Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

ISP Inserting Content Into Users' Webpages 396

geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.
This discussion has been archived. No new comments can be posted.

ISP Inserting Content Into Users' Webpages

Comments Filter:
  • by timmarhy ( 659436 ) on Tuesday December 11, 2007 @08:00PM (#21665389)
    replace "trying different things" with "seeing what we can get away with" and your closer to the truth
    • by Anonymous Coward on Tuesday December 11, 2007 @08:11PM (#21665517)
      And if after hours, a man puts his wii-wii in the mayonaise jar at the restaurant where he works, that's just experimenting too, to see how the customer will react.
    • by alx5000 ( 896642 ) <alx5000&alx5000,net> on Tuesday December 11, 2007 @08:13PM (#21665549) Homepage
      In other, unrelated news, alx5000 has been reported to have blown up a dozen Government buildings in the last 24 hours. When inquired about these events, alx5000 said to admit to modifying governmental property, but remarked he is merely "trying different things" and testing the Government response.
    • by thegrassyknowl ( 762218 ) on Tuesday December 11, 2007 @08:16PM (#21665585)
      This could open up a whole bunch of "but I didn't download that" claims when users are caught with dubious material. They could claim that their ISP modified their download streams and point (at least some of) the blame toward the ISP.

      It's all a little dubious if you ask me. I always knew it was possible to fiddle with the stream, but I didn't think anyone would bother because it could possibly break a lot of pages that are held together with fragile HTML-fu.
      • I don't think so. (Score:3, Insightful)

        by Frosty Piss ( 770223 )

        This could open up a whole bunch of "but I didn't download that" claims when users are caught with dubious material. They could claim that their ISP modified their download streams and point (at least some of) the blame toward the ISP.

        Of course this is a disturbing trend, and from what I read about Rogers Cable, I'm not surprised. But I have to seriously question if your scenario would come to pass. I really don't think that ISPs are going to "insert" kiddie porn, "illegal" music or movies, or "terrorist" c

        • Re: (Score:2, Funny)

          by gmagill ( 105538 )
          I think he means that *I* could claim that all that goat porn I downloaded was 'inserted' by my ISP, that I am not a pervert.
        • by Storlek ( 860226 )
          What about ads that hijack the computer with malicious ActiveX controls that hook the computer to a botnet? Adbrite had to deal with that not too long ago; an advertiser was hacking their ad scripting code to insert some fairly unpleasant stuff onto pages.
        • Re: (Score:3, Insightful)

          I didn't imply kiddie porn or anything of the like. I said "dubious". Dubious depends on locality and context.

          What you find acceptable I might find dubious.

          are a lot of corrupt people working all over the place. There are a lot of funky rules in regard to what people are and aren't allowed to look in various countries.

          There is nothing to say that a disillusioned worker at an ISP couldn't have himself a little fun by somehow hiding an iframe or something into the extra data that displays the contents of a
        • by Darby ( 84953 ) on Wednesday December 12, 2007 @01:31AM (#21668049)
          I really don't think that ISPs are going to "insert" kiddie porn, "illegal" music or movies, or "terrorist" content in your Web page requests

          You're almost certainly correct, if by "ISPs" you mean the decision makers of the ISPs, and therefore the official policies thereof.

          However, what this does is fundamentally change the way they run their network thereby opening up massive vulnerabilities.

          Before they decided to make it their official policy to engage in the mass of unethical behaviors this exhibits, in order to insert goat porn, or the like, into a client's browser a disgruntled employee would haver to jump through a mass of hoops (assuming they ever had any working network monitoring tools).

          Now, though, since this fraudulent activity is part of their official corporate policy and therefore necessarily of their infrastructure, all it takes is changing some text which is designed to be easily modified.

          That's the fundamental problem with this policy. Creating a method for potentially malicious people to insert unwanted content into the browsers of their own customers *is* the entirety of the policy.
          I doubt many people think that "goat porn for the masses" is the goal of Rogers, but they are going way out of their way to make sure that doing exactly that is trivial.

          I absolutely hope somebody pulls that argument and wins though, because this absolutely creates more than enough reasonable doubt.

          "But we didn't put that pic of two year olds fucking on his computer"...

          "Oh yeah? You created a process designed for the purpose of manipulating content and creating forgeries of web sites with deliberately falsified content in violation of every standard practice, every commonly sensible idea and every relevant ethical principle. Prove absolutely that each and every one of your employees was entirely uninvolved with this particular case, when you've spent so much time and effort ensuring that it would not only be possible, but trivial."

          It's not that Rogers has a plan for gross porn distribution, it's that they've created a means, a method and a process for doing exactly that with few if any possible legitimate uses.

      • by gnasher719 ( 869701 ) on Wednesday December 12, 2007 @06:25AM (#21669285)

        It's all a little dubious if you ask me. I always knew it was possible to fiddle with the stream, but I didn't think anyone would bother because it could possibly break a lot of pages that are held together with fragile HTML-fu.
        This is not just a bit dubious, it is plain and simple copyright infringement on a massive scale.

        The owner of the web site is creating a data stream, which will 99.99% of the time be copyrighted. Even if the web site owner doesn't own the copyright or has permission to use some copyrighted work, it is still copyrighted by someone else. Modifying the page creates a new derived work. If you create a derived work without permission of the copyright owner, you commit copyright infringement.

      • by Casualposter ( 572489 ) on Wednesday December 12, 2007 @01:40PM (#21674315) Journal
        This is interesting, because the telecommunications companies long ago ran with the "I can't control what goes over my wires" defense when the governments of various nations wanted to punish them as an accessory to crimes committed via the wires. The phone made it easier for V. and L. to conspire to murder T. The phone company claimed that it could not monitor and control every call and so the common carrier defense arose.

        Now, however, there is the demonstrated ability to monitor and control and perhaps the common carrier denotation is what is being tossed aside in the pursuit of the last nickel. What is an ISP to argue when faced with copyright allegations? They can monitor the traffic to sell targeted ads but can't tell the when an illegal MP3 is being downloaded? That might not fly in a courtroom. Wouldn't the temptation to try to sell the user a similar song be too tempting to pass up? Or maybe the judge or jury doesn't get that there is a technology barrier and figures if the ISP can monitor one they can monitor them all.

        How about a political move like enforcing a completely non-encrypted internet to monitor for kiddie porn? All encrypted packets could be criminalized - except to "authorized sites" like your bank.

        What about the copyright on the page being mangled? I liken this type of technology as a form of vandalism, or perhaps and unauthorized derivative work. How would this be different than Amazon reprinting a Harry Potter book on demand and inserting hundreds of ads? Maybe those ads would be targeted to text on a facing page so that you'd get an advertisement for cleaning supplies every time the Nimbus 2000 flying broom was mentioned, or pet supplies every time one of the owls was mentioned. How about the death scene with Dumbledor opposite some funeral home ad?

        What about anticompetitive actions? The ISP could redirect or replace traffic with that of a competitor's product. I'm sure some companies would be delighted to ensure that no one every hears of Brand-X again. How could this type of control and monitoring be used to prevent the accurate discussion of topics? AT&T is a backbone ISP and has been shown to be a good bit lax when it comes to protecting the data it carries. Could a large company or government change the internet by use of this technology to stop dissent?

        The abuse potential is huge.

        Then what about the privacy issues with reading every packet? Gee, Mr. Smith, why were you searching for pipes, fertilizer, and biodiesel last month?
    • Re: (Score:3, Insightful)

      by thinkertdm ( 1125275 )
      Now this is only the beginning. It is only a matter of time before other ISP's start doing the same thing, and you can't stop them. Here's why: 1. Comcast and other ISP's have more money they you do. Loads more. Sure, you may have a case on legal grounds, but they have the money. What are you going to do, stand in front of the CEO of comcast and say "pwease mr, don't do this!" Good luck with that. 2. Think you are going to drop whatever ISP is doing it and jump to the other one? Most places only ha
      • by gallen1234 ( 565989 ) <gallenNO@SPAMwhitecraneeducation.com> on Wednesday December 12, 2007 @07:57AM (#21669675)

        I may not have a lot of money but Google has plenty. I suspect that they'll take exception to Rogers fiddling with their carefully designed home page - a page where simplicity and a clean layout are defining characteristics.

        I also suspect that there's a copyright claim here somewhere. If Rogers took Google's home page and modified it then that's a derived work which they would have to have Google's permission to distribute.

        • Re: (Score:3, Informative)

          by TheLinuxSRC ( 683475 ) *
          "I suspect that they'll (Google) take exception to Rogers fiddling with their carefully designed home page - a page where simplicity and a clean layout are defining characteristics."

          You appear to be correct [webpronews.com] sir.
    • If enough ISPs "try new things" (see also, comcast + bittorent), people will finally pull their heads out of their asses and realize the importance of net neutrality.

  • by squidinkcalligraphy ( 558677 ) on Tuesday December 11, 2007 @08:01PM (#21665401)
    Let's get rational for a second here; the ISP is trying to inform you you're reaching your limit, so you don't overshoot it and start having to pay extra. Lets put arguments about limits aside (after all, you've agreed to a contract involving limits). It's in their interests _not_ to inform you, as you'd have to start paying them extra. But they're trying to find a more pervasive way of letting you know. How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.
    • by patternmatch ( 951637 ) on Tuesday December 11, 2007 @08:04PM (#21665431)

      How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.

      Or maybe, just maybe, they could ask you for your regular email when you sign up. This is not rocket science. There is no excuse for an ISP to be arbitrarily modifying the content of a subscriber's traffic.

    • Re: (Score:3, Insightful)

      Because they're using software made for inserting ads into or rewriting the HTTP stream, and that software is very evil. I think it's a very neat idea that's also very scary.
      • by weorthe ( 666189 ) on Tuesday December 11, 2007 @08:15PM (#21665571)
        that software is very evil

        Yes. Imagine a world in which China/Bush's America/Hillary's America no longer censors the web but subtly modifies it instead. Maybe with the cooperation of Yahoo et al. All power inevitably becomes abused. What good is freedom of expression if you can't be sure your expression is your own?
    • by timmarhy ( 659436 ) on Tuesday December 11, 2007 @08:06PM (#21665467)
      the problem is going to be that modifying the http stream will break web applications and some secure sessions. it'll become even more of a problem as time progresses.

      imho they are creating a solution to a problem that doesn't exist. there's 1000's of widgets out there they could tune to give you an almost real time view of your quota, building their own an interfering with your http traffic is not a good solution.

    • Well, the article mentioned they said "they are merely "trying different things" and testing the customer response."

      Typical Response: Fuckin' Stop It!!!

    • Re: (Score:3, Insightful)

      by owlnation ( 858981 )
      The problem...?

      The obvious one... consensus, agreement, privacy, respect, customer focus, precedent... etc...

      That all seems pretty rational to me.
    • by taniwha ( 70410 )
      what's the problem? it's like you make a phone call and every minute some third party chimes in and starts telling you how much you've spent ... besides you just know that next year they will start telling you about McDonald's latest burger
    • Re: (Score:3, Insightful)

      by AccUser ( 191555 )
      the ISP is trying to inform you you're reaching your limit

      The ISP is inserting data into the page. Suppose they add a logo, a hit the mosquito advert, and a movie trailer - will they 'charge you for that bandwidth?
    • by zakezuke ( 229119 ) on Tuesday December 11, 2007 @08:52PM (#21665921)

      Let's get rational for a second here; the ISP is trying to inform you you're reaching your limit, so you don't overshoot it and start having to pay extra
      If that was the case... then the ISP can simply redirect all external requests to an internal page informing you as such... if for some odd reason they didn't want to use e-mail. In fact... some a local wi-max provider does just that in the event your account is overdue... a simple "you own us money" in between browsing session and poof gone.

      My data on Rogers and Shaw is dated the last I checked they didn't meter. Even if they did meter odds are you're not going to go over your limit surfing the web so any injected web based waring isn't going to be that useful.

      Redirection on the other hand... not so bad.

    • by Nikker ( 749551 ) on Tuesday December 11, 2007 @09:10PM (#21666049)
      I am a Rogers customer right now because I am slightly out of the range of a DSL provider. My connection was erratic especially on torrents didn't matter what kind and where from. Suspicious I got a copy of Wireshark and monitored the traffic, all the packets going out appeared to be ok but all the returning packets on my torrent port were corrupted (CRC error), I brought this to their attention and they said the problem didn't exist. I told them to let their NOC know about this and they refused, they told me to send it to the general email box on their help page.

      They say they are testing the waters and they are. Are they testing a way to notify people of their account or are they trying to get people comfortable with them throwing up messages on your screen while you surf? As far as I'm concerned I will cancel and go without rather than putting up with this garbage. As far as I'm concerned the only right they have is to give me the service I'm paying for. As you can probably tell I really just don't trust this company, they don't do their job very well and expect me to put up with it, as far as I'm concerned I will fight this every inch.
      • by schwaang ( 667808 ) on Tuesday December 11, 2007 @10:04PM (#21666499)
        After the Comcast bittorrent interference, the Electronic Freedom Foundation released a tool called pcapdiff [eff.org]. The idea is you capture what your ISP sends you for a given website using wireshark/tcpdump and compare it to what your friend gets for the same site. Pcapdiff diffs the two pcap files and reports discrepencies.

        On Fedora you can do "yum install pcapdiff".

        It's an early release, but there's bound to be a lot more uses for pcapdiff ahead...
    • by schon ( 31600 ) on Tuesday December 11, 2007 @09:12PM (#21666071)

      Let's get rational for a second here; the ISP is trying to inform you you're reaching your limit
      ... as well as taking the opportunity to inject advertising in the page.

      Don't believe it? Take a look a the screenshot. When was the last time you saw the Yahoo! logo on Google's homepage?
    • How else can they do it?
      Well, off the top of my head:
      • Ask you for an email to send notices to when you sign up.
      • Ditto for instant message
      • SMS your phone
      • Automatic phone call
      • Offer a little icon for your taskbar/dock/etc
      • RSS feed
      • Screensaver with your current stats
      • Send a midget in an "Alf" costume to your door with flowers and candy
  • by TopSpin ( 753 ) *
    I saw Orange doing this on their wireless network in Lyon about 3 years ago. Have also seen it on various hotel networks.

    Still get my personal uplink from a small, privately owned ISP that doesn't have anything like enough on-staff talent to wiggle into every aspect of my traffic. About 1/2 has fast as any given nearby Comcast cable uplink. Costs about $20 more a month too. For all that you can take your trafficshaped, mutiliated $29.95/month interweb pipe and <censored>

    If you're going to line up
  • by Z80xxc! ( 1111479 ) on Tuesday December 11, 2007 @08:04PM (#21665429)
    In other news, a mad internet subscriber broke into the headquarters of a Canadian ISP called Rogers. Upon entering, he hit shot two techs, broke 3 servers with a sledgehammer and then proceeded to start a fire in the CEO's office. Upon being apprehended by police, he was let go after informing them that he meant no harm and was just trying some different things to see how the company would react.
    • Re: (Score:3, Insightful)

      by basic0 ( 182925 )
      Good luck. I listen to Prime Time Sports with Bob McCown every day, and apparently even well-known, award-winning air talent doesn't have any level of access to Uncle Ted or the 10th floor of the Rogers building. McCown claims he's never met Ted Rogers in the ~10 years he's been working for him. I imagine his office is like something out of the movie "Sneakers".
  • Babies come from people "experimenting" too.
  • Are like the wild west.

    I wonder if advertisers will start talking about blacklisting ISPs that modify content? Or maybe try to find some way to charge them extra?
    • Re: (Score:3, Funny)

      by gknoy ( 899301 )
      If advertisers blacklisted ISPs, wouldn't that make those ISPs users have a better experience? Sounds like a win-win. ;)
  • by iamacat ( 583406 ) on Tuesday December 11, 2007 @08:06PM (#21665473)
    It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. Write again when a (non-free) ISP injects ads or blocks competitor's websites.
    • Automated phone calls would probably work too.
      • by iamacat ( 583406 )
        When was the last time you picked up a call with unknown Caller ID?
    • Re: (Score:3, Insightful)

      by arkhan_jg ( 618674 )
      Thing is, now you know they have the ability, equipment and willingness to modify your datastream...

      Write again when a (non-free) ISP injects ads or blocks competitor's websites.

      How would you know whether they are, or not?
    • by RedWizzard ( 192002 ) on Tuesday December 11, 2007 @09:36PM (#21666265)

      It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case.
      There is a set mechanism: email. And if that's not sufficient they could easily write a little app to provided notification that could be run by users who are worried about exceeding their limit. There is no need for what they are doing. In fact what they are doing is probably copyright infringement: they are creating and distributing a derived work (the modified page) without the author's permission.
      • by starfishsystems ( 834319 ) on Tuesday December 11, 2007 @10:07PM (#21666521) Homepage
        Copyright infringement, I like it.

        Even better, the CBC article concludes with a reference to the Telecommunications Act, which states that "a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public."

        Rogers has a long history of playing as dirty as it can get away with. If the old pattern repeats as before, Canadian regulators will respond and Rogers will be forced to back down, leaving everyone -- regulators, investors, competitors, consumers -- slightly more pissed off with it than before.

  • by Bonewalker ( 631203 ) on Tuesday December 11, 2007 @08:07PM (#21665481)
    According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.

    Oh, well, that's ok then, if you are only trying different...HEY! Wait a minute! You can't do that. Why, I oughta....
  • Oblig xkcd (Score:5, Funny)

    by RuBLed ( 995686 ) on Tuesday December 11, 2007 @08:10PM (#21665503)
    Are they doing that with Oven Mitts [xkcd.com]? No?! Lame....
  • Hey Rogers! (Score:5, Insightful)

    by ScrewMaster ( 602015 ) on Tuesday December 11, 2007 @08:11PM (#21665513)
    I got your "customer response" right here.

    Seriously, when it becomes acceptable for the phone company to break into my conversation with "Did you know that Geico can save you ton of money on car insurance?" then my ISP can screw around with my Web pages. Otherwise, get your sticky paws OFF me, you damn dirty apes.
  • by QuantumG ( 50515 ) <qg@biodome.org> on Tuesday December 11, 2007 @08:12PM (#21665525) Homepage Journal
    That is to say, this is a case of your ISP using packet modification to insert code into your HTTP stream, but it doesn't have to be so innocuous. It's quite possible that someone who has hacked into your ISP could do the same thing.. and not just to HTTP streams, but any TCP stream. Downloaded any executables lately? Its quite possible that a hacker could have intercepted any packet that begins with "MZ", has a non-zero value at offset 0x3c which contains a 4 byte offset into the packet that has "PE" at it. There's a windows binary, let's change the bytes at the entrypoint to do something malicious.

    SSL is your friend.

    If only we could get IPSEC happening.
  • by statemachine ( 840641 ) on Tuesday December 11, 2007 @08:12PM (#21665531)
    It seems we just had a story that talked about Rogers.
    Will ISP Web Content Filtering Continue To Grow? [slashdot.org]

    (No, this one words it differently. -- Inserted by your friends at the NSA)
  • ...I'm merely trying different things to see what sort of response I would get from people.

    I'm sorry, but in the US, the ISP needs to be brought up on Federal Criminal charges of interfering with commerce on a local, state, federal and international level.
  • by Seor Jojoba ( 519752 ) on Tuesday December 11, 2007 @08:19PM (#21665609) Homepage
    I propose turning their company name into a verb, "roger", which means to manipulate internet data without the receiver's permission. Everytime you exclaim, "I've been rogered!" or "They rogered my data!" the Rogers company name will hold on to its well-earned place in history. And yes, "roger" already means something else quite similar. With either definition, something is being inserted where it probably shouldn't go.
    • by reidconti ( 219106 ) on Tuesday December 11, 2007 @08:24PM (#21665655)
      As in, "you've just been Rogered arseways by your ISP?"
    • "Hey, man, is something wrong with your server?"

      "Roger, roger!"
    • by p0tat03 ( 985078 ) on Tuesday December 11, 2007 @10:32PM (#21666759)

      You may not know this, but "Rogers" is already synonymous with "taking it up the arse" up here in Canada. After all, who else charges $210/month for 500MB of wireless data transfer? Or creates a 3G broadband network but refuses to allow actual 3G phones to access it (restricting you to this huge BRICK of a wireless "modem" they provide you)? Or raising their prices almost 30% in the last 2 years?

      I just wish someone like Google or Microsoft sues Rogers into oblivion for this crap. I'm pretty sure impersonating another corporation's official communications (loading the Google homepage, for example) is fraud.

  • .... Then I think I will try a different ISP. After all, what is good for the goose is good for the gander right?
  • by eap ( 91469 ) on Tuesday December 11, 2007 @08:22PM (#21665633) Journal
    I am a Rogers [V1AGR4] customer, and I [MORTGAGE RATES FALL AGAIN!] think you're all just overreacting [VISTA - THE BEST WINDOWS YET!].

    Now let's have no more talk about this bizarre coverup.
  • by javacowboy ( 222023 ) on Tuesday December 11, 2007 @08:23PM (#21665645)
    So.... why aren't there any high profile lawsuits against Rogers yet?

    First they throttle BitTorrent traffic. Then, when BitTorrent users encrypted their connections, all encrypted traffic was throttled, making VPN connections unbearably slow.

    The only reason I can think of that they're getting away with this is that...uh...people in Ontario don't telecommute at all?

    Why is everybody letting Rogers get away with these shenanigans? Rogers' practises must be costing some business users serious money. I simply don't understand.
  • Okay, I know... (Score:5, Insightful)

    by gillbates ( 106458 ) on Tuesday December 11, 2007 @08:37PM (#21665787) Homepage Journal

    This is a dupe, but it's worth commenting on.

    The fundamental problem I see with this is that the ISP is changing the content of webpages to suit their own interests. There are a myriad of problems here, regardless of whether or not the customer accepts it:

    1. Copyright law: technically, the modified web page is a derived work. The ISP can now be held liable for copyright infringement if, say, Google, or the New York Times objects. The potential revenues sinkhole from copyright litigators is far greater than what any ISP could bear.
    2. There are ethical problems with an ISP artificially inflating the size of webpages, especially if they charge for the bandwidth.
    3. This smacks of 1984-esque censorship. Once it becomes commonplace for an ISP to change a web page, how long before government uses this for nefarious purposes.
    4. Consider how the above may be abused: a political rival logs onto Google, and the ISP replaces the normal content with child porn. Enter the police and 10 to 20 years in prison...
    5. If I can't trust my ISP to deliver an unmodified webpage, the only alternative is to use https for everything. While I'm personally favorable to such a thing, I realize it will disenfranchize a lot of part time and small time web operators who don't have the sophistication to setup an https server properly. Thus, one of the great egalitarian aspects of the web dies.

    In light of the fact that a certain ISP blocked access to union websites, this is an alarming event indeed. Democracy depends on the free flow of information, and I'm thinking that it might be appropriate to make such a practice illegal, if only for the sake of preserving democracy. It will first be used for commercial gain, and later, leveraged as a political tool.

  • common carrier (Score:5, Interesting)

    by Richard_J_N ( 631241 ) on Tuesday December 11, 2007 @08:42PM (#21665837)
    What a really stupid thing to do. Never mind that it's unethical, they just lost their common-carrier status. Now the RIAA can sue them for contributory infringement ;-)

    At least, that's my understanding of it - ISPs and postal services are legally "common carriers", i.e. they just deliver stuff; they aren't responsible for any legal ramifications of what they deliver. Eg the post service isn't liable if someone mails a forged cheque. BUT...if they demonstrate that they control, inspect, and modify what they are delivering, they might just be liable when someone uses their network to commit fraud.
  • by nweaver ( 113078 ) on Tuesday December 11, 2007 @08:54PM (#21665935) Homepage
    See this old Slashdot article [slashdot.org] on how servers can detect such modifications when they happen by using a bit of Javascript as an integrity checker.

    (Disclaimer, I'm one of the authors of the work)
  • They want their geocities ads back.
  • The effect? I'll tell you what the effect is, it's pissing me off!

  • Yep. (Score:5, Funny)

    by Black Parrot ( 19622 ) on Tuesday December 11, 2007 @09:00PM (#21665983)
    And I wonder how many times they're going to insert this story into Slashdot.
  • by Skapare ( 16644 ) on Tuesday December 11, 2007 @09:02PM (#21666003) Homepage

    Web sites need to enable HTTPS properly over their entire site. Then your ISP can do nothing more than just prevent the secure connection from being established. And if they do that, they break all kinds of stuff like shopping checkout and access to bank accounts.

    Right now, Slashdot's own HTTPS URL [slashdot.org] just redirects to the HTTP URL. This needs to be changed to just leave things in the HTTPS mode. Eventually this should be changed so that HTTP redirects to HTTPS. Google [google.com] does the same boneheaded redirection.

  • by CrazyJim1 ( 809850 ) on Tuesday December 11, 2007 @09:02PM (#21666005) Journal
    As much as I don't like Canada, the totally awesome Rogers ISP is not doing something wrong here. Thats all I have to say. PS, buy a Playstation 3 at 20% off by mentioning the code ROGERS ISP ROCKS at your local S-mart
  • that this isp is not very concerned with privacy of its clients.

    Say you have a friend over or someone you don't know using your open wireless, now all of the sudden there is this message they see giving them information about you.
    I honestly cannot believe they haven't considered this possibility. If they haven I highly recommend that if you are a customer you need to change isps right away.

    This also should show that ISPs can indeed spy on you and your web surfing and sell that information about you or leak
  • I thought Rogers didn't have a limit? Maybe they could just send you an email rather than hijacking your data.
  • by ceoyoyo ( 59147 ) on Tuesday December 11, 2007 @10:23PM (#21666667)
    Looks like it should. We probably also need a new standard for lightly encrypted pages. Light enough to not put undue strain on the server but heavy enough to make it impractical to modify pages on the fly.
  • Correct Title... (Score:3, Interesting)

    by Belial6 ( 794905 ) on Tuesday December 11, 2007 @10:33PM (#21666765)
    ISPs commit copyright violation by delivering unauthorized derivative works.
  • by gvc ( 167165 ) on Tuesday December 11, 2007 @11:12PM (#21667093)
    Rogers are clearly not inserting content into users' web pages, as the title claims. They are inserting content into pages viewed by users.

    So I have little faith in the claim that they are "intercepting http." What is more likely is that the default proxy server they provide is inserting the content. While it may make little difference to the average user, as the "normal" setup uses the proxy, it seems to me that there's a huge difference between supplying a proxy and intercepting and manipulating http traffic; that is, hijacking TCP port 80. The proxy I can easily avoid by using a direct connection to the internet; TCP hijacking, I can't.
    • Re: (Score:3, Insightful)

      by yuna49 ( 905461 )
      Many ISPs "hijack" outbound port 80 connections and transparently proxy them. I'm not sure how you think you'd avoid this proxy unless you yourself are using a proxy that listens on some port other than 80 and is located on a network outside your ISP's.

      I routinely configure office networks to do this with iptables+squid. It gives their administrators a log of requests in case they need to check up on what sites their employees have visited. It also enables us to add some security features to the network
  • by Fantastic Lad ( 198284 ) on Tuesday December 11, 2007 @11:32PM (#21667253)
    Ted Rogers is like a mini-Gates of the Toronto region.

    "The little cable company that could." They practically invented negative billing, starting their reign of aggravating barely-legal business practice as far back as the early 80's with the stupid bundling of the new pay-channels. They successfully lobbied to crack open the Bell monopoly so that they could compete on the phone market. Everybody believed their bullshit campaign and as a result, everybody pays many times more for phone service which has fallen from one which was affordable and which worked hard-core in favor of the consumer, (if Bell tried to screw you around, a quick call to the CRTC, and they'd be nodding yes-sir to you. Monopolies are great in this way because the public can very easily punish them through government pressure to do the right thing if they start getting greedy and evil), --phone service through bell and all the competitors has since devolved into a system which is now expensive, punitive, crappy and generally mean-spirited, (all contrary to the whole 'competition breeds excellence' meme which should be obvious for the falsehood that it is to anybody with a brain but which somehow remains an elusive truth; I blame the same American ideological propaganda which has landed us in Iraq and which is responsible for rolling black-outs and for people whose lives suck because they can't afford medical insurance. Thanks, guys! Keep on championing the lie while you take it in the rear.) (Ahem. Did I say all of that out loud? DO pardon me.)

    Anyway. . .

    Rogers argued that it had the right to use Bell's cable system because it had been built in part with public money, and then they turned around and refused to share its own cable system because they claim to have made it with private money. --All claims which are so riddled with lawyer-logic as to make anybody aware of the situation hopping mad, especially when one considers the huge tax-breaks and government hand-outs Rogers managed to weasel away with; they use the publicly-funded telephone pole system, on public land, to hang its infrastructure, over-charge for their rotten service, don't share and don't pay their taxes. Nice job! --The whole thing reeks, but they got away with it because the public was asleep and easily fooled by promises that, "With competition, your phone bills will go down!" Stupid, stupid Torontonians! Even as a teenager I could see the way the wind was blowing, and yet today few even grasp that they've been screwed. Sigh.

    Rogers is one of those companies which has been sneaky and crafty and generally foul from the get-go. This latest move is entire par for their course. I don't own a television and I don't use a cell phone partly because of players like Rogers. Anybody ignorant enough to sign up with Rogers deserves exactly what they get.


    -FL

  • UMTS (Score:4, Interesting)

    by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Wednesday December 12, 2007 @02:55AM (#21668413) Homepage
    O2 in Germany has been doing this for UMTS connections for a long time. They've figured that stripping whitespace and artificially compressing images before transmission will save bandwidth.

    Unfortunately, their white-space stripper breaks XML-wellformedness, which makes me unable to view any of my own sites with Firefox (unless I disable application/xhtml+xml as an Accepted content type).

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...