Slashdot Mirror

← Back to Stories (view on slashdot.org)

Belkin Routers Route Users to Censorware Ad

Posted by jamie on from the happy-birthday-megan dept.

The Register has a story today about Belkin routers redirecting their users' network traffic. To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"

26 of 805 comments (clear)

  1. Here's the angle I would take... by pegr · · Score: 5, Insightful

    The device is defective. Make product support give you one that works. While you're at it, send hate mail to the marketing team. I bet the support guy will give you the right email addresses...

    Better yet, get the addresses and post them here.

    1. Re:Here's the angle I would take... by Hypocritical+Guy · · Score: 5, Insightful

      I'll just quit buying Belkin products. Though I don't have any to beginning.

      --
      If you liked licking my balls, add me to your foes list!
    2. Re:Here's the angle I would take... by pegr · · Score: 4, Insightful

      Uh, "spam" is not a feature I should have to turn off... Can you point to the RFC for this "feature"? No? Then it's defective...

    3. Re:Here's the angle I would take... by LWATCDR · · Score: 4, Insightful

      If the router failes to take you to the requested address randomly it fails. This is oen of the worst ideas ever

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    4. Re:Here's the angle I would take... by msuzio · · Score: 4, Insightful

      I believe any router that knowing hijacks any connection *by default* is broken as designed. End of story. Does not meet my definition of a functional router. I don't care if I can turn it off. It's an abomination before God.

      I think Belkin deserves every bit of abuse on this issue. They knowingly did something annoying to their customers only because they couldn't figure out how to sell this POS censorware service any other way. Screw them.

      --
      It's a strange world -- let's keep it that way
    5. Re:Here's the angle I would take... by Eugene · · Score: 3, Insightful

      Exactly, they are abusing the trust of their customers when they are trying to exploit this. (well, again there are many software company do that as well).

      Belkin is on my banned list now.

    6. Re:Here's the angle I would take... by shane_rimmer · · Score: 5, Insightful

      I don't know how you feel about Netgear, but they are another option.

  2. Some other ideas... by L-Train8 · · Score: 5, Insightful

    What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial? Maybe your car radio could redirect your listening to a clear channel station every
    8 hours. These are business models I need to patent...

    --

    Don't forget that Friday is Hawaiian shirt day.
  3. Re:I could see this coming by jayhawk88 · · Score: 5, Insightful

    IHBT...

    Bullshit. Slashdot is bombarding me with ads because I'm a cheap bastard and refuse to pay them for the content they provide me. Belkin's got the money I gave them for their router, they don't need to be sending me ads I don't want to see to make more money.

  4. Re:so.. by lal · · Score: 4, Insightful

    Yes, it is a big deal.
    First, the original poster on Google said that he got it, unannounced, as part of a router firmware upgrade. No warning or explanation.
    Second, Belkin sells a product that is supposed to route Internet traffic, including HTTP. At certain, random points, it does not do that. Instead it sends out an advertisement to a user who has made a valid HTTP request. If Sony started selling a CD player that played a commercial for Coke once every 8 hours, would that be "no big deal"?
    I'm not spending another cent on Belkin gear until they reverse the upgrade and pledge not to do it again. Otherwise, simple gear like routers will become spam engines.

  5. Re:so.. by MoxCamel · · Score: 4, Insightful
    ..if you can disable it, and the instructions mention that you can and explain how to, is this really that big a deal?

    Yes. Because routers route, period. And when they route, they're supposed to route correctly. Opt-out is bullshit, because it's saying "our product ships broken, until you unbreak it."

  6. Exactly by Anonymous Coward · · Score: 4, Insightful

    This is a defective product. It doesn't route IP packets correctly. Return it for repair, replacement, or [preferrably] refund.

    Boy did they blow this one. If they had stuck to something simple like your very first HTTP transaction brought up a configuration/advert screen only once, then there wouldn't even be a story.

    What if I had bought this for an isolated network? Would it hang up for an appreciable amount of time trying to contact belkin.com?

    1. Re:Exactly by Bleck · · Score: 5, Insightful

      My fear there -- so now, when I click on a link and get re-directed to some arbitrary site, I'm supposed to click the "click here if you're not interested" link? Haven't we spent the last thousand posts making fun of users who fall for that?

      --Tom

  7. This Breaks web sites... by Anonymous Coward · · Score: 4, Insightful

    Consider that a user is in the midst of filling out a long string of forms. After hitting the submit button, the next HTTP request directs them to this AD instead of the intended web form. Their form chain is broken, and there is potential data loss, as the customer has to start the forms over again. This is a VERY bad precedent to set. If it was the very first page served by the router, that could be different... the first time I tunred on my home router it directed me to a welcome and setup page... which is quite different.

    just my $2/100

  8. Re:so.. by LostCluster · · Score: 4, Insightful

    It's the difference between opt-out and opt-in. If Belkin's routers shipped with this "feature" disabled, who in their right mind would turn it on?

  9. Re:Redirect hardcoded? by mrpuffypants · · Score: 4, Insightful

    According to a unet link posted earlier in this thread the router gets a request from 'filter.belkin.com' that will enable/disable the 'feature'. So apparently there's a call that you can make over HTTP that will manipulate the router w/out a login. Now that's secure!

  10. Belkin can modify your router settings? by extrarice · · Score: 5, Insightful

    I found this quote from Eric Deming in response to the original newsgroup posting quite interesting...

    [quote]
    By the way, this procedure (disabling the nagware in the router web-config) might have to be done if your router is behind a firewall. Reason: filter.belkin.com sends a response to the Router to set the flag. [/quote]

    So Belkin deliberately left a configuration on the router to be modifiable by someone without proper authorization (the owner of the router or the network admin)? Absolute genius. Destroy your company's reputation 100% in one easy step: the backdoor(s) will piss of the geeks, and the nagware-advertising will piss off Joe Sixpack.

    --
    "Jesus saves, but everyone else in a 10 foot radius takes full damage from the fireball."
  11. I couldn't disagree with you more... by Svartalf · · Score: 4, Insightful

    It's a ROUTER. By design, it's supposed to deliver traffic to it's intended destination, to the best of it's ability, 100% of the time. Not route a request to some other place- that's not it's design (well, in the case of Belkin's routers, unlike everyone else's, that is...).

    Unlike popups, etc., this is redirecting randomly selected packets going to port 80 (and probably the HTTPS port as well...) to thier server. Take a wild guess how many different things that just broke (SOAP, XML RPC, etc.). Like someone said, I hope nothing mission critical for you is on the inside of this stupid router- because it's BROKEN by design (And "configuring" the Router doesn't include turning frigging adverts off, either...).

    It's got to be one of the stupidest things I've heard of in a long time done for the sake of marketing.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
  12. Re:That is insanity by Zathrus · · Score: 3, Insightful

    Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).

    This is their wireless router -- it's made for home use, not for telecomm use.

    And don't just not buy routers from Belkin. Don't buy anything. No routers, no cables, no USB hubs, no keyboards, nothing. Belkin makes a great deal of stuff -- boycot all of it. There's not a single product they make that they don't have competition for.

    And let them know about it too. Email them (look here for the appropriate regional sales address) and tell them that you will no longer purchase their products until they apologize for doing this, put out a patch to fix it, and promise to never do anything along these lines again. Yes, I've already sent my email.

    I've got a decent number of Belkin products... they're decently made, and often available for a good price. But there's no way I'll purchase anything from them at this point if I can't actually rely on the product to do it's intended purpose. And that's what this boils down to -- you have a router that doesn't route properly.

  13. This could suck for automated HTTP by Experiment+626 · · Score: 4, Insightful

    It's annoying enough to know that when you're sitting at a computer using a browser to surf the Web, a couple requests a day will get hijacked to the spam site.

    But what about automated HTTP requests? You might be running some script to wget the latest greatest kernel source and instead it downloads a piece of spam. The hijacked HTTP request might come in the middle of a Gentoo build, or as you mirror a Web site and have a page replaced with an advertisement. You could be tunneling some other protocol over HTTP, and then who knows what this would do.

    Very stupid and annoying of Belkin. If they wanted to make their parental control thing so easy to use, just include a CD that says "Put this CD into any computer on your network to enable parental control on your new Belkin router!" Newbies can figure that out. I don't want my own router launching some kind of spoofing attack on me three times a day just so I can view more spam.

  14. Re:That is insanity by Smidge204 · · Score: 4, Insightful

    This brings up an interesting point, though I don't know if the parent intended to make this point or just a joke/analogy out of it.

    Since the router doesn't descriminate over whith HTTP request it overrides, what happens if it intersects a privacy-sensative transaction?

    For example, if someone goes to pay thier bills online, enter thier biling info, click "submit"... then suddenly get an ad... what ramifications might that have?

    That's a little more worrysome than getting an ad instead of some random page I might be trying to visit...
    =Smidge=

  15. Solution to all these problems by Kaboom13 · · Score: 4, Insightful

    Sleazy tactics like this aren't going to end. Theres only one solution. We need to sit around and think up every sleazy, disgusting, wrong, and dishonorable tactic someone could use to pervert the internet and it's standards to make a buck. We take that list, and patent it.

  16. Re:Here's my letter to their PR rep by AmigaAvenger · · Score: 3, Insightful
    Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.
    ANYONE stupid enough to do telesurgery over the common internet shouldn't be allowed to operate anyway. Think about the consequences of this for a second... Yes, the whole hijacking a connection is a bad idea, but this device is used almost exclusively by home users/very small businesses. Anyone thinking they are buying the equivilent of a cisco catalyst router with this $40 POS needs their head examined (preferrably through telesurgery over the common internet!)
  17. Re:A programmer is to blame... by ewhac · · Score: 4, Insightful

    The point is that geeks are to blame for this. The marketroids may come up with some stupid ideas, but who actually implements them?

    Let me explain what might have happened at Belkin:

    Middle Manager: "Hey, Geek-boy. Marketing have come up with a new feature they want in the wireless router."

    SWEng: [reading Powerpoint slides] "An ad every eight hours? That's not what a router is for!"

    Middle Manager: "I admit it's unusual, but Marketing really wants this, and legal says there's nothing in the law that prevents us from doing this."

    SWEng: "You can't be serious. It's an affront to civilized behavior! It's a very bad idea."

    Middle Manager: "Do it or you're fired."

    At this point, the room becomes very quiet. The engineer thinks very carefully about this ultimatum. The economy is in a shambles, especially the tech sector. There is no shortage of people who would take his job in an instant. And he has a new wife with a child on the way.

    Assuming the above scenario, and assuming the engineer capitulated, he has perhaps unwittingly caused the loss of his own job, anyway, once the full force of market backlash hits Belkin's revenue.

    I agree that techs should stand up for what they see as ethical behavior, and refuse to perform work that violates it. But not all of them have the same degree of flexibility in enforcing their sense of ethics.

    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  18. Re:Companies like Belkin... by symbolic · · Score: 4, Insightful

    ... Comcast, and others will eventually turn the internet into a cesspool - they're the ones with the hardware, the network infrastructure, and they will do whatever they can to wring extra money out of anyone they can. I predict that not far out, your bandwidth charge will be sold just like cable TV channels - for a basic fee, you have access to the HTTP channel (one way), FTP channel (one way), and the SMTP channel. For an extra fee, they'll provide access to the telnet channel. For even more, access to ssh/VPN/IPSEC channels. Eventually, I suspect they'll reign in all the ports that are used dynamically to facilitate certain kinds of connections, charging for access to them.

  19. No... IN SUMMARY... by IBitOBear · · Score: 4, Insightful

    In summary you have bought a "router" that has its internal configuration updated by an external event.

    That is, I (or anybody on the inside of my net, not just an administrator) can click on a link delivered from outside my area of control and that link SETS A FLAG IN MY ROUTER....???!

    So now I have my router with its optional firewall support watching the data transport and reconfiguring itself in response.

    This is such a bad idea it is unspeakable.

    What if the first guy to see the web page and who isn't the rightful administrator, accepts?

    How long until a nice buffer-overrun attack lets a malicious server reporgram my router?

    How much of the CPU in the router is wasted looking at each HTTP request in search of this flag setting?

    Belkin is "stealing" cycles and security from their customers.

    Not smart.

    --
    Innocent people shouldn't be forced to pay for inferior software development.
    --"Code Complete" Microsoft Press