ISPs Inserting Ads Into Your Pages

TheWoozle writes "Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content providers nor the end-users have been notified that this is taking place, and I'm sure that they weren't asked for permission either."

What about code validation?

[throup]

I know this won't be everyone's primary concern, but what happens to all of those pages carefully crafted to adhere to a specific standard eg HTML 4.01, XHTML 1.1 or whatever else you may choose? Surely, unless these uninvited contributions also adhere to that specific standard, we have no hope of producing standards-compliant documents.

Re:What about code validation?

[dascandy]

Turn that around and you could sue them for "destruction of property" for wrecking your pages, "violation of contract" for not giving you webhosting or something similar.

I've seen this at least a year ago

[wtanaka]

http://wtanaka.com/node/62 [wtanaka.com]

It was especially annoying when the ad insertion code didn't quite work right and caused web pages to break.

Belkin sucks!

[Werrismys]

One belkin ADSL modem actually did this. Every couple of days or couple of thousand port 80 request it displayed their ad instead.

They later issued a new firmware that disabled this. But not before I had issued them a "fuck off" feedback. I have never bought another belkin product since and I strongly urge no-one else to do so either. Fuck them.

Data corruption

[gilesjuk]

This is one angle to pursue, you have requested a page and the page you receive has been altered by the proxy, therefore "corrupted" the data.

If this continues then someone can write a plugin for Firefox to stop the adverts.

Time to rebuild the freenets.

[Anonymous Coward]

Back at the start of the net, many people started to build their own little networks (e.g. the "freenets", which existed long before freenet) and make connections with their neighbours. This activity was wiped out when ISPs started providing service at less than cost in order to build their business, making freenets not worth the investment. Now we are back at the stage where ISPs are trying to make money and messing up the service. It's time to restart building those networks and move off the commercial ISPs. Does anybody know any good places to start this? I'm ready to interconnect with my neighbours. How do we arrange sensible cheap long distance interconnectivity?

What about freenetworks.org [freenetworks.org]? Are Wifi Coops [wificoop.org] any good? Any others?

Copyright infringement

[Anon E. Muss]

The customers of these asshole ISP's may not be able to stop them, but web site owners might. HTML code is frequently copyrighted. Injecting Javascript into a web page creates an unauthorized derivative work. Some webmaster needs to start sending DMCA takedown notices to ISP's using these ad injection proxies.

Smells to me...

[Kjella]

...like a copyright infringment. The ISP takes the work, creates a derivate, then distributes that derivate to you. Clearly the page is distributed as a whole even though it's made up of parts, you'd certainly relate porn ads to a company if they appeared on that company's webpage which means it's absolutely not its own work. It's like a book club embedding ad pages in the books before shipping them to members.

Distribution is an exclusive right of the copyright holder.
That they change the content means all paragraph 512 limitations are out the window.
The fair use test (commercial, creative work, almost whole work (all the non-ad content), kills ad revenue) is a 0-4 slam dunk against.

So tell me exactly, what's protecting the ISP from an "allofmp3" style lawsuit for a few trillion, since every web page is a $150,000 lawsuit in itself? Whoever in the legal department who approved this should be terrified.

Go Somewhere Else?

[Joel Rowbottom]

Ok, mod me down for this if you will, but why not just vote with your feet and go to a different ISP?

In these days of webmail and portable email addresses/domain names, why don't more people do this? It's still a buyer's market, and there's still lots of mom-and-pop ISPs who'll be glad of your business.

All the talk of 'taking legal action' smacks to me as being what's typically wrong with the entire attitude of everyone today. Compensation culture and all that - where there's blame there's a claim.

Re:Copyright Bonanza

[kailoran]

The right my ISP has to copy it is only for the purpose of publishing it in the transaction I have explicitly permitted: publishing it on URL requests.

A proxy makes a copy for reasons other than publishing the content in the current transaction, so (nitpicking) it would mean it is ilegall.

Anyway. I'm not sure if copyright should be the law preventing this, I'd much rather have it illegal under some sort of privacy or wiretapping law. I mean, UPS doesn't stick adverts inside mail, and what the ISP is doing is pretty much equivalnt to slapping an advert on the second page of a book they deliver.

Re:Suprise!

[OnlineAlias]

I am pissed that they are even addressing my http stream through proxy. Technically, that is eavesdropping my session. Not to mention that just looking for the place to insert the ad will most certainly screw up many web applications. Once an ISP crosses this line there is no limit on what they can do. Things like feeding you a bogus SSL cert while making it appear perfectly legit and decrypting your traffic, redirecting entire web sites, blocking content without your knowledge...it goes on and on. The ISP even having this information in their logs starts a huge slippery slope.

Everyone, immediately call a lawyer and run away from any ISP that does this. You have been warned.

Re:Links to Belkins suckiness (Re:Belkin sucks! )

[FrostedWheat]

I second that. We had a KVM of Belkin in the office ... it acheaved a level of suckiness I've rarly seen in the computer world. Most days it would just stop working, or the keyboard would stop working and a few times got into an endless loop switching between computers. How hard can it be to make a KVM? In the end it was easier setting up two keyboards, mice and screens :-/

When I bought one for home I went out of my way to get a non-Belkin model, ended up with some no-name brand and it works flawlessly. Cheaper too.

How to take advantage of this

[IdahoEv]

It would seem pretty straightforward to document uses of your website to sell ads, so that you could sue ISPs for copyright violation. This seems pretty straightforward to me.

1) Generate a unique id for every webpage transmitted. php's uniq() function would be fine. Embed it in the page.
2) Generate a checksum before transmitting the page. Save the id and the checksum, perhaps in a mysql database, when transmitting the page.
3) Embed a javascript that can compute the checksum of the document at the user's end. Have it transmit the checksum back to the server.
4) If the checksum doesn't match, have the javascript transmit the content of the page and it's headers, and perhaps even a traceroute, back to the server.
5) Server stores all of the above in a "pages corrupted in transmission" log.

Log analysis should then give you a list of ISPs who have consistently corrupted your pages, details on what they inserted, and documented # of violations with date and time. You can take this documentation to the court and say "Look! Earthlink/Megapath/AT&T/Whoever has illegally copied my website to market their own advertisements 12,432 times in the last year!". Demand remuneration.

6) Profit!
7) Reduce ISP's willingness to fsck with other people's content and thereby make the world a better place.

8) (Optionally) Have your own javascript strip their ad and/or put a banner at the top that notes "Your ISP has attempted to illegally insert their own advertising into our website, thereby making money off you and me without either of our permission. We strongly suggest you switch internet service providers." -- try to get user pressure on the ISP.

I'm about to head out on a 10-day vacation. When I get back, if one of y'all hasn't written this yet I'll start on it myself.

Re:Go Somewhere Else?

[name*censored*]

>>Ok, mod me down for this if you will, but why not just vote with your feet and go to a different ISP?

Not always feasible - for one thing, many many areas have a limited number of ISPs available in their area - some rural regions may only have access to one broadband provider. Also, big companies only understand one type of complaint, and that's litigious type of complaint. If everyone moves to the only other ISP in town, this *other* ISP will destroy the first, and then immediately start putting ads right in content, now that the first ISP can't stop it. Thirdly, nearly every ISP (can anyone name an exception?) locks you into an xyz-month contract, which costs you an arm and a leg to get out of. If you're locked into this contract (which likely allows for this kind of thing, it'd be too massive an oversight of theirs to make), then there's very little you can do that won't result in them getting large gobs of cash, EXCEPT sueing the pants off them (or at least making them pay through the nose to defend from a class action suit). I'm against the ridiculously amount of litigation in modern society too, but sometimes it's best to fight fire with fire.

Re:What about code validation?

[Jamu]

I had that with my old ISP (Virgin.net). I wrote a simple webpage in HTML 4.01, checked it was valid with W3C's Markup Validation Service, and then uploaded it. When I checked it there was script just after the html element but before the head. Not what I wanted to see on a page that not only asserted I knew something about writing HTML, but also had the W3C validation link at the bottom.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><s cript src="http://www.virgin.net/js/random_ad.js" language="javascript"></script>
<!-- Document is valid. However, Virgin.net inserts a <script> element here -->
<head>
<...

Ads == harassment

[Tom]

Some time soon, we will cross the line where my opinion becomes a majority opinion: That any and all unasked for advertisement is harassment and should carry criminal penalties accordingly. Double the punishment if it masquerades as something else (i.e. fake grassroots campaigns, product placement, etc.)

Alternatively, lift all restrictions on advertisement. Then we'd at least have nude girls and hardcore porn on every wall and window, instead of beer and washing powder.

Re:Suprise!

[phoenix321]

I'm pretty sure, SSL was created *especially* to combat man-in-the-middle attacks. Inserting data in http streams at ISP level is no different than intercepting packets at TCP level and crafting some forgery in them.

I don't think you can use bogus SSL certs, IF you already use your own.

So my first and only advice to this "crisis" is

--> Use SSL-only web hosting for even the most basic set of pages. ---

With SSL-encrypted traffic no other node or ISP can ever know what's inside your packets and can therefore not eavesdrop on your connection or place ads inside.

I'm very glad some ISPs are dumb enough to start this crap, because now everyone will learn the semi-hard way how the internet is working, what makes it vulnerable and why encryption can be beneficial for everyone. When ISPs are dumb enough to drive the masses to SSL-encrypted everything, the/a/our snoopy government is severely hampered.

All we need is one for-free certification authority and everyone can use a public SSL cert to lock out any and all intruders with less than 10-percent-NSA computing power devoted to them.

Maybe we even get the second part of SSL, the client certificates off the ground.

Re:Suprise!

[kalidasa]

Funny, I was under the impression that there was a lawsuit about some Microsoft technology that added links to other content providers' pages that argued that the practice was a violation of copyright (because by altering your content, they are in effect creating their own derivative work without your permissions). Couldn't you just slap them with a DMCA takedown notice?

Re:Suprise!

[N7DR]

I tell you, I am highly ticked off that, at least where I live, there's no way to get a broadband ISP who promises to deliver one thing: a pipe. That's all I want: a pipe. I can't be alone. Just give me a pipe and leave me to use it the way I want to. Don't filter my e-mail. Don't redirect my DNS queries. Don't disallow traffic to/from ports. Don't block pings. Just give me a pipe. What's so hard about that? Good grief, if you want to, you can even charge me extra.

I am almost always against laws (which are often worse than the ill they are trying to right), but it seems to me that there ought to be some sort of regulation that requires ISPs (since they are mostly effectively monopolies) to offer a transparent pipe for those who want to avoid all their obnoxious practices.

We log everything

[Anonymous Coward]

We log everything - we're a global streaming media website not an ISP, and what we log is media player events for statistical analysis purposes - and it chews up 70 to 120 gigabytes per day at our current rate. This costs us about $1200 a month in my disk and server budgets. Which is a relatively small number in my total monthly IT budget. We've been running for just under 11 months now and haven't had to dump anything, but I can see us starting to purge the oldest log records within the next 6 to 12 months.

Re:Suprise!

[Alef]

But if you come along and *insert* ads on my pages and thus benefit from my work, I have no choice but to sue. That is copyright violation. Period. They are costing the content provider money.

There was actually a case in Sweden last year where the directors Claes Eirksson [imdb.com] and Vilgot Sjöman [imdb.com] successfully sued Sweden's largest commercial TV station TV4 [wikipedia.org] after it had shown two of their films with interruptions for commercials. In the ruling [www.klys.se] the court concluded that the interruptions were an infringement of the moral right of the creators, since the station didn't have an express permission to insert them. I imagine a similar argument could be made for web sites.

Re:Suprise!

[innocent_white_lamb]

I own a movie theatre. My exhibition contracts with the studios and distributors specifically prohibit the interruption of a film for any reason other than technical problems or an emergency.
 
(What's an emergency? Well, I've had the police show up to arrest someone in my theatre, I've had a fire right in front of my door, and that kind of thing. Other than that sort of stuff, and power failures and break-downs, the show must go on.)

Re:Absolutely insightfull..

[sumdumass]

I know the point you guys are trying to make but your doing it poorly. The Internet and Internet access isn't a free market. Making it so only places anyone attempting to compete at a disadvantage.

Internet service and network service providers for the Internet have for the long time been a protected monopoly. Sure there was dial up service that anyone could start, but that was the only last mile option they had for the longest of time.

Now, to understand the net neutrality correctly, what the service providers are attempting to do is sell you service at one price while promising a certain speed and then fail to deliver that service or that service at the speed you paid for unless the other company pays some free for this privilege. In any free market, that is fraud in it's basic carnation and should be illegal. With not preserving net neutrality, we are attempting to make that fraud legal. This isn't a way a free market would operate.

So to make it a free market, you would have to declare the interconnect hubs that service the major and minor networks a public utility and only allow the cost of maintaining them to be charged for content passing over them. You would do this in the same way they do with telephone/power lines and DSL. You would then have to stop the ISPs from deliberately deceiving the consumer by claiming certain speeds and then degrading it based on other fees from the website you are visiting. Now, you would have a level playing field and the consumer would pick plans based on the reliability and delivery of the service the ISP delivers. And when they don't get what they want, another company can open up and give it to them without being railroaded intro bankruptcy. But we won't have that because it isn't what the ISPs and network owners want. They want to deceive the consumer and not deliver the promised speeds based on funds paid or not paid by the sites you are visiting. And they can only do this because they have built an infrastructure up in a government granted monopoly for several decades.

So, while on the surface, you and the GP have a point, your neglecting to point out that it isn't fair at the moment so it cannot be worked out along the lines of a fair market. Maybe something can be done, I doubt it. And because of this, Net neutrality cannot be treated as a fair market scenario. Now, if you will excuse me, the Lawrence Welk show just came on and I have to find the remote.

Like CleanFlicks

[mrcaseyj]

This ISP add insertion also reminds me of a case between the Utah based CleanFlicks company and Hollywood movie studios. The Mormons in Utah and many other people wanted cleaner movies, so CleanFlicks started taking DVDs from customers and giving the customers back an edited version of the DVD with the sex and violence and other objectionable stuff taken out. The studios won a lawsuit, I think, partly on the grounds that CleanFlicks was violating their copyrights by selling derivative works that didn't maintain the artistic integrity of the originals.

One of the problems CleanFlicks had was that they were actually making unauthorized edited copies of the DVDs, even though they required a genuine copy of the DVD to be turned over to them for destruction. Another company, ClearPlay, was also sued after they took a different strategy to avoid the copying problem. ClearPlay made DVD players that just played regular DVDs, but the DVD player cut out portions of the movie as it played, based on a file downloaded from ClearPlay onto a USB flash drive which was then plugged into the DVD player. However according to Wikipedia, the ClearPlay suit didn't make it to a verdict before Congress passed a law explicitly making it legal. I doubt the law applied to inserting adds in web pages though.

The similarity of these situations is that theoretically the ISP customer is asking (by agreeing to the ISP terms of service) for the adds to be inserted in the web pages, just as ClearPlay customers are asking for the bad parts to be removed.

This is also similar to software that removes the adds from web pages. A web page without the adds is like a derivative work, created by the viewer, with the assistance of the add block software.

Re:Suprise!

[mysidia]

The ISP can't really be making a derivative work in the case, because they're not creating a work at all, said ISPs would just be inserting advertising over your connection, while instructions are being transmitted, that effect browser software. Prior to its display in end-user browser window, there is no fixed form or medium, no work, just electronic pulses of 1 and 0.

Chances are the advertising inserted would be random/varying every page load, so the only "copy" of said "derivative work" made in a fixed form is the one in an end user's browser window and possibly a file cached by the web browser. And effectively, end user is the party that has created the work by choosing the environment in which to browse to that web site. Since the only "copy" of the web site is of a temporary nature and is for personal use, it is not likely that infringement has occured.

You as user of the service are creating the work. Every time you connect to a website, you are receiving a series of messages from your ISP that are used by your web browser to construct a derivative work.

In case the ISP adds advertising to the user's connection stream; this is not stealing from the content provider, any more than the manufacturer brand logo on the front of your TV while watching a movie is stealing, OR a web browser that includes a Google advertisement fixed in the top right corner of the screen is stealing, for its search feature (Even as you are browsing msn.com), it is merely a cost of service for the end user, and a consequence of allowing users access without any control over their access technology, or knowledge about other material that might happen to be displayed on their screen simultaneously with your content.

Since the content provider is relying on end-users ISP for delivery of the work, the content maker has two choices: either (1) accept the terms of the network and deliver content through, OR (2) don't hand the content off to said network for delivery.

Certainly if the content isn't served up in the first place, it can't be sent along with advertising. If the content IS sent along, then permission to display it is implied, unless other terms have been negotiated.

Most content providers on the internet implicitly and blindly pick (1) by allowing users to freely access their content, without restricting the technology users utilize to access content, or restricting browser features such as denying access to bookmarks OR the back button, both of which have a possibility to create 'derivative works' of a sort -- most webmasters allow nearly any ISP and a variety of web browsers to be used to access their material, despite all the variations which they have no control over.

And even if those web browsers happen to be setup to display advertising (possibly for a competing site) within a toolbar just above the web page, in another frame, window icon, etc.

It's their choice, but as a result, they also lose the ability to prevent others from profiting (albeit indirectly) from their content.

Very little content on the Internet is limited based on user's ISP or environment. There simply is no guarantee for webmasters, that additional features will not be aggregated with the content.

Note however, a content provider can certainly control the terms of access: this would be done by only allowing access to the work from ISPs with an agreement to not add additional advertising.

Exactly what you will see depends somewhat on your screen resolution, available fonts, your number of available colors, window manager, operating system themes/skins, your web browser, and the methods the web browser makers chose to use in rendering pages. Whether new advertising is added or not, you almost always get a derivative work when you browse a website.

Presumptively if the ISP does insert advertising, you as end user have consented to it by accepting a Terms of Service that includes notice that the connectivity service may