ISP Inserting Content Into Users' Webpages 396
geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.
No problem as used in this case (Score:5, Interesting)
Might not be your ISP (Score:4, Interesting)
SSL is your friend.
If only we could get IPSEC happening.
Re:Read between the lines (Score:4, Interesting)
It's all a little dubious if you ask me. I always knew it was possible to fiddle with the stream, but I didn't think anyone would bother because it could possibly break a lot of pages that are held together with fragile HTML-fu.
common carrier (Score:5, Interesting)
At least, that's my understanding of it - ISPs and postal services are legally "common carriers", i.e. they just deliver stuff; they aren't responsible for any legal ramifications of what they deliver. Eg the post service isn't liable if someone mails a forged cheque. BUT...if they demonstrate that they control, inspect, and modify what they are delivering, they might just be liable when someone uses their network to commit fraud.
Web Servers can detect this... (Score:5, Interesting)
(Disclaimer, I'm one of the authors of the work)
Re:What's the problem? (Score:5, Interesting)
They say they are testing the waters and they are. Are they testing a way to notify people of their account or are they trying to get people comfortable with them throwing up messages on your screen while you surf? As far as I'm concerned I will cancel and go without rather than putting up with this garbage. As far as I'm concerned the only right they have is to give me the service I'm paying for. As you can probably tell I really just don't trust this company, they don't do their job very well and expect me to put up with it, as far as I'm concerned I will fight this every inch.
Re:What's the problem? (Score:4, Interesting)
Don't believe it? Take a look a the screenshot. When was the last time you saw the Yahoo! logo on Google's homepage?
An idea that Google should consider (Score:1, Interesting)
Re:No problem as used in this case (Score:5, Interesting)
Re:I don't think so. (Score:5, Interesting)
Correct Title... (Score:3, Interesting)
UMTS (Score:4, Interesting)
Unfortunately, their white-space stripper breaks XML-wellformedness, which makes me unable to view any of my own sites with Firefox (unless I disable application/xhtml+xml as an Accepted content type).
Re:Getting away with murder (Score:2, Interesting)
There shouldn't be any observable difference between encrypted traffic and, say, a ZIP file. They're both high entropy data streams with no apparent structure to analyze. I don't see how they could distinguish your VPN from any other binary file.
Re:Read between the lines (Score:5, Interesting)
The owner of the web site is creating a data stream, which will 99.99% of the time be copyrighted. Even if the web site owner doesn't own the copyright or has permission to use some copyrighted work, it is still copyrighted by someone else. Modifying the page creates a new derived work. If you create a derived work without permission of the copyright owner, you commit copyright infringement.
Re:Read between the lines (Score:5, Interesting)
I may not have a lot of money but Google has plenty. I suspect that they'll take exception to Rogers fiddling with their carefully designed home page - a page where simplicity and a clean layout are defining characteristics.
I also suspect that there's a copyright claim here somewhere. If Rogers took Google's home page and modified it then that's a derived work which they would have to have Google's permission to distribute.
Re:Read between the lines (Score:4, Interesting)
Now, however, there is the demonstrated ability to monitor and control and perhaps the common carrier denotation is what is being tossed aside in the pursuit of the last nickel. What is an ISP to argue when faced with copyright allegations? They can monitor the traffic to sell targeted ads but can't tell the when an illegal MP3 is being downloaded? That might not fly in a courtroom. Wouldn't the temptation to try to sell the user a similar song be too tempting to pass up? Or maybe the judge or jury doesn't get that there is a technology barrier and figures if the ISP can monitor one they can monitor them all.
How about a political move like enforcing a completely non-encrypted internet to monitor for kiddie porn? All encrypted packets could be criminalized - except to "authorized sites" like your bank.
What about the copyright on the page being mangled? I liken this type of technology as a form of vandalism, or perhaps and unauthorized derivative work. How would this be different than Amazon reprinting a Harry Potter book on demand and inserting hundreds of ads? Maybe those ads would be targeted to text on a facing page so that you'd get an advertisement for cleaning supplies every time the Nimbus 2000 flying broom was mentioned, or pet supplies every time one of the owls was mentioned. How about the death scene with Dumbledor opposite some funeral home ad?
What about anticompetitive actions? The ISP could redirect or replace traffic with that of a competitor's product. I'm sure some companies would be delighted to ensure that no one every hears of Brand-X again. How could this type of control and monitoring be used to prevent the accurate discussion of topics? AT&T is a backbone ISP and has been shown to be a good bit lax when it comes to protecting the data it carries. Could a large company or government change the internet by use of this technology to stop dissent?
The abuse potential is huge.
Then what about the privacy issues with reading every packet? Gee, Mr. Smith, why were you searching for pipes, fertilizer, and biodiesel last month?