ISP Inserting Content Into Users' Webpages 396
geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.
What's the problem? (Score:3, Insightful)
Re:What's the problem? (Score:5, Insightful)
Or maybe, just maybe, they could ask you for your regular email when you sign up. This is not rocket science. There is no excuse for an ISP to be arbitrarily modifying the content of a subscriber's traffic.
Re:What's the problem? (Score:3, Insightful)
Re:What's the problem? (Score:1, Insightful)
You know something that has proven to be both legal and moral.
Re:What's the problem? (Score:4, Insightful)
imho they are creating a solution to a problem that doesn't exist. there's 1000's of widgets out there they could tune to give you an almost real time view of your quota, building their own an interfering with your http traffic is not a good solution.
Hey Rogers! (Score:5, Insightful)
Seriously, when it becomes acceptable for the phone company to break into my conversation with "Did you know that Geico can save you ton of money on car insurance?" then my ISP can screw around with my Web pages. Otherwise, get your sticky paws OFF me, you damn dirty apes.
Re:What's the problem? (Score:3, Insightful)
The obvious one... consensus, agreement, privacy, respect, customer focus, precedent... etc...
That all seems pretty rational to me.
Re:What's the problem? (Score:5, Insightful)
Yes. Imagine a world in which China/Bush's America/Hillary's America no longer censors the web but subtly modifies it instead. Maybe with the cooperation of Yahoo et al. All power inevitably becomes abused. What good is freedom of expression if you can't be sure your expression is your own?
Getting away with murder (Score:5, Insightful)
First they throttle BitTorrent traffic. Then, when BitTorrent users encrypted their connections, all encrypted traffic was throttled, making VPN connections unbearably slow.
The only reason I can think of that they're getting away with this is that...uh...people in Ontario don't telecommute at all?
Why is everybody letting Rogers get away with these shenanigans? Rogers' practises must be costing some business users serious money. I simply don't understand.
Re:What's the problem? (Score:3, Insightful)
The ISP is inserting data into the page. Suppose they add a logo, a hit the mosquito advert, and a movie trailer - will they 'charge you for that bandwidth?
Okay, I know... (Score:5, Insightful)
This is a dupe, but it's worth commenting on.
The fundamental problem I see with this is that the ISP is changing the content of webpages to suit their own interests. There are a myriad of problems here, regardless of whether or not the customer accepts it:
In light of the fact that a certain ISP blocked access to union websites, this is an alarming event indeed. Democracy depends on the free flow of information, and I'm thinking that it might be appropriate to make such a practice illegal, if only for the sake of preserving democracy. It will first be used for commercial gain, and later, leveraged as a political tool.
I don't think so. (Score:3, Insightful)
Re:Trying different things... (Score:3, Insightful)
Re:No problem as used in this case (Score:3, Insightful)
Write again when a (non-free) ISP injects ads or blocks competitor's websites.
How would you know whether they are, or not?
Re:I don't think so. (Score:3, Insightful)
What you find acceptable I might find dubious.
are a lot of corrupt people working all over the place. There are a lot of funky rules in regard to what people are and aren't allowed to look in various countries.
There is nothing to say that a disillusioned worker at an ISP couldn't have himself a little fun by somehow hiding an iframe or something into the extra data that displays the contents of an external site that may cause you to be examined a little more closely by the authorities. It's unlikely, I know, but once the facilities are in place it becomes much easier to manipulate if someone ever wanted to.
Your stupid popup ad thing is one more plausible example. Again, that is dubious content. You might not get in trouble for it but it could cause you trouble if it links to spyware.
Re:Read between the lines (Score:3, Insightful)
Re:What's the problem? (Score:5, Insightful)
Re:I don't think so. (Score:4, Insightful)
Does HTML 5 have a provision for checksums? (Score:3, Insightful)
Title is wrong; what else is wrong? (Score:3, Insightful)
So I have little faith in the claim that they are "intercepting http." What is more likely is that the default proxy server they provide is inserting the content. While it may make little difference to the average user, as the "normal" setup uses the proxy, it seems to me that there's a huge difference between supplying a proxy and intercepting and manipulating http traffic; that is, hijacking TCP port 80. The proxy I can easily avoid by using a direct connection to the internet; TCP hijacking, I can't.
Re:I don't think so. (Score:3, Insightful)
Re:I don't think so. (Score:4, Insightful)
You're almost certainly correct, if by "ISPs" you mean the decision makers of the ISPs, and therefore the official policies thereof.
However, what this does is fundamentally change the way they run their network thereby opening up massive vulnerabilities.
Before they decided to make it their official policy to engage in the mass of unethical behaviors this exhibits, in order to insert goat porn, or the like, into a client's browser a disgruntled employee would haver to jump through a mass of hoops (assuming they ever had any working network monitoring tools).
Now, though, since this fraudulent activity is part of their official corporate policy and therefore necessarily of their infrastructure, all it takes is changing some text which is designed to be easily modified.
That's the fundamental problem with this policy. Creating a method for potentially malicious people to insert unwanted content into the browsers of their own customers *is* the entirety of the policy.
I doubt many people think that "goat porn for the masses" is the goal of Rogers, but they are going way out of their way to make sure that doing exactly that is trivial.
I absolutely hope somebody pulls that argument and wins though, because this absolutely creates more than enough reasonable doubt.
"But we didn't put that pic of two year olds fucking on his computer"...
"Oh yeah? You created a process designed for the purpose of manipulating content and creating forgeries of web sites with deliberately falsified content in violation of every standard practice, every commonly sensible idea and every relevant ethical principle. Prove absolutely that each and every one of your employees was entirely uninvolved with this particular case, when you've spent so much time and effort ensuring that it would not only be possible, but trivial."
It's not that Rogers has a plan for gross porn distribution, it's that they've created a means, a method and a process for doing exactly that with few if any possible legitimate uses.
Re:What's the problem? (Score:4, Insightful)
You also give them your physical street address to have the service hooked up, and every month a small piece of paper containing your checking account's account number and bank routing number. In America, they probably got your social security number too.
I'm really not afraid of what they're going to do with email compared to all of that.
Re:Title is wrong; what else is wrong? (Score:3, Insightful)
I routinely configure office networks to do this with iptables+squid. It gives their administrators a log of requests in case they need to check up on what sites their employees have visited. It also enables us to add some security features to the network that apply automatically to all users, for instance, blocking downloads of