independently of the cache statistics we found that we actually did not save any bandwidth worth mentioning. The statistics for the caches of course say different, but interface counters don't lie :-)
    • customer satisfaction goes down the drain. The reason is, even if there is no problem with the caches, people blame any problem with internet and web site availability on the caches - and thus on us.
    But, no, we have nothing in place to collect and evaluate logs. It's just much too much data right now to handle or even store it professionally. OTOH, given technological advances, this kind of storage and evalutaion probably will be trivial a few years from now. So the tendency is definitely dangerous.

    f.

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...