ISP Inserting Content Into Users' Webpages

geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.

Read between the lines

[timmarhy (659436)]

replace "trying different things" with "seeing what we can get away with" and your closer to the truth

Re:Read between the lines

[by Anonymous Coward]

And if after hours, a man puts his wii-wii in the mayonaise jar at the restaurant where he works, that's just experimenting too, to see how the customer will react.

Re:Read between the lines

[by Anonymous Coward]

Dude, I served my sentence and paid my debt to society ... it's not fair for you to keep bringing this up.

Re:Read between the lines

[alx5000 (896642)]

In other, unrelated news, alx5000 has been reported to have blown up a dozen Government buildings in the last 24 hours. When inquired about these events, alx5000 said to admit to modifying governmental property, but remarked he is merely "trying different things" and testing the Government response.

Re:Read between the lines

[PayPaI (733999)]

The Onion already did that. [theonion.com]

Re:I don't think so.

[ScrappyLaptop (733753)]

1. ISP inserts banner ads.

2. Said banner ad space is sold to an company that sells it to the highest bidder.

3. Highest bidder is a malware filled porn site.

4. Banner ad fills your IE cache with goat porn that you've never viewed. Then it seduces your goat.

5. Do not pass Go, do not collect $200.

Re:I don't think so.

[FatdogHaiku (978357)]

First, IANAL. I was raised in a law enforcement home and one of my best buddies is a lawyer, so I like to think about this stuff. What I find interesting is the legal defence issue. Evidence requires a chain of custody or it is just "some stuff we found somewhere". When the ISP tampers with the stream, they provide any defendant with proof positive that it is possible that the defendant had nothing to do with whatever it is that has the prosecutor's panties in a knot. The "tree" (internet connection) is tainted and thus it is NOT possible to prove anything except that the defendants connection was compromised. You could wear a jury out questioning every person that worked for the ISP, regardless of their position... when you have no proof you go fishing for doubt. Does someone at the ISP know someone at the prosecutor's office? That's doubt. Was the customer ever rude or mean to an ISP employee? Sounds like revenge... On and on you could go.

Trying different things...

[Z80xxc! (1111479)]

In other news, a mad internet subscriber broke into the headquarters of a Canadian ISP called Rogers. Upon entering, he hit shot two techs, broke 3 servers with a sledgehammer and then proceeded to start a fire in the CEO's office. Upon being apprehended by police, he was let go after informing them that he meant no harm and was just trying some different things to see how the company would react.

No problem as used in this case

[iamacat (583406)]

It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. Write again when a (non-free) ISP injects ads or blocks competitor's websites.

Re:No problem as used in this case

[RedWizzard (192002)]

It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case.

There is a set mechanism: email. And if that's not sufficient they could easily write a little app to provided notification that could be run by users who are worried about exceeding their limit. There is no need for what they are doing. In fact what they are doing is probably copyright infringement: they are creating and distributing a derived work (the modified page) without the author's permission.

Copyright infringement

[starfishsystems (834319)]

Copyright infringement, I like it.

Even better, the CBC article concludes with a reference to the Telecommunications Act, which states that "a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public."

Rogers has a long history of playing as dirty as it can get away with. If the old pattern repeats as before, Canadian regulators will respond and Rogers will be forced to back down, leaving everyone -- regulators, investors, competitors, consumers -- slightly more pissed off with it than before.

Oblig xkcd

[RuBLed (995686)]

Are they doing that with Oven Mitts [xkcd.com]? No?! Lame....

Hey Rogers!

[ScrewMaster (602015)]

I got your "customer response" right here.

Seriously, when it becomes acceptable for the phone company to break into my conversation with "Did you know that Geico can save you ton of money on car insurance?" then my ISP can screw around with my Web pages. Otherwise, get your sticky paws OFF me, you damn dirty apes.

You've been rogered.

[Seor Jojoba (519752)]

I propose turning their company name into a verb, "roger", which means to manipulate internet data without the receiver's permission. Everytime you exclaim, "I've been rogered!" or "They rogered my data!" the Rogers company name will hold on to its well-earned place in history. And yes, "roger" already means something else quite similar. With either definition, something is being inserted where it probably shouldn't go.

I have not experienced this

[eap (91469)]

I am a Rogers [V1AGR4] customer, and I [MORTGAGE RATES FALL AGAIN!] think you're all just overreacting [VISTA - THE BEST WINDOWS YET!].

Now let's have no more talk about this bizarre coverup.

Getting away with murder

[javacowboy (222023)]

So.... why aren't there any high profile lawsuits against Rogers yet?

First they throttle BitTorrent traffic. Then, when BitTorrent users encrypted their connections, all encrypted traffic was throttled, making VPN connections unbearably slow.

The only reason I can think of that they're getting away with this is that...uh...people in Ontario don't telecommute at all?

Why is everybody letting Rogers get away with these shenanigans? Rogers' practises must be costing some business users serious money. I simply don't understand.

Okay, I know...

[gillbates (106458)]

This is a dupe, but it's worth commenting on.

The fundamental problem I see with this is that the ISP is changing the content of webpages to suit their own interests. There are a myriad of problems here, regardless of whether or not the customer accepts it:

1. Copyright law: technically, the modified web page is a derived work. The ISP can now be held liable for copyright infringement if, say, Google, or the New York Times objects. The potential revenues sinkhole from copyright litigators is far greater than what any ISP could bear.
2. There are ethical problems with an ISP artificially inflating the size of webpages, especially if they charge for the bandwidth.
3. This smacks of 1984-esque censorship. Once it becomes commonplace for an ISP to change a web page, how long before government uses this for nefarious purposes.
4. Consider how the above may be abused: a political rival logs onto Google, and the ISP replaces the normal content with child porn. Enter the police and 10 to 20 years in prison...
5. If I can't trust my ISP to deliver an unmodified webpage, the only alternative is to use https for everything. While I'm personally favorable to such a thing, I realize it will disenfranchize a lot of part time and small time web operators who don't have the sophistication to setup an https server properly. Thus, one of the great egalitarian aspects of the web dies.

In light of the fact that a certain ISP blocked access to union websites, this is an alarming event indeed. Democracy depends on the free flow of information, and I'm thinking that it might be appropriate to make such a practice illegal, if only for the sake of preserving democracy. It will first be used for commercial gain, and later, leveraged as a political tool.

common carrier

[Richard_J_N (631241)]

What a really stupid thing to do. Never mind that it's unethical, they just lost their common-carrier status. Now the RIAA can sue them for contributory infringement ;-)

At least, that's my understanding of it - ISPs and postal services are legally "common carriers", i.e. they just deliver stuff; they aren't responsible for any legal ramifications of what they deliver. Eg the post service isn't liable if someone mails a forged cheque. BUT...if they demonstrate that they control, inspect, and modify what they are delivering, they might just be liable when someone uses their network to commit fraud.

Web Servers can detect this...

[nweaver (113078)]

See this old Slashdot article [slashdot.org] on how servers can detect such modifications when they happen by using a bit of Javascript as an integrity checker.

(Disclaimer, I'm one of the authors of the work)

Yep.

[Black Parrot (19622)]

And I wonder how many times they're going to insert this story into Slashdot.

Well I have a thing or two to say about that

[CrazyJim1 (809850)]

As much as I don't like Canada, the totally awesome Rogers ISP is not doing something wrong here. Thats all I have to say. PS, buy a Playstation 3 at 20% off by mentioning the code ROGERS ISP ROCKS at your local S-mart

Re:Dupe

[A beautiful mind (821714)]

This is not a dupe, it's merely your isp inserting outdated data in to your webpage because Slashdot didn't pay your ISP the brand new anti-crapification fee.

Re:What's the problem?

[patternmatch (951637)]

How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.

Or maybe, just maybe, they could ask you for your regular email when you sign up. This is not rocket science. There is no excuse for an ISP to be arbitrarily modifying the content of a subscriber's traffic.

Re:What's the problem?

[Nikker (749551)]

I am a Rogers customer right now because I am slightly out of the range of a DSL provider. My connection was erratic especially on torrents didn't matter what kind and where from. Suspicious I got a copy of Wireshark and monitored the traffic, all the packets going out appeared to be ok but all the returning packets on my torrent port were corrupted (CRC error), I brought this to their attention and they said the problem didn't exist. I told them to let their NOC know about this and they refused, they told me to send it to the general email box on their help page.

They say they are testing the waters and they are. Are they testing a way to notify people of their account or are they trying to get people comfortable with them throwing up messages on your screen while you surf? As far as I'm concerned I will cancel and go without rather than putting up with this garbage. As far as I'm concerned the only right they have is to give me the service I'm paying for. As you can probably tell I really just don't trust this company, they don't do their job very well and expect me to put up with it, as far as I'm concerned I will fight this every inch.

Re:What's the problem?

[weorthe (666189)]

that software is very evil

Yes. Imagine a world in which China/Bush's America/Hillary's America no longer censors the web but subtly modifies it instead. Maybe with the cooperation of Yahoo et al. All power inevitably becomes abused. What good is freedom of expression if you can't be sure your expression is your own?