Charter Is Latest ISP To Plan Wiretapping Via DPI

Charter Communications has begun sending letters to its customers informing them that, in the name of an "enhanced user experience," it will begin spying on their traffic and inserting targeted ads. This sounds almost indistinguishable from what Phorm proposed doing in the UK. Lauren Weinstein issues a call to arms.

Call to arms?

[Gothmolly]

So if I blog something, and title it a 'call to arms', am I suddenly relevant too?

Re:

[davester666]

And to increase your security, we have to listen to all your phone calls.

Re:

[stewbacca]

So if I blog something, and title it a 'call to arms', am I suddenly relevant too?

No, you first have to include incendiary slashdot summaries like Company X to SPY on YOU!

Re:Call to arms?

[gstoddart]

So if I blog something, and title it a 'call to arms', am I suddenly relevant too?
No, you first have to include incendiary slashdot summaries like Company X to SPY on YOU!

OK, let's cut out the middle man here, and go straight to what Charter is saying [charter.com]:

How does this service actually work?
It uses completely anonymous information and, based on your surfing and search activity on the Internet, it infers your interests in certain product or service categories, such as automobiles/sports cars, fashion/handbags, or travel/Europe, and so forth.

Translated ... we're going to inspect the contents of your packets, and infer what you are looking at. Then we will use that information to increase our revenue by supposedly giving you more relevant ads.

So, tell me, how exactly is reading my packets that much different from "spying" on me? I expect my phone carrier to not listen to my calls to decide what inserts they should put into my next bill, because telcos are supposed to have an arms length relationship with your data.

This is not nearly as inflammatory and knee-jerk as you make it out to be. They actually are reading what you do.

And, for the record, it can't be "completely anonymous" if they know to put it into my web-page. They may claim that they can't tie it to you, but, if they know to give you an ad for Depends Undergarments, at some point, they decided that you needed to receive that targeted ad.

Cheers

Re:

[stewbacca]

So, tell me, how exactly is reading my packets that much different from "spying" on me?

I couldn't help notice that the linked article doesn't use the word "spying" at all, but slashdot doesn't seem to mind upping the rhetorical ante in that regard. I'm not saying it ISN'T spying; I'm just saying the language is argumentative on purpose.

Re:Call to arms?

[Anonymous Coward]

I couldn't help notice that the linked article doesn't use the word "cerulean" at all, but slashdot doesn't seem to mind upping the rhetorical ante in that regard. I'm not saying it ISN'T cerulean; I'm just saying the language is argumentative on purpose.

All they said was "A hue approaching the color of the clear sky in the daytime" How dare slahsdot suggest that it's cerulean.

Re:Call to arms?

[innerweb]

I couldn't help notice that the linked article doesn't use the word "spying" at all, but slashdot doesn't seem to mind upping the rhetorical ante in that regard. I'm not saying it ISN'T spying; I'm just saying the language is argumentative on purpose.

Here, I'll help you with the understanding of that...

Spying - [reference.com]

• 3. a person who seeks to obtain confidential information about the activities, plans, methods, etc., of an organization or person, esp. one who is employed for this purpose by a competitor: an industrial spy.Most Internet Users expect their traffic to be unmolested and not intercepted in typical usage.
• 8. to search for or examine something closely or carefully.
• 10. to discover or find out by observation or scrutiny (often fol. by out).
• 12. to inspect or examine or to search or look for closely or carefully.

Now, I don't know about you, but these being some of the definitions of spying, and these being the actions being described as being planned by the company, it would seem that the term spying is not just appropriate, but self-proclaimed via definition by the company itself. Maybe I missed something.

InnerWeb

Not so bad in the long run

[fishdan]

Obviously this is a "bad thing" but I predict "good things" for consumers out of this. Consumers will learn they can avoid extra ads by using https. Content providers will learn they can improve their customer's experience by removing ISP ads by using https. Sites will have to have signed certificates, and users will have to import them. Phishing ends (well of course not because of Cook's Law [quotationspage.com] and the web becomes a much safer place, because no more unencrypted traffic!

And seriously -- we've got the bandwidth -- why not encrypt it all now? Maybe not mobile bandwidth, but ok, we'll live. Maybe this is the draconian kickin the ass we need to get more serious about our own privacy??

Re:

[Irish_Samurai]

Well, the stance that the ISP is going to take is that they are acting as an agent of the user through rights granted to them in the services agreement. The ISP is exercising those rights when the packets hit their network. They are working under the auspice that since the user has rights to alter how the copyrighted material is rendered, they can transfer those rights to ISP.

The ISP is making a second assumption, and this is the crux of the argument, that there is no material difference between changing ho

Re:

[gstoddart]

So does that mean that rogers.com is already wiretapping its' customers in Canada?

Well, our Privacy Commissioner is wondering that [zeropaid.com].

Cheers

Re:

[rob1980]

No, but your 6-digit UID should be enough! Maybe.

Enhanced user experience

[Chris Burke]

Someone needs to tell Charter that you don't "enhance" suck.

Re:Enhanced user experience

[Tackhead]

Someone needs to tell Charter that you don't "enhance" suck.

IBM:Apple::Comcast:Charter.

Proof by Advertising follows:

IBM: Think.
Apple: Think Different.

Comcast: Suck.
Charter: Suck Different.

Re:

[sqldr]

Microsoft: We finally made something that doesn't suck.. a vacuum cleaner!

Re:Enhanced user experience

[carambola5]

Someone needs to tell Charter that you don't "enhance" suck.

That "someone" could be you.

If you live in the Madison, WI area, attend the Madison Broadband Telecommunications Regulatory Board Meeting this Thursday (May 15, 2008) at 5:30pm in Room 103A of the City-County building (210 MLK Blvd). Complain during the Public Comment part of the meeting, which is immediately after Call to Order and Roll Call. I plan to be there.

If you don't live in the Madison, WI area and have Charter as the local franchise, find out when your municipality holds its regulatory meetings. They tend to be monthly or bimonthly and should be open to the public.

[To no one in particular:] Get out from behind your computer desk and get in someone's face! Tell your government that maintaining a laissez-faire attitude towards Charter is not working.

Re:

[BarryJacobsen]

Oooo, thanks for the information! I live in Madison and wasn't aware of that meeting in the slightest. This is exactly the type of thing I'd be interested in going to, but just don't seem to know how to find out about their existence. How did you find out about it, out of curiosity? Was I mailed something (that maybe my roommates threw out) or is there a website that lists upcoming meetings like that?

Re:

[carambola5]

I called into net@nite awhile ago and Leo Laporte suggested I go search out the information. I eventually found the city's cable webpage [cityofmadison.com], which is woefully not up-to-date, but the city's scheduling system [cityofmadison.com] had the meeting listed.

Re:

[Chris Burke]

If you don't live in the Madison, WI area and have Charter as the local franchise, find out when your municipality holds its regulatory meetings.

Yeah, sorry, but I escaped Charter a long time ago. I have Grande instead, which is proving to be good local competition with Time Warner. They're the only service company of any kind whose sales rep has actually tried to talk me down in my package selection. Since I stayed with the higher BW one and had great results, I'm assuming it's not because they're afrai

Scummy ISPs

[bestinshow]

Does that mean that the ISP will be altering the copyrighted material sent by the websites? Surely this would create an unauthorised derivative work?

ISPs that modify HTML content going over their network are scummy operators. It breaks web pages, it denies revenue to the websites, and is unethical in so many ways.

COX dns poisoning..

[Anonymous Coward]

The "enhanced user experience" is nothing more than a smoke screen to spy on you, and get more ad revenue for their own personal gain. It's utter bullshit. Recently COX communications implimented nation wide DNS poisoning similiar to what versign does on domains it can't resolve.

http://support.cox.com/sdccommon/asp/contentredirect.asp?sprt_cid=e047dc81-18c4-485f-bcf3-1263d0b7b904 [cox.com]

How to opt out of the "enhanced user experience"

How does injecting ad's into my browser "enhance" my experience? Give me more fucking bandwith you money grubbing cheap fucks, and that MIGHT enhance my experience.. I hate them.

Re:Scummy ISPs

[coats]

Does that mean that the ISP will be altering the copyrighted material sent by the websites?

Damned right it does. There are no ads on my web pages, for example http://www.baronams.com/products/ioapi/ [baronams.com]

Can someone tell me whether Charter is inserting any ads? If they are, I want to complain to the Attorney General and to my CongressCritters about felony copyright infringement.

Re:

[Solandri]

Didn't this already get settled when cable TV was first introduced? IIRC the broadcast companies were up in arms about the cable TV companies effectively re-broadcasting their transmissions, but swapping out the ads for ones which paid the cable company. The cable companies argued that the broadcast companies were being paid a fixed amount for the ads, so it didn't matter if they were or weren't included in cable broadcasts. If I'm remembering right, I pretty sure the cable companies lost. I think the c

Re:Scummy ISPs

[hansamurai]

You may want to check out this site, which has tests on in-flight ad injection and tools that you can use to detect (aka tripwire) it.

http://vancouver.cs.washington.edu/ [washington.edu]

Re:Scummy ISPs

[mikael]

The following web site contains some scripts which do self-analysis/ checksum calculations to determinwe whether they have been interfered unlawfully with:

Corruption detection scripts [washington.edu]

Re:Scummy ISPs

[dgatwood]

Actually, no it doesn't. Not without permission. From what I recall reading about this a couple of weeks ago in a very similar discussion (subtle way of saying "I think this story is a dupe"), if I understand what is being done correctly, there are two parts to this:

• Deep packet inspection---stores keywords based on sites you visit.
• Ad replacement---replaces existing advertisements on a page.

There's a specific ad provider that is involved with this, and that ad provider agrees to allow the local ISP to replace its ads with more targeted ads in exchange for a portion of the resulting ad revenue. The ad replacement, therefore, is authorized by the ad provider, who in turn is authorized by prior agreement with the website publisher.

The dirty part is the deep packet inspection, not the modification of the data stream. Attacking the latter to try to stop the former is likely to get you nowhere.

Re:Scummy ISPs

[marnues]

I currently work for a cable company that is setting up this same kind of system. The only people that know what ads are being replaced are the people controlling the ad server, which is not the ISP. We (the ISP) are being paid to set up a black box that we will route ALL port 80 traffic through. Unless you opt out, which I'm not even sure will work properly. So the ad people can be doing all kinds of things with that data. Granted, they can't link the IP Address to a customer since they have no access to our provisioning server (and I'm pretty certain every last one of us Systems Engineers would quit before allowing that to happen). But they can be doing whatever they want with that traffic and we are none the wiser. Its such a black box, the ad company does all the monitoring on the black box. We are apparently the only company that even requested that we be allowed to monitor up/down and traffic status. The real problem is that we are setting up this extra router (it is another layer 3 hop) that also acts as a server and will delay any port 80 traffic. And we're pretty much allowing them full access to do as they will with the hostage packets. We're not checking. And if someone isn't happy with what their site looks like, we'll probably just route that one around the server, still pushing everything else through. I hope Google employees are checking their AdSense images to make sure that ads are actually from Google and that they are paying Google. As shady as this whole thing is, I expect that we will have legit ads removed, but leave the 'src' of the 'img' tag.

Re:Scummy ISPs

[arminw]

....Can someone tell me whether Charter is inserting any ads?....

If an ISP or a phone company monitors the content of a transmission, don't they become responsible for the content? Does that mean they are no longer enjoy protection from lawsuits as carriers of information have had all these years? If someone plans a crime using the phone, the phone company is not held responsible, since they don't monitor the conversation. They only provide the channel.

If an ISP DOES monitor the information, they are doing more than providing merely a channel and could theoretically be held responsible for all content that traverses their lines. If that actually happened, ISPs would quickly back off from such hare-brained content inspection and modification schemes. Maybe some rich person can hire an army of lawyers to sue an ISP for allowing forbidden porn traverse their network. Maybe, even a state attorney can try to make a name for himself.

Re:Scummy ISPs

[BSAtHome]

This might actually fly. If some content owner starts a case, they could very well make a case for an "unauthorized derivative" under the copyright rules. Then ISPs or transits must take a license for all material they modify. I for one would not allow third parties to modify my HTML.

This is what they are going to argue.

[Irish_Samurai]

Well, they don't have your HTML. They have a copy of your HTML.

Your original HTML is still residing on the server where you put it. They are not interfering with your data.

What they are doing is interfering with their subscribers requested copy of that data. Their subscriber has the right to render the requested HTML in any way they see fit. They can use a different CSS file that resides on their box or some other network location. They can choose not to render graphics, flash, or allow JavaScript to run.

The provider, being in contract with the subscriber, is allowed to act as their agent while the packets are being transmitted over their part of the network. During this time, the ISP exercises that contracted ability, and injects code into the packets.

The ISP will tell the subscribers that this right is part of the contract, and if they don't agree to it - they don't get service. The ISP will also tell you to shove it up your ass - you can refuse requests made from their subscribers if you don't like what they do on their network.

According to your stance, the end user doesn't have the right to modify your HTML from what was intended. This, ironically, is the same exact stance that internet marketing companies take when confronted with browser plug-ins that effectively remove their code. Unfortunately for us, we can't have it both ways. Either we are allowed to alter how the packets are rendered, allowing us them to inject into packets due to powers granted them by their user terms and conditions, or they cannot - setting a precedent that would open the floodgates to client side packet altering and rendering changes.

Another point of argument they are going to make is that they aren't messing with your copyrighted web pages because they aren't distributing it without permission. When a user makes a request for your page, and your server fulfills that request, you have distributed the materials yourself. They are merely making a "derivative work" from that material.

I'm not saying I'm down with this at all. Frankly its a scummy tact and I hope their business dies. But this is what they are going to argue, we should get ready for it.

Re:

[Overzeetop]

Didn't the Colorado(?) company that rented "clean" versions of Hollywood movies lose in court? I can't remember the details, but they bought the DVDs then clipped out the naugty bits and rented them as "family friendly"

Re:

[Irish_Samurai]

That's where the kicker is.

Those guys took copyrighted materials, changed them, and then redistributed them. Here there is no redistribution. The ISP is acting as an agent of the user, a right granted to them in their terms and conditions, while the packets are on the ISP's network.

The ISP is going to argue that there is no material difference between rendering changes made on the requesting clients system and the requesting clients ISP network. They want to push the issue that they can extend an end users

Re:

[Irish_Samurai]

No.

Fair use allows someone to alter their copy to their liking. The copyright gets infringed upon at the point of distribution. The bookstore would be redistributing.

Re:

[Irish_Samurai]

If they were acting as an agent of the end user, and the end user wanted to put ads on any HTML they rendered on their client (absurd, I know), the end user would be making derivative works on their client. The ISP is trying to argue that since they are acting as an agent of the end user, they are removing the need for the client application to insert the code. They are going to put forth that there is no material difference between rendering on the client and rendering slightly upstream as an agent of the

Re:Scummy ISPs

[gstoddart]

Does that mean that the ISP will be altering the copyrighted material sent by the websites? Surely this would create an unauthorised derivative work?

I should hope at some point, that very theory will get tested in court.

Agree completely that for an ISP to change to contents of a page I request from a 3rd party is just plain wrong. What next, redirecting you from URLs critical of them onto URLs which sing their praises? Preventing you from reading about the services of competitors?

Modifying the requested data is way too invasive, but it seems to be consistent with the whole strategy of "monetizing what your customers do". What you want is irrelevant, you're just a revenue stream.

As has been said so often, I hope things like this cause the networks to lose anything resembling common carrier status -- right now, they're just a network, so whatever you send it up to you.

Cheers

Re:

[profplump]

No, Verizon is paying the content provider -- the source TV station -- for the privilege of inserting their own ads. If Charter had a deal with the source website to insert ads things would be fine and dandy (at least from a copyright standpoint, privacy is another matter entirely).

It is possible that Charter simply has an agreement with DoubleClick or someone to collect more detailed information about browsing habits and override the default DoubleClick ads with better-targeted ads. From a copyright standp

Now that a precedent has been set...

[slashname3]

Now that a precedent has been set, I plan to examine and modify the direct deposit traffic found on the network. Just a few simple modifications, change the account number, add a few zeros to the amount, simple things like that.

Wonder when someone will figure out that their ad is being replaced by something else and sues?

Re:

[VON-MAN]

I like it, just make sure you call it an "enhanced provider experience".

Re:Instant Global Collapse

[slashname3]

I don't want all the worlds wealth. Just a very small percentage will do. There is plenty to go around for everyone on /.

Re:

[TubeSteak]

I don't want all the worlds wealth. Just a very small percentage will do. There is plenty to go around for everyone on /.

PETER
Well, how does it work?

MICHAEL
It's pretty brilliant. What it does is where there's a bank
transaction, and the interests are computed in the thousands a day in
fractions of a cent, which it usually rounds off. What this does is it
takes those remainders and puts it into your account.

PETER
This sounds familiar.

MICHAEL
Yeah. They did this in Superman III.

PETER
Yeah. What a good movie.

A plugin needed perhaps?

[DnemoniX]

Here is a project idea then, somebody start up a project to write a Firefox plugin that detects the inserted ads from Charter and either filter them out or replace them with something else.

As a Charter customer I can tell you that this comes as no surprise at all. They are shady as hell and their local offices are havens for the inept.

Re:A plugin needed perhaps?

[TheGratefulNet]

I tried that.

the snag I ran into was that the plugin was 'intercepted/replaced' and I got an ENITRELY different plugin.

that plugin never really replaced the ads properly. hmmm..

(I'll say it again, DPI is quite evil! JUST SAY NO to isp's that do this shit to you and don't give you at least an opt-out from it.)

Re:

[wootcat]

I wouldn't want to block the Charter interceptions so much as log them, then take Charter to court demanding payment for advertising via my site.

1. Create ad placeholders on my site that aren't really ads, but look like them to Charter's system.
2. Create outrageous price structure for ads.
3. Log all instances of interception.
4. Bill Charter.
5. ???
6. PROFIT!!!

(Now I just need to get that down to 3 steps - everyone knows you have to profit by step 3)

Opt-out?

[SanityInAnarchy]

JUST SAY NO to isp's that do this shit to you and don't give you at least an opt-out from it.

"Just saying no" may not be enough. This is a bit like the pharmaceutical industry -- nothing is stopping you from selling whatever herbal remedies you like, but at the very least, you have to include an FDA warning that it's not really medicine.

Oh, and they do offer an "opt-out" -- in the form of a website that you have to visit in the clear (no https), and fill in your information, resulting in... a cookie.

Which means that you now have to make sure to opt-out in every browser you ever use, including wget and lynx. Anything which doesn't support cookies is fucked. In particular, not everyone uses XML for AJAX -- some people use XHTML for their web services. And not all web service clients are browsers that you can stick cookies in.

And, for that matter, how are they checking the cookie? Only way I can think of would be to insert some sort of hidden iframe on every page, linking to their domain, which can then check the cookie. Therefore, even if the cookie is present in every appropriate HTTP request, they're still having to fuck with most of the internet to even be able to check that cookie.

So, to summarize: They offer "opt-out", but not really. And support net neutrality legislation.

Re:

[bill_kress]

Already done--called addblock plus

Re:

[Z00L00K]

Or just change to only browse sites with HTTPS. If they manage to insert ads or other junk into HTTPS then it's time to close the web.

Plugin, or perhaps a signing routine?

[mlts]

For web content that doesn't need to go over SSL/TLS, I wonder about some way of having webservers sign the HTML of the get request with their SSL key, and cache that signature, so subsequent requests of that HTML page have almost no overhead incurred.

Then, on high volume servers that are not needing the security of SSL, the core HTML page that gets to the client can be verified (using the client's CPU time) if it was modified in transit, without the server needing to spend the CPU time for SSL's overhead.

And in other news...

[sm62704]

The McDonald's Corporation has begun sending letters to its customers informing them that, in the name of an "enhanced user experience," it will begin using cat poo on their hamburgers as condiments and inserting...

Re:

[Anonymous Coward]

and this would differ from current practices how exactly?

Now or Never

[hyades1]

Some things call for the proverbial nuclear response: boycotts, lawsuits, all-out opposition. This is one of them. Once one of these corporations gets away with this, it's game over for those of us who want a corner of our lives that doesn't have some lying prick forcing his way into it to sell us something, spin the information we get and otherwise screw with our reality in a way that works to somebody else's advantage at our expense.

Re:

[riceboy50]

to sell us something, spin the information we get and otherwise screw with our reality in a way that works to somebody else's advantage at our expense

You just summed up the modern world.

Details of Phorm

[giafly]

This new system seems very simplar to Phorm, so here are details. The Phorm "Webwise" System - Richard Clayton [lightbluetouchpaper.org]. Seems you can avoid being monitored by blocking Phorm's cookie.

Firefox add-in to block Phorm

[giafly]

Firefox add-in to block Phorm [dephormation.org.uk].

Re:

[mikael]

You need a plugin to block a cookie?

Yes, because Phorm deletes their cookies after two years. You have to visit their web-page or something similar in order stop them providing "context-based adverts". Even then, they are still building up a keyword profile of you based upon the web pages you have downloaded.

I certainly do not wish to be bombarded with adverts on outdoor shooting if I read human rights articles. Nor do I wish to have vermin removal adverts if I start looking for a new multi-function input device. Or even camping and holiday

Re:

[Z00L00K]

So the next step is for us running websites to provide a different set of pages for any "services" like Phorm so that they get completely confused. A large set of pages provided that only contains texts in latin about plants and animals.

OK, I'll probably get a lot of bird-seed commercials injected then but WTF...

Re:

[mikael]

Have a look at Track Me Not [nyu.edu]. It is a Firefox plugin which acts as a spider crawling through the web in the background. In this way, it scrambles any profile that spyware vendors like Phorm try to build up.

Sounds Like...

[Nom du Keyboard]

Sounds like how Microsoft Genuine Advantage is presented as good thing for all Windows users.

The only way this will be any good is if any, or all, of the following are true:

1: You can opt out.

2: You ISP has gone to an ad-supported model that results in a drastic reduction of your monthly fees.

3: They are providing you with extra bandwidth free in order to carry the extra traffic they're generating to you (and not counting it against your usage caps).

Otherwise give them hell until they back off!

One is left to wonder how long before they start actually replacing ads on other sites with their own ads. After all, gangsters like this hate competition. Making you pay to get their ads, however, really sux!

Re:

[gstoddart]

2: You ISP has gone to an ad-supported model that results in a drastic reduction of your monthly fees.

*laugh* If only that were true. They're trying to gouge you by selling you the service, and then make some more money by selling you targeted advertising based on what they have scraped out of your packets.

One is left to wonder how long before they start actually replacing ads on other sites with their own ads

That's exactly what they've said they're going to do -- in their eyes, they can make more money b

Re:

[Gat0r30y]

The Article is mostly about how yes, you can opt out, but you have to go to their site, send them an unencrypted form with all your personal information, and download and keep a "privacy cookie" so that the company knows not to track you, and not to insert ads. My question - If anyone other than an ISP did this, it would be illegal right? Can I start going around injecting ads to make me revenue from other peoples original works? Being an ISP doesn't give them any special privilege to infringe on copyrig

Re:

[brunascle]

a cookie? how would that work? the cookie would only be sent to the website that created it. how would they see the cookie when someone goes to a different site? are they still injecting something into web pages that points to their own site, to check for the cookie? that's still bad, bad, bad.

Re:

[InlawBiker]

That is my favorite gripe about Microsoft Genuine Advantage. Advantage for whom, exactly? It's an advantage only for Microsoft, for the customers it's a hassle.

They're not in the business of finding way to cut fees for customers. Not only are Internet ads becoming more invasive, the people selling them are finding ways to subvert each others inventory and revenue. We, as the customers, just sit back and *benefit* from this enhanced user experience.

I hope they all bankrupt each other in court. AdBlock i

Anyone on charter, please visit our tripwire...

[nweaver]

If anyone is using charter (or just suspicious of things), please visit our tripwire server:

http://vancouver.cs.washington.edu/ [washington.edu], to (hopefully) detect in-flight page changes.

Re:

[chihowa]

Have you considered adding some images (preferably a standard banner ad size) to these pages? It's conceivable that the injected ads may replace already present banner ads to avoid screwing up the page layout and drawing attention to the practice to the content providers.

Re:

[hansamurai]

Do you have any mirrors on a non .edu domain? Maybe they're being kind to the .edu TLD (doubt it) or even specifically avoiding your tripwire site.

Re:

[hansamurai]

Yeah, I did look through the page but I guess I didn't realize what it was doing. I feel dumb now, thanks.

charter - u-verse

[spottedkangaroo]

I just jumped ship this morning because of their prices. I would certainly pay more for a service that doesn't do this, although I don't have to.

... how do they do the actual inserting? Do they use a transparent web proxy setup? How do they see the cookie? I have so many technical questions I almost wish I hadn't canceled their service yet.

Double-Standard

[LilGuy]

I'm not trying to troll here but these questions will surely sound like it.

Now copyright infringement is a major deal? So the RIAA was on to something when decided to try to protect their copyrighted materials after all?

Re:Double-Standard. WHAT?

[Viewsonic]

It has always been a major deal.

I don't think anyone will argue that the RIAA shouldn't be upset that people are giving away their product for free. What people are upset about is that they are demanding extremely high fines that don't fit the crime. Where it should be a warning, or a small fine of perhaps $100, they are destroying peoples lives entirely. The punishment does not fit the crime, which is the problem.

Re:

[TubeSteak]

Now copyright infringement is a major deal? So the RIAA was on to something when decided to try to protect their copyrighted materials after all?

The formal idea of copyright was originally created (after the invention of the printing press) to protect written works and maps.

The US Congress didn't make music a protected work until ~40 years after the first Federal copyright law was passed and even then, most everyone went ahead and ignored it for another 70~80 years.

Copyright on music is a very modern idea.
Copyright on books is a very old idea.

Revoke common carrier status now

[Just Some Guy]

MP3s in the incoming folder? "Charter put them there."

Child porn in the cache? "Charter put it there."

Nuclear weapon plans in email? "Charter sent it."

Seriously, WTF are they thinking? Do they really want to be named as co-defendants in every criminal or civil case brought against their customers? Because if they modified my incoming data and I was later called in to account for anything, you can bet my first line of defense would be to blame it on them.

Re:Revoke common carrier status now

[mlts]

This brings up another concern. Even though Charter/Phorm is not being malevolent, just greedy... what happens if their proxy server/ad server gets hijacked or compromised? Such a server would make a big target for thieves because of the gains.

Should something that injects ads gets compromised, a malware distributer now would have unfettered access to every single Charter subscriber. A compromised ad server could be done in such a way where only a relatively few people at random would get exposed to zero day exploit code.

What was intended as a money stream would make an identity theft ring very happy, with not just being able to add new members to botnets, but to log traffic of subscribers for either use for ID theft, or perhaps extortion.

What is ironic is that damage caused by an ad injection server would be immediately blamed on the destination website, and in a court of law, criminal charges can be pressed and likely made to stick (because juries won't consider ad injector "services" as reasonable doubt.) Civil charges almost certainly will be able to be won. A compromised ad injecting server could easy go for months if not longer, escaping detection, as there would be zero proof that it was the ad injection "service" that did this.

Again, I posted earlier about having some facility to sign Web pages without needing the overhead of full SSL... perhaps someone should look into this, so high volume websites can still serve pages with little overhead, but offer immediate detection if the page is modified in transit.

Two things...

[stewbacca]

First, much like ANY transaction in any medium, the article claims your name and address is required. Why are we willing to give our name and address out for nearly any transaction, yet as soon as an online transaction calls for it, we freak out? I'm pretty sure when you signed up for Charter service, you probably gave them your name, address, phone number, checking account number, debit card, etc. etc. You probably gave them a deposit and they probably looked up your credit using, gasp, your social security number.

Second, how is this any different than Google? They track my online activity then target me with ads that I might find interesting. Am I even given the option to opt out of Google ads? (serious questions, not flame-baiting)

Re:

[eNygma-x]

It's different because you are going to Google's website. I'm chosing to use them. But for someone to inject their ads on a site that does not belong to them pisses me off.

Re:

[FatMacDaddy]

The difference in your first question is that this company is asking you to submit personal information in the clear. I'm pretty sure that most of us would expect to use an https page for that and would not want to submit that information in the open. That was (one of the) big complaint(s) of the person in the article.

As for the second question, the difference I see is that Google puts ads on their search pages, while these guys are proposing to insert ads in *any* page you request.

Any customer who doesn'

Arguing your analogy

[DesScorp]

"Second, how is this any different than Google?

You can choose not to use Google. You know up front, before you use their site, what Google does. You either decide if the loss of privacy is worth it or not, and then choose appropriately. You can use any number of competing search engines.

But most places have no more than three choices of broadband access, with expensive satellite connections one of them. In reality, if customers really won't stand for Charter's actions on this, it means changing their ISP t

Re:

[stewbacca]

You can choose not to use Google. You know up front, before you use their site, what Google does.

I would argue differently. Most people think Google is a search engine and have no idea that their primary function is ad-based revenue production. Also, I don't use Google, yet they seem to have no problem inundating my web experience with ads. What I guess I'm saying is, I understand (but most people don't) they are an ad agency but I don't understand HOW their technology works since I chose not to use it, yet still get targeted.

Complain to the ad-supported sites...

[argent]

I don't use Google, yet they seem to have no problem inundating my web experience with ads.

If you don't like the site you visit using Google Ads, tell them that. When they come back and tell you that they're paying for the site with Google Ads, see if that helps clarify the difference between Google Ads and Charter Ads.

Three answers...

[argent]

(1) I don't enter that kind of data over an unencrypted link.
(2a) Google tracks my online activity when I'm not using Google's servers?
(2b) Charter pays the site that's getting their "deep inspection" ads inserted?

Breach of copyright

[DigitAl56K]

Isn't inserting ads into pages creating unlicensed derivative works and subverting revenue ala Gator back in the day?

Any ISP could be doing this....

[8127972]

....and the thought of that scares me. It got the attention of another blogger who sees this as a slippery slope in Canada since Bell Canada uses DPI to throttle users:

http://itnerd.wordpress.com/2008/05/13/charter-uses-dpi-to-spy-on-its-users-canada-are-you-paying-attention/ [wordpress.com]

Can a common carrier inspect content?

[artifex2004]

I don't see how they can inspect content like this and retain their common carrier status.

Re:

[Eco-Mono]

ISPs are not common carriers.

"Customer Care" Response

[the JoshMeister]

I went to Charter's contact page [charter.com] and selected the option to chat live with a Customer Care Representative:

You have been connected to TTD Jomar .
Me: I just read an article stating that Charter has begun sending letters to its customers informing them that, in the name of an "enhanced user experience," it will begin spying on their traffic and inserting targeted ads. Is there any truth to this?
TTD Jomar : Thank you for contacting Charter High Speed Internet Technical Support. My name is Jomar. How may I assist you today?
TTD Jomar : I'm so sorry, but this is already beyond our scope of support. Please call 1-888-438-2427 for further assistance.
Me: Thank you.
TTD Jomar : Again I apologize for the inconvenience you've experienced, but if there is anything further I can help you with please, let me know.

That kind of response doesn't sound like "Customer Care" to me.

Anyway, I called the number and spoke to someone who didn't have a clue what I was talking about. He transferred me to someone else.

The second phone rep said she hadn't heard about the new "enhanced user experience" feature, so she put me on hold to ask someone else. After she came back on the line, she said that she wasn't able to find out anything about it, so said to go to charter.net [charter.net] to stay informed about new features and services.

Naturally, there doesn't appear to be anything on Charter's site about the new "enhanced user experience."

Re:

[thedbtree]

http://connect.charter.com/landing/op1.html [charter.com]

Re:

[Boogaroo]

http://connect.charter.com/landing/op1.html

Can I choose to opt out of this enhanced service?
Yes. As our valued customer, we want you to be in complete control of your online experience. If you wish to opt out of the enhanced service we are offering, you may do so at any time by visiting www.charter.com/onlineprivacy and following our easy to use opt-out feature. To opt out, it is necessary to install a standard opt-out cookie on your computer. If you delete the opt-out cookie, or if you change computers or web browsers, you will need to opt out ag

This marks the end of what was the Internet

[a4r6]

When ISPs can actually MODIFY data that does not belong to them, a SERIOUS boundary has been broken.
It's like the telephone company talking in place of someone on the phone.

"Hey mom" "Hi Mike, how are you?"
becomes:
"Hey mom" "HI MIKE, GET VIAGRA NOW FOR $3.99/20mg!"

A threat to every publisher who uses AdSense, etc.

[GeorgeK]

I'm astonished. How is this any different from the postal service ripping out all the magazine ads and replacing them with their own ads before they get delivered to your house?

With the "deep packet inspection" technologies, conceivably ISPs can just replace, in real-time, our Google AdSense pubisher IDs with their own. Or, they could simply replace the Google AdSense Javascript snippet with something else.

I would hope that Google and other large advertising networks lead the charge against this, and that they are not partnered with any ISPs involved in this activity. A large class action lawsuit on behalf of publishers might slap sense into any ISPs using this "enhancement" to steal revenues from legitimate publishers.

Re:A threat to every publisher who uses AdSense, e

[scoove]

With the "deep packet inspection" technologies, conceivably ISPs can just replace, in real-time, our Google AdSense pubisher IDs with their own.

Increasingly, I'd expect https sessions will be necessary for sites with any form of confidential information - not just sites with more sensitive financial, social security or other higher sensitivity levels. Consider that the ISPs are leveraging confidential session information to exploit the web sessions elsewhere. ISPs are also harvesting web traffic data and se

Adverts?

[flyingfsck]

What adverts? I don't see no adverts. Do I need to install Windows to get the full user experience?

My Conversation with Charter

[tedivm]

A representative will be with you shortly. You have been connected to TTM Mike .

TTM Mike : Hi this is Mike from Charter. How may I help you today?

Robert Hafner: I read an article online, and the followed it to the Charter webpage, which states that Charter is going to be monitoring my surfing habits and placing ads into pages I'm viewing. I am wondering how soon this will happen to me personally.
Robert Hafner: http://connect.charter.com/landing/op1.html [charter.com]

TTM Mike : I do apologize but let me transfer you over toour internet support line.
TTM Mike has left the session.

Please wait while we find an agent from the CHAT - DUMA - HSD Support department to assist you.

You have been connected to TTD Grah .

TTD Grah : Hi, this is Grah. Thank you for contacting Charter's High Speed Internet support. How may I be of assistance to you today?

Robert Hafner: I read an article online, and the followed it to the Charter webpage, which states that Charter is going to be monitoring my surfing habits and placing ads into pages I'm viewing. I am wondering how soon this will happen to me personally.

TTD Grah : One moment please.

Robert Hafner: http://connect.charter.com/landing/op1.html [charter.com] Contains the information
Robert Hafner: that I am basing this question off of.
Robert Hafner: As well as http://consumerist.com/5008801/charter-to-begin-tracking-users-searches-and-inserting-targeted-ads [consumerist.com]

TTD Grah : Yes, that is our new update.
TTD Grah : One moment please as I download the document.
TTD Grah : Charter has formed a partnership with an industry-leader in online advertising, NebuAd (www.nebuad.com). NebuAd, through their advertising network, will display targeted advertisements to Charter High-Speed® Internet customers while they are surfing the Web. NebuAd does not collect and use personally identifiable information to deliver advertising. Customers will not see more ads - just ads that are more relevant to their interests that have been expressed through their web-surfing activity.
TTD Grah : The feature will be activated automatically for Charter HSI customers beginning in June 2008 in the following four Charter markets:
Newtown, Connecticut
Fort Worth, Texas
San Luis Obispo, California
Oxford, Massachusetts

Robert Hafner: So the ads are placed directly into websites I would normally view?
Robert Hafner: How do I opt-out for an entire household, with multiple computers and browsers?
Robert Hafner: Currently the only way to opt-out is by placing a cookie under each browser of each account of each computer, which is absolutely insane.

TTD Grah : The technology can actually often distinguish between different users on a shared computer and, therefore, can serve different ads to different users. Only a portion of the ads you see will be a function of the enhanced service - you will still see some ads that are served based on other criteria.

Robert Hafner: The question was were are those ads being placed- are they replacing other ads on websites, for instance?
Robert Hafner: And if so, how is the owner of the actual website going to be compensated?

TTD Grah : This site may appear depending on what are you trying to view online.
TTD Grah : This site will give you options on what to have according to what you need.

Robert Hafner: What site are you referring to?

TTD Grah : Say for example, you are surfing because you wish to purchase shoes online, this site will pop up and give you options to chose from.
TTD Grah : That is how it works.
TTD Grah : That is how it works.
TTD Grah : The site will not pop up everytime you go online.

Robert Hafner: So this only affects my traffic to

SSL and HTTPS

[BlueParrot]

Time to start using it... Even if you just sign your own certificates, thus making the whole thing completely vulnerable to man in the middle attacks, these ISPs would be guilty of rather serious violations of cybercrime laws if they started sending your clients fake SSL certificates. I.e, if you just want to prevent the ISP from doing this you don't even need a secure session, you just need one they can't interfere with without incriminating themselves.

Internet "enhancment" - sigh.

[fahrbot-bot]

From the Charter FAQ:

Charter can display advertisements that are more likely to be related to your interests. You will not see more ads, but some of the ads you see will be more relevant to you. Browsing the web can become more like flipping through your favorite magazine, where you see ads that are appealing to you and enhance your enjoyment and the utility of the experience.

Ya, I don't want to see *any* ads, unless I choose to look for them. I want to surf the Internet "as it is", without any "help" f

Pipe

[element-o.p.]

*#$%!#$!!!!

Why can't a major telco just sell a friggin' PIPE?!?!?!

A big thank you to Paul Allen

[Hans Lehmann]

Who's the chairman of Charter? Paul G. Allen, of Microsoft fame. here's [fhcrc.org] his picture. If any of your out there work in food service and Paul Allen happens to come into your establishment, remember to spit in his food. Strictly for "enhanced user experience", of course.

Re:

[Anonymous Coward]

does this make the service cheaper?

No, it won't. Next question please.

Re:

[Intron]

If you want internet access and are satisfied with this, then I will sell you $100 Red Sox tickets for $10. It will look just like you are at Fenway, but you will actually be seeing the game with ads on a TV screen.

Re:Goodbye Maggie

[damiangerous]

Margaret Thatcher and Stephen King on the same day? What are the odds?

Re:

[geminidomino]

Just came here to say: Charter is from the debil.

That is all.

=Smidge=

When asked for comment, Old Scratch replied "Screw you, Smidge! Don't go trying to pin this one on me! I have SOME scruples!"

Re:

[dgatwood]

The https protocol is fundamentally broken because of a serious flaw in the way it was designed. It is impossible to use virtual hosts with separate certs via https. This has pretty significant ramifications in terms of the number of additional IP addresses it would require for everyone to switch to https.

The alternative, of course, would be for the HTTP protocol to be redesigned to either A. allow an unencrypted request containing only the host part to be followed by a switch to an encrypted stream on

Re:

[Haeleth]

SSL costs CPU time (that's part of why it's secure). When you have a busy site like Google, that CPU time costs money. They won't implement encryption until the Spy-SPs hurt their bottom line enough to make it worth their while.

(And even then, there may be cheaper solutions to this particular problem, such as signing pages instead of encrypting the whole lot.)

Re:You can opt out...

[Knara]

One wonders how easy it would be to make an FF plugin to just replicate the cookie content.