Slashdot Mirror
Is Comcast Intercepting Packets?
nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for
subsidiaries or resale to marketers. Maybe they want to do their part in
The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."
Both Cable Internet Providers and I am sure many other ISP's in Australia use Transparent Proxies.
Much easier to setup on the client side and you catch people who leave out the proxy information.
The fact that the server has other capabilities doesn't mean that they are actually using this stuff. If someone can show me a link to the page where I can buy the marketing data, *then* i will believe you.
This is just speculation.
Go out and get sailing!
I think the fact that this was mailed to bugtraq yet it apparantly got denied is proof of that...
Many ISPs do transparent caching. Transparent caching at ISPs is more than acceptable. It's not acceptable when major backbones do it, as has happened in the past.
The fact that they can log what you do is just a side effect. The same can be done WITHOUT transparent caching. The 'author' says they added hardware just for this. Well of course they did! They're just trying to speed up access without needing as big of a link needed without using transparent caching.
And at any rate, I'm surprised this got posted. It's just some guy posting to two mailing lists, which got denied at that!
Ultimately though, I feel ISPs should provide a means to remove you from having your link transparently cached. If they do that, then you can't blame them for trying to save bandwidth. The results of a transparent cache can be substantial!
Linux: Because a PC is a terrible thing to waste.
James Brents
I got forwarded this by one of my buddies at work. At this prices its plain sick that they also want to sell your usage statistics to the SPAMERS. On top of that I've been told that they want every computer on there network using proxy clients in order to connect.
I'm glad sprint just hooked up DSL in my area, I'm switching providers.
According to insiders at Comcast there will be three tiers of service. The current service will be called Silver and it will be 1500/128 for $49.95 plus modem rental. Yes that is true, they are planning on a $10 price increase within the next year after the transition is complete and the merger with AT&T Broadband Internet is finalized. Comcast doesn't want to mess with the rates right now until they get regulatory approval for the merger. But the S.O.P. at AT&T and Comcast is a price increase after a merger. Look at what Cable rates did after the Mediaone transition.
Gold service will be 1500/300 and will allow VPN access and something they are calling priority traffic. This is the old Pro service. The cost will be $99.95. If you are a gamer used to the old MediaOne performance, this Gold level should get you back close to the perf you had with the old system. And yes that means you will be paying double for the same service you had last year.
The new low price option is Bronze. Expected to be 128/64 or maybe 256/128 it should be priced at $29.95. This is the one that is most in the air. I haven't seen a bronze config file yet to see what they are planning.
Modem rentals will be $5 and may increase to $7.
How do we not know they're just implementing a web cache to save money and provide better service? Lots of ISPs do this. Why page to get the pictures from the homepage of cnn.com 458,765 times an hour when once will do?
This allows them to monitor and change (or insert ads into) what you read.
Posh. Fear-mongering. Come back with some evidence -- and I'll be as against it as the next guy. And if they are actually inserting ads, then they'll probably be in court with CNN, Disney, etc, so forth, for modifying and distributing copyrighted material.
Interestingly, regardless of what IP you address the packet to, the Inktomi Traffic-Server reads the Host: field to determine where to send the packet. I sent several packets from my home machine to one of my office machines, inside the packet was "Host: www.comcast.net". Comcast illegally intercepted, misinterpreted and altered this packet, and sent it to www.comcast.com. So, you might say there's a bug in this evil Inktomi Traffic-Server thing.
Oh, shut up. That's how a transparent proxy works. I suppose the Linux facilities for transparent proxing -- available for years now -- are also evil?
Where's my clue-by-four...
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I probably signed some BS license agreement that gave them the right to do that. Doesn't matter. With spamcop, spamassassin, and all of that (plus the fact that they STILL don't have a working email address for me) they can't send me spam. And with caller id, I haven't spoken to a salesman since I stopped answering blocked numbers. And, finally, with my hosts file, I don't even see 90% of the ads anymore.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
~~~
Its all in the terms of service:
COLLECTION, USE AND DISCLOSURE OF INFORMATION ON
SUBSCRIBER USE
Collection of Information: Comcast collects, uses and releases information on Customer use of the Service as necessary to render the Service, to otherwise undertake legitimate business activities related to the Service and to comply with law. Comcast may collect information in accordance with applicable law concerning Customer's use of the Service and customer preferences which are reflected in the choices that a customer makes among the range of services offered as part of the Service, the time that the customer actually uses the Service, the menus and features used most often by the Customer, and other information about a customer's "electronic browsing."
Use of Information: Collecting information contained in transmissions made by Customer through the Service directed at Comcast, its Underlying Providers, Internet web sites, or other service providers to which access is provided as part of the Service, is necessary to provide the Service. Comcast's detailed business records generally are used to help make sure customers are properly billed; to send customers pertinent information about the Service; and for accounting purposes. Customer information is also used to execute requests and orders placed by customers with advertisers, merchants, and other service providers; to understand customers' reactions to various features of the Service or the Internet; and to personalize the Service based on the interests of customers. Such information helps Comcast improve the Service and uncover unauthorized access to the Service or Customer data and may be provided to law enforcement agencies in the event of such unauthorized access.
Confidentiality of Information: Comcast considers the personally identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personally identifiable information that Comcast maintains related to customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need, or pursuant to a court order or order of any regulatory body having jurisdiction over matters which are the subject of this Agreement. Additional information regarding disclosure of personally identifiable information is described in the Privacy Statement which can be accessed through the Comcast High-Speed Internet Service home page.
Take a look at this thread from the Philadelphia Linux User Group. It sounds like the new software update that Comcast has asked its users to install contains spyware and changes internet settings...
So now they can track you from your own (Windows) machine, and also through their transparent proxy.
Can someone explain why the Good Guys always have to keep the Bad Guy on the line for something like three minutes in order to trace the call, when all they should have to do is call up the Phone Company (on another line) and ask them to punch up the number of the person calling this number right now?
Because Hollyweird is out of date. That used to be true in the days of mechanical switches, but now...pfft.
Well, that, and it provides a lazy director three minutes worth of free suspense.
I recently saw the modern version of this old chestnut on Fox's 24, where the Good Guys (a powerful and secretive yet benevolent government organization, hm) were unable to track down the exact physical location of a cell phone before the desperate-to-found caller was cut off.
In the wrong hands, sanity is a dangerous weapon.
"The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long."
I work for a phone company.
No, we sure as hell DON'T have a database. (atleast in Canada). There are only 3 times we keep track.
1. As per customer request (traffic studies, getting prank calls)
2. As per warrant (court order required!)
3. For long distance billing. (we need to know how much to charge you)
local calls are not recorded - we have to add an option in your line programming for that - after meeting one of the above requirements.
hollywood bullshit. With modern switches the phone system doesnt have to "trace" worth shit. It just _knows_ these things. There are limits, but with ANI and ANI2, the phone number comes down the wire with the signaling/setup.
In the past, it used to be that someone had to go actually TRACE the path of the physical switches as they connected the outgoing trunk to the local line. Someone actually had to do this manually physically, which is probably the 3 minute thing, but thats ancient tech. Only backwards places like North Dakota uses that.
I recently read an interview with 24's creators. When asked how much law enforcement and intelligence agencies cooperated in the writing of the show, they said something like "We've got a great relationship with the government. We pay our taxes and they leave us alone." So don't expect enormous amounts of realism from that show (eg, people running around shouting classified info over cell and cordless phones.)
The other Hollywood twist is that the bad guy routes their phone through several different switches, making it more difficult to track down the user.
It's because the actual "bad guy" is using spoofing hardware and software that makes his/her call look like it's comming from somewhere else unless you actually trace it back to the source. The more spoofing programs/hardware they comendere the more hops and therefore traces the good guys need to run to get back to the real number.
It's still in practice but now it's seconds not minutes that it takes to trace a call that's trying not to be traced.
) Human Kind Vs Human Creation
) It'd be interesting to see how many humans would survive to serve us.
In a previous life, I was an experienced admin of Inktomi traffic server. It's simply a proxy cache. Yes, it can do many of the things mentioned.. insert ads? Sure... capture user into private portal hell? Sure. Track usage via logs? Sure. Do most care? Ehh.. not sure about that.
That previous life was working with a large Regional Bell company... the mere mention of selling of consumer info (even just anonymized web logs) caused the blood to run out of their faces. I don't think it'll happen there, but I don't make promises for anyone else. It's quite the panacea of information, even if just used internally.
BTW, Novell's proxy cache is actually faster, easier and quite a bit cheaper. Squid, while free, will likely never reach the same performance levels.
Dump the IRS - http://www.fairtax.org
Personally I approve of this because it will allow for a more efficient operation of many useful web services like content filtering, virus checking and ad stripping. An important part of this work will also be define a standard way for conforming OPES software to only invoke edge services after authorization from end-users and/or content providers.
This is what Orangatango is all about; run a virtual browser through SSL and all Comcast will ever see of your surfing is www.orangatango.com:443.
--Just the place for a snark!
I think I smell an Uplink player here. In reality, you can't spoof, ANI will show your originating phone number and that number gets bounced around with each successive call. It is true, however, that starting a few conference calls, chaining them together, then calling Sears, explaining that you're new in Automotive and you need the operator, getting a dialtone, and continuing the chain of calls can slow things down a little.
- we have all kinds of quality problems. There's a shitload of web apps out there that break with transparent caches, one way or the other, and often in subtile ways. There's even an RFC about some of them.
- when metering traffic independently of the cache statistics we found that we actually did not save any bandwidth worth mentioning. The statistics for the caches of course say different, but interface counters don't lie
:-)
- customer satisfaction goes down the drain. The reason is, even if there is no problem with the caches, people blame any problem with internet and web site availability on the caches - and thus on us.
But, no, we have nothing in place to collect and evaluate logs. It's just much too much data right now to handle or even store it professionally. OTOH, given technological advances, this kind of storage and evalutaion probably will be trivial a few years from now. So the tendency is definitely dangerous.f.