Mediacom Using DPI To Hijack Searches, 404 Errors 379
Verteiron writes "Cable company Mediacom recently began using deep packet inspection to redirect 404 errors, Google and Bing searches to their own, ad-laden 'search engine.' Despite repeated complaints from customers, Mediacom continues this connection hijacking even after the user has opted out of the process. Months after the problem was first reported, the company seems unwilling or unable to fix it and has even experimented with injecting their own advertising into sites like Google. How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?"
HTTPS (Score:5, Informative)
File an Anti-Trust Complaint (Score:5, Informative)
File an anti-trust complaint and break up the monopoly. That is what those laws are for.
Re:Get another ISP! (Score:5, Informative)
I'd hope Google would sue them for copyright violation, changing their webpage in transit, and collect damages per changed page. Additionally they create confusion by diluting Google's trademarks (and those of anyone else whose page is changed). I mean this violates so many laws it isn't funny.
You could serve them with a DMCA cease and decist notice as a normal website author. Fight fire with fire.
Re:Get another ISP! (Score:5, Informative)
FTC Complaint (Score:5, Informative)
In the short-term, an FTC Complaint (https://www.ftccomplaintassistant.gov/) works wonders due to their power to impose fines for every complaint.
File early, file often.
Re:HTTPS (Score:4, Informative)
SonicOS 5.6 adds a new deep packet inspection (DPI) engine for SSL encrypted traffic, which has increasingly become a blind spot in many firewall, content filtering and data leak protection schemes today. Bad guys have begun using encryption technologies against the very security communities that made them popular, using encryption to avoid the HTTPS protocol to bypass filters and expose networks to malware attacks.
Re:HTTPS (Score:4, Informative)
Re:HTTPS (Score:4, Informative)
That's not exactly true; SNI allows for HTTPS multihoming, and it's supported by the HTTPS on pretty much every modern platform, *except* for Windows XP. Browsers that use Window's HTTPS code (most of them, IIRC) can't cope with SNI on XP, so no one actually uses it anywhere yet.
Re:report them for providing illegal services. (Score:4, Informative)
USA ISPs are not "common carriers" under the law, no matter how much people wish they are.
Solution: Use a different DNS server (Score:5, Informative)
Re:Solution: Use a different DNS server (Score:5, Informative)
Re:Solution: Use a different DNS server (Score:5, Informative)
Re:According to the article... (Score:4, Informative)
That isn't the problem.
Being a MediaCom customer I've played with this a few times in the past, complained when the opt out didn't work, and complained about it to people locally. Working for a company that make DPI appliances it was kinda fun to see it in action, but kinda scary to see it on the public internet. CenturyTel also does this exact same thing.
It scans all HTTP traffic looking for 404 errors. So if I go to http://boingboing.net/4in0in4 [boingboing.net] It will intercept the servers 404 page and redirect to to a mediacom portal site with my 404 URL as the search term and ads all over.
Re:HTTPS (Score:4, Informative)
Like it or not, the ISP is treated like a phone company
No, the problem is that ISPs are not treated like a phone company. They're not regulated as common-carriers. The FCC considered re-categorizing ISPs as a "Title II" telecommunications service, but backed away after Congressional opposition. Now the Commission is proposing a "third way" which seems unlikely to satisfy either the ISPs or their critics. Here's a quick summary: http://www.engadget.com/2010/05/06/fcc-outlines-new-third-way-internet-regulatory-plan-will-spli/ [engadget.com]
To my mind, ISPs shouldn't be able to process traffic based on anything other than packet headers. Their job is to take a packet I create and deliver it to its intended destination. (Yes, yes, QOS, etc. Whatever is in the headers is fine by me.) DPI equipment should be banned. Anything else offers too many opportunities for censorship and manipulation.