Is Comcast Intercepting Packets?

nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for subsidiaries or resale to marketers. Maybe they want to do their part in The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."

This has to be illegal

[Marx_Mrvelous]

Isn't tapping internet connections the same, legally, as a phone tap? It's nto legal for the phone company to listen in on your conversations to sell to advertisers, it can't possibly be legal to sniff packets to sell to marketers!

Illegal or not?

[Penguinoflight]

I personally don't like the idea of people sniffing an internet connection, but I do see a difference between a phone.

Your phone company is not chosen by you, the only way you can change phone companies is to move. However with a broadband internet connection, it's different.

Most places who get one broadband provider get several, I think they call it defence(i.e. don't let your competition expand in one area while you expand in another area). Therefore you have a choice to use it or not.

Re:Be a little more responsible...

[psychosis]

I do agree, but the editor didn't make any additional comments substantiating the claim... Even the submittor left his/her comments to a relaying of information.
There are a good number of folks in the /. audience that may not be regulars in the circles this was posted to, but have an interest/ability in/to investigating this further, and providing more evidence in either direction...
Just a thought! ;)

This could be a big oops for Comcast

[Joe Decker]

If they're collecting the data themselves, instead of using a third party, I believe they would be in direct violation of the Cable TV Privacy Act of 1984. [epic.org]

While IANAL, I work in the digital television middleware industry and have been involved in making sure that we do not inadvertantly let our customers run afoul of that precise law. It's not just the law, it's a good idea.

Shining some more light on this

[$carab]

I am a recent (unwilling) convert to Comcast from MediaOne. The net speed has fallen roughly 50%, and I am seeing an increase in 404 errors. My speed did max out about 200k(!) more when I set my MTU to 1500 from 750. Fewer packets=Less to log? Anyway, I've recorded traceroute and ping attempts on google right here [lfay.net]. As you can see secondary bounce is extremely hard to get through, this is consistent for most sites I tracert. BTW...my upstream is capped at about 120k, so that image will get swamped quickly. Then, there is the suspicious bounce through 68.42.244.50..Very close to the server reported as being the offender. As you can see, ping requests get through easily. Draw your own conclusions from this, but I think that J. Edgar Hoover might be on to something here.

Tangent

[volpe]

I know I'm going off on a tangent here, and it's off-topic, but please bear with me.


The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.

Can someone explain why the Good Guys always have to keep the Bad Guy on the line for something like three minutes in order to trace the call, when all they should have to do is call up the Phone Company (on another line) and ask them to punch up the number of the person calling this number right now?

Just plain stupid.

[gotak]

WTF? Why is everyone accussing comcast of spying?

First off all your spending habit is normally kept in a database somewhere by your credit card company. How else can they bill you? What's the difference between that and this? Are you going to send your email over the net that's sensitive unencrypted?

Further more as many have pointed out without success this sounds just like a transparent proxy. Which is a perfectly valid network influstructure.

What is it with slashdot and the slashmob?

Re:Shining some more light on this

[PtM2300]

Your tracert/pings don't really show anything convincing. The simple fact that the first few routers don't return pings is just so that the routers cannot be DOSed as easily and they remain a little more stealth. Your ping times are about double the norm, but still not terrible.

Comcast IS using a transparent proxy. Observe.

[Anonymous Coward]

$ telnet 1.2.3.4 80
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
get www.yahoo.com

Yahoo! -
501 Method Not Implemented [yahoo.com] Help [yahoo.com] Method Not Implemented
get to /index.html not supported.

Copyright
© 2002 Yahoo! Inc. All rights reserved.
Privacy Policy [yahoo.com] -
Terms of [yahoo.com]
Service
Connection closed by foreign host.

$ telnet 1.1.1.1 80
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.

nmap ANY valid or invalid host and port 80 will be open. Yes folks, that IS a transparent proxy answering your calls.

Copyright violation

[coats]

If a comcast victim/customer sends a packet to port 80 at any IP address, it is intercepted by the Inktomi Traffic-Server, the contents of the packet are examined for the GET url and the "Host:" field. The Inktomi Traffic-Server then sends the http request on to your destination from it's address with modified content and headers... This allows them to monitor and change (or insert ads into) what you read.

Now look at that from my point of view as a content provider at the web site being requested.

Comcast is engaged in the large-scale activity of making unauthorized derivative works (with that modified content and extra ads) of (copyrighted!) web sites for commercial gain . If a few of us web-smiths nail down the evidence solidly, the court ought to make us rich off the damages! Not to mention the fun we could have following the (M$, BSA, Scientology) precedents with ex parte orders for copyright violation search!

Want to see something real interesting

[joeblowme]

After they switched the network over I was trying to get my VPN to my place of work going again. With absolutely no success. The wackiest thing was when I'd try to ping my internal network at work, I'd get responses back from comcasts internal network. You can test it on your machine, ping a 10.9.0.0, 10.11.0.0, or a 192.168.0.0 network which aren't used outside and watch errored packets come back from comcast. I've already contacted them and they said if I want this fixed I have to pay the $100+ a month for business grade service. What a load of crap dsl is getting installed soon.

Re:Hold your horses...

[jandrese]

After the switchover we noticed a big hit too. I suspect it might have something to do with the usenet servers now being outside of the network. Usenet seems to consume an enormous amount of bandwidth at Comcast, and since you have to jump completely out of their network now, I suspect their backbone connections are saturated.

This might be "fixed" once they either kill the usenet servers entirely or set up new ones inside their network like a sane ISP. Most people on the net are assuming the former will happen (which won't save as much bandwidth, since the heavy usenet users are likely to get external services). Your best bet at this point seems to be to pray that Comcast sees the light with Usenet and just buys the old servers from @home. If you've lead a clean life they might even announce something one way or the other before the switch off date (coming RSN).