Belkin Routers Route Users to Censorware Ad 805
The Register has a story today about
Belkin routers redirecting their users' network traffic.
To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"
Usenet thread (Score:5, Informative)
use a real router (Score:4, Informative)
Re:Usenet thread (Score:5, Informative)
Newsgroups: news.admin.net-abuse.email
Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam!
Date: 5 Nov 2003 15:25:28 -0800
Organization: http://groups.google.com
Lines: 70
Message-ID:
References:
NNTP-Posting-Host: 67.98.73.254
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003 23:25:28 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC)
"JerryMouse" wrote in message news:...
> Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.
I was made aware of this posting by an e-mail that was sent to
Belkin's tech support e-mail box. Since I am a product manager for
Belkin's LAN products and was very involved with the development of
the Parental Control feature, I feel that I can shed some light on
this subject. Firstly, without trying to sound too stand-offish, we
are not talking about SPAM here. For me to clarify, an understanding
of the Parental Control service will really be needed.
Since Parental Control is a subscription service, Belkin wanted to
make registering for the service very easy. Since the router actually
will work in tandem with an outside server (Cerberian,
www.cerberian.com) registration information needs to be collected and
sent to Belkin and Cerberian to activate an account. Traditional
methods of registration, such as asking the user to go to a website or
navigate to the Router's internal Web page to enter information didn't
meet the ease-of-use goal. We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page. (Again remember, only
one http request every 8 hours). Admittedly, there is no controlling
which computer on the LAN this message will pop up on. If the user
just closes the window without clicking "No Thanks", then the flag is
never set, and the reminders will continue. Now, if you are the type
that doesn't want to click the "No Thanks" button, then no problem.
Navigate to the Router's internal web interface (default IP =
192.168.2.1), click on the Parental Control menu. In the Menu, select
"Don't Remind every 8 hours" (This phrase actually varies a bit, but
you get the idea) then click "Apply Changes". DONE. Nothing to it. By
the way, this procedure might have to be done if your router is behind
a firewall. Reason: filter.belkin.com sends a response to the Router
to set the flag. Firewalls will block the response. This might explain
the problem in a school for instance.
We did this not to be evil, we did this to make sure that any
non-techy person (part of our target audience) would have ample
opportunity to opt in or out of the free 6 month trial of the Parental
Control feature. The Router doesn't collect information on you and
send it to Belkin. We don't have the ability to SPAM you at a later
time if you select "No Thanks" or turn off the Reminder manually. I
know this feature might be misunderstood and might PO some people. I
know the manual could do a better job explaining it. These are all
things that we at Belkin are working to remedy.
Re:Here's the angle I would take... (Score:5, Informative)
ericd@belkin.com
You're welcome. :)
Re:so.. (Score:2, Informative)
Yes in both cases, because in both cases unwanted marketing has hijacked your use of your private property to display unwanted advertisements. It is unethical, unwanted, and it is on the other side of a line that companies GODDAMNED WELL BETTER UNDERSTAND they are not to cross.
Re:so.. (Score:3, Informative)
This is not adequate for two reasons.
First, many users will never discover it. For these users, the censorship [jerf.org] is involuntary and permenent.
Second, Free speech [jerf.org] is a right, not something any entity can predicate on an action at their whim.
The opposite might be acceptable, if the users could deliberately request this "feature". The fact no sane person would activate this "feature" also speaks to the fact it's a corruption of ethics.
Re:Some other ideas... (Score:5, Informative)
Not my TV, but my cable TV set top box does. Telewest (UK) just upgraded their menu systems. Now, whenever I select the [GameZone] menu option, whichever cable channel I listen to (even the BBC World News radio) is automatically switched over to the FrontRow trailer preview - No negotiation. As soon as I leave the GameZone, the channel is automatically switched back to whatever channel was playing when I started, even if the FrontRow channel is now playing a trailer I want to see.
It's good to see that cable TV system developers really know how to design good user interface.
Re:Usenet thread (Score:3, Informative)
Now, if it were the default behaviour following the firmware update to redirect *ALL* http sessions until the feature is configured (yes/no/demo), then this would be acceptable. Stealing one connection seamingly at random is broken behavior for any network device.
Rest assured, I will not be buying Belkin shit. (Not even cables.) [Not that I have been, anyway.]
Re:Exactly (Score:5, Informative)
>> to something simple like your very first HTTP
>> transaction brought up a configuration/advert
>> screen only once, then there wouldn't even be
>> a story.
Actually this is pretty much what happens. Here is a snippet from usenet [google.com].
We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page.
In summary, you have to click 'no thanks' ONCE and you'll never see the thing again unless you do a hard reset of the router.
Re:so.. (Score:4, Informative)
I was incensed enough about this that I read all the usenet posts in NANAE about it.
In the post by the Belkin employee he notes that clicking the opt out link won't wotk if you're behind a firewall, because the response won't get through your firewall and back to the router. To turn this off, you'll have to go to the local http page hosted by the router, and opt out there. (And I'm not sure even that would work for me; my firewall is set to block localhost (127.0.0.1) to localhsot connections too, unless I've explcitly allowed them for specific applications.)
Also, the Belkin employee proudly states that the hijacking occurs once every eight hours, so if you're only seeing it every two weeks, it may mean that applications other than your browser that make requests to port 80 (http downloaders such as emusic's, rss readers, various applications auto-updating or calling wget, perl scripts, python scripts -- all of these things on my system might make http requests) may be failing silently.
If you see one hijack in your browser every two weeks, that means there are 41 (3 * 14 - 1) http requests in those two weeks being hijacked that are not browser traffic. Given that silent failure, who knows what's been lost, corrupted, or delayed on your computers.
Naturally, I'll never purchase a Belkin product again, unless Belkin certifies that whoever thought this up, and whoever approved it, have been fired.
Selling me a product, claiming it does something, and then making it intentionally fail, in order to sell me another product? Then you'll never sell me anything again.
Re:Here's the angle I would take... (Score:5, Informative)
Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220
melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com
I called 'em up months ago... (Score:3, Informative)
Glad to see someone else is pissed off about this. I turned it off in my router, got mad for an hour or so, and went on using my router.
Coincidentally, Belkin routers can't work with arbitrary MTU's over PPPoE, in case anyone needs further reasons not to buy them. I won't be buying another, even though mine works okay, sort of (I'm the netadmin for my ISP, so I can futz with things to make it work despite itself).
Jouster
Re:Some other ideas... (Score:3, Informative)
Re:Here's the angle I would take... (Score:3, Informative)
The BBB doesn't handle any kind of litigation or action against a company. They try to facilitate a resolution between an individual and a corporation. For example, when Best Buy (I will never NEVER NEVER buy anything from Best Buy again) tried to screw me out of a $150 rebate on a laptop, I filed a complaint with the BBB to get my money. The best the BBB can do is "blacklist" a company, but that only does anyone any good if they actively seek info on a company with the BBB before doing business with that company.
This would better be filed through the Attorney General's office or a lawyer. They can seek damages from the company, the AG could push for a recall, etc. The only thing about the AG is - they'll only sit up and take notice if it looks like the company is actively defrauding people somehow, and there are a significant number of victims (if there's not enough victims, they'll just tell you to get a lawyer).
Re:Here's the angle I would take... (Score:3, Informative)
-----
Hello. My name is Michael Pedersen, and I am a systems administrator by profession, technical support for my friends and family, and programmer for my own personal needs.
I am also an ex-Belkin customer. Prior to today, I felt confident in being able to recommend Belkin to anybody who might have a need for any of the products which Belkin sells. In fact, I have bought a fair number of the products myself for my own usage.
However, I have just now found out about the Belkin Router with Parental Controls. This will redirect my browser immediately to the Belkin
website, and if I choose not to click a button on it, redirect my browser every 8 hours until I -=DO=- click a button.
This is unacceptable to me. I already have enough issues with spam in my emailbox, and these sorts of tactics would be used by spammers (and would-be spammers) to collect email addresses and any other information they can get. As such, my immediate reaction would be to close the window, and hope that I wasn't about to be spammed.
Now, Belkin has resorted to using their tactics. I don't need more advertising of products for which I have no use (I have no children, no desire to be a father, and no chance (medically speaking) of becoming one). But Belkin sees fit to interrupt my time to push an ad in my face.
I would say that I'm sorry, but I'm not. I'm livid. I have bought the last Belkin product I will ever buy. And I will tell everybody I know to
refuse them as well.
Beautiful Contact Informaion (Score:2, Informative)
Sales Prevention Team
Belkin Corporation.
It could catch on... (Score:1, Informative)
We're all part of the public, aren't we? (Score:4, Informative)
Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220
melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com
(this is (unless you get redirected by your router) publicly available information at www.belkin.com)
Overreacting (Score:2, Informative)
This is a non-story, so you can unclench now.
Re:Here's the angle I would take... (Score:5, Informative)
A binary dump of the firmware reveals... (Score:3, Informative)
OS parameters
os_name=linux
os_version=3.00.07
la
user_conf_ver=1.01
kernel_mods=et wl slhc ppp_generic pppox pppoe ppp_async mppe
fw_src=http://networking.belkin.com/update/
route_check_host=heartbeat.belkin
NTP Default
ntp_dst_enabled=1
ntp_enable=1
ntp_tim
ntp_sync_interval=1
ntp_server=192.43.24
user_time_yr=1970
user_time_mo=1
user_time
user_time_hr=0
user_time_mn=0
user_time_u
Cerberian
ceb_enable=0
ceb_email_enable=1
ce
ceb_timeout=10
ceb_unavail_block=1
ce
ceb_expire=0
iapp daemon
iappd_oid=00:30:bd
device_type=1
Re:Here's the angle I would take... (Score:5, Informative)
Re:Here's the angle I would take... (Score:2, Informative)
http://www.orinocowireless.com/ [orinocowireless.com]
Re:Here's my letter to their PR rep (Score:4, Informative)
Actually, I can think of a couple of reasons this is still an issue. What if it isn't on the Internet...does the connection just get dropped?
Does this device send out DNS queries to determine where to redirect stuff to?
What happens if you have a test suite for a web-based application and IT just added a Belkin piece-of-junk router? Bam, mysterious failures. You could spend a week trying to figure out what the sporadic errors you're getting are from.
What if you're using SOAP or similar software, and the software you're using doesn't deal well with mysterious crap coming back from the server?
Belkin is a piss-poor company that sells lousy hardware and overpriced cables.
They aren't on my "buy" list anymore, either (and I *have* purchased Belkin products in the past).
Re:Eric Deming canned response (Score:1, Informative)
----
Does the Belkin Router send me Spam? NO.
Recently a group of privacy advocates have targeted Belkin Routers, claiming that Belkin
Routers equipped with Parental Control send spam, unwanted advertisements and
spyware to computers.
1. Belkin Parental Control Content Filtering is promoted on our 802.11g
Wireless Router packages as an added value service included with purchase.
Parental Control filtering enables our customers to block access from their
network to specific websites; it is a content filter, nothing more.
2. During the installation process, the router produces a web page asking the
owner of the router if they want to sign up for a free six-month trial of Belkin
Parental Control, similar to common online product registration requests.
3. The Parental Control registration page is not spam, adware or spyware. It is
part of the setup process of the router. It does not "hi-jack" the browser.
4. Belkin routers do not install spyware or adware, nor does Belkin have the
ability to advertise to our customers using our routers as a conduit.
5. If a customer clicks "No Thanks" on the first prompt, the registration page
for Parental Control signup will no longer appear.
Additional Information:
- The "No Thanks" button is not a trick button that will install spyware, etc. on the
computer. If a customer is uneasy clicking "No Thanks" in the web page, to stop
the reminder, you can navigate to the Internal web page of the Router, click on
Parental Control and select "Don't Remind me Every 8 hours". This will stop the
web page from ever being displayed again.
- If the browser window is closed without clicking "No Thanks", it will be
displayed again after 8 hours has elapsed. Please note that this is not a browser
pop-up, this means that the Parental Control web page will only be displayed if
the user opens the browser. Again, Clicking "No Thanks" will stop the web page
from being displayed.
We sincerely hope that this information provides an explanation that meets your needs, if
for any reason you would like to contact Belkin directly, please email your concerns to
Kannynmc@belkin.com
Regards,
Kannyn MacRae
Business Unit Manager, Networking
Belkin Corporation
Re:Here's the angle I would take... (Score:3, Informative)
from groups.google:
From: ericd@belkin.com (Eric Deming)
Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam!
Date: 5 Nov 2003 15:25:28 -0800
Organization: http://groups.google.com
"JerryMouse" wrote in message news:...
> Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.
I was made aware of this posting by an e-mail that was sent to
Belkin's tech support e-mail box. Since I am a product manager for
Belkin's LAN products and was very involved with the development of
the Parental Control feature, I feel that I can shed some light on
this subject. Firstly, without trying to sound too stand-offish, we
are not talking about SPAM here. For me to clarify, an understanding
of the Parental Control service will really be needed.
Since Parental Control is a subscription service, Belkin wanted to
make registering for the service very easy. Since the router actually
will work in tandem with an outside server (Cerberian,
www.cerberian.com) registration information needs to be collected and
sent to Belkin and Cerberian to activate an account. Traditional
methods of registration, such as asking the user to go to a website or
navigate to the Router's internal Web page to enter information didn't
meet the ease-of-use goal. We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page. (Again remember, only
one http request every 8 hours). Admittedly, there is no controlling
which computer on the LAN this message will pop up on. If the user
just closes the window without clicking "No Thanks", then the flag is
never set, and the reminders will continue. Now, if you are the type
that doesn't want to click the "No Thanks" button, then no problem.
Navigate to the Router's internal web interface (default IP =
192.168.2.1), click on the Parental Control menu. In the Menu, select
"Don't Remind every 8 hours" (This phrase actually varies a bit, but
you get the idea) then click "Apply Changes". DONE. Nothing to it. By
the way, this procedure might have to be done if your router is behind
a firewall. Reason: filter.belkin.com sends a response to the Router
to set the flag. Firewalls will block the response. This might explain
the problem in a school for instance.
We did this not to be evil, we did this to make sure that any
non-techy person (part of our target audience) would have ample
opportunity to opt in or out of the free 6 month trial of the Parental
Control feature. The Router doesn't collect information on you and
send it to Belkin. We don't have the ability to SPAM you at a later
time if you select "No Thanks" or turn off the Reminder manually. I
know this feature might be misunderstood and might PO some people. I
know the manual could do a better job explaining it. These are all
things that we at Belkin are working to remedy.
Oh, one last bit, when upgrading firmware for the Routers that
originally shipped without the Parental Control feature, the new
firmware has this feature added. This was by popular demand. Our
customer install base began to notice the Parental Control feature on
new models that we are shipping, and wanted a solution for themselves
without having to buy a new product. So, we accommodated them.
I'm happy to answer any questions if you have any. Thanks!
New reply from Eric Deming (Score:5, Informative)
From: Eric Deming [mailto:EricD@belkin.com]
Sent: Friday, November 07, 2003 10:05 PM
Subject: RE: defective router
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
New response from Belkin (Score:3, Informative)
We'll have to see what they come up with next week.
They've recanted and are going to offer a fix (Score:1, Informative)
Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Retract and Reply (Score:3, Informative)
Wow. That was quick.
Automated (?) reply from Belkin (Score:2, Informative)
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
Eric Canceled His Post! (Score:3, Informative)
Wow, that was not the smartest thing to do. I mean, when you have a bunch of techies chasing you don't try and throw them off the sent with Usenet trickery. Use their weakness against them and throw pictures of naked women at them.
Re:I doubt it (Score:3, Informative)
Next drop URLs into an almost-invisibly small FRAMEs, and have the main frame show one of those annoying "Site loading" things with a 5 second redirect to the next page of the site, target _TOP (No, there shouldn't be a space between 10 0, it should be 100 -- slashdot doesn't love me)
When the browser hits the "next page", it will trigger some classic windows exploits (for education purposes only, of course)
You could turn off ZoneAlarm and PC-Cillin too if you wanted.
Re:Here's the angle I would take... (Score:3, Informative)