Slashdot Mirror
Belkin Routers Route Users to Censorware Ad
The Register has a story today about
Belkin routers redirecting their users' network traffic.
To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"
There is censorship in the routers. But there is also loose spare change that the system addy dropped in their too.
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
The device is defective. Make product support give you one that works. While you're at it, send hate mail to the marketing team. I bet the support guy will give you the right email addresses...
Better yet, get the addresses and post them here.
What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial? Maybe your car radio could redirect your listening to a clear channel station every
8 hours. These are business models I need to patent...
Don't forget that Friday is Hawaiian shirt day.
Here's the usenet thread where this was first discussed. Especially noteable are the initial discovery, the response from Belkin and the first response to Belkin. After that it it's pretty much the same thing you can expect to see here on /.
<sig>Guvf vf abg n frperg zrffntr
Belkin = Broken
Ok if I buy say a Book from my favorite online bookstore and get it shipped UPS, I'd expect it to arrive as a book right?
But what if every one in 100 times, UPS thinks I might like a corporate logo bumper sticker instead of my book, they throw my book into the eternal void, and give me a UPS bumper sticker instead. I'm supposed to like this?
Bottom line: When I ask a package to get delivered, and for a certain package to be received, I WANT that package, not what they think I want. Whether it's a TCP/IP packet, or a book. I fail to see the difference here.
Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).
...in bed
http://www.sethf.com/freespeech/censorware/project /isclosed.php
"Eve of Destruction", it's not just for old hippies anymore...
In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software.
Also in the news: the American council for airbags has been hitting people randomly in the streets to make it easier to appreciate their products. Thanks!
Seriously, though, I don't 'get' how a company could think this would endear themselves to their customers. If Cisco pulled this shit on its customers and made all their routers randomly direct to their brand-new VPN product I think it'd make people stop using Cisco FAST
Thanks to ad-blocking features in some browsers like opera or mozilla, marketers now need new ways to deliver ads to the public. Ads are required to keep many people in business, and blocking them just forces marketers to use more intrusive tactics such as this. Why do you think internet explorer doesn't block ads by default? Because we should respect advertisers...
If you disagree with me, look at the ad at the top of this very page, even slashdot uses ads to stay in business.
GoatPigSheep, the 3 most important food groups
Take an old Pentium I and put Smoothwall on it. No more Belkin and Netgear routers you get for $50 at Circuty City.
..if you can disable it, and the instructions mention that you can and explain how to, is this really that big a deal?
Is the address it redirects to hardcoded, or can the router get hacked and a new address put in? Now that would be good PR for Belkin, someone hacks the router and redirects all web traffic to some porn site.
I Am My Own Worst Enemy
In Verizon's incredible company aquisitions, did they strategy start eating peripheral (plus all the other crap that Belkin makes) manufacturers as well?
This is my sig. The post is over.
Well, guess I won't be using any Belkin routers.
From the article:
"In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software."
Soooo.. it's spam, then. What a way of putting it mildly.
Should read:
"In response criticism, a Belkin lackey admitted a confirmation this week that the router will hijack an HTML request in order to advertise their product, for your convenience!"
IANAL but couldn't this violate free speech? who makes the decision as to what gets redirected? did they have any sort of mention of this in documentation included with the router, or did they just think no one would notice??!
"In a world without walls and fences, who needs Windows and Gates?"
I'm speechless at how brazen these guys are. I just don't know what to say, other than that I'm now afraid to buy their products. When I buy a product, I want it to work like it's supposed to work, not the way some marketing idiot thinks it should work. This is deceptive, possibly damaging, and certainly in violation of any number of specifications/RFCs. What are they thinking?
Way to take a stand. I'm sure these companies will decide to reject all that ad revenue in favor of the money they'll make off the one router you buy.
From the Eric Deming of Belkin:
We don't have the ability to spam you at a later time if you select "No Thanks" or turn off the reminder manually.
Riiiiiiiiight. Not until the next router software update maybe.
But props to him for calling it what it is: spam.
Several judges in different countries have already established that copy-protection on CDs was a defect and clients got reimbursed. This router behaviour is just the same.
When will they learn ?
Maybe we deserve this world ?
Just use an old 386/486/pentium 1. Or, you could even try to use an xbox for the same price as a router... adding a second ethernet card or trying to use the USB connector. In your 386, you could put a usb pci card in and use a usb flash drive. This should be sufficient to hold the memory needed for the router. For the OS, of course use BSD/Linux/whatever-you-want. Even windows 98 has IPMASQ support... renamed "internet connection sharing" - you'll need to cut down the install drastically to fit on the 64/128MB flash disk, though.
I really cannot believe this. This doesn't concern me as a censorship issue (doesn't appear as if censorship is built into the router itself... but without details on exactly how this parental control works, don't really know). It concerns me as a pure *annoyance* issue. I would absolutely flip out if my router dared to do this!
Everyone at Belkin should be ashamed of themselves. How could an engineer do this? He should be flogged with a cat-o-nine tails of twisted pair wire... this is evil, evil, evil.
Oh, and to the Belkin Marketing Department: Kill yourselves. Suck a tailpipe, hang yourself, borrow a gun... rid the world of your evil machinations. [ Just planting seeds ]
It's a strange world -- let's keep it that way
If this had happened to me, I'd be writing the FTC, not Slashdot.
I recall an old arguement against censorware was just this kind of intrusion.
The next step, of course, is for a hacker to hijack this "feature" and dump all of a routing companys customers to child porn, warez sites, or nigerian scams galore.
Then there is the temptation of the companies themselves, "You can turn this feature off only by submitting a valid e-mail address." Then they sell off these addresses to spammers worldwide for a profit.
This kind of stuff is worse than big brother. At least in 1984 they didn't force commercials down your throat.
Karma Whoring for Fun and Profit.
"We don't have the ability to spam you at a later time if you select "No Thanks" or turn off the reminder manually," Deming writes. "I know this feature might be misunderstood and might PO some people. I know the manual could do a better job explaining it. These are all things that we at Belkin are working to remedy."
LOL... now I wonder why they did not explain it better!
'Go for the eyes, Boo, go for the eyes, aaarrrrrrrr!' -- Minsc
Keyboards that occasionally type "www.belkin.com" when they detect you're typing a URL. (But you know, not more than once every eight hours, so it's OK.)
.jpgs of happy people using Belkin products.
USB mass-storage devices that randomly delete files and replace them with
PC Speakers that say "Shop at Belkin!" every couple of minutes.
etc...
Uh Clem. a former Belkin wireless router user, was perplexed to find machines on his network redirected to an ad for Belkin's new parental control system, following a software update.
The guy's name is "Uh Clem"?!
Man, he must have taken some ribbing in grade school. For a second I thought this article had been written by ignorant hayseeds from (insert state of choice here). "Uhhhh, Clem, the router t'ain't workin'."
Belkin knowingly chose to hijack an HTTP query *WITHOUT THE USER'S PRIOR PERMISSION* to facilitate sales of their product.
Thank you for admitting that Belkin spams and steals. That made it very easy to remvoed Belkin from our Corporate purchase program.
like this ...
link
With the dizzying array of routers available for purchase, I've often been befuddled by the sheer number of choices that I have when buying new equipment. Which one is better? Why is this router $10 less than this other one when they appear to do the same thing? Which manufacturer should I trust with my data? With razon thin profit margins, and fierce competition in the IT hardware industry, such choices have become extremely difficult.
It's comforting to to know that Belkin has recognized my problem, and has stepped forward in an effort to solve it. They make it so much easier by saying...
"If It's Belkin, You Don't Want It!"(tm)
Thank you Belkin. With your new forward-thinking "Don't Buy Our Stuff" policy, I will be sure to stay on the lookout for other products that you offer, so that they can assist me in making difficult purchasing choices even easier.
Assuming I understand this correctly, it could be dangerous. What if the request that got hi-jacked was me transferring money between two accounts?
Sure, they are probably safe because they only hijack HTTP (port 80) and not HTTPS (port 143). Hopefully anything important I'm doing is on port 143.
I will not buy Belkin anymore. This type of behaviour in a product is unacceptable. Advertising is one thing. Hijacking my requests is much more serious.
Hopefully some plaintiff's attorney will pick up on this story, and file a class action law suit against them....
That may dissuade other router manufacurers from going down the same path..
This is your typical "Tech vs. Non-Tech" argument. The manufacturer did something to appeal to Non-Techs, and it offended many Techs. Hmm.. wonder if the whole Windows vs Linux thing falls into this category...
... well, when you first buy your car, at some point it will drive itself to McDonalds, unless you tell it "no thanks". Oh and it might randomly do this in the future unless you turn the feature off. Regardless of wether you like McDonalds or not, we had added the feature out of popular demand...
I just wish Belkin would offer firmwares/hardware *without* the "feature". Any hijacking of routed packets is wrong. Sort of like saying
FLR
...my router has a 1st amendment right to send me advertisements and recommend political candidates.
Emergency rescue team takes a patient to hospital. The patient is in critical state. Suddenly the driver pulls over and exclaims: "We're at the bar that is owned by our hospital manager. Would you like a hamburger?" "For god's sake, I'm dying! Do I look like I wanted a hamburger?!" "Okay, as you wish, but remember, that are best hamburgers in town!" and the driver resumes his way to hospital...
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Now scans network devices, NIC cards and prevents driver downloads from loading adware into your firmware.
This sig contains a manual self-destruct. Kindly please put your foot through your monitor in 8 seconds.
Oh please.
[grabs crotch] Remedy this!
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
This is a defective product. It doesn't route IP packets correctly. Return it for repair, replacement, or [preferrably] refund.
Boy did they blow this one. If they had stuck to something simple like your very first HTTP transaction brought up a configuration/advert screen only once, then there wouldn't even be a story.
What if I had bought this for an isolated network? Would it hang up for an appreciable amount of time trying to contact belkin.com?
well, now its the routers that 2 people will buy.
And the network cards / access points / other equipment.
Hell... I'm even going to make sure mot to pick up a USB cable or surge protector made by Belkin.
Come on, all you moral crusaders! Join us now! you know you want to...
Even better: when the router crashed, it managed to disable the 100Mbit switch as well. My machines couldn't even talk to each other any more. Usually the "switch" portion of a product like this is a hardware/embedded solution which runs even if you screw up your router config. Not with Belkin!
Even better: it dropped about 7% of packets. If you know how TCP timeouts work, you can imagine what that does to web browsing.
I returned it and bought a 100Mbit switch. Then I took the time to learn iptables for Linux (was hoping to just pay 60 bucks and not worry about it). Never looked back.
How can I reprogram my Belkin router to direct unsuspecting users to goatse.cx?
Please please please mod the parent up to 5. Actually having Belkin's response (a.k.a. hanging themselves) prominently displayed on this page will greatly reduce the amount of uninformed comments in this discussion
Too bad their "employment" page is broken. I guess they need a new web admin and new PR people.
One day, Belkin's router project manager Eric Deming was sitting around thinking, "How can we get $5,000,000 worth of bad publicity for free, and sink the company in an afternoon?"
Then he had an idea: "That's it! We'll abuse the trust of our customers, and get a story on Slashdot!
Consider that a user is in the midst of filling out a long string of forms. After hitting the submit button, the next HTTP request directs them to this AD instead of the intended web form. Their form chain is broken, and there is potential data loss, as the customer has to start the forms over again. This is a VERY bad precedent to set. If it was the very first page served by the router, that could be different... the first time I tunred on my home router it directed me to a welcome and setup page... which is quite different.
just my $2/100
Actually, Belkin is not getting ad revenue. They're advertising one of their own products (parental control).
Also, I think Belkin, D-Link, et.al. might well listen. The home wireless router market is a cutthroat, commodity place. To me, they're all basically the same box. Why would I buy from a company that routes me to spam, when there are 5 others that don't on the same shelf for the same price?
After a 18 hour operation, a router was removed from a belkin representative's rectum. When asked how the hardware device got there, all the man could say was "No. More. Spam. I. Promise...."
During the operation, the heart monitor seemed to have contracted a strange glitch; every 100th heartbeat a message about "Herbal Penis Enlargements" would pop up, blocking the stats"
Belkin belongs on fuckedcompany.
I agree that if I'd bought one of those things and it started redirecting my traffic, I'd consider it defective and demand my money back. Belkin's really moronic to think that this won't backfire on them and result in an expensive class-action lawsuit. Maybe they can defuse a lawsuit by offering refunds to anyone who's upset at the feature, but I'm guessing they're too sold on their own flawed logic to understand that what they did is not going to be seen as anything other than making the product do something its owners didn't ask it to do, and that Belkin didn't tell them it would do.
I can smell the class-action attorneys lining up now.
Where did the trust go please? How can i trust Belkin now? Next step: Belkin cables will emit your personal info to identity mafia maybe.... :P
-- There is no spaam
My Roomba went on strike around the same time it started recommending the Swiffer Duster System and leaving shredded coupons all over the place.
"So Mr. Stevens, you are saying that you ordered an Extra Value Meal, and the cashier instead hauled off and punched you in the face."
"That's right."
"And so you are charging the cashier with assault."
"That's right."
"All right. Mr. Defense lawyer, what do you have to say to that?"
"Mr. Stevens: Did you specifically ask my client NOT to punch you in the face?"
"Huh?"
"What did you tell him exactly?"
"Um.. I told him, I would like a number three meal and a Dr. Pepper."
"I see, and that was all?"
"Um, yes."
"Not that you wanted a number three meal, a Dr. Pepper, and to not be punched in the face?"
"Uh.. no, just the #3 and the Dr. Pepper."
"Your honor. How can my client be expected to be held responsible for this when Mr. Stevens was unclear about what he wanted? Had he configured his order correctly, my client would not have punched him in the face. So why is my client the one to blame? What do think Mr. Stevens expected to have happened?"
"Hmm, excellent point. Case dismissed."
They are defective and do not perform routing functions correctly. Even if you've already told the router to not hijack your packets again - you have no reason to trust these products with your data.
There is no evidence that there aren't other redirect back-doors that will show up in time or another firmware update. There is also no evidence that the backdoor is secure and cannot be exploited.
Would you trust transmitting your credit card data to a product that is *designed* to fail and subvert information for marketing purposes? Depending on how the URL is redirected, it is most likely a breach of your privacy as well.
Way to take a stand. I'm sure these companies will decide to reject all that ad revenue in favor of the money they'll make off the one router you buy.
Belkin makes more than just routers. They also make network cards, KVM switches, surge protectors and UPSs, mice, keyboards, USB hubs, etc.
I used to consider them a trusted brand for computer hardware, but after this, I will not purchase any products from them, and will recommend that other people not purchase as well.
One angry consumer telling his friends can cause a lot more than just one lost sale.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Belkinware 2.0 dramaitcally enahcnes your browsing experience by subjecting you to unwanted...err targetd advertising. How does it do this? Why since the router is typically the last component between you and the internet we monitor all http requests and on certain purchasable key words (contact us for rates)it will return your paid for ad!
Since people rarely monitor traffic between their routers outbound port and the internet no one will know we are secretly passing this market research information back to a central repository where you too can purchase marketing research for pennies on the dollar.
Know What Your Potential Customers Are Shopping For!
All of this can be yours when Belkinware 2.0 hits the shelves!
Sick of stupidity? http://www.patentlystupid.com
I've been using a simple Belkin router for quite a while. Its been very reliable and stable.
But, this is disturbing and sick. Every 8 hours ! I may have cribbed less if it was 30 days once ...
There are lot of other features in the router that I don't use ... and are free. They don't remind me about those every 8 hours once, do they ?
I hope this happens to an FTC commissioner and he initiates some action against them.
karma : former act as leading to inevitable results
There is much wisdom to be divined by staring long and deeply into the hole.
In Soviet Russia, You stare into the abyss, and the abyss stares back at you!
I found this quote from Eric Deming in response to the original newsgroup posting quite interesting...
[quote]
By the way, this procedure (disabling the nagware in the router web-config) might have to be done if your router is behind a firewall. Reason: filter.belkin.com sends a response to the Router to set the flag. [/quote]
So Belkin deliberately left a configuration on the router to be modifiable by someone without proper authorization (the owner of the router or the network admin)? Absolute genius. Destroy your company's reputation 100% in one easy step: the backdoor(s) will piss of the geeks, and the nagware-advertising will piss off Joe Sixpack.
"Jesus saves, but everyone else in a 10 foot radius takes full damage from the fireball."
No, there's no punch line, I honestly don't know.
No. The 1st amendment says that the *government* will not abridge freedom of speech. Last I checked, Belkin was not the government. They can censor whatever they darn well want.
It's an easy name to remember. Kinda sounds like Bilk'n.
Wireless at home is current fashion. May just get rid of my Cat 5 teather one day. Belkin? No thanks, just the notion they'd actually come up with such crap turns me off. Let alone think selling it would be appropriate.
Nope, sounds like the entire company is completely devoid of ethics.
Belkin (verb) - To serreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
It's a decent start at a definition. One could say "I installed this topdesk thing which totally belkined my browser". Let's make their name synonymous with bad behavior.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I was pretty unhappy with this, but was unable to convince my bosses that this was evil or risky. The company had apparently convinced them that they had checked it out with their laywers, and because they weren't changing the site's HTML -- they were putting outside Google's final </html> -- they were safe. (Never got an answer about substituting ads.).
I don't work there anymore, but last I heard it's still going on, and there's a few ISPs, at least in Vancouver, that are doing this. Scary.
Carousel is a lie!
Belkin is busy flooding the market with their low grade crap. It is getting really hard to find non-Belkin accessories, but in the router/firewall market there are a lot of choices. I'm partial to the old NetGear stuff myself but have since gone the DIY route.
Buy a small embedded board (Soekris is awsome), install OpenBSD (or FreeBSD or Linux), and voila you have a super secure platform for a router, firewall, access point, IPv6 gateway, etc. You can't even buy a small network appliance with all the features you can stuff on a 128mb CF card, and if you could it would cost $1000+
3 people, and you're free to visit port 80 on my site to see if my RTL8139-based Belchin network card is serving up ads... If so, I'm pulling it, and swapping it for a 3c905 at my school.
What if I have an automated process which downloads system patches every night and processes them. I don't think apt-get will enjoy JPEG-filled HTML where it expected a
debian package. What if my system if left vulnerable and someone breaks in because of Belkin's actions?
What if I'm archiving an important page and the damn router decides to insert a Belkin ad in the middle?
What if I'm making a purchase online and Belkin decides to replace the confirmation page?
What if I'm taking an online certification exam? Will Belkin pay for a new exam? Will they pay me for the loss in time?
Is Belkin going to take responsibility? I don't think so. So they shouldn't hijack the connections in the first place.
I'm returning the Belkin wireless router. I was ticked off that they included censorware (which doesn't work and which blocks incorrectly), but figured I could just not use it. Then this? From an UPDATE?
Fsk them. I won't even buy cable from them.
huh?
It's a ROUTER. By design, it's supposed to deliver traffic to it's intended destination, to the best of it's ability, 100% of the time. Not route a request to some other place- that's not it's design (well, in the case of Belkin's routers, unlike everyone else's, that is...).
Unlike popups, etc., this is redirecting randomly selected packets going to port 80 (and probably the HTTPS port as well...) to thier server. Take a wild guess how many different things that just broke (SOAP, XML RPC, etc.). Like someone said, I hope nothing mission critical for you is on the inside of this stupid router- because it's BROKEN by design (And "configuring" the Router doesn't include turning frigging adverts off, either...).
It's got to be one of the stupidest things I've heard of in a long time done for the sake of marketing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Why do you think internet explorer doesn't block ads by default?
Because the developers are lazy and behind the curve. It's already been commented that popup blocking will be included in IE 7 for Longhorn -- two years from now.
It's like litter.
It's like pollution.
If I am the only one doing it, then it isn't so bad.
But what if everyone did it?
What if everyone littered? What if everyone polluted? What if everyone thought they could send you unsolicited commercial e-mail to promote their product?
Now let's apply this to Belkin. What if every piece of routing equipment in between me and my destination point did this?
I'll see your senator, and I'll raise you two judges.
Somehow I doubt Cisco would do this, even under the Linksys name. It would outright destroy their credibility in the security market.
The device was replaced with another brand that works fine. Off line and collecting dust, I've never had a problem with it hijacking my HTML and inserting ads. Now I have another reason to not buy a Belkin product again, but I hardly needed one.
I'm an American. I love this country and the freedoms that we used to have.
According to this article from The Register, hardware manufacturer Belkin has added a nagware "feature" to one of their wireless router products.
The feature redirects browser requests to a Belkin add touting a parental control service. This apparently is done once per eight hours unless the user explicitly clicks on "No Thanks". Just closing the window doesn't make the ad go away.
The issue was brought to light by a former Belkin customer. Mr. Uh Clem has posted a description of the problem on Google Groups.
Eric Deming of Belkin responds to Uh Clem's post saying this "feature" was added to meet an internal "ease-of-use goal" and that the page users are redirected to, "looks like an ad" because "it is intended to be informative and easy enough to understand" for users.
Apparently there is no "ease-of-use goal" for shutting the annoying feature off if you don't want to click "No Thanks" button in the ad. According to Mr. Deming, to turn off the feature without clicking "No Thanks" users must "Navigate to the Router's internal web interface (default IP = 192.168.2.1), click on the Parental Control menu. In the Menu, select "Don't Remind every 8 hours" (This phrase actually varies a bit, but you get the idea) then click "Apply Changes". DONE. Nothing to it."
You've got to especially like the "This phrase actually varies a bit" and "nothing to it" parts from the above instructions on shutting off this annoying nagware. This in the same post that says "Traditional methods of registration, such as asking the user to go to a website or navigate to the Router's internal Web page to enter information didn't meet the ease-of-use goal."
One can only guess that you would probably have to shut this feature off again if you reset the router.
Hell, between the RIAA, DirectTv, and now Belkin, I'm running out of companies I can do business with.
Where's my lobbyist? Right here.
If I hacked into Belkin's corporate computers (even if I sold them the computers to begin with) and started redirecting traffic for my financial gain, I'd expect to find myself serving prison time shortly.
I wonder what effect this would have on web crawlers should this policy actually become widely adopted.
When all else fails, run.
i checked it last night....every bit offensive as it was the first time i went....i like to go there periodically just to remind myself why violence happens
If you want to argue that the router is rerouting traffic that is destined for kiddie pr0n fine (as it its got some parental/offensive controls built in). But it isn't, its rerouting random requests. The device isn't censoring content, its delivering spam. If you can't see the difference please hop onto eBay as I'm sure there are a ton of these listed for your pleasure.
Who is megan and why does she get a birthday announcement?
Appended to the end of comments you post. 120 chars.
It's not a router but, as I'm an avid gamer, I bought one of these a while back. Belkin has now firmly established that it won't provide trustworthy firmware/driver software, not just for their routers, but for any product.
Even though I don't use the Belkin Speedpad anymore (I've since migrated to this), I'll be yanking it out of my machine when I get home tonight.
Absolutely inexcusable.
Schwab
Editor, A1-AAA AmeriCaptions
Me too.
Maybe that is the stratagy, so you either have to do business with some of them to live or return to the stone age.
Well, in a previous place of employment, I had a lot of opportunity to send business to Belkin . . . manufacturing plants use hundreds of thousands of miles of wire.
Looks like I will have to suggest alternative sources for the wiring . . . until Belkin public disowns this genius's (*cough*) idea.
Chivalry is not dead, it's just frequently misspelt. - M. Langley
i started reading the Belkin response to this issue, and for the first few paragraphs i was convinced, thinking "so what if people want parental controls?"
then, he started explaining the "8 hour reminder" feature. that means that people are going to get at least one hijacked page view a DAY from these people. then he explains that you can quite simply turn the feature off by navigating the internal configuration of your evil router and finding some option to check ("it might have different names") and it became obvious how this is a blatent attempt at spamming the home user.
the home user won't be able to shut this off. they'll either subscribe to the service, or they'll be reminded every god damn day about the service that they aren't subscribed to.
horrible.
Belkin should stick to making overpriced cables.
Oh, come on. There's such a fine line between trolling and humor around here, it's stupid.
I was trying to think of the one place that everyone in the world is afraid of being redirected to, and of course I came up with goatse. It's worse than any advertisement or microsoft-affiliated page or anything.
But I get modded troll? Come on!
Anyway, on haloween, someone sent me an IM claiming that goatse had replaced the picture of the dude with a jack-o-lantern depicting the goatse guy. Not believing it, I checked. And it was true.
God, sometimes slashdot can't take a joke.
sig?
Eric Deming (ericd@belkin.com) writes:
Oh, one last bit, when upgrading firmware for the Routers that originally shipped without the Parental Control feature, the new firmware has this feature added. This was by popular demand. Our customer install base began to notice the Parental Control feature on new models that we are shipping, and wanted a solution for themselves without having to buy a new product.
I can't believe this, this guy is trying to argue that the new firmware has this enabled because the userbase that is not tech-savy enough to copy and paste a URL is going to upgrade their firmware to get this feature.
I'd love to see the review of the guy who singlehandedly guaranteed that nobody who reads slashdot will be purchasing Belkin products in the near future.
"So, Mr. Deming, your feature brought us $100,000 in revenue from subscriptions to our parental control feature, but it antagonized 100,000 potential customers, and caused a 5% decrease in overall sales. You will not be receiving a raise this year. Or next year. Or the following year......"
Wow, why was this modded flamebait? He worded it a little harshly, but he makes a good point.
/. about it, you will make a lot bigger of a difference.
What are the chances that someone in marketing actually read the original post, and would even care that they are missing out on a couple sales.
Those of us who "get" the seriousness of this situation should be doing something about it- doing whatever we can to not let this happen. By simply boycotting those companies, you have an insignificant effect on those companies. By helping this news get into the mainstream press, and actually contacting the companies in question by other means than posting to
Best. Quote. Ever.
9 7d &dq=&hl=en&lr=&ie=UTF-8&selm=boecng%24ptb%242%40ba ldur.whoi.edu
http://groups.google.com/groups?q=g:thl38388180
I'd like more details. How does it determine if it is an actual HTTP request. I seriously doubt this thing is doing protocol level filtering (level 7, or 5, not sure which) to ensure actual HTTP packets. It probably blindly rewrites packets sent to port 80. However, what if I am running a mission critical service on port 80 that doesn't speak HTTP. I need my packet to go through, or something bad will happen. However, 8 hours just expired and I get a Belkin add. My server starts to fail and I am up a shit creek. Whose fault is this? I'd hope Belkin would be liable. I baught a router to route, imagine that.
If anyone has actual details on how it decides when and what to rewrite, I'd like to know.
As a side note, this is completely insane. I was considering buying an SD card reader from belkin, and a FireWire hub, but I think I've changed my mind. This behavior is completely unacceptable and will not be tolerated by me. It's not a case of three strikes you are out. If you decide to even swing on my router, you are ejected from the game. Belkin will never see a cent of my money.
-- Fighting mediocrity one bad post at a time.
I decided to peruse the response by JerryMouse (from belkin) and decided to see what other entertaining posts he has made. I find this one a bit funny http://groups.google.com/groups?q=JerryMouse+spam& hl=en&lr=&ie=UTF-8&selm=9%24--%25_%25%24%25%24%24_ %24%24%25_-%24%40news.noc.cabal.int&rnum=1
At the bottom JerryMouse had this to say "As to your second point, there are no innocent civilians - or at least no
innocent, INTELLIGENT civilians. They don't HAVE to do business with a
spam-tolerant ISP. Period.
"
Now replace "spam-tolerant ISP" with Spam-tolerant hardware manufacturer", and Jerry has told us just how to feel. Intelligent civilians should not do business with belkin!"
This company should be held accountable for something, though I can't think of what exactly.
For everyone saying "this devcie is not a router" I would say for false advertising. But then, it is a router, just not once every 8 hours. And this could be seen as a "bug", if it weren't for the fact that it was engineered to be in there.
This device contains a trojan they have written. Maybe someone should report them to Microsoft, pass go and collect 250K.
What happens when Michael sees Seth Finkelstein's name used positively and liberally on Slashdot by Slashdot editors? Does he hijaak a new domain in a fit of rage?
I think you might have a point there. Corporate America has been infiltrated by antiglobalist commies who aim to destroy it from within. That explains SCO perfectly!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
If you word it as you've done above, you make it look like you have a vendetta against Belkin out of spite. You don't need to.
I will be avoiding Belkin products especially those with "intelligence" (such as routers) until it's absolutely clear they will not pull this kind of stunt again. I will be avoiding it for the same reason as most of the people reading this article will, because I demonstrably can't trust Belkin to produce a working one. It doesn't matter if it's a random redirect of port 80, or, say, the box advertising a higher MTU than will work over a PPPoE connection - the fact is it's broken, and it appears to be an incompetent decision that's the source of this.
Belkin needs to demonstrate that this will not happen again, not to reassure everyone they're not really a bunch of utter bastards, but to convince everyone they're not really a bunch of idiots.
You are not alone. This is not normal. None of this is normal.
It's annoying enough to know that when you're sitting at a computer using a browser to surf the Web, a couple requests a day will get hijacked to the spam site.
But what about automated HTTP requests? You might be running some script to wget the latest greatest kernel source and instead it downloads a piece of spam. The hijacked HTTP request might come in the middle of a Gentoo build, or as you mirror a Web site and have a page replaced with an advertisement. You could be tunneling some other protocol over HTTP, and then who knows what this would do.
Very stupid and annoying of Belkin. If they wanted to make their parental control thing so easy to use, just include a CD that says "Put this CD into any computer on your network to enable parental control on your new Belkin router!" Newbies can figure that out. I don't want my own router launching some kind of spoofing attack on me three times a day just so I can view more spam.
What I love is Belkin's claim that they did this because having somebody visit a page violated their "ease of use" requirement. What a joke! As if people can't type in a URL after reading a leaflet included in the box? Are they aware that people type URLs all the time without trouble? They could even install a desktop shortcut to make it even simpler.
Then their letter goes on to explain how to disable the feature in the router (so you don't have to wait to be randomly redirected to the ad), and the instructions are quite vague: navigate to 192.168.2.1, find the setting which says something like (they don't give exact wording or where to find it, just vague directions), and turn it off. Where's the "ease of use" in that? Are they suggesting that this should only be turned off by advanced users and that naive users should simply sign up for their services?
Why can't they just admit that they wanted to prominently promote their subscription-based service? It's not like it isn't obvious what they're up to or anything.
Death to marketing droids, I say!! This shit has gone far enough!
You'd be surprised at what they're running in those router bricks. Usually it's an SH-3, MIPS, or 386/486, or a low-end ARM. They usually run an embedded OS that's generally intended for doing nothing but limited firewalling and routing.
A mid-end Pentium with 32 or more MB of RAM and 300+Mb of HD will work WELL in a router config. Smoothwall does an awesome job of running a firewall with the added ability to provide sharing on an ISDN or Analog dialup line, http/ftp/gopher caching, etc. It's kind of overkill for most people, but you can be assured of an easy to operate interface and a completely open system with NONE of this sort of BS happening in it. Any 5x86 class CPU or better will do, and you'll thank yourself for it in the end.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
"Uh Clem" is from an old Firesign Theater routine "I think We're All Bozos on this Bus"
Imagine you have a machine behind this thing that makes a SOAP call periodically to update some data. Boy, isn't it exciting to think about the new failure mode they just introduced? Port 80 now goes to belkin and possible provides the contents of your SOAP call to them?
The guy from Verisign get a new job after being fired over the DNS wildcards???
Sig under construction since 1998.
This is enough. First the crappy card reader, which I got a nice email saying that it is meant to only hold "a few" pics. BS. If I wanted to hold "a few" pics, I'll spend my money on a cheap replacement memory chip and USB reader for a fraction of that price. $99 for "a few" pics? What? Want me to bend over now or later? Sheesh!
Now this BS. Have they been under a rock for the past year? People want less ad-crap and more secure boxes, not a box that is insecured as a function of marketing! What's the point of making some sales buy losing the market because now people can't trust your compromised routers' firmwares? Now that you've made it work with one, what's to prevent it from happening to other ports? To my credit card numers? My secure certificates? My domain renewals? etc?
By introducing BS like this into your firmware, you've basically pissed on your own product's credibility. Why would any else respecting person buy your product if you knowingly built a means to hijack web connections?
As far as I'm concerned I will NEVER buy another Belkin product and will recommend non-belkin solutions as well as urge friends and associates to use non-belkin solutions/hardware.
If I wanted to get hacked, I'll drop my firewall. I don't need to drop a few hundred dollars on a router that'll do who knows what to my network.
Belkin, get your ASS in gear and figure out how to get your head out of it.
Honestly, I hope whoever is behind these braindead ideas gets the axe. But I hope more that the company that sponsored the idea gets reamed.
*shakes head* MORONS!
Winged Power Photography
I just threw my $85 Belkin spam device in the trash.
I sure hope my Belkin cables aren't diverting my electrons too.
I am off to buy the Linksys I should have purchased the first time.
Later, Belkin !!!
Those who can do. Those who can't sue.
Will your TiVo occasionally record infomercials and highlight them with a yellow star? Will the a thumbs up icon occasionally appear when you're watching shows to advertise other shows? Will every discription include a large icon for TV Guide? oh wait, my TiVo has started doing all these things since the "features" have been added over the past two years.
Good story, Jamie, but next time would you please credit the source?
"Belkin support, how can I help you?"
"My router every once in a while replaces my URL with one for Belkin parental controls."
"That's correct."
"But I just spent half an hour filling out the web form, and it doesn't cache, so I have to do it all again."
"You can turn off parental controls by clicking on 'No thanks!'"
"So this is intentional?"
"Yes sir, it's a service to you, provided at no extra cost. It also comes with a free 6 month trial."
"But a router is supposed to ROUTE."
"It can do that, if you change the configuration."
"So, it comes intentionally misconfigured to fail once every eight hours?"
"It's not failing, it's offering a service."
"So it's spamming me."
"It's not spam."
"Why not?"
"Because we're offering you a service you might not know about."
"So it's intentionally misconfigured to send me spam on something I didn't request any information for, dropping my URL and information in the process?"
"Well, yes."
"You should really just kill yourself."
"You're right. Goodbye."
*BANG*
"Dang, should of told him to kill the marketting department first. Well, I can always call back..."
=Blue(23)
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
Better make sure my Belkin cables aren't hijacking my electrons every eight hours too.
Those who can do. Those who can't sue.
So what do I learn now? While they should have been focusing their efforts on fixing their firmware that did not work, they instead wasted time adding a complex adware plot to the router and likely delayed any real firmware fixes (if they ever did fix the firmware) while putting this hack in.
I'm an American. I love this country and the freedoms that we used to have.
Where is the FCC on this issue? This device is a communication device that is intended to provide information from a public network. All of my networking gear has their stamp of approval on this, so how the hell did this get it?
The FCC was instituted to make sure that certain standards are met and that consumers and the public at large is not abused. This device is designed to mislead customers and most people will never even know what is going on. Sure there's a setting to turn it off, but my parents can't even program a fucking VCR, let alone configure a router beyond its initial plug into the wall.
...and spoke to someone in India who had no clue what I was saying and even less clue why I was upset about it. She kept telling me how to turn it off. I told her, "I've already turned it off! My issue is that it happened in the first place!" She told me how to turn it off. I hung up.
Glad to see someone else is pissed off about this. I turned it off in my router, got mad for an hour or so, and went on using my router.
Coincidentally, Belkin routers can't work with arbitrary MTU's over PPPoE, in case anyone needs further reasons not to buy them. I won't be buying another, even though mine works okay, sort of (I'm the netadmin for my ISP, so I can futz with things to make it work despite itself).
Jouster
Better yet, how do I reprogram YOUR Belkin router to direct unsuspecting users to goatse.cx?!!
sign your damned posts so I can put you on my "People on /. who aren't morons" list.
Damn! Hand't even thought of that.
In all likelihood, they'de be causing some serious headaches and countless hours of lost productivity as people are wondering why their application now isn't working.
I can only wonder what happens to the programs that are tunnelling through HTTP ports to create VPN's.
Winged Power Photography
He also said this as well
"at this point, the user can register or click "No Thanks".Clicking "No Thanks" sets a flag in the Router to stop the Router from re-directing every 8 hours to the reminder page. (Again remember, only one http request every 8 hours)."
Yea remember, ONLY one http requert EVERY 8 HOURS.
I can't believe this jackass had the nerve to also say "we are not talking about SPAM here."
Funny how everyone else whose browsing sessions are beign hyjacked don't feel the same.
There goes Belkin's router sales.
If you wanna get rich, you know that payback is a bitch
I would have thought that a device that takes a communication and redirects it without the owner's permission counts as interception.
SteveB.
Instead of paying Belkin for the router, send them an ad that explains why they should pay you for the privilege of being on your network.
I'm sure they will appreciate this new payment feature.
Just one thing.
"Google groups" is nothing more than a web client to usenet news, and a massive archive of usenet history.
One doesn't post to google groups--one posts to usenet, using google.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Somebody sees said ad in the middle of a online banking transaction, freaks out, calls lawyers claiming breach of privacy (even if they didn't see the packet they replaced)...then again maybe that will help some and prevent future adware such as this ickiness...
...in bed
Belkin make some BAD ASS cables.
While you sissymaries are all whining about your wireless interweb, BELKIN is out there making pimp ass WIRES for those of us who know the score.
Btw, buy your networking equipment from a cable manufacturer, you get what you deserve.
You insensitive clod.
I don't need no instructions to know how to rock!!!!
For all those people who were so vhemently opposed to banner ads in this previous thread, here's that other business model you were asking for!
I'll take my inline banner ads with no popups back, please. As for Belkin, fuck 'em. They make good cables, but if this is how they're going to behave they're off my list.
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
He also gets the amused Slashdotter award for making a complete ass out of Michael too.
So ok, if it randomly redirects HTTP traffic, what happens if I'm not using a browser, but rather have a web service? Sounds like these guys are not thinking much.
"I'm looking forward to to car that randomly turns left when you turn the steering wheel to the right"
Lucky stiff. Mine randomly drops the transmission right in front of the dealership. Talk about easy money.
Besides Slashdot.org, send copies ofcomplaints to Belkin (Deming seems to be the perfect person) as well as consumer media outlets like Tech TV, PC Magazine, and other tech websites. Spread the information so hopefully when searchs of the word Belkin are made, the results of the complaints and the problem itself will be returned.
Cave, wreck, and deep diver.
It stands to reason that they could also read all your cookies for the site you otherwise would've gone to, as well. Even if what you get redirected to is just a redirection server to assholes.belkin.com or whatever, that redirector has access to the cookies because your browser at that point still thinks it's talking to the site you intended to go to.
That leaves the door open for all kinds of pleasant things...
Till tomorrow when there will be a tool to exploit this. Someone will scope the packets and then make a tool which spoofs your address as filter.belkin.com and then change where the webpage goes. Next just pick a range of address's to send these bogus packets to and then watch everyone who owns a Belking router flip out because they keep getting directed to porn sites.
Even worse would be if they made up fake Ebay and Paypal login pages. Chances are millions of people are using those constantly. Saying your using Paypal and then your browser skips back to the login page. Of course you'd just think you need to login again. Right?
Fools.
If you wanna get rich, you know that payback is a bitch
Sleazy tactics like this aren't going to end. Theres only one solution. We need to sit around and think up every sleazy, disgusting, wrong, and dishonorable tactic someone could use to pervert the internet and it's standards to make a buck. We take that list, and patent it.
It makes sense you know :)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
If you have not yet purchased a Belkin Product and have pre-sales questions involving product selection, price quotes, where to buy, comments on our products , etc., Contact the Belkin Sales Department at sales@belkin.com.
That's sales@belkin.com.
I repeat sales@belkin.com
I was curious as to whether my router was affected so I figured that the best approach was to contact their customer support. I've currently filed an issue regarding a known bug, that could make my router insecure and I want to know if I'm affected. I went on to say that if I was affected I expect immediate action or they can expect to never get my business again, and that I would never recommend their product. I stopped short of accussing them of outright fraud, though if they aren't at least forthcoming with information about whether I'm vulnerable, that is an option. If I hear back with a list of product numbers I will post it here.
I was planning on going out after work to pick up a Belkin 802.11g router/access point. The decision was close between Belkin and D-Link, but the Belkin had more features.
Now the scales have tilted the other direction. Congratulations Belkin, you've just lost yourself a sale. And I mean *right now*, this sale was going to occur in about an hour.
There is no excuse for that sort of behaviour. I am long since tired of being subjected to ads by the DVDs and games I buy. When hardware starts advertising at me, that's where I draw the line. No more.
Random and weird software I've written.
My friend owned several KVM's at one point - one of them was a Belkin 4 port desk unit. He ALWAYS had cables falling out of it - it turns out the ports were so loose as to be useless.
Even the *belkin* supplied cables fell out. Nothing like having your K/M cables fall out to crash the machine you are trying to work on. The KVM was quickly consigned to an awefull fate.
I have to download a BIOS update. I right-click a link, download, save to floppy, reboot, then flash my BIOS with a Belkin ad. Oh my oh my oh my, what a dilema they have there.
The preceding post was not a Slashvertisement.
I, for one, ...
Will never buy anything from Belkin again.
Cyde Weys Musings - Scrutinizing the inscrutable
They interrupted ALL channels with a 60 second "Amber Alert" the other day - when the kidnapping was reported, but not confirmed.
Every single channel had the same Amber Alert. For a full minute.
Gee, Comcast. Thanks.
1. Client initiates a connection to www.my-private-site.org on HTTP port.
2. Client is silently redirected to Belkin's site.
3. Unknowing client sends the HTTP request, a POST request which contains some sensitive information.
4. Belkin has now hijacked a connection and received sensitive information that was not intended to go to Belkin.
Logically the thing to do is prosecute Belkin under federal wiretapping and computer crime laws.
Does anyone else here recognize this as part of a trend in American products? It seems that, simply by buying their product, manufacturers feel that they can take any liberty they wish. It was bad enough when they simply sold a shoddy product and I had to go through the hassle of returning it, but now they sell a shoddy product that takes liberties with me by forcing advertising down my throat!
People, I urge you to vote with your feet. No more Belkin! Let them languish in their own private hell with about 1 billion of these unsold routers piled up to their necks.
And for those of you that still need a router, a real router with only about 10 times the performance and 100 times the utility of any of the POS that MicroCenter and CompUSA sell as routers, then I suggest IPCop. It's Linux based, so you know there is no spyware involved, it comes with firewalling, Intrusion Detection (Snort) and Internet caching (via Squid) preconfigured so your Internet connection will be more secure, faster and more reliable than almost any dedicated router on the market. And it is free! Take any old computer you have stuffed in a closet (I configured this on a 486/100 with 64 Mbytes of RAM for one client; it ran real well), stick 2 $5 NIC cards in it and you are set!
Disclaimer: I am not associated with IPCop in any way, I just use it and like it!
I bought a Belikin 54G WAP in April, I had NO problems disabling this feature...
I thought it was actually really clever that they let you know it was available...
Too bad some people are stupid...
I'm reading this, and thinking...this must be an elaborate hoax. NOBODY in their right mind would do this...
Keyboards that occasionally type "www.belkin.com" when they detect you're typing a URL.
You laugh, but what about the welcome datacomp case of this keyboard?
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
This one is a bit more grey than something like versign's site finder. IMHO i think that adds should only part of a product or service if the terms of that service explictly states that there will be ads. At this point we have a choice of using that service or not. So we have a choice of seeing those advertisments.
This goes wrong when advertisments are part of a public space. Like sitefinder or billboards. If we are in that public space, we have no control over wether or not we will see the ads.
As for the belkin routers. In this issue they are not breaking any rules unless they do not inform the consumer that this "feature" is in thier products. A consumer does not have to purchase belkin routers.
In America we are imprisoned by our fear of them.
Just in case anyone was actually fooled by that shitty troll, the router advertises an unrelated product by the manufacturer of the router.
Features of the router belong in a manual. In fact, delivering features of the router to users instead of admins would be useless for such use anyway/
-Looking for a job as a materials chemist or multivariat
...http and https? What if I'm just about to buy something and instead of getting "We have just confirmed your order of $10,000 worth of thinkgeek merchandise" with Belkin's page.
I'm pissed just thinking about the possiblity.
Yeah, I know I'm dreaming, but I so hope that this mistake sends Belkin over the edge into oblivion, or at least damn close to it. So many companies keep pushing on the line. "Oh, let's stick an ad in our software." "Oh, let's put in activation to keep out the nasty pirates." "Oh, let's have our software phone home to make sure everything is OK." If a company bites the dust due to their stupidity, maybe the message will finally sink in that this is unacceptable. Leave the damn stuff alone. If we want to enable your "feature," we will. We don't need a big waving flag to point it out.
SSL exists a layer below HTTP. The router wouldn't be in position to mess with these packets. Banking should be safe
Still, there's lots of web applications that have problems caused - for example a stock ticker that read information from a web page.
Let's not stir that bag of worms...
We have one of those 4-port DVI KVMs (F1DD104U) and I have to tell you, we've gone through at least 3 RMAs on it.
The first DVI port DOES NOT WORK at resolutions above 1024x768. On any of them.
The LCD goes absolutely fucknuts when connected to it.
It's sad. All of ours are being used 3x1 because of it.
Let's face it, Belkin sucks. Cables are way overpriced. Don't ever buy anything from them.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Begin email
l
----------
BCC: My Bosses; Company Tech Manager; IT Business Partners; Tech Friends
Subject: Belkin Routers - built in ads
Here's a good reason we should be wary of using Belkin equipment. One of their current products is known to covertly hijack an outgoing internet connection at certain intervals and redirect it to a site of Belkin's choice for advertising purposes..
Please see the article:
http://www.theregister.co.uk/content/69/33858.htm
This is a bought-and-paid-for product, not a free advertising-supported product. The manual also doesn't fully inform the user of the connecting hijacking.
As such, please be wary when purchasing Belkin equipment, and feel free to let Belkin what you think of these deceptive practices:
http://www.belkin.com/contactus/index.html
---------------
After all, not everyone reads slashdot, so I feel obligated to inform those that might otherwise by sh**ty Belkin products. Please feel free to use this message as a template to anyone you might want to inform.
I hope that the geek community over-reacts to this enough that this will become legendary even among marketing morons.
So next time some jackass marketer thinks of trying something like this, someone will say - hey, don't you remember what happened to Belkin?
If the reaction isn't big enough for people to remember, then there's no disincentive for the next company to try it again.
As for myself, I'd like to have a router from Verisign. Considering how they've so carefully protected the structure of the .com and .net tlds that they've been entrusted with, I think that a router from them would be a much more reliable product.
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
Messing with upstream DNS entries to re-map filter.belkin.com to goatse.cx...
Problem: hasn't Verisign already copyrighted this? Verisign managed to hijack something (the pool of unassigned domain names) for their benefit, and to the detriment of nearly anyone who actually has to manage a server. At least Belkin only tried to nail its own customers - that way there's not as much collateral damage while they eliminate themselves from the business gene pool.
How about "Belkinsign" (verb)? use: "I downloaded a security program, but it belkinsigned my computer and pointed me at a penis-enlargement site because the security folks thought I might need it. How nice of them." An alternative term might be "Verikin".
These people need to be embarrassed with extreme prejudice.
How about a truck full of hazmat that turns off when the driver turns left when he should have turned right. That's just the kind of thing I want stalled on my street. As we learned just yesterday, it's already in CA. I wonder if the system makes the drivers look at adverts for drivers ed when that happens.
Sound of motor dying and down shifting .. BBUUUuuurrrrrrr.. chunk-a-chunk, ppeeeeeep clunk.
Driver - WTF? oh, no.
Sound of locks activating and bulletproof screens descending over windows - chunk-chunk, whirrrrr!
Driver, now captive - sob.
Friends don't help friends install M$ junk.
ericd@belkin.com
Sales Prevention Team
Belkin Corporation.
Glonoinha the MebiByte Slayer
The FCC labels are about electromagnetic radiation and interfearence with other devices. The FCC probably has no ability or interest in trying to force compliance with IETF documents or even TCP/IP stack compliance.
:)
The FCC regulations are very easy to get approval for... just build a metal box, do anything you want inside of it and chances are, it'll pass. Now, if you put a spark-gap (jacobs ladder) on the front, it won't... but it'll look damn cool!
Can anyone Confirm the story? I see a usenet-thread including one "JerryMouse" - but are this hard facts?
Has anybody here a Belkin router to test this "feature"? Or is there an official statement on the Belkin Website? Anything else than usenet?
They could have made the first HTTP request direct to a "configuring your router" or a "thanks for buying a Belkin Router" page like many pieces of software do. Alternately, they could have put this on the router config page (assuming it has an internal www config like many routers) which is more or less where it belongs.
Redirecting random packets is completely idiotic... but I'll admit I wouldn't be quite as pissed if it redirected to an initial "config" page on the first request...
Think about hacking the site that sends the ad - then you have potential redirected access to all machines with a belkin router at least once every 8 hours. hmmm - I like. NOT.
Why not just load a trojan that gets refreshed every 8 hours. You'd stay ahead of ALL of the anti-virus companies.
Even if they take this out, it's too late... They did this once, what's to say they won't do it again?
And the count of 3 just got bumped up to 4. And #4 is the guy that fills out the PO's and requisitions for the Director of IT at a nationwide telcom provider. We have 8 data centers, and 6 more are coming online within the next fiscal year. That's just a hair under $50 million USD of product that I research, and give my blessing upon for the Director to rubber stamp.
And not a single center will have ANY product made by Belkin.
I'm not crazy,I'm actively irresponsible.
Unless someone is imitating him, Jamie replied to that journal entry hours before he posted this story on the front page!
> Oh, one last bit, when upgrading firmware for the Routers that
>originally shipped without the Parental Control feature, the new
>firmware has this feature added. This was by popular demand. Our
>customer install base began to notice the Parental Control feature on
>new models that we are shipping, and wanted a solution for themselves
>without having to buy a new product. So, we accommodated them.
>I'm happy to answer any questions if you have any. Thanks!
You're new here, aren't you?
Belkin Sales Team:
t ml
1 C4 4EDE%40DutchElmSt.invalid
Our company was set to replace our existing older Belkin KVM switches
with an upgraded version when I read this article:
http://www.theregister.co.uk/content/69/33858.h
and this followup from someone (Eric Deming?) within Belkin:
http://groups.google.com/groups?selm=3FA87D03.E
Needless to say, I can no longer trust Belkin with any of our infrastructure
devices, be they keyboards, KVM, or even home-office equipment that we
recommend to our staff. What is preventing your KVM switches from manipulating
their attached systems to contact Belkin for ANY REASON without our input? With the IP
feature of the Quadbus system who knows?
The same same question applies to your keyboards.
As far as your home routers go, we will be using Linksys from here on out, as
their products do not redirect traffic on a random basis back to the Linksys
corporate site. We have company traffic that cannot be interrupted by unintended
data-stream manipulation by a foreign concern. Furthermore, your firmware
appears to permit remote entities to change basic operation or internal settings
of the router. How can I be assured that in time, Belkin will not decide to
'upgrade' various installed units via this backdoor command capability?
Our KVM replacements (10), which were going to be from the Quadbus series, will
be going elsewhere, probably to Rose. Our home router recommendations are now
Linksys.
Over the past few years, we have purchased over $30k worth of Belkin equipment
for resale to the K-12 education community via channel partners and distributors.
This will not continue, effective immediately. Unfortunately, I do not anticipate
our company doing any further business with Belkin in the foreseeable future.
Toil is Stupid. Don't be Stupid.
Turn off your spam filters and you'll find that several websites are trying to sell you something to remedy that.
It could catch on, if you email your idea to someone at The Register or any similar web site. They might post it in one of their articles about readers' letters. It could spread through blogs and the like.
Here is one [http://www.microsoft.com/hardware/broadbandnetwor king/productdetails.aspx?pid=003]
Oh wait..we hate them too.
Cave, wreck, and deep diver.
I had a 54g Bro^h^helkin wireless router (twice) and two PCMCIA cards from CompUSA. The first router worked right away. But then I flashed the firmware into oblivion. Traded it in, then spent two weeks on the second one trying to get the wireless to work at all. It connected maybe twice, for about 30 minutes. The desktop was hardwired, at least that worked. But, it redirected me to their website 3 times. And the ad was for a Belkin 54g router! CompUSA traded me a Netgear router and cards, and it works great.
Do you really want to work for a company that's going bust real soon now?
What time is it/will be over there? Check with my iPhone app!
Its not busy, its not available. its just out of service. They took it down.
Make sure your voice is hear: Send an email to sales@belkin.com, particularly if you are a customer of theirs, or were considering purchasing some of their products. Your message would be most effective if you specify what Belkin products you have and/or what products you were considering purchasing (and, of course, that you won't be doing that :-). You can keep your messages short and sweet, since they have now have plenty of places where they can read why their product's behavior is obnoxious to their customers and (formerly) potential customers.
Here's the message I sent:
Date: November 7, 2003 1:43:50 PM PST
From: Charles
Subject: I can't believe you did that... did you?
To: sales@belkin.com
Hi,
I own two Belkin wireless routers (one for my parent's house, one for mine), and was considering buying a second one to improve the signal quality throughout my home. I'm also interested in some of the Belkin iPod accessories.
Today I read about how newer firmware on Belkin routers occasionally redirects web requests to a Belkin web site suggesting a subscription to a "Parental Control" service (this is detailed in , which refers to ).
These articles make it pretty clear that Belkin implemented a feature that causes their router to intentionally misdirect web traffic, for the sole purpose of advertising a Belkin service, and that user action is required to stop this obnoxious behavior. I would consider this a fundamental breach of your customers' trust. When I entrust my network communications to a vendor's product, I need to be sure that that product will transmit that communication as faithfully as it can. If the vendor intentionally causes a failure in transmission, for whatever reason, but especially for its own advertising benefit, that is a breach of trust. There a literally dozens of networking components between me and any given web site I access (my web browser, the operating system on which it runs, the computer on which that runs, the wireless card in that computer, the Belkin wireless router I use, routers at my internet service provider and between it and the web site, and all the equipment on the web site's network). Every one of these could be made to stop traffic for an advertising break, as Belkin's seems to now do, and I'm sure you'd agree that would make for a quite annoying web browsing experience. Users and networking professionals alike would surely agree that any products that did as Belkin's is reported to do would be working against the user's interests, and against the product purchaser's legitimate understanding of what the product should do (unless of course the product was clearly labeled as subsidized by advertising).
Please tell me that there is some kind of mistake and that the situation is not as I understand it to be. If there is no mistake, I can tell you with confidence that I will not buy another Belkin product until Belkin corrects the problem with this product, issues a public statement apologizing for their breach of their customer's trust, and takes appropriate action against the person or persons responsible for the mistake. Please implement these corrective measures, or let me know that they are not necessary, as soon as possible, since in the meantime I will be repeating this story of Belkin's misbehavior as an example of a company's misunderstanding of its responsibility to its customers.
Thanks for letting me know if the articles I linked to are incorrect. No further communication from Belkin is needed if they are not. I will be be watching the technical media sources for any news of changes to Belkin's product behavior and attitude towards its customers.
- Charles
...to coincide with the installation of my cable modem. Previously, I've used a Smoothwall-based system for my firewall/routing needs, but I didn't happen to have a spare box lying around, and being in a hurry, I picked up a router. Belkin makes some decent stuff--how bad could it be?
I saw the ad about an hour into my browsing experience. My wife would later describe me as "foaming."
It's going back this weekend in favor of a Linksys that several friends have recommended.
This is the FCC mandated EAS support (ie emergency alert - the thing those modem like tones on the radio EA messages you hear trigger) - they are legally required to do it
Did they even consider the potential liability issues when they came up with this scheme, or did they just say, "hey, let's roll with it"?
Dewey, what part of this looks like authorities should be involved?
Belkin has agreed to change their router firmware.
"We have discovered a better solution to our advertising needs. Rather than rewriting URLs once every eight hours, we will use Microsoft Messenger Service to inform customers of our wonderful offers every five minutes!"
www.eFax.com are spammers
"I'll just quit buying [RIAA/MPAA] products. Though I don't have any to beginning [with]." ...that'll show them. Lose paying customer, they will.
Anyone got a reference?
-- ac at home
send the owner Chet Pipkin and his evil brother Eric Pipkin a friendly note to tell them just how you feel. The Product Management team is a worthless bunch of hacks. Talking directly to the owner is the best thing you can do. chetp@belkin.com ericp@belkin.com
We're all part of the public, aren't we?
Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220
melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com
(this is (unless you get redirected by your router) publicly available information at www.belkin.com)
Opinions on the Twiddler2 hand-held keyboard?
Whenever a company does something so anti-consumer that I vow not to buy from them (like this case), I sometimes have trouble months later remembering whether a company is on my mental list because it's in the "good" category or the "bad" one. Here's my easy way to remember Belkin: the company is now Bilkin' its stockholders out of any further returns.
- First they ignore you, then they laugh at you, then ???, then profit.
as this is a digital device... arent they violating the DMCA, I mean they are hijacking connection from the user and blocking access to the users intended site, thereby potentially reducing profits for the intended site. Sounds like belkins board needs to spend some time in they lockup, screw not buyin from them.
Users expect ads. With companies offering free internet service. free software, etc. we expect it. but when users have already paid money to the company for software, service, or hardware, they should be exempt from such BS.
Seriously, you couldn't damage Belkin's image more. This cannot be a blooper. Eric Deming is actually an Evil Genius !
Good afternoon.
My name is [name deleted], and I work as IT department manager for a medium sized company in [place deleted]. I write to you in light of the recent unveiling that Belkin are knowingly shipping routers that show commercials to the end users by hijacking HTTP connections.
I am not sure if the product manager, Eric Deming, who designed the product to not work as expected did so understanding the full consequences if - or, rather, when - this information would become public. The one reason Belkin's name has been held in high regard at the company I work for is because of dependability. When it turns out that Belkin is actively designing products to not work dependably, but instead display advertising at the user; that reputation of dependability... well... there's not much left of it. And, as you are aware, for every one of Belkin's products, there is a competing product.
It becomes much worse. It also turns out that Belkin has the ability to remotely modify the behavior of these routers. When I showed this fact to our network security people, they went ballistic and drove straight off to the local equipment store, only to come back two hours later with a bunch of boxes. 30 minutes later, there was a heap of discarded equipment in a disorderly pile in one corner of the networking room. The discarded items all carried the name "Belkin". I signed the receipt for the new equipment with a look, a sigh, and a nod.
To top it off, it seems that your Mr. Deming who designed this behavior believes that every outbound hijackable connection originates from somebody sitting at a computer and browsing the web. However, more important are the automated connections. What would happen if the backup for our commercial data, which is transmitted regularly over the Internet, instead was pushed to Belkin, due to this behavior? What would happen if virus or operating system upgrade connections were the ones hijacked? Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.
This product has been designed to not work, despite charging good money for it. I lack words to describe how shameful this behavior is.
Additionally, if the Belkin corporate culture is one that allows such a technical atrocity to make it to the shelves for one product, then it is obvious it may happen again, or has already happened, for other products. However, rest assured that this company will never again buy another Belkin product as long as I run the IT department.
[signature]
-I will be avoiding Belkin products especially those with "intelligence" (such as routers)
Well therein lies the problem. A router is supposed to do one thing, and do it well. Router stuff. They bastardized it and now you never really know if it is going to do 'Router stuff' or advertisments.
How about keyboards?
Video cards (yea I know they don't make video cards, but still.)
What if every once in a while a modem called overseas to connect to their ISP instead of connecting to whatever you told it to connect to (has a foundation of truth, long time ago it was a scam centered around porn IIRC)
Those are all HARDWARE built with a purpose, supposed to be bulletproof. It is one thing for it to glitch, but to fuxor up a connection intentionally so they can serve you ads?
Fuck that.
Glonoinha the MebiByte Slayer
You can blame the marketing department all you want (please do), but at some point it was a geek (maybe someone who reads /.) who actually programmed this functionality. Their boss is probably somewhat of a techie, too. The testers who checked this functionality and the folks who created the web page also have some tech skills and savvy. Did they all think this was right?
The point is that geeks are to blame for this. The marketroids may come up with some stupid ideas, but who actually implements them?
I understand (completely) the self-presevation necessary in today's economy and the unwillingness to say, "No!" to something like this. I hope there were technical objections at Belkin. I hope there were testers jumping up and down and screaming about RFCs and proper routing and a failure rate of 3 per day per unit shipped, but I doubt it.
The next time your boss comes to you with one of these half-baked, assinine ideas, I hope you tell him that you object, as a Geek.
---
Q: Why do marketing guys wear ties? A: To keep the foreskin from flapping up!
and (almost) nobody is using their products:
:)
They have nothing to lose !
If I were Belkin, I would reconfigure/update all my router/accesspoint software to do whatever they want to do with it, like redirecting every bit of IP-traffic to 67.98.73.16. It's not that anybody is going to complain: their e-mail won't work! Har har har!
By the way, if you need a new employee, I am learning fast
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
[17:22] [A friend of mine on AIM]: Belka in russian means squirrel, belkin = squirrel's
Belkin is a privately held company, which in a case like this is a shame.
It would have been funny to have seen the affect on stock price this sort of gaff would have had.
www.eFax.com are spammers
Boycott Belkin products!! Make sure you do not support a company that stoops to such levels. Buy nothing Belkin until this is changed.
a linux NAT box was harder to set up in the beginning, but I've thus far managed to avoid all the silliness (including security silliness) from those black box solutions, and my solution is much more future-proof in terms of upgrades.
Fred
"A fool and his freedom are soon parted"
-RMS
Granted this is Slashdot, but a lot of people are overreacting even more than usual. It's just a parental control feature that was designed to give the purchaser ample opportunities to activate the parental controls. It can be easily turned off by just clicking the "No Thanks" button or going into the router's user interface and disabling the feature from there.
This is a non-story, so you can unclench now.
You have just guaranteed that I will never buy one of your products. Furthermore I'll make sure I tell anyone I know who is interested in consumer gear of your utterly slimy behaviour along with my recommendation to give you a wide bearth.
Does anyone know if there's anything like Flash click-to-play for Opera? Sometimes I need to use Flash (no, I don't just mean for Badgers), so getting rid of it isn't an option, but I don't like animated ads either.
That's very true, but this is even worse -- there is no error indication, no http 404, no low level checksum error, no TCP timeout -- it LOOKS like everything worked. Only a human watching a browser will see the failure.
I use wget and other http tools rather heavily. I could imagine not seeing the ad-damage for weeks, but meanwhile having things screwed up behind the scenes (e.g. wget-to-mirror-archive, something I do a lot).
I don't know why no one has mentioned this yet, because it really is the worst aspect of it (other than Belkin's attitude, that is).
I don't think that apologizing and patching their product is sufficient -- not that a company with that much chutzpah is likely to back down anyway. Let the SOBs just die -- permanent boycott!
Professional Wild-Eyed Visionary
If admins are using Belkin routers on your corporate network, you should be shot and killed. A router is THE main point between your network and the outside world. And you're using a piece of garbage like Belkin? I know there are smaller networks where that's all you need, but for those people it's not a big deal to turn it off. Besides, you shouldn't have just plugged it in without looking over the config in the first place. And no, I do not agree with Belkin's way of "implementing" this, but I think an admin is responsible for knowing about things like this in their equipment.
My sig of choice is Marlboro
It is actually a very good example: Jamie hijacked the "from whatever dept" thing for his own benefit, kind of like Belkin hijacks your HTTP request.
At least it makes sense to me...
Maybe we deserve this world ?
Yiiidge. Firewalls are supposed to help you keep junk _out_ of your computers, not bring it in.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
In summary you have bought a "router" that has its internal configuration updated by an external event.
That is, I (or anybody on the inside of my net, not just an administrator) can click on a link delivered from outside my area of control and that link SETS A FLAG IN MY ROUTER....???!
So now I have my router with its optional firewall support watching the data transport and reconfiguring itself in response.
This is such a bad idea it is unspeakable.
What if the first guy to see the web page and who isn't the rightful administrator, accepts?
How long until a nice buffer-overrun attack lets a malicious server reporgram my router?
How much of the CPU in the router is wasted looking at each HTTP request in search of this flag setting?
Belkin is "stealing" cycles and security from their customers.
Not smart.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
But if Slashdot jumps on the leftovers afterwards, it's going to be very hard to attract fresh blood.
One line blog. I hear that they're called Twitters now.
As if people can't type in a URL after reading a leaflet included in the box?
Lots of people can't do that. (You're assuming that the customers found the leaflet in the first place!) They fat-finger it, misspell it, and can't figure out what happened. Yes, they are clueless dipshits, but that's no consolation to the marketer. After all, even clueless dipshits buy things.
Are they aware that people type URLs all the time without trouble?
Apparently you aren't aware that typing something into a web browser is sheer wizardry for millions of people. Yes, you're a super cool computer literate Internet using badass. Compared to you, the rest of the world (the vast majority of it, at least) is morons. What if you were the guy who is trying to market something to all of the morons?
Are you going to expect those morons to be able to read something and type it into a web browser? I wouldn't.
Before someone gets mad, I think what Belkin did was wrong. That doesn't invalidate some of the reasons they gave (even if they happened to be lies).
Why can't they just admit that they wanted to prominently promote their subscription-based service?
Probably because Belkin is used to marketing to dim-witted fuckups who aren't as savvy as the folks on the Internet who are currently reaming Belkin for their bad business and subsequent deceit.
I don't make the rules. I just make fun of them.
These will all be implemented in the next release.
POST /xml-rpc/PatientRecords HTTP/1.0
...
< string>Severe hemmorage untreatable by dressing.</string></value> ...
m g src="http://ads.example.com/images/censorware.gif" ><br />
User-Agent: PatientRecordsApp
Host: hospital.example.org
Content-Type: text/xml
Content-length: foo
<?xml version="1.0"?>
<methodCall> <methodName >Waitlist.BookSurgery</methodName > <params><param><struct>
<member>
<name>PatientID</name>
<value><i4 >2323434</i4 ></value>
</member>
<member>
<name>Priority-Reason</name>
<value>
</member>
</struct></param ></params ></methodCall>
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
<html><head></head><body>
<a href="http://ads.example.com/censorware.asp">
<i
<blink>Get your censorware now!!!</blink></a>
</body></html>
And in reply, I think "What if each user controller their own router?"
personally, I use Asante's[www.asante.com] products they have worked perfectly for me for the last 5 yrs
See This Comment.
Belkin hasn't just abused customers' trust and falsely advertised this piece of trash as a router, they have also opened up security holes for no other reason than advertising censorware. This behavior isn't just wrong, it's despicable.
That's it. I'm no longer part of Team Sanity.
By popular demand, putting those addresses on the Internet occasionally leads to people trying to sell _Belkin_ stuff (like clues) and support _Belkin_ technically (like telling them that there's this terrible bug breaking their system) instead of buying stuff _from_ Belkin and getting help _from_ Belkin. It's not very frequent, and you can turn it off by returning the email addresses to the pool of unused character strings floating around the universe.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
a) Their specs say support up to 1600x1200x24bit@60Hz. It's DVI-B compliant (>350MHz bitclock)
b) The monitors and video cards support it.
c) 3 of the 4 connectors work perfectly. But without fail, the first one causes weird image ghosting (it's hard to describe, it looks like what Hollywood would show you when a "satellite link gets broken up")
Also, the first one doesn't work even at 800x600. It doesn't ghost as much, but if the screen is full of bright pixels it still does it.
So it doesn't matter.
So, as far as I can see, it's a lemon.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
This is a classic Man In The Middle attack(at least the beginnings of) in my opinion and as such they should be prosecuted to the fullest extent of the law.
at a post that was made right after yours in a different part of the article: CLICKY!
If you only consider the redirect : total request ratio, sure, it doesn't seem so bad.
If you consider what it means that you have a router that is configurable via an outside mechanism, I think the product is rather defective.
If you're running a firewall, it's a pretty good assumption that you're savvy enough to avoid these problems. On the other hand, lots of cable users are being handed Belkin and Netgear routers and being told that the router's filtering is the final solution in end-user security.
As false as that may be to begin with, now there may be other problems. Is there a mechanism that will update all flags via http? I hope not.
Transcript of email sent:
Original Email
The email was from
Eric Pipkin
Account Manager
Belkin Logistics
Direct Marketing Channel
501 West Walnut Street
Compton, CA 90220
310.898.1100 x 2511
He sent me a pdf file that I have put up for everyone to peruse.
PDF file
G
I wish there was a fscking blue pill
political_news.c: warning: comparison is always true due to limited range of data type
I'm not sure if you meant rein or reign, but in either case, it makes just as much sense. They will try to rein them in, and by so doing reign in them.
Good, inexpensive web hosting
Some of the settings they're using....
n guage=Englishf iles/5 4g_router.html. com
e zone=54 .18_ dd=1p date=0
b _subsc=2b _report_enable=0
OS parameters
os_name=linux
os_version=3.00.07
la
user_conf_ver=1.01
kernel_mods=et wl slhc ppp_generic pppox pppoe ppp_async mppe
fw_src=http://networking.belkin.com/update/
route_check_host=heartbeat.belkin
NTP Default
ntp_dst_enabled=1
ntp_enable=1
ntp_tim
ntp_sync_interval=1
ntp_server=192.43.24
user_time_yr=1970
user_time_mo=1
user_time
user_time_hr=0
user_time_mn=0
user_time_u
Cerberian
ceb_enable=0
ceb_email_enable=1
ce
ceb_timeout=10
ceb_unavail_block=1
ce
ceb_expire=0
iapp daemon
iappd_oid=00:30:bd
device_type=1
--Rob
How is this different from the "fire insurance" scam that the FTC has accused D Squared of?
* Reverse ROT-1.
# Joe Sixpack, his brother Darryl and his other brother Darryl.
One line blog. I hear that they're called Twitters now.
I sent a complaint to sales@belkin.com and got this response:
Does the Belkin Router send me Spam? NO.
Recently a group of privacy advocates have targeted Belkin Routers, claiming that Belkin
Routers equipped with Parental Control send spam, unwanted advertisements and
spyware to computers.
1. Belkin Parental Control Content Filtering is promoted on our 802.11g
Wireless Router packages as an added value service included with purchase.
Parental Control filtering enables our customers to block access from their
network to specific websites; it is a content filter, nothing more.
2. During the installation process, the router produces a web page asking the
owner of the router if they want to sign up for a free six-month trial of Belkin
Parental Control, similar to common online product registration requests.
3. The Parental Control registration page is not spam, adware or spyware. It is
part of the setup process of the router. It does not "hi-jack" the browser.
4. Belkin routers do not install spyware or adware, nor does Belkin have the
ability to advertise to our customers using our routers as a conduit.
5. If a customer clicks "No Thanks" on the first prompt, the registration page
for Parental Control signup will no longer appear.
Additional Information:
- The "No Thanks" button is not a trick button that will install spyware, etc. on the
computer. If a customer is uneasy clicking "No Thanks" in the web page, to stop
the reminder, you can navigate to the Internal web page of the Router, click on
Parental Control and select "Don't Remind me Every 8 hours". This will stop the
web page from ever being displayed again.
- If the browser window is closed without clicking "No Thanks", it will be
displayed again after 8 hours has elapsed. Please note that this is not a browser
pop-up, this means that the Parental Control web page will only be displayed if
the user opens the browser. Again, Clicking "No Thanks" will stop the web page
from being displayed.
We sincerely hope that this information provides an explanation that meets your needs, if
for any reason you would like to contact Belkin directly, please email your concerns to
Kannynmc@belkin.com
Regards,
Kannyn MacRae
Business Unit Manager, Networking
Belkin Corporation
Not only that, apparently whenever you unplug it to move it or your power goes out, it reverts to its spamming behavior.
that the company would even consider such bullshit makes them fully expendable. they need to be an example, since they can't follow one.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Does the Belkin Router send me Spam? NO.
Recently a group of privacy advocates have targeted Belkin Routers, claiming that Belkin
Routers equipped with Parental Control send spam, unwanted advertisements and
spyware to computers.
1. Belkin Parental Control Content Filtering is promoted on our 802.11g
Wireless Router packages as an added value service included with purchase.
Parental Control filtering enables our customers to block access from their
network to specific websites; it is a content filter, nothing more.
2. During the installation process, the router produces a web page asking the
owner of the router if they want to sign up for a free six-month trial of Belkin
Parental Control, similar to common online product registration requests.
3. The Parental Control registration page is not spam, adware or spyware. It is
part of the setup process of the router. It does not "hi-jack" the browser.
4. Belkin routers do not install spyware or adware, nor does Belkin have the
ability to advertise to our customers using our routers as a conduit.
5. If a customer clicks "No Thanks" on the first prompt, the registration page
for Parental Control signup will no longer appear.
Additional Information:
- The "No Thanks" button is not a trick button that will install spyware, etc. on the
computer. If a customer is uneasy clicking "No Thanks" in the web page, to stop
the reminder, you can navigate to the Internal web page of the Router, click on
Parental Control and select "Don't Remind me Every 8 hours". This will stop the
web page from ever being displayed again.
- If the browser window is closed without clicking "No Thanks", it will be
displayed again after 8 hours has elapsed. Please note that this is not a browser
pop-up, this means that the Parental Control web page will only be displayed if
the user opens the browser. Again, Clicking "No Thanks" will stop the web page
from being displayed.
We sincerely hope that this information provides an explanation that meets your needs, if
for any reason you would like to contact Belkin directly, please email your concerns to
Kannynmc@belkin.com
Regards,
Kannyn MacRae
Business Unit Manager, Networking
Belkin Corporation
But since I can not be sure that Belkin does not choose to inform me about a product I might not (want to) know on every other picture instead of saving it I won't buy it.
"And this is me at the Eiffel-Tower and this is the funny guy we met when ... ... no this is the new product of Belkin I didn't know about. There goes my weekend in Paris!"
oh, wait
k2r
I do am unlucky to own (and ignorant to buy, sigh) a Belkin wlan-accesspoint (802.11G). As these accesspoints and wireless routers all carry the same Broadcom-chip and modifications to GPL sourcecode as the Linksys 54G-variants, they should release their sourcecode just as Linksys nicely did.
Now I do believe when that is done that should solve the problem with this re-routing...
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
"Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement?"
Shit man that is the funniest thing I've read for ages.
As every good Slashdotter knows, the use of life-saving medical equipment should be restricted to the local area network.
Between a company that once fucked up and caused people problems (and tried to make things right) and makes pretty dependable hardware in general, or companies that make shit products, steal open source software, or fuck around with HTTP by inserting their advertizements right into the stream?
autopr0n is like, down and stuff.
I'm assuming that the page is loaded from ROM, with a "POST" method if you submit data, and a request to the router's IP if you want to disable it.
autopr0n is like, down and stuff.
I got the same thing back from Belkin. The response had a very oddly spaced partial-quote of my original email to them and appeared very hastily sent. I'm guessing we've got their support people running ragged. I say we all use our second and third accounts and contact all of their addresses again - just to make sure they understand the breadth of the group they are now locked in a conflict with.
How many roads must a man walk down? 42.
what kind of a moron buys a belkin router? for that matter what kind of a moron buys a belkin ANYTHING?
I've had a F5D6231-4 for a while now. I disabled the parental control feature before I ever surfed the net so I never saw the redirection--I have seen it on a friends router though.
I use this router in access point mode where it is not on the public network (as if the wireless interface is not public). I've never tried to use a consumer grade router directly on the internet at home. These types routers have historic weaknesses that are simply unacceptable (remember Code-Red and the Cisco turtles?).
An example of why this router is no more secure than any other consumer grade router? Try this:
Go to the web page for your belkin router. Download the router configuration to a file. Run strings on the file. Look for your password. Hmm. It's there in clear text!!!!!.
I don't trust any $40 router for this reason. They are simply convienience items that cannot be correctly engineered for the amount of money that is charged for them. I'm usually happy if they work at all. If you wan't a more secure router, use LEAF or OpenAP or some other router-based Linux distribution. Or pony up for a commercial grade router.
For any Medical Office that uses this gear. You'd be amazed at the fur that flies at the mention of "a possible HIPPA violation". If you've got a router that can be tweaked from the outside without your knowledge or concent, you've got something to be concerned about.
chetp@belkin.com
I have written programs that query web sites, fill out forms, and post replies, in response to other programs needing to schedule things which are normally done by humans. These programs were smart enough to make sure the downloaded web page hadn't changed since last use. Can you imagine the hassle it would have been for one request every 8 hours to fail because it downloaded the wrong page? Or worse, if it posted the form response and got the parental control page in response? Once every 8 hours, 3 times day ... how the hell long would that take to figure out?
I fired off a letter to dear old ericd saying this, and got back an automated reply with a PDF file attachment denying they were hijacking the HTTP stream. Ha! Idiots! More proof of their intelligence, to send a PDF attachment instead of simple text.
Belkin is on my do not use list. I can't imagine what it will take for them to set this straight. They have lost more credibility in a single incident than anything I can remember since dear old Datapoint's stock dropped by a factor of ten when their accountant's funny business was discovered.
Infuriate left and right
There was one day in Spring 2003 when the power cut out for a split second. On my buddy list, I saw everyone in the dorms get signed off. My roommate's computer rebooted, the TV shut off, the clock on the microwave reset. And yet, my computer was just fine. I figured it was because of my kickass Belkin surge protector.
Subsequently, I got a UPS for when I finished school and moved back out. When that lovely blackout hit, my comp was just fine.
I've grown fond of Belkin products. But after this article, there's just no fucking way I'm ever buying anything from them again. So can someone recommend a company that makes good UPSes and surge protectors for a reasonable price? Thanks...
[o]_O
Simple as that. Well, not quite, because I'll also advise anyone I talk to never to buy a Belkin router.
Software designers absolutely depend on routers passing data through unmolested.
A router that periodically alters, denies or appends HTTP requests can break apps in any number of ways and it would be exceedingly difficult to detect a problem, let alone fix it.
It's like having a hard drive that periodically replaces files at random.
I would never buy a product from a company that has such poor judgment, ever. Someone in management needs to be hung, drawn and quartered.
A lot of posters are acting outraged, like this is deliberate sabotage in the reactor control computer or something. But really, this is a consumer appliance and the vast majority of consumers won't care. The only question is, how deferential will Belkin be to the angry geeks, who probably weren't buying the product anyway? Will they pull it, or just make soothing noises? My guess is that they'll get a very low conversion rate and then pull it.
The obvious next step is to sell interstitial ads. I wonder how many commercials a normal internet user would put up with? That leads to the thought of modified routers which avoid playing the ads, which leads to DMCA-letters - but based on what? Could the advertisers claim that the router controlled access to protected content (the ads)?
In five years, companies like Belkin might be getting 80% of their revenue from advertisers. And think of the market data they can sell - they can intercept all your web and email traffic. If you send email to a friend about selling your old car, you might immediately face a full-page, blocking ad for a charity which would like you to donate the car. And the amount of the tax deduction (tailored to your car and tax bracket) could be in giant blinking nubers in the middle.
I don't think you'll fend off such a future by accusing Belkin of "violating the HTTP RFC" or something, because those words mean nothing to normal people. The idea that a router's responsibilities are sacred and cast in stone may be a good idea, but we haven't managed to explain it to normal people.
Hi Christine,
Thank you for your kind and timely response.
Please forgive my additional questions, they are technical in nature. I'm sure you're getting a lot of communication on this subject lately.
I understand that the HTTP redirection is not really spam or spyware, it is more of a configuration page. I have applications that regularly download via HTTP:
1. Operating system updates (e.g., Windows Update)
2. Real-time data (e.g., stock quotes)
3. Critical data (e.g., drug interaction updates)
How does your product ensure that one of these HTTP connections (i.e. one not coming from a browser operated by an administrator) does not return the parental controls option page instead of the actual data requested?
The product is now open to receive configuration settings from a remote site (the external website is able to disable the 8 hour reminder). What authentication mechanisms are in place to ensure that the reconfiguration of the router by the remote site is, in fact, authorized? Note that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance requires 512 bit encryption on data transfers. Can I continue to recommend this product in a HIPAA environment?
Thanks again,
Marsh Ray
cc: kmc
Christine Lee wrote:
> >
>
> -----Original Message-----
>From: Marsh Ray [mailto:marsh@mysteray.com]
>Sent: Friday, November 07, 2003 4:21 PM
>To: sales@belkin.com
>Subject: Routers
>
>Dear Sir or Madam,
>
>I heard the wildest rumor today, and am seeking some clarification. Is
>it really true that Belkin routers will misroute http connections to
>advertisement sites?
>
>I have always held your products in high regard and am having a hard
>time beliving this.
>
>Regards,
>
>Marsh Ray
>Belkin customer since 1997
>
I also disliked the noise of a fan going all the time in my little apartment. The computers are all in their own room, but the cable modem connection is in the main room. I like having it out there so I can have the option of using console broadband stuff without running a cable back to the main computer room. A silent, low-power router appliance is a lot more useful for this.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
The DRM technology promoted by Microsoft, the MPAA, the RIAA, and our legislators (in the U.S.) are all that is needed to implement a network wide censorship of content on the web, in our email, and on any document or media file that traverses the web.
People asking Congress to regulate email, usually using spam as a justification, are asking Congress to assume the right to regulate the content of our private communications. The Patriot Act has already given the government the "right" to monitor it.
If Microsoft's DRM facilities are capable of the user control that they claim they are, then it would also be possible to block the transfer of any document that was not made with that technology, to track the origin of any document to the users computer and userid, and to filter traffic at the router for any specific document. Palladium would enable similar "features" to be implemented as well.
I believe that this is and always has been the motivation behind DRM, and that the censorship will be implemented not only to protect the media giants that currently enjoy monopolies on entertainment, but also to ensure that the message put forth by these companies as "news" will be able to continue unchallenged by smaller sources who are either more concerned for the factuality of what they are reporting, or are unfettered by the necessary allaiances between government and our large corporations and are thus not obligated to report only the sanctioned viewpoint.
Before anyone recommends the tinfoil hat, I'd just like to ask you to consider:
Is it a safe enough bet to allow to chance?
Can we assume that despite this capability being built into the network and our software it will not go unused?
Is a government that seems desiring to curtail our rights (while promissing the payoff of lower taxes) going to show enough restraint to not censor once it is capable?
Are the software and media companies actually idealistic enough to prevent this? or would they willingly participate with an opressive government as long as that government promisses to protect thier market position in the face of growing competition?
Am I overly paranoid for considering this to be a possibility?
Is paranoia justified in situations such as this?
Read, L
There's no need for a class action lawsuit. Just return the damn thing. No one is going to stop you. If you don't like it, return it. What, you want punitive damages and compensation for pain and suffering, too?
I e-mailed them, telling them that I would not ever buy one of ther product, and that this behavior was unaceptable, etc...
;-)
:
I still think that they don't get it, but of course, thats PR damage control now...
I got that in return
Does the Belkin Router send me Spam? NO.
Recently a group of privacy advocates have targeted Belkin Routers,
claiming that Belkin Routers equipped with Parental Control send spam,
unwanted advertisements and spyware to computers.
1. Belkin Parental Control Content Filtering is promoted on our 802.11g
Wireless Router packages as an added value service included with purchase.
Parental Control filtering enables our customers to block access from their
network to specific websites; it is a content filter, nothing more.
2. During the installation process, the router produces a web page asking
the owner of the router if they want to sign up for a free six-month trial of
Belkin Parental Control, similar to common online product registration requests.
3. The Parental Control registration page is not spam, adware or spyware. It is
part of the setup process of the router. It does not hi-jack the browser.
4. Belkin routers do not install spyware or adware, nor does Belkin have the
ability to advertise to our customers using our routers as a conduit.
5. If a customer clicks No Thanks on the first prompt, the registration page for
Parental Control signup will no longer appear. Additional Information: - The No
Thanks button is not a trick button that will install spyware, etc. on the computer.
If a customer is uneasy clicking No Thanks in the web page, to stop the reminder,
you can navigate to the Internal web page of the Router, click on Parental Control and
select Don t Remind me Every 8 hours . This will stop the web page from ever being
displayed again. - If the browser window is closed without clicking No Thanks , it will
be displayed again after 8 hours has elapsed. Please note that this is not a browser
pop-up, this means that the Parental Control web page will only be displayed if the user
opens the browser.
Again, Clicking No Thanks will stop the web page from being displayed. We sincerely
hope that this information provides an explanation that meets your needs, if for any reason
you would like to contact Belkin directly, please email your concerns to
Kannynmc@belkin.com
Regards,
Kannyn MacRae Business Unit Manager,
Networking Belkin Corporation
I think you people are all crazy. I mean, what's the big deal, It's only a url once in a while and you can turn it off anytim49grjeg;sdf
fd
s
ANNOUNCING A ***FREE*** SIX MONTH TRIAL FOR PARENTAL CONTROLS ON BELKIN WIRELESS ROUTERS! WHAT DANGEROUS SITES ARE YOUR CHILDREN SEEING? (note to user - if you didn't want us to send this message to slashdot in your name, you should have let us know before we silently overwrote your http request with our data)
First problem with that plan is that *all* Internet communication is two-way, even if it's only handshake packets.
Second problem is that people will just tunnel blocked services over the allowed services. Even Microsoft is getting into the act, with "web services" that are little more than RPC over port 80.
I wished them a happy Allhallowmas.
In just a few weeks, will we be able to go to the local Fry's, Best Buy, CompUSA, or whatever, and see hundreds of products under the new brand/tag line:
If it's Belkin, it's broken!
Hmmm, it just might work...
heard of digital cable?
These SOBs scammed my parents into upgrading to digital cable (made it sound like it was a repair, and then charged them for it),
and now, every time you change the channels
you are faced with an ADVERTISEMENT
(the "info" channel feature has a little ad on the left, these days it's mostly ads for the TV Channel and a free video for AB exerciser)
I hate this shit.
I'm getting my parents free cable.
Fourth and fifth. Broadband isn't the only way to get Internet. Who gives a care what Comcast, and friends do? Geeks and their myopia.
He sent a pdf in response to my rant. It had the dubious claim below. Belkin thinks it owns something in my inbox. Fsk them. Any prohibitions on actions taken with my email are themselves prohibited. I know you are but what am I. Any email in my inbox is my property, or the property of my affiliate.
----
Confidential
This e-mail and any files transmitted with it are the property
of Belkin Corporation and/or its affiliates, are confidential,
and are intended solely for the use of the individual or
entity to whom this e-mail is addressed. If you are not one
of the named recipients or otherwise have reason to believe
that you have received this e-mail in error, please notify the
sender and delete this message immediately from your computer.
Any other use, retention, dissemination, forwarding, printing
or copying of this e-mail is strictly prohibited.
Deming's letter seems to have been removed.
From what I've read, this is something you can opt-out of in the administration settings page of the router. If you're neglecting to configure your wireless router, you SHOULD be informed that you need to set up a secure admin password and set up some type of encryption. To everyone that is complaining that this router is defective, would you REALLY use a wireless router with the default settings and NO encryption? I'm sorry, but if you think that, you deserve to be spammed as much as you deserve to be hacked.
While I think an advertisement is in poor taste, a page along the lines of "Welcome to your new Belkin router! For security purposes, you should set up a unique SSID, a WEP encryption key and a password for the adminstrator account." would do wonders for getting people to stop leaving their access points wide open.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Just got this from Eric Deming. Funny, he's working late tonight!
From: Eric Deming [mailto:EricD@belkin.com]
Sent: Friday, November 07, 2003 10:05 PM
Subject: RE: defective router
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
I thought it was because of bowling and Dick Clark.
After this, I won't buy any Belkin product for any reason. Not even cables.
We'll have to see what they come up with next week.
<sig>Guvf vf abg n frperg zrffntr
Why do /. geeks buy these routers? I don't trust these closed systems, and neither should self-respecting geeks. How hard is it to buy an old 486 or Pentium and two or more NICs and install Open/Net/FreeBSD or Linux and turn it into a cheap router? We are not talking Cisco ATM 0/0 stuff here, just a router for home usage...
http://www.club977.com/ - The 80's Channel!
Your source for commercial free 80's music!
From the website:
Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each router's firmware that incorporates Parental Control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
When did slashdot.org member become a bunch of flamers? Do the research. Become informed. Make insightful comments.
... picked up the Register article some time ago ... never got around to playing with it). Do not fear, your porn will come thru without a redirect Theoretically, I suppose if you allow pop-ups and other such scripts to run then those new http sessions may be tagged for the redirect ... at least in theory.
... If someone from Belkin reads this (and you can bet the farm they are) I suggest the following. Add the Parental Control Sign-up to your "EZ Install" process. If you are afraid of losing potential Parental Control customers then make the first attempt o log into YOUR ROUTER prompt your trusting customers for permission to sign them up for Parental control next time the router gets an active internet connect.
....
Belkin obviously was mistaken to redirect ANY url request, but if you would have bothered to check the behavior of this you would have found a couple interesting things. First, the url redirect apparently only happens at the start of a new http session. Those of you downloading the cure for cancer for you children need not be alarmed. Your precious cargo will not be mingled with a Parental Control Sign-up page. That's right folks, it is a signup page. Not that it makes right. Belkin does need to (and looks like they are gonna) step up, re-tool, fix and move on. Second, no active http sessions are interrupted (at least during the last 10 hours I have been probing
BTW, the Parental Control feature is fairly innovative. Privacy advocates like yourselves should check it out, provide criticism and help good ideas evolve. It is a good way to keep your unsuspecting spouses and children away from the true internet vultures out there that try to do real harm.
Bottom line
Just my two cents when it counts
Flame on.
Whether they fix their spamming routers or not, I won't be purchasing their products anymore. They appear to be the first to try this, and as the first, they must pay a price, regardless of whether they do damage control or not to fix a dumbass vp of marketing mistake.
I have a few belkin products. I'm using one of their kvm switches right now. And I was about to buy a couple more for the servers in my office. And one of my relatives is wiring 238 two family homes at a new housing development in NJ. Each 2 family house is getting a router for each family, built in, regardless of the fact of whether they are internet users or not. May be a waste, but it was a package deal/package bid for the job. That's 476 routers, plus probably a few more for the management office, pool room area, computer room area, party room area, etc. I'll have to make sure he's not going to use Belkin products. Once I tell him about the spam (emailing him the article now) I'm sure he'll avoid them also.
And as a btw, I haven't purchased gas from Exxon since the Valdez oil spill either. So I won't be forgetting about Belkin adopting spamming tactics to push sell their products.
What is someone figured out what response was being sent back to turn this off, then just sent that set of packets to every IP address on the net. Wouldn't it completely shutdown Belkin's plans for this? Of course, that might be a DOS attack in itself, depending on how large the response is.
The value of the feature isn't really relevant to this discussion. One could argue that Hitler's research scientists learned lessons that helped modern medicine, but that in no way validates the brutalities they committed in the process. In the same way, an innovative router control feature is nice and deserves respect, but in no way validates an obviously asinine advertisement methodology used to advance that new feature. Belkin is in the wrong here. If they do fix this problem promptly, then they'll be back in consideration for my IT purchases, though certainly a few pegs lower. I certainly won't purchase any other Belkin routers, but their rapid response to this issue just might save their KVMs etc. from by blacklist.
How many roads must a man walk down? 42.
Wow. That was quick.
*Sigh* My network hub is Belkin, my wireless access point is Belkin, my two 54g cards and four IDE network cards are Belkin. So are numerous network and USB cables in my office. They all worked great, good prices, would have gladly bought Belkin stuff forever... Goodbye Belkin. "Tell me, Belkinuman, when did you abandon reason for MADNESS?"
MOD THIS UP
I was wondering what brand to buy. I bought Belkin but took it back to OfficeMax mainly because they sold me a cable router that did not have a Belkin rebate. (The claimed they had worked it out with Belkin.) This was the third rebate problem with them - no more. Now I have an even better reason to stay away from both Belkin and OfficeMax.
Haha! It looks like slashdot had an effect. This is the reply you get from sending email to Eric Deming's address:
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
Good Job.
Way to relate the Holocaust with a sign-up page. I am sure that the millions that died appreciate your insight. Your obvious asinine comments only prove my point. But please do flame on.
BTW, I do not see the "advertisement methodology". They are (in a poor manner) asking if you would like to sign up for a feature displayed on the box. That is not an ad. Focus on the issue. Redirecting of any url request is bad.
The two are obviously very different in scale, but one of the best ways to understand a point is to exaggerate it into stark relief. Look at the issue in principal for a moment and you'll see that my point is not a flame but a valid way of considering the issue. The "advertisement methodology" is the act of redirecting an HTTP request to a sign-up page for a subscription service. Think through the point. Flame on.
How many roads must a man walk down? 42.
s/principal/principle I hate it when I do that.
How many roads must a man walk down? 42.
This is your typical "Tech vs. Non-Tech" argument. The manufacturer did something to appeal to Non-Techs, and it offended many Techs.
...it offended many Techs because they realized the implications of a router monitoring the data stream, intercepting the data stream, flags configured from an outside data source, all the potential privacy concerns and vunerabilites this leads to and so on. Sorry, but it's not a tech vs non-tech argument if the non-techs don't know what the argument is about.
To a consumer it looks like a non-issue, like whether the car should be red or blue. But if the red color means the airbag will occasionally stop working, it IS an issue. You can't say "Our customers want red cars, and so we'll deliver red cars. Who cares about the complainers, the average consumer will never notice the difference anyway."
Kjella
Live today, because you never know what tomorrow brings
It looks like Belkin is hearing this, but if not, it might help to notify some of the people they quote their rave reviews from.
This is obviously in my belkin usb cable too. I used it to dl my pix from my camera and it keeps downloading these horribly blurred family photos instead. I demand a refund!
They screwed up, they apologized, and now they are fixing it. That sounds pretty reputable to me.
Was it part of some evil plot? Probably not. They were probably doing just what they said: Making it easy for home users to sign up for the filtering service. It was done in a clumsy and ill-conceived manner, but I do believe that we should give them another chance given their swift response to the complaints that only surfaced a few days ago.
Well, it gets better and better. It looks like Eric Deming canceled his original reply (MessageID: c91e821d.0311051525.70aa9920@posting.google.com).
:)
Wow, that was not the smartest thing to do. I mean, when you have a bunch of techies chasing you don't try and throw them off the sent with Usenet trickery. Use their weakness against them and throw pictures of naked women at them.
KangarooBox - We make IT simple!
The letter makes it clear that Belkin still doesn't get it. The letter isn't an apology, it's an explanation, an excuse for Belkin's reprehensible conduct, and it's full of spin - that's the polite way of saying misinformation, which is the polite way of saying lies.
The letter begins by claiming that "a group of privacy advocates have targeted Belkin Routers". That's not the case at all - a single user posted an explanation of Belkin's router's hijacking, and asked if anyone knew any more about it, in the usenet group news.admin.net-abuse.email. No group was involved, and there was no targeting.
The letter continues with a claim that "[t]he Parental Control registration page is not spam, adware or spyware. It is part of the setup process of the router. It does not "hi-jack" the browser." It is, apparently, part of the set-up process, but that's spam in and of itself: the user hasn't purchased Belkin's "Parental Control", but in the process of installing what he has purchased, the user is forced to sit through an advertisement for another Belkin product, whether or not the user has requested this advertisement. That's the essence of spam.
(And yes, I know that businesses like to claim that unsolicited advertisements are not spam if there is a "pre-existing" relationship with the customer, but that's bunk. Buying a product does not involve an implicit agreement to surrender my time to the manufacturer.)
Even if you're willing to by the argument that installing a product should be made more complicated and time-consuming by subjecting you to advertising, the reason that Belkin's received so much unfavorable publicity is not a one-time ad at install. The problem is the ads repeat indefinitely, every eight hours, until you, the user - Belkin's valued customer - takes some action to make them stop. And this is the same as he sneering spammer who sends you unsolicited email with a "click here to opt out" link. Not only does it steal your time, it steals more of your time before you can make it go away.
The letter goes on to state that "nor does Belkin have the ability to advertise to our customers using our routers as a conduit."
Wait a second, lady. This whole brouhaha started because Belkin continues to use its routers as a conduit to deliver customers to its ad for "Parental Control" every eight hours. If your routers didn't have that ability, we wouldn't all be telling you why we're not going to buy Belkin products anymore. This is a blatant lie, and an insult to the intelligence of anyone reading it. The page the router delivers users to is an ad. It's a solicitation to do additional business with Belkin.
The letter also claims that "[i]f a customer clicks "No Thanks" on the first prompt, the for Parental Control signup will no longer appear." Not entirely true. Belkin Manager Eric Deming admitted in a usenet post (since cowardly cancelled, but mirrored here) that clicking "No Thanks" won't work for users behind firewalls. It also appears that the "No Thanks" gets reset if the router is reset, and anecdotal evidence suggests that the (low) quality of Belkin's routers makes resetting rather more usual than it should be - possibly as often as every 20 minutes.
The letter ends on a surreal note, "[the Belkin advertisement web page] is not a browser pop-up, this means that the Parental Control web page will only be displayed if the user opens the browser". Huh? It's not a br
Opinions on the Twiddler2 hand-held keyboard?
Do you upgrade ? I do. But does John or Jane Everydayuser-who-doesn't-know-anything-about-upgra ding ?
In other words: isn't it already too late and shouldn't they instead call back their products ? Or will only the people who know how to upgrade profit from this decision ?
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
I have a RePlay 5060. One of the things it does is that when it goes into screensaver mode, it will sometimes show ads from RePlay... I've seen it show ones for sales on RePlays at their website, and it's currently showing one advertising the new "quickskip" feature that they pushed out in their last firmware update.
not a huge deal, especially since if I've left it long enough to go into screensaver, I'm obviously not watching it, but I fear the day it starts pushing out ads for something other than RePlay.
I have blog like everyone else
REdirects me to http://parked.directnic.com/
I hate it and I do not know how to stop it.
Moronic? Yes. A deliberate attempt to screw customers? Not really.
You are not alone. This is not normal. None of this is normal.
...is still available as of 10AM EST! I'm sure some enterprising, hate-filled geek will step up to the plate and fill this void with a much needed "sucks" site.
(dual link, see http://www.intechlabs.com/ourfaqs/tv/dvi.htm)I -A even supports 1920x1080 at 60Hz, and 1600*1200 1920*1080 so I don't see how that's relevant anyway. And remember, it didn't work at 800x600 either. (!)
DV
DVI-D explicitly supports 2048x1536, etc. etc.
Also, I returned this product 3 times so far, and each new one has had exactly the same problem. It's definitely a systemic defect.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It is good to see that you "analyze" your spelling. The principle of the matter is not lost on me. I feel the need to place it in scope and use the tried and true method of research to understand the true scope so that exaggerations do not dilute the issue. I do hope that Belkin responds appropriately. BTW, don't take my word on all of this. Analyze for yourself. Stayed tuned. Parental Control ip traffic analysis is coming.
We
unintentionally overlooked the effect this feature would have. We
never intended to compromise the trust of our customers
I'll ignore the effect above being a bad rewrite of public outrage, or more importantly, lost sales.
Instead:
If they didn't intend to compromise the trust, it means they didn't know they were doing so.
So, which other products that are shipping from Belkin today are compromising the trust of the users as we speak, without Belkin knowing about it?
This is a seriously big fuckup, and it has to be done either with full malicious intent or devastating incompetence. In the first case, apologies can be posted, the intent can be withdrawn, and the course changed.
It appears that Belkin they didn't have such an intent, and therefore, the only option remaining is that they are devastatingly incompetent.
An associate of mine does use a Belkin wifi router on his home network, and we already are trying to find some time to get together and test it. We're curious to understand as much about the problem as we can, as is the case with us and all IT problems.
While it is important to analyze an issue in scope, it is also important to consider the principle - something that seemed lost in your original messages.
There are any number of times when most of us have let something slide because it didn't really matter in the long run, and this often results in increasing boldness of inappropriate behavior. Had we all complained in unison when the first "Service Charge" was introduced on cell phones, would we have so many charges above our "monthly cost" now? Exaggerating is valid and only distorts the debate when one does not consider it in proper context.
Belkin is starting down a slippery slope here, and my exaggeration can help us to understand just how far such slopes can go.
How many roads must a man walk down? 42.
By 'one way', he means 'establishing connections only one way'. Ie, its very easy to filter out syn-only packets in a single direction.
Here's a response that I got from Belkin.
They're still denying that this is a problem.
--
Does the Belkin Router send me Spam? NO.
Recently a group of privacy advocates have targeted Belkin Routers, claiming that Belkin
Routers equipped with Parental Control send spam, unwanted advertisements and
spyware to computers.
1. Belkin Parental Control Content Filtering is promoted on our 802.11g
Wireless Router packages as an added value service included with purchase.
Parental Control filtering enables our customers to block access from their
network to specific websites; it is a content filter, nothing more.
2. During the installation process, the router produces a web page asking the
owner of the router if they want to sign up for a free six-month trial of Belkin
Parental Control, similar to common online product registration requests.
3. The Parental Control registration page is not spam, adware or spyware. It is
part of the setup process of the router. It does not "hi-jack" the browser.
4. Belkin routers do not install spyware or adware, nor does Belkin have the
ability to advertise to our customers using our routers as a conduit.
5. If a customer clicks "No Thanks" on the first prompt, the registration page
for Parental Control signup will no longer appear.
Additional Information:
- The "No Thanks" button is not a trick button that will install spyware, etc. on the
computer. If a customer is uneasy clicking "No Thanks" in the web page, to stop
the reminder, you can navigate to the Internal web page of the Router, click on
Parental Control and select "Don't Remind me Every 8 hours". This will stop the
web page from ever being displayed again.
- If the browser window is closed without clicking "No Thanks", it will be
displayed again after 8 hours has elapsed. Please note that this is not a browser
pop-up, this means that the Parental Control web page will only be displayed if
the user opens the browser. Again, Clicking "No Thanks" will stop the web page
from being displayed.
We sincerely hope that this information provides an explanation that meets your needs, if
for any reason you would like to contact Belkin directly, please email your concerns to
Kannynmc@belkin.com
Regards,
Kannyn MacRae
Business Unit Manager, Networking
Belkin Corporation
-B
Sorry if this was posted already - just saw this at www.belkin.com (not a joke - go and look yerself :) )
Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
Eat recycled food - it's good for the environment, and OK for you.
Well now that we've moved from Holocaust to cell phone service charges, I figure we may end up on comparing my initial post to getting a piece of junk toy in a great tasting box of Kracker Jacks.
... hopefully the last). From initial post: "Belkin obviously was mistaken to redirect ANY url request" ... "Belkin does need to (and looks like they are gonna) step up, re-tool, fix and move on.". If that sounds like the principle is lost on me then let me make an exaggerated comparison ... You are as deaf, dumb and blind as Helen Keller (my apologies to all the deaf, dumb and blind people - I know this puts you down more than digitalvengence).
Nonetheless, if I may quote myself (first time ever
Please let two concurrent and unrelated thoughts coexist in your brain. 1) Belkin made bad mistake, must fix problem. 2) Parental Control cool for Privacy advocates.
But thanks for the lesson on principles.
Thanks for the correction
I wrote them an email that explained that I wasn't directing my misgivings at them specifically, but at Belkin overall - and he actually wrote me back. According to EricD they are going to be undoing what has been done and they have pretty much decided against ever doing that again.
As for cock-up vs marketing, remember that after the 6 month trial it was a pay service. Given that, a pop-up in your face offer for a free trial to their pay service, it was pretty much marketing. Putting a signup sheet and stamped envelope in the box is also marketing, and probably a much better way than what they did.
They hadn't thought through the ramifications of using a hardware router to serve up unsolicted marketing information, and they probably didn't listen to the techs that screamed not to do it there in their office, with that I agree.
Glonoinha the MebiByte Slayer
I'll start by paraphrasing something you said earlier in this thread: stick to the issue. Personal attacks will get you nowhere.
/. doesn't prove that you understand the principle involved. We must realize that principle and practice aren't two totally detachable concepts, one flows into the other. Perhaps this is the difference in our thinking. I firmly believe that the error is important, regardless of the end-user benefits that might eventually be received.
Now, parental controls may be the greatest thing since sliced bread, but its not relevant here. That is the first point I've tried to make and you've not, as of yet, supplied any evidence to the contrary.
Secondly, the fact that you agree with virtually 100% of those who've voiced an opinion on this topic on
But thanks for reiterating the obvious.
How many roads must a man walk down? 42.
Belkin changed the statement on their website today. They are no longer admitting that they made a mistake. The new text reads:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed. Please expect more detailed information to follow early next week. Thank you.
It would appear as though our concerns were not taken as seriously as I, for one, had thought. If Belkin isn't admitting wrong-doing, what is to prevent them from doing something like this in the future? Their quick response had put some of their products back on my list, but this changes has eliminated them - forever.
Josh.
How many roads must a man walk down? 42.
You still do not get it. The only thing Belkin's mistake (url redirect) has in common with Parental Control is that it happened to bring up a sign up page for Parental Control (it could have brought up the greatest thing since sliced bread and I still would have mentioned it). I was not trying to make parental control relevant to the conversation. CONTRARY EVIDENCE SUPPLIED HERE: "BTW, the Parental Control Feature is fairly innovative"(See you made me quote myself again) ... BTW commonly used in forums and chats means "By the way" as in possibly not relevant, applicable, or remotely related to current subject.
Case closed counselor (hopefully, but I doubt it).
The fact that I agreed with 100% of the other posters is not relevant as 99% of them had never used a Belkin router before making their comments. My comments came from a position of truly understanding the nature and scope of the problem. I believed my comments added some well needed information that /. users might appreciate. I am sorry that you did not, but you can't please everyone.
Nonetheless, way to keep gripping. Seems our side rant should best be put to rest. So please let me sum up what we have learned in the aforementioned rant.
1. Belkin screwed the pooch on this one
2. It is almost a crime as great as the Holocaust (not really, just a bit of exaggerated comparison meant to grab your attention, much like redirecting urls)
3. Parental Control is not relevant to the discussion
4. BTW means By the way
5. Principal is the guy's office you tried to avoid in high school.
6. Understanding the principles of the matter is priceless.
7. My sarcasm about your mental strength was not a personal attack just as your sarcasm about Hitler science experiments was not true comparison.
Though I had considered this case closed, some dark corner of my mind hates half-truths and poor logic and must respond. First, allow me to assure you that I am informed as to the meaning of "BTW" and any number of other short-hand devices. With that critical on-topic detail at rest, allow me to correct a few of your summary assertions. 1. Belkin is actually still screwing the pooch on this one. 2. Some individuals may never understand analyzing something on the basis of principle, with respect to scope. 3. The word "vengeance" is not spelled "vengence." 4. The length of this thread is entirely out of proportion to my interest in it. 5. This isn't just a sign-up page, its an advertisement for a subscription service. 6. Any intelligent disagreeing opinion is classified as a flame. 7. This thread is overdue for a respectful agreement to disagree on principle here. 8. I have work in 4 hours, I'm really should be going to bed.
How many roads must a man walk down? 42.
I have the misfortune of owning a DI-754 dual A/B wireless AP and 4-port router. Ever since I updated it to the latest firmware (which was last updated in December of 2002), the router has locked up about 4-5 times/week. It's extremely irritating because my computer relies on the router to connect to the internet, it most frequently locks up over night, and it's situated in my roommate's room who doesn't wake up until long after I've gone to work in the morning. If I didn't have a neighbor with an unprotected connection to leech off of in the mornings, I would've thrown the damn thing in the garbage months ago.
Of course, D-Link's technical support is utterly useless on the issue. All they said was to reflash the firmware on the machine, which did nothing to help. The main reason I went with D-Link was the fact that I could configure the router without a Windows machine, but now I could just care less. I'm never buying another D-Link products.
(Oh, and on top of all that, the 802.11a range on the unit is atrocious. I can't even get it to work more than ten feet away from the unit. I should've gone with a 802.11g setup.)
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I'm happy to see that so many of the /. User has stopped using the router And like to get some of them, for a project in Cambodia, I don't think that It matters much to the Khmers that it a bit defective..
I just hate bit SPAM, (www.netnoise.com.kh)
I have a Belkin wireless gateway/router, and I'm (obviously) worried about an exploit. Anyone heard of any exploit code in the wild yet?
...what the hell were they thinking...
The *SECOND* an exploit is in the wild I am going to call Belkin and demand my money back. No way in hell am I paying for the "privilege" of being hacked and spammed by a device is is SUPPOSED to be a firewall to my network!
... of their homepage.
--SNIP--
Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.
Please expect more detailed information to follow early next week. Thank you.
--SNIP--
Buy all your crazy japanese videogames from
uh, that would b the marroons who voted 4 nadir;-)
If it's picking a "Random" http request to redirect, what if that request was VERY important and caused financial damage to the user?
- last-second ebay bid screwed by Belkin... loses $1m collector item going for only $193
- user is in the middle of a very long registration or payment process... interruption screws it all up (or at least the user doesn't know how to recover), lost time and the user isn't sure if he registered or not... could end up with double payments
- and so on...
A router (with firewall even) is a security product... it just SHOULDN'T do crap like this. I wish someone that ran into the above sued them for $1m for malicious damage or something.
MadCow.
I used to have a sig, but I set it free and it never came back.
"Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com."
Att. Kannyn MC @ belkin.com
Regarding the latest debacle caused by your company's intrusions:
While I am myself - at present - not a Belkin product user, I would like to share this with you.
I have followed the debate that resulted from your malware included in your latest router product series. And I am infuriated.
The free computing world today is on the brink of falling to centralised data control and monitoring, and complete privacy is absolutely essential if we are to avoid todays technological evolution resulting in a totalitarian fallout due to lax security procedures and lack of respect for personal freedom and privacy.
In that context, lets see what your company have done: You are taking CENTRALISED control over personal datastreams, so that you can advertise your products to your users. And to add insult to injury, you do so with a product that further seeks to stem the free flow of information to minors, under guise of "morality". Ergo, you are compromising the data freedom and integrity and wasting work time of your customers, because your marketing department had a "smart idea" on how to squeeze a few more bucks out of your user base - with an abominable product.
I am an independent IT consultant, and while I will not tell lies by saying that my personal recommandations or purchases will have a noticable impact on your bottom line, you can be completely assured, that I will remember this transgression against your customers (actual and potential), and that I will never, ever purchase one of your products, or recommend its purchase. In fact, I will do the exact opposite. I have already notified the local Danish user group of your actions.
Your company have violated the trust of its customers in one of the worst ways possible, and I will gleefully observe your market erode away because of this idiocy on part of your company. If nothing else, it will be a very convincing example for your competitors of what NOT to do in this business.
Your truly,
Peter Perlso - web: http://haxor.dk