Slashdot Mirror
Is Comcast Intercepting Packets?
nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for
subsidiaries or resale to marketers. Maybe they want to do their part in
The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."
...my 50% drop in bandwidth when Comcast switched off the @Home network.
Isn't tapping internet connections the same, legally, as a phone tap? It's nto legal for the phone company to listen in on your conversations to sell to advertisers, it can't possibly be legal to sniff packets to sell to marketers!
Moderation: Put your hand inside the puppet head!
Both Cable Internet Providers and I am sure many other ISP's in Australia use Transparent Proxies.
Much easier to setup on the client side and you catch people who leave out the proxy information.
The fact that the server has other capabilities doesn't mean that they are actually using this stuff. If someone can show me a link to the page where I can buy the marketing data, *then* i will believe you.
This is just speculation.
Go out and get sailing!
The page says nothing about reselling it to marketers, simply that they are monitoring it. Let's not jump the gun.
+ Donald Gunth
+ Email: dgunth@quicktek.net
"Caffeine is the greatest lubricant ever created." -ESR
My packets are copyrighted, so legally they can't copy and resell them without my written authorization.
It's the difference in culture between the telecommunications and entertainment industries, I think.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
No evidence that they're doing anything wrong, just that they are using tools that "allow" them to. Boo hoo, Comcast is using a transparent cache and they could abuse it.
Afraid they might actually do it? Then https and check your certs.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I think the fact that this was mailed to bugtraq yet it apparantly got denied is proof of that...
Many ISPs do transparent caching. Transparent caching at ISPs is more than acceptable. It's not acceptable when major backbones do it, as has happened in the past.
The fact that they can log what you do is just a side effect. The same can be done WITHOUT transparent caching. The 'author' says they added hardware just for this. Well of course they did! They're just trying to speed up access without needing as big of a link needed without using transparent caching.
And at any rate, I'm surprised this got posted. It's just some guy posting to two mailing lists, which got denied at that!
Ultimately though, I feel ISPs should provide a means to remove you from having your link transparently cached. If they do that, then you can't blame them for trying to save bandwidth. The results of a transparent cache can be substantial!
Linux: Because a PC is a terrible thing to waste.
James Brents
...what the big deal is. This one's been coming down the road for a long time. I KNOW it's a shame that it's happening. It could be construed as an invasion of privacy, to put it mildly. But for goodness sakes. If you can't stand the heat get out of the kitchen! Use a modem. Get local DSL. You actually can, if you SEARCH for it. Yea, whatever.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
For those who haven't ever treated your ISP's machines as hostile by default (e-mail server, proxies, etc.), here's your opportunity to do so.
This is yet another reason to employ some type of anonymizing software. I would say that using https is secure; however, they can still ascertain that you've contacted the webserver on port 443, though they can't easily sniff your query or the results of it.
However, I am still questioning the article's vadility. There isn't a processor intensive way to do this (sniffing all of your users' data to port 80 or 443/tcp on a broadband network is something I'd consider both expensive and probably processor intensive) unless the data is logged by a proxy server and resold at a later date. This is certainly a possibility; many cable networks recommend (a few even require) that the end user retrieve web pages via their proxies.
Do you like German cars?
I got forwarded this by one of my buddies at work. At this prices its plain sick that they also want to sell your usage statistics to the SPAMERS. On top of that I've been told that they want every computer on there network using proxy clients in order to connect.
I'm glad sprint just hooked up DSL in my area, I'm switching providers.
According to insiders at Comcast there will be three tiers of service. The current service will be called Silver and it will be 1500/128 for $49.95 plus modem rental. Yes that is true, they are planning on a $10 price increase within the next year after the transition is complete and the merger with AT&T Broadband Internet is finalized. Comcast doesn't want to mess with the rates right now until they get regulatory approval for the merger. But the S.O.P. at AT&T and Comcast is a price increase after a merger. Look at what Cable rates did after the Mediaone transition.
Gold service will be 1500/300 and will allow VPN access and something they are calling priority traffic. This is the old Pro service. The cost will be $99.95. If you are a gamer used to the old MediaOne performance, this Gold level should get you back close to the perf you had with the old system. And yes that means you will be paying double for the same service you had last year.
The new low price option is Bronze. Expected to be 128/64 or maybe 256/128 it should be priced at $29.95. This is the one that is most in the air. I haven't seen a bronze config file yet to see what they are planning.
Modem rentals will be $5 and may increase to $7.
I personally don't like the idea of people sniffing an internet connection, but I do see a difference between a phone.
Your phone company is not chosen by you, the only way you can change phone companies is to move. However with a broadband internet connection, it's different.
Most places who get one broadband provider get several, I think they call it defence(i.e. don't let your competition expand in one area while you expand in another area). Therefore you have a choice to use it or not.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
First of all, have their customers been notified of this? Are they aware of the monitoring? Has it been explained to the customers in understandable language, not legalese? If the answer is "No" to any of these questions, then I think this company is headed down the short path to being sued.
Likely, they want to generate detailed customer profiles so that they can sell more targeted advertising (after all, highly targeted advertising is what sells for the most money). But even at that, it's an annoying practice that should be explained to the customers.
Even assuming they notified their customers (which I don't believe they did), though, it's going to be a hard sell to convince customers that their passwords (which are often not encrypted) as safe with them. They'd best stop this practice while they're ahead and no one has taken legal action. It reeks of a poorly-thought-out marketing/management decision.
My sigs always suck.
http://http://srd.yahoo.com/business/news/canadian /electronic/technical/francais/firstwatch/2002/jan uary/montreal/privacy/investigation/legal/watch/co mcast.html
This should get resolved pretty quickly in the Candian courts. Some of the prosecutor's points apply to the US as well!
How do we not know they're just implementing a web cache to save money and provide better service? Lots of ISPs do this. Why page to get the pictures from the homepage of cnn.com 458,765 times an hour when once will do?
This allows them to monitor and change (or insert ads into) what you read.
Posh. Fear-mongering. Come back with some evidence -- and I'll be as against it as the next guy. And if they are actually inserting ads, then they'll probably be in court with CNN, Disney, etc, so forth, for modifying and distributing copyrighted material.
Interestingly, regardless of what IP you address the packet to, the Inktomi Traffic-Server reads the Host: field to determine where to send the packet. I sent several packets from my home machine to one of my office machines, inside the packet was "Host: www.comcast.net". Comcast illegally intercepted, misinterpreted and altered this packet, and sent it to www.comcast.com. So, you might say there's a bug in this evil Inktomi Traffic-Server thing.
Oh, shut up. That's how a transparent proxy works. I suppose the Linux facilities for transparent proxing -- available for years now -- are also evil?
Where's my clue-by-four...
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Get every geek on slashdot to ping flood 68.34.76.99! Better things than this have been /.'ed before!
Slackware forever. Honestly, what else would you trust when it absolutely positively has to be stable, secure, and easy
Now wait a second. Before we all flip out and start bashing ComCast, lets realize a couple things.
Number one, this guy just got transitioned. A lot of people all over the country have been going through the same thing, and not everyone is seeing the same thing as him. As 'hostman' from the MESH (Michigan Engineering Software and Hardware http://misc.eecs.umich.edu/) discussion email list wrote:
"This whole thread got me a bit peeved, so I went home and ran a few tests. I was unable to find any evidence of the packet modification described. It is possible the described issue is not an issue here in A^2, as we 'transitioned' from MediaOne's service, not @Home..."
Secondly, your ISP has the right to monitor traffic to ensure quality of service. Just because the caching part of the server is not currently running, it does not mean that they aren't phasing it into the system. At this point it's just speculation. They might even have more rights to monitor what you're doing, depending on your service agreement. Read it.
Lets get some REAL evidence of what's going on other than this hear-say. Someone show us some modified packet headers, and someone else reproduce those results, and MAYBE I'll believe it then.
While it is perfectly possible that this is false, if it is true it is one of the worst invasions of privacy i've seen yet, and there has been alot of them. As a Comcast user (victem?) I can say that there is nothing in there privacy policy about any packet sniffing at all. The last thing I want is to have a company with the terrible reliability that Comcast has to have posession of a complete lof of websites I visit. If this is true Comcast should be shut down or at least severely reprimanded
Of course, ISPs have access to pretty much all network traffic (you think your packets magically transport themselve to and back from slashdot?). And it would not be difficult at all to log everything that passes through the network. (You certainly don't need an Inktomi system, although maybe it helps, I dunno.) Probability is that there's at least some ISPs out there monitoring their customers invasively. Maybe Comcast is in fact doing it. But this article is simply not convincing.
How do the exec's let things like this happen? Surely the understand the importance of customer loyalty? I'm a comcast customer, and when i move here in 4/5 months...i'm going sattelite and DSL. NEVER COMCAST AGAIN!
:)
I'd like to get the email addresses of their executive commitee....anyone know'em?
While IANAL, I work in the digital television middleware industry and have been involved in making sure that we do not inadvertantly let our customers run afoul of that precise law. It's not just the law, it's a good idea.
I'm a nature photographer.
I'm sure this is normal industry practice. Here in St. Louis we have to go to odd meausures to dodge Charter Cable's buggy transparent proxy. (It doesn't handle the case where you are deliberately using an authenticated proxy.) Fortunately it only looks at certain ports so you can dodge with proxies on non-standard ports.
Say Charter, if you are reading you could reimburse me for the two hours I spent figurng out this defect in my Charter user's internet service.
Take a look at this thread from the Philadelphia Linux User Group. It sounds like the new software update that Comcast has asked its users to install contains spyware and changes internet settings...
So now they can track you from your own (Windows) machine, and also through their transparent proxy.
I know I'm going off on a tangent here, and it's off-topic, but please bear with me.
The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.
Can someone explain why the Good Guys always have to keep the Bad Guy on the line for something like three minutes in order to trace the call, when all they should have to do is call up the Phone Company (on another line) and ask them to punch up the number of the person calling this number right now?
for your money, Comcast is committed to make
your Internet connectivity a useful tool in
your daily life.
We are partnering with many industry leaders
to ensure that you get many advantages out of
our service. In order to server you better,
Comcast now automatically connects you with
your interests by analyzing your Internet
traffic and matching it with one of our
partners.
Concretely, what does this bring to our
Valued Comcast Customers ? if you shop online,
Comcast and its partners will send you
E-coupons[tm] to save big at your favorite
online grocer. Do you book airline tickets
online ? Comcast and Delta Airlines will send
you E-coupons[tm] for incredible savings, and
access to unlisted flights. Do you buy
antiques on Internet Auction sites ?
E-coupons[tm] will help you save %15 or more
on your purchases.
But it gets better : you don't have to wait
for your next Value Comcast Customer
E-newsletter[tm] to take advantage of these
tremendous opportunities : the savings start
right now !
After analyzing your Internet traffic, our :
automated PatnerMatch[tm] server is able to
send your first E-coupon
--8<--8<--8<-- :
1 free visit to
Madame Tinkertoys House of Leather
Corner of Bourbon and Toulouse
New-Orleans, LA
Authorization number : 5UCK-M3-PL3N7Y
--8<--8<--8<--
To use your E-coupon, simply print it out
and present it to our E-Partner, and you will
start enjoying incredible savings.
Thank you Dear Valued Comcast Customer for
using Comcast's services.
I'm not a fan of Comcast (or for that matter cable modems in general) BUT I must ask - Where is your proof that they aren't caching any of the pages and only using it to gather marketing data? Once can configure a transparent proxy to completely mask its existance. I do this quite often with customers on their firewalls I don't give a crap about what they are browsing, I just try to get the most/$$ for THEIR bandwidth.
quis custodiet ipsos custodes - Juvenal
If they are forced to defend this sort of behavior they can portray it as simply an extension of logging all email traffic, which most ISP's have been doing for a pretty long time now. And not many people seem to be very worked up over that (I'm not saying they shouldn't be).
I would expect that some ISP's have been doing this for a while or at least experimenting with it on a small scale. If they feel they can get away with it even if they don't have any immediate need yet they probably view it as a potential resource, or at least something that doesn't hurt to have.
At worst they waste a little money on tape backup, they have potential advertising data, and there are other hypothetical benefits for them. For example if there was ever a criminal investigation, having the ability to (or to not) "discover" evidence that could incriminate a party because the information came across their network probably seems like a good thing to them. (remember the multiple times in the last few years emails have come back to haunt people and companies in court).
From the viewpoint of an ISP they really have nothing to lose by doing this, unless security/privacy is a major selling point for them (i.e. http://www.uncensorednews.com/), which for Comcast I'm guessing it isn't.
Sorry, but the /. community is so f@$%ng paranoid about people reading their packets. I have ComCast. Who cares? Oh wow, they're reading my e-mail. I hope they enjoy it. What a waste of time. If this is how big brother operates, then big brother is an idiot. Okay, so I tag my .sig with things like bombs, nitrogrlycerin, TNT, pipes, Amonia, Nitrate, etc..... Yeah, whatever.'
Like I care.
"The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long."
I work for a phone company.
No, we sure as hell DON'T have a database. (atleast in Canada). There are only 3 times we keep track.
1. As per customer request (traffic studies, getting prank calls)
2. As per warrant (court order required!)
3. For long distance billing. (we need to know how much to charge you)
local calls are not recorded - we have to add an option in your line programming for that - after meeting one of the above requirements.
WTF? Why is everyone accussing comcast of spying?
First off all your spending habit is normally kept in a database somewhere by your credit card company. How else can they bill you? What's the difference between that and this? Are you going to send your email over the net that's sensitive unencrypted?
Further more as many have pointed out without success this sounds just like a transparent proxy. Which is a perfectly valid network influstructure.
What is it with slashdot and the slashmob?
If Comcast wanted, they wouldn't have to rewrite packets in order to read all your web traffic if they're your ISP. They can just read all of your unencrypted traffic anyway, without modifying it to make you suspicious.
If their proxy isn't standards-compliant, that's somewhat annoying. It's somewhat likely that this actually *improves* anonymity, though, because web sites cannot necessarily track users by IP address. And this doesn't seem to affect SSL-encrypted traffic (which couldn't be proxied without the user agreeing, since SSL resists man-in-the-middle), which is all of the traffic which is at all hidden. This is like looking at people's postcards-- sure, it's not polite, but the things aren't even covered in anything.
I do wonder if this affects their common-carrier status at all, however. If they're doing non-trivial things to the traffic, they could be held liable for pages they pass on to customers.
No, they are just catching them, holding them for a few seconds, and then releasing them to make capped upload completely emulate dial-up.
...But, be on the look out for version 2.0 of this Comcast innovation!
The all new super ultra deluxe Dream [Packet] Catcher. Just like the Native American device only it captures packets and puts the user to sleep waiting for a reply to them.
Isn't this just a caching proxy? Track the requests to cache the popular sites. Others requesting the page don't need to go off the network to access it. Makes an attempt to make their network appear fast (even if it isn't)
It's because the actual "bad guy" is using spoofing hardware and software that makes his/her call look like it's comming from somewhere else unless you actually trace it back to the source. The more spoofing programs/hardware they comendere the more hops and therefore traces the good guys need to run to get back to the real number.
It's still in practice but now it's seconds not minutes that it takes to trace a call that's trying not to be traced.
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
I think the title of this was correct. Is Comcast intercepting packets?.
/. even posted the story..
If you nmap the box, it's just a Linux 2.2.x machine, which is their proxy server. They have SSH (OpenSSH) on 22, and proxies on 8080->8082 (most likely). I won't try to guess what's on 9090, that's up to a local user to investigate. Every cable provider has a proxy server, which they run to save themselves bandwidth. It probably does cache content. I can't connect from outside, probably due to an access list which doesn't recognize my IP as being one of their legitimate users. Good for the, one less open proxy server out there.
I think this needs much more evidence to be a credible report. Do you want to hear my list of gripes about TimeWarner/RoadRunner? They had my upload bandwidth limited to 1Kb/s and it took me 3 days (and 8 technicians) to get it fixed. Am I screaming gov't conspiracy? No.
If you don't like it, I'd bet you can just change your browser settings away from the defaults that their little install program set.. Or if you're that paranoid, tunnel everything you have to a "known safe" network..
If they're anything like TimeWarner/RoadRunner, they're doing their best just to keep the network running, they're not logging every packet. They can barely keep up with normal services, like keeping their SMTP, POP3, NNTP, and DNS servers functioning, do you think they could pull a psuedo-CIA move and watch all your packets and dynamically rewrite banners based on your browsing history? How many Comcast users do you suspect they have in your local area? Remember, we're talking about the same people that couldn't keep up with their billing enough to keep @Home from going backrupt..
Post some firm evidence, and I'm sure more people would be convinced. As for now, I'm saddened that
Serious? Seriousness is well above my pay grade.
We've got a Trace Buster! Well we've got a Trace Buster Buster! Oh yeah? I've got a Trace Buster Buster Buster! Butchered quote from The Big Hit...
Transparent proxy cache was actually implemented in my area (NJ) after the initial transition. They decided to dump it a week later, presumbably because of the number of customers that complained (myself included) that a number of web sites could not be viewed via the proxy. However they had it configured, it seemed to choke on just about everything from GIF images to plain old static HTML content.
In any event, if you are in an affected area, flooding customer service with complaints couldn't hurt...
Comment removed based on user account deletion
I wrote the initial post, and I stand by it.
Read the whole thread before flaming;
http://www.securityfocus.com/archive/82
If thats what it takes to nab all those sickos that are rolling around in kiddie porn than that is a good thing...I think that if I were trying to run a successful ISP, I would try to identify those users who I could do without. I think in the future -- it will be easier for them to get rid of all those l33t hackers who have 9999 servers running and transfering full length movies 24/7 -- maybe then I good get some decent speed for my kernel downloads. (cable sucks when all of your neighbors decide to "get into this internet thing" ... A coworker of mine just moved to a poor neighborhood and he has about 3 times the downstream as me....(His neighbors are more concerned about eating than P2P :)
(+1 Funny) only if I laugh out loud.
It's a CACHE - how do you expect them to cache frequently accessed Web information without examining GET headers and responses?? Hell, if every ISP used these things, it might eliminate the slashdot effect! But wouldn't want that, would we?
[Insert pithy quote here]
While I agree many ISP's, rightfully, do transparent caching (and I say rightfully as one who seven years ago was running CERN's server as a caching proxy for the department and kept trying to convince the university to set one up), there are other purposes, possibly evil, lurking here.
We all know that many corporations are drooling at QoS possibilities in terms of having their sites be more responsive than competitors'. According to the Inktomi product pages, for example Traffic Core:
"Allocate bandwidth usage based on business objectives by prioritizing streaming content based on author, title, department, content category, etc."
Sigh. I just ordered my cable modem this morning to finally switch from dial-up 56k to comcast cable internet... (It's not the bandwidth I mind as much as the latency....)
-Robert
I thought the reason telephone tapping was illegal is that telephones used to be owned by the postal service, and a telephone call is treated in a way similar to a letter that was mailed.
I didn't know that we had an explicit right and expectation of privacy. Wouldn't that cameras in shopping malls and streets illegal as well??
Just as we don't expect our letters to be opened we don't expect our telephone calls to be tapped, and our laws reflect that.
Go out and get sailing!
I sent Comcast a message about it, but they ignored it. If more people complained (ahem), perhaps they would be more willing to actually pay attention to standards.
ComCast is a cable modem company. Don't know about your area, but around here, if you don't want AT&T broadband to do your cable modem, you have to move....
Folks.. it shouldn't even have to be repeated, but it does.
When you send plaintext over the net, like HTTP reuqests..
YOU ARE SENDING PLAIN READABLE TEXT OVER A PUBLIC NETWORK.
Where is your expectation of privacy? That's right.. you don't really have one.
Passwords? HTTPS.. that's what the 'secure'part means you know.
What if I might not be a subscriber but happen to go through thier product? What if a subtle change in the headers gives the impression that I might be doing something illegal? Now along comes the FBI who has another ISP bugged and asks for details. Since comcast keeps no logs of what it does it doesn't remember or even admit to mistakes. FBI says cool and I go off to jail.
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
caching information properly to save bandwidth without having out of date caches is difficult to deploy on that scale (while still saving money); many hosters already do it for you with akami anyways.
collecting info and selling it to marketers however is simple.
"The internet is inherently non-private. If you want a private connection use crypto. Otherwise, work under the assumption that everyone else knows everything you do on the net."
Which comcast has neatly sidestepped by not allowing VPN.
Comcast was looking at me bum!
<RANT>
Yawn.
I can't believe you guys consider posting this slop. It's called a proxy server. Have you never seen one before? It's called HTTP acceleration. It's used to offload data to local proxies so it can be cached and therefore not be routed all over the Internet. Guess what. My university runs proxy caching servers. A whole 5. They claim it adds about an extra 5 Mbits to our commodity Internet connection by offloading traffic that would normally travel over the net to the cached data. They have openly told us that "they are not in the packet-watching business, nor will they ever will be."
@Home used proxies before they went defunct. Try DNSing any proxy.city1.state.home.com and see what you get. It's used to speed stuff up. No conspiracy there. Whoever wrote this letter is a conspiracy theorist loser. I guess all those Cisco routers my data goes through before it reaches slashdot is a whole conspiracy, too.
Give me a break. Comcast is obviously doing this to speed up their network. I love the part where he suggests that "This allows them to monitor and change (or insert ads into) what you read." What a fucking idiot. I'm sure they are doing that.
If he's going on a whim by saying "[the server]'s not configured to serve cached data" I think he's wrong. Since he doesn't work for Comcast, how does he know this? He doesn't. It's also funny how a few lines later he says "It then caches the
returned data." Umm, I thought you just said it didn't.
</RANT>
So. Anybody else getting a burgundy-and-mustard color scheme on this page? Weird.
I was _so_ going to post that quote :-)
It's a fucking reverse proxy server. I see absolutely no proof on the site whatsoever that this guy's personal info is being stored or aggregated or anything. Where's his proof that Comcast has purchased the "specific equipment" that is used for data aggregation, and where's his proof that they're using it for that purpose?
This is just a stupid fucking email message that, once again, when placed under the magic Slashdot Out-Of-Proportiometer, has ballooned to mega-lotta-banner-ad size.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
"First off all your spending habit is normally kept in a database somewhere by your credit card company. How else can they bill you? "
Yes, but the important question is "what do they do after?". "Doing it because we can" will be the new mantra for 2002. Moral,ethical,legal it doesn't matter what law gets bent, just don't get caught.
I don't see that Comcast is really doing much, other than possibly filtering stuff on port 80.. Maybe for NIMDA/Code Red? Who knows.. but from reading a bit of their license agreement, it doesn't seem like they could be doing much that's all that bad...
And in fact, Comcast users should be THANKFUL for the fact that they're not prohibited from running things like FTP, HTTP, or other servers, like those of @home were.
Before you go quoting the license agreement - read it again. The only part that prohibits such servers is for the resale of their service - which is a more than fair restriction!
I have to say, of all the AUP's and EULA's I've read, this one is the most benign, and fair to its customers (while having to protect its collective ass as much as possible, of course) I've ever read. I don't see why people are up in arms...
http://www.babysmasher.com
http://www.openingbands.com
$ telnet 1.2.3.4 80
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
get www.yahoo.com
Yahoo! -
501 Method Not Implemented Help Method Not Implemented
get to
Copyright
© 2002 Yahoo! Inc. All rights reserved.
Privacy Policy -
Terms of
Service
Connection closed by foreign host.
$ telnet 1.1.1.1 80
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
nmap ANY valid or invalid host and port 80 will be open. Yes folks, that IS a transparent proxy answering your calls.
Preach it, brotha! Web pages are like pussy - the fresher and younger the better! And also I hate web pages that have public hair.
Its a transparent PROXY and NOT a cache.
Mac OS X and Windows XP working side by side to fight back the night.
In a previous life, I was an experienced admin of Inktomi traffic server. It's simply a proxy cache. Yes, it can do many of the things mentioned.. insert ads? Sure... capture user into private portal hell? Sure. Track usage via logs? Sure. Do most care? Ehh.. not sure about that.
That previous life was working with a large Regional Bell company... the mere mention of selling of consumer info (even just anonymized web logs) caused the blood to run out of their faces. I don't think it'll happen there, but I don't make promises for anyone else. It's quite the panacea of information, even if just used internally.
BTW, Novell's proxy cache is actually faster, easier and quite a bit cheaper. Squid, while free, will likely never reach the same performance levels.
Dump the IRS - http://www.fairtax.org
I've worked at a national ISP that did a trail of this hardware. The goal is to take the heat off upsteam link. It's fairly useful in a small market were your upstream has to cross a LATA incurring long distance charges.
The logs generated for this device is not anonymous. It's pretty much reads like an Apache log. Source and destination IPs for every request. I remeber wanting to get some sample data to see if we needed to take the Cache log into account for looking at out admin server traffic reports. Small town USA pretty much surfs over 50% porn.
At any rate. It's doubtful they use the cache box to collect internet traffic stats. Why? Well, basically, it's a money issue. Once you have the data great...except it's a freak'n huge sh*tload of data. If you want useful reporting you need to keep data for a year. Your're looking putting almost 500K into disk, CPU, and software. It's not worth it because you'd never recoup the money.
This does NOT mean your ISP doesn't sell your data. An ISP can make some serious cash by selling your data. ISP's can and DO enter into agreements with companies that collect data. However, the ISP wash their hands of the actual process. They let a 3rd party drop a Switch or a Bridge into a POP that directs traffic to a machine that will totally transparently collect data and start collecting checks.
Point is, the Cache is exactly what it appears. A Cache. It does collect data, but I've never heard of a National ISP use that data. They let a 3rd party company do all the work and collect the checks.
Personally I approve of this because it will allow for a more efficient operation of many useful web services like content filtering, virus checking and ad stripping. An important part of this work will also be define a standard way for conforming OPES software to only invoke edge services after authorization from end-users and/or content providers.
Kinda like "The Big Hit's" "Buster Buster Buster"?
Silly Rabbit...Sig's are for kids.
Usually, /. is pretty good about determining what posted rumors get put online and which ones don't, but I don't exactly see what in this post give the author any credibility... They might as well go ahead and post that Microsoft has a special new technology that can track email forwards and will send you $5 if you forward this email to all of your friends...
/. editors, get some credible source verification before posting something like this... not saying it's not true, but there's not a whole lot of reason to believe it other than paranoia...
C'mon,
http://starboard.flowtheory.net/
"It is a greater offense to steal men's labor, than their clothes"
Comcast Cable Communications, Inc. (NETBLK-JUMPSTART-1)
3 Executive Campus, 5th Floor
Cherry Hill, NJ 08002
US
Netname: JUMPSTART-1
Netblock: 68.32.0.0 - 68.63.255.255
Maintainer: CMCS
Coordinator:
Zeibari, Greg (GZ64-ARIN) gzeibari@comcastpc.com
856-661-7929
Domain System inverse mapping provided by:
NS01.JDC01.PA.COMCAST.NET 66.45.25.71
NS02.JDC01.PA.COMCAST.NET 66.45.25.72
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
"To report network abuse incidents please send an e-mail to
abuse@comcastpc.com. The e-mail should include a description of the incident, the source IP address and any log files, SPAM or any other applicable information. Incidents reported to any other e-mail address will not be investigated."
Record last updated on 15-Jan-2002.
Database last updated on 11-Feb-2002 19:56:34 EDT.
If voting were effective, it would be illegal by now.
And unfortunately, we on the support end have absolutely no clue either way on the issue. All I know is that there was a serious slowdown of the main call logging tool this afternoon. We cannot ping said transparent proxy from our facility, but thats likely because our firewall prevents it.
"d'oh!"
Lousy facepalm.
In a bold marketing effort to help squelch concerns that Comcastis collecting and reselling customers web surfing habits, Comcast has updated their I want it campaign. The companies new slogan will be Comcast: We just want your pr0n. When asked how the new slogan was chosen, Comcast responded that
"SCORE! Get the lotion" was already being used by Snort in their kickass-porn rule set.
www.sguil.net
The Analyst Console for NSM
Moderators, please mod the parent down! It's obvious that the poster is trying to shine the light of reason on people, and it's hurting their eyes!!
If it weren't for jumping to conclusions, I doubt anyone whould get any excercise at all around here!
This is what Orangatango is all about; run a virtual browser through SSL and all Comcast will ever see of your surfing is www.orangatango.com:443.
--Just the place for a snark!
I think I smell an Uplink player here. In reality, you can't spoof, ANI will show your originating phone number and that number gets bounced around with each successive call. It is true, however, that starting a few conference calls, chaining them together, then calling Sears, explaining that you're new in Automotive and you need the operator, getting a dialtone, and continuing the chain of calls can slow things down a little.
The Washington DC area has been experiencing lots of trouble after the switch from @home to att.net because these proxies haven't been configured right. There's some info on dslreports.com
Well, is that true or not?
Or is it irrelevant?
--Jeff
ipv6 is my vpn
I don't quite understand the issue here. So Comcast put a transparent proxy on http ports, are people upset because of the proxy itself affecting performance? Or is it the fact that the proxy "may" affect privacy?
It sounded to me to be the second point which is ignorant. If Comcast want to "transparently" monitor its users' web usage or whatever data they want to sniff. They would not even have to setup a web proxy. Just an IP-less sniffer to listen in and software to log all web transactions (much more efficient and you would never know).
I only hear this guy crying about privacy issue without any real supportive points, maybe he's just paranoid?
The phone company [...] sure as hell have a database of which line called which number, when, and for how long.
This is called billing in case you ask..
Comcast is engaged in the large-scale activity of making unauthorized derivative works (with that modified content and extra ads) of (copyrighted!) web sites for commercial gain . If a few of us web-smiths nail down the evidence solidly, the court ought to make us rich off the damages! Not to mention the fun we could have following the (M$, BSA, Scientology) precedents with ex parte orders for copyright violation search!
"My opinions are my own, and I've got *lots* of them!"
While true the internet is technically a public network, a majority of the packets that I send travel through my isp, then a handful of known core backbone providers, and then the isp hosting the site I'm connecting to. To me this means that it isn't a completely insecure "chain of packet custody" devoid of all accountability, and I don't think I'm out of line to expect that the companies moving my packets will adhere to at least a minimal code of ethics in regards to my privacy. I hope not to see AT&T handing off my packets to some shady character with a couple of fat pipes and a packet sniffer, and I would hope that there are certain guarantees made by the core carriers to their customers respecting my individual privacy. While I still encrypt the really secure stuff (sometimes bad men do work for ISPs, or packets take the long way around) I hope we never have to resort to encrypting even our amazon.com order confirmations for fear of our providers capturing this potentially marketable data and selling it to the highest bidder. I'm not certain why AT&T is playing with my packets, but I hope they have some decency and will use any information gathered for aggregate and/or user opted-in purposes only.
And what will happen if the request you make (say to a Linux box with some clever scripting) has the request header like a CodeRed infected box might send out? There are a lot of things they could be doing with this. One might be to quench worms like CR. IMHO, that much would be a good thing.
Of course there are many bad things that could potentially be done with such a thing. If it disassociates the HTTP Host: header from the original destination IP address, and tries to lookup that hostname and connect there regardless of what the IP was, that could be bad. What if you are requesting a page from a web site in an alternate DNS realm like the Open Root Server Confederation ... such as http://chrono.faq/ or http://watch.gallery/ or http://baby.mart/ or http://top-stories.news/?
now we need to go OSS in diesel cars
Nice try, but I'm on Comcast, I've been transitioned, and your method doesn't work.
So is that proof there's no transparent proxy?
No.
What if you are requesting a page from a web site in an alternate DNS realm like the Open Root Server Confederation [orsc.net] ... such as http://chrono.faq/ [chrono.faq] or http://watch.gallery/ [watch.gallery] or http://baby.mart/ [baby.mart] or http://top-stories.news/ [top-stories.news]?
IMHO that's a good thing if that crap breaks. They're fragmenting the DNS root heirarchy and making it chaos. If you gave me a URL of "http://baby.mart" and I tried to go there (which I did) and it doesn't resolve then I'm going to think you're a daft moron. Use the ICANN root and everything works fine.
I don't doubt that this could happen, but I would hardly worry about a post on a message board or mailing list. Yes, we need to be vigilant, but let us get some independant verification from a trusted source. Better yet, why doesn't one of you who has Comcast as a service provider write them a letter and ask? CC the FCC and the Better Business Bureau if you feel it necessary.
Something about this just smells like FUD to me.
- we have all kinds of quality problems. There's a shitload of web apps out there that break with transparent caches, one way or the other, and often in subtile ways. There's even an RFC about some of them.
- when metering traffic independently of the cache statistics we found that we actually did not save any bandwidth worth mentioning. The statistics for the caches of course say different, but interface counters don't lie
:-)
- customer satisfaction goes down the drain. The reason is, even if there is no problem with the caches, people blame any problem with internet and web site availability on the caches - and thus on us.
But, no, we have nothing in place to collect and evaluate logs. It's just much too much data right now to handle or even store it professionally. OTOH, given technological advances, this kind of storage and evalutaion probably will be trivial a few years from now. So the tendency is definitely dangerous.f.
A coworker of mine just moved to a poor neighborhood and he has about 3 times the downstream as me....(His neighbors are more concerned about eating than P2P :)
So how come he still has a computer?
I believe, as many other here, that they are doing transparent cache switching, which a lot of people are doing these days. The reason that you can see it, is that they have not configured their proxy and switch the "right" way. A proper cache and switch have functions to do ip spoofing so that it seems that the request is coming from you but it get intercepted by the switch and redirected to the cache. the target will then get your IP but the switch will make sure that the response gets to the cache instead.
So don't be so sure that you can see it if you are behind one. The problem is that you all are talking the application layer here but you will never be able to catch it viewing that.
Since a the switch they will be using can do switching on almost all layers, MAC adr, tcp request right up the top and do switching on urls.
Btw. this is not limited to http. anonymous ftp, and the most common streaming media protocols can be redirected the same way and cached also.
The difference with the streaming protocols is that the host server not always allows it. But if it does then the cache will report back to the streaming server how many clients it has behind it. If it's a live stream, the cache won't cache it but do a spliting of the screen. The host server should be able to view this as they have many connections on their server but low bandwidth usage.
Some of this about is not 100% correct but it would take hours to explain it all. And it's fun to play with.
The "keep them on the line for three minutes so we can trace them" is pure Hollywood - it allows a hack writer or director to artificially increase the tension.
In reality, if the cops are watching a line, they will have the call traced before the first ring of the phone - the only time consuming part is getting the warrent and telling the phone company to be ready.
The only reason to keep the person on the line is so that they can roll a unit to the originating phone and arrest the miscreant there. That unit gets rolled as soon as the cops know this call is the one.
Semi-OT: I've oft wondered if one could use a Nimda infected machine as a relay for browsing or I-Phone to cover one's tracks. You could accumulate a list of these machines just by watching your logs, then when you felt the need you bounce off two or three, perhaps using SSL to hide the contents of the traffic until you got to the last machine....
www.eFax.com are spammers
After they switched the network over I was trying to get my VPN to my place of work going again. With absolutely no success. The wackiest thing was when I'd try to ping my internal network at work, I'd get responses back from comcasts internal network. You can test it on your machine, ping a 10.9.0.0, 10.11.0.0, or a 192.168.0.0 network which aren't used outside and watch errored packets come back from comcast. I've already contacted them and they said if I want this fixed I have to pay the $100+ a month for business grade service. What a load of crap dsl is getting installed soon.
If your not cheating your not trying. If your not trying your not winning and if your not winning why play?
Unfortunately, it could be time to get a secondary service that allows people to send encrypted requests to a central server where the requests are decrypted and sent to the real server and then the responses get returned to the central server and re-encrypted so all comcast sees is you constantly sending and receiving packets from this one central location. You would, of course have to add in delays to this so people wouldn't know which request went where during which 10-15 second block...sucky. :P
Best. Comment. Ever. Enjoy!
So how come he still has a computer?
he got to keep it as part of the divorce....(along with the shirt on his back!)
(+1 Funny) only if I laugh out loud.
When was the telephone system ever owned by the postal service? At least in the US, I'm pretty sure that that has NEVER happened.
-
Got the number for sears?
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
I used to work in usage billing, so I can say that you're all right in your own overconfident slashdot ways.
In some places, the switch is configured to record all local calls with complete information (origination, termination, billable number, duration, type of call).
In some other places, the switch is configured to record only counts of local calls and their respective billable number.
Why? Because if a company owns its switch and it won't be rating a caller's local calls individually, then there's no reason to collect all the data and run it through the system. But, if there's a legal reason why it must be done (customer request, subpoena) or if there's a need to verify network use, or if the line belongs to a customer that is serviced by another phone company that's buying bulk service from the switch owner, then the company will turn on local call recording.
Since most telephone traffic in a city IS local, and if most of it won't be billed per call but rather as a monthly cost, then collecting and rating all that data represents costs that the are unnecessary.
***Foucault is watching you..***
"I am highly disturbed by the report I just saw at http://www.interesting-people.org/archives/interes ting-people/200202/msg00057.html. I expect to receive a formal, legally binding response to this comment immediately, or I will terminate not only my Comcast@home subscription, but my cable television subscription as well. I DO NOT TOLERATE any sort of spying on my activities. I work for a defense contractor, and some sites which I visit are, by their nature, *CLASSIFIED* in content. Encryption can only go so far, and any method of retrieving this information is a felony under the DMCA. Your legally binding response must be signed by someone of Vice-President rank or higher."
The only way to make ISP's understand that this sort of behavior is unacceptable is to hit them in the only place it matters... their pocketbook.
I suspect that one of these choices is incorrect. Correct.
by giving real-life dumb bad guys the impression that it takes any time at all to trace someone from a payphone. Sheesh, 999 calls get a bloody map up on the screen before the call is even answered.
the US govt. would take a serious view. Paranoid times and all that. Why not ask the various agencies if any of their employees might be victim.
I was transitioned to the new Comcast network two weeks ago. Since the transition my firewall has been logging what I believe could be interpreted as a "man in the middle" attack. Here is an example of the log entry:
02/12/2002 09:55:09.592 ICMP packet dropped 10.94.96.1, 5, WAN 68.80.x.x, 5, WAN 'Route Redirect' 0
I'm assuming the IP 10.94.96.1 is from comcast. The only other logged entry with that address shows up after my DHCP lease expires (as follows):
02/12/2002 00:25:58.544 DHCP Client got ACK from server. 10.94.96.1, 67 68.80.x.x, 68 68.80.x.x
I'm no TCP/IP or routing guru, so could someone interpret this log entry? Could this be a "man in the middle" attack being initiated by Comcast? Is this a smoking gun?
Remember... ZG9uJ3QgZm9yZ2V0IHRvIGRyaW5rIHlvdXIgb3ZhbHRpbmU=
Not that I'd condone such a thing but a more effective way to make sure they hear you is that on thier contact us page you can call thier mail submission page directly. So if you set up a javascript interval you could send them a few thousand emails in a minute. They might hear you then.
This doesn't really make sense. There has to be trillions of packets created on the @home network. There are several problems because of this.
1. When you run a network capture, the log file is going to grow to 100s of gigs in minutes.
2. Sorting through 100s of gigs of log files is going to take massive processing power.
The only logical thing I could see them doing is being able to screen for keywords like "news" in real time.
"Which comcast has neatly sidestepped by not allowing VPN."
Yeah that sucks. My ISP [rogers.com] blows worse though. Not only are they probably selling my viewing habits but they're almost always down as well. [like right now....I'm posting from school]. They suck so much that if the world had to depend on this quality of service [from rogers] for telephones modern civilization would cease to exist as we know it.
Personally I think a multi-billion dollar company should be able to host 490K people with more uptime than 23%.
Tom
Someday, I'll have a real sig.
It's simple:
S P E A K E A S Y . N E T
RULES. They just want you to have a completely unrestricted, private connection to the internet. Sounds good to me!
There is a bigger picture here:
- You agree that comacast my snoop and sell
- you may not use VPN
- you may not run a server like Crowds or anything that might get in the way of comcast snooping and selling
- comcast has implemented the means to snoop and sell
And you get all this for 40+ dollars a month. Can there really be any question about what is going on here?
I'm also on a transitioned Comcast network (Eastern GA), it doesn't work here. Perhaps the transparent proxy was left by the old provider? :>
The issue to me isn't if someone is reading my packets, it is that they might block them based on what they find. What many people want from their ISP, me included, is an unfettered link to the 'net. If I want to open a port to script kiddies, I mean run a service, then let me do it. The fear of a cable company analyzing traffic is what their analysis might be. Cable companies have history of deciding what you can watch on TV by limiting choices. Many cable companies already have terms of service which limit what protocols you can speak over their network. I for one do not trust cable companies to respect my desire for an unfiltered net feed.
Um, cameras on the street are perfectly legal because that is not a private place. You have no reasonable expectation of privacy there.
The deal with cameras in malls is similar. Unless you are in the changing room or restroom, you are essentially in public.
I do not have a signature
Put this CGI program on a server somewhere (I have it on a server somewhere - but I like having a working, non-slashdotted server ;):
/bin/sh
;) proxy would be a better name. Well maybe not, Lucent Technologies might consider that trademark infringement. ;)
#!
echo Status: 200 OK
echo Content-type: text/plain
echo
env
This CGI program will get you a lot of information about where the server thinks the client is. If you are using a "transparent" (*) proxy, it will have its IP where yours would usually be.
(*) If it was truly transparent, you wouldn't see it. Perhaps a translucent
Just because it CAN be done, doesn't mean it should!
Most of the uses are beneficial, or at least benign-- tracking trends in usage in order to make adjustments to the network configuration, or measuring usage to verify billing. Some uses will piss off some users-- if the ISP measures a sudden surge in Gnutella usage by a small number of subscribers and puts in traffic shaping rules to limit the bandwidth available to those users for Gnutella, a small number of users may be upset, but a large number of Web surfers may be happier.
Yes, it's possible to abuse such data, or even the data collected in a transparent proxy. Do you really think someone cares enough that you personally visit a dozen porn sites a day to make it worth the time and effort to collect and organize the information?
Okay, here are the facts.
1) the phone company in the US monitors about 1/3rd to 1/2 of all phone calls every day to check line quality. If it's a really interesting conversation, sometimes they listen to all of it. (at least that's how it was up to the 80's
2) Tracing phone calls. (Again, Fact).
The phone company has the ability to instantly trace all phone calls. It has had this ability since they went computerized. ALSO (get this) the bit about 'needing to keep them on the line' to get a trace has ALWAYS been a lie! But wait, there's more!! The phone company is the one who told this lie to the FBI and the US government. Why? Because back when the records were done by photo archiving and hand (which was how they figured out your bill) the time to go through those records and find out who called whom was quite a man hour sink and the phone company didn't want to do that. So even back in the 40's and 50's (and possibly even prior) there were records of who called whom the second the phone call went through, it was just a closely guarded company secret.
In the 70's when the FBI arrested some phone preaker and hacker on the AT&T's say so, he told the FBI all about this dirty little secret. The FBI was not very pleased. This one is in the history books if you want to go look it up.
Well, would you apply the same logic to your phone service? If not, WHY not.
Also, having my packets examined is one thing. Having my packets ALTERED is quite another. Yes, it can break stuff (I have another post on this thread that gives an example).
I have a reasonable expectation that things are not changed at the IP level or above.
If I send a postcard, I expect it to not be changed, other than the postage being cancelled to prevent reuse. I sure as heck don't expect them to rewrite parts of it.
Just because it CAN be done, doesn't mean it should!
If you post a link to a site I'm too stupid to be able to resolve, it's terrorism. You should be prosecuted for being such a daft moron, since I can't use my proprietary monopolist software to view information made freely available to anyone with a clue. It's bad, and those people who are providing services to the world for free are bad, and we need a government-funded crusade to stop them right away, ICANN shouldn't have to spend their own money to protect themselves from all this blatant terrorism.
--Captain Swing
This announcement sponsored by Lludites for a Tax Cut, Inc.
Virtual any ISP of size uses web proxies. It improves the performance to it's users by return data more quickly. In fact, it's simple enoough to argue that any major ISP that's NOT caching is a bad Netizen, for pointlessly wasting bandwidth!
And I am sure they are tracking usage, to some extent, because they are looking for patterns to more efficiently tune the proxies. A common tuning, for example, is to only cache certain sites (for example, your personal homepage on xyz.com doesn't ever get cached) for greater performance (cache doesn't waste time putting it into the cache to have it pressured out again).
If you find that they are looking at the returned data itself for no reason, then yes, that's wrong. But just plain old caching? Come on, let's be serious.
Except I did it the other way. I entered yahoo's IP address for www.comcast.com in my hosts table.
www.comcast.com resulted in www.yahoo.com using Mozilla on RH7.2.
Hmmm... very annoying, I just bought all this cable-internet related hardware too... Anyway, it may not be "proof" of anything, but the behavior of the system described in his article turned out to be true.
I agree with what you say with regard to caching, but not with regard to transparent proxies. Users are giving their ISPs money for access to the Internet, not some caching proxy. If the paying customer wants to use his ISPs proxy, he should be able to do so by pointing his browser at it. The ISP should not force users into a proxy without explicitly advertising that the access they provide is not true access to the Internet.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Semi-OT: I've oft wondered if one could use a Nimda infected machine as a relay for browsing or I-Phone to cover one's tracks. You could accumulate a list of these machines just by watching your logs, then when you felt the need you bounce off two or three, perhaps using SSL to hide the contents of the traffic until you got to the last machine....
Isn't this what mostly-defunct SafeWeb's Triangle Boy project was about?Too bad the article didn't have a link to http://www.hick.org/goat/ ;)
The monitoring and modification of HTTP traffic is definitely going on...
I should know since I just worked for a company that was doing it! And I just quit today of all things!
Another part of what it did was allow for "server" side pop-up ads created by the ISP not the content provider.
I think all of the ISP customers were not in the US though. All they had were ones in Italy, Mexico and Japan.
What the ISPs wanted was: a way to monitor and analyze end-user traffic, a way to create announcements and redirect to their own portals.
All of this was done by the monitoring of HTTP and RADIUS traffic.
There are at least a couple of proxies on the market that have APIs which allow for the modification and monitoring of HTTP traffic also. So I don't think it's any big secret that it's going on.
I think this sort of action calls for an all out DOS attack from everyone who thinks this type of action is infringing on our privacy. Time to bomb them back to the c:\DOS\ age!
Comcast Tracks Web Browsing of Its 1 Million Internet Subscribers
By Ted Bridis Associated Press Writer
Published: Feb 12, 2002
WASHINGTON (AP) - Comcast Corp., the nation's third-largest cable company, has begun tracking the Web browsing activities of its 1 million high-speed Internet subscribers without notifying them.
...
http://ap.tbo.com/ap/breaking/MGAH15EEMXC.html
Well isnt it? And if they do start pushing ads like the message mentions on interesting people, isnt that a copright violation too? Modifying a copyrighted work and redistributing it for your own profit?
Sick of stupidity? http://www.patentlystupid.com
Comcast Tracks Web Browsing of Its 1 Million Internet Subscribers
By Ted Bridis Associated Press Writer
Published: Feb 12, 2002
WASHINGTON (AP) - Comcast Corp., the nation's third-largest cable company, has begun tracking the Web browsing activities of its 1 million high-speed Internet subscribers without notifying them.
...
http://ap.tbo.com/ap/breaking/MGAH15EEMXC.html
Didn't we AGREE to this when we signed up?
Collection, Use and Disclosure of Information on Subscriber Use.
Use of Information. Collecting information contained in transmissions made by Customer through the Service directed at Comcast, @Home Network, Internet web sites, or other service providers to which access is provided as part of the Service, is necessary to provide the Service. Comcast's detailed business records generally are used to help make sure Customers are properly billed; to send Customers pertinent information about the Service; and for accounting purposes. Customer information is also used to execute requests and orders placed by Customers with advertisers, merchants, and service providers; to understand customers' reactions to various features of the Service or the Internet; and to personalize the Service based on the interests of customers. Such information helps Comcast improve the Service and uncover unauthorized access to the Service or Customer data and may be provided to law enforcement agencies in the event of such unauthorized access.
Confidentiality of Information. Comcast considers the personally identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personal information that Comcast maintains related to Customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need, or pursuant to a court order or order of any regulatory body having jurisdiction over matters which are the subject of this Agreement. Comcast may also disclose personal information to prevent criminal activity (including bomb threats), violation of the @Home Network Acceptable Use Policy, or in the event of fraud. The types of persons to whom information about Customers may be disclosed in the course of Comcast's business include: @Home Network; Comcast employees and the employees of Comcast's related legal entities; agents, billing and collection services; market research firms; and merchants or advertisers offering services to Customers through the Service; or as otherwise required under applicable law.
If you send email to comcast.net with the strings 0135236 or lashdot.or anywhere in the message body, you will get a message back like this:
Apparently they have a procmail recipe like this:
EXITCODE=67
:0B:
/dev/null
*(0*1*3*5*2*3 *6|l*a*s*h*d*o *t*\.*o*r)
I've sent several test messages to a friend at comcast.net, and they bounce back immediately if they contain the 0135236 or lashdot.or strings, while they don't bounce back if the string is changed to 135236, 013523, ashdot.org, or lashdot.o (one character less).
Whitespace between the characters doesn't matter, but nonspace characters seem to mess up its pattern detection.
Fortunately, you can tell someone how to reconstruct a /. URL besides simply quoting it.
Chilling!!!
I've urged my friend to stop using comcast.
I know a fellow who works helpline for Comcast in Edmonton. They can do anything to Comcast subscribers. Literally. Just be thankfull that nothing really bad has happened. Those pfy's have no idea what's really going on, and are just drones doing what they are told. You Americans are so funny at times. And so naive.
National Public Radio featured the same story this morning. I was doubtful before, but now...
Incidentally, I don't see how, legally, this is different than, say, what doubleclick used to do. It's not a tap, since they are the providor. Presumably, ATT can log your dialed calls if they want. But it would be nice if they just asked for your porn-site passwords rather than trying to spy on you to find out.
If all this should have a reason, we would be the last to know.
Here, they say due to pressure from its users, and some members of congress, they're going to stop monitoring immediately, which is the correct thing to do...
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson