Slashdot Mirror
Belkin Routers Route Users to Censorware Ad
The Register has a story today about
Belkin routers redirecting their users' network traffic.
To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"
There is censorship in the routers. But there is also loose spare change that the system addy dropped in their too.
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
The device is defective. Make product support give you one that works. While you're at it, send hate mail to the marketing team. I bet the support guy will give you the right email addresses...
Better yet, get the addresses and post them here.
What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial? Maybe your car radio could redirect your listening to a clear channel station every
8 hours. These are business models I need to patent...
Don't forget that Friday is Hawaiian shirt day.
Here's the usenet thread where this was first discussed. Especially noteable are the initial discovery, the response from Belkin and the first response to Belkin. After that it it's pretty much the same thing you can expect to see here on /.
<sig>Guvf vf abg n frperg zrffntr
Ok if I buy say a Book from my favorite online bookstore and get it shipped UPS, I'd expect it to arrive as a book right?
But what if every one in 100 times, UPS thinks I might like a corporate logo bumper sticker instead of my book, they throw my book into the eternal void, and give me a UPS bumper sticker instead. I'm supposed to like this?
Bottom line: When I ask a package to get delivered, and for a certain package to be received, I WANT that package, not what they think I want. Whether it's a TCP/IP packet, or a book. I fail to see the difference here.
Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).
...in bed
In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software.
Also in the news: the American council for airbags has been hitting people randomly in the streets to make it easier to appreciate their products. Thanks!
Seriously, though, I don't 'get' how a company could think this would endear themselves to their customers. If Cisco pulled this shit on its customers and made all their routers randomly direct to their brand-new VPN product I think it'd make people stop using Cisco FAST
Take an old Pentium I and put Smoothwall on it. No more Belkin and Netgear routers you get for $50 at Circuty City.
Is the address it redirects to hardcoded, or can the router get hacked and a new address put in? Now that would be good PR for Belkin, someone hacks the router and redirects all web traffic to some porn site.
I Am My Own Worst Enemy
Well, guess I won't be using any Belkin routers.
From the article:
"In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software."
Soooo.. it's spam, then. What a way of putting it mildly.
Should read:
"In response criticism, a Belkin lackey admitted a confirmation this week that the router will hijack an HTML request in order to advertise their product, for your convenience!"
I'm speechless at how brazen these guys are. I just don't know what to say, other than that I'm now afraid to buy their products. When I buy a product, I want it to work like it's supposed to work, not the way some marketing idiot thinks it should work. This is deceptive, possibly damaging, and certainly in violation of any number of specifications/RFCs. What are they thinking?
Several judges in different countries have already established that copy-protection on CDs was a defect and clients got reimbursed. This router behaviour is just the same.
When will they learn ?
Maybe we deserve this world ?
IHBT...
Bullshit. Slashdot is bombarding me with ads because I'm a cheap bastard and refuse to pay them for the content they provide me. Belkin's got the money I gave them for their router, they don't need to be sending me ads I don't want to see to make more money.
I really cannot believe this. This doesn't concern me as a censorship issue (doesn't appear as if censorship is built into the router itself... but without details on exactly how this parental control works, don't really know). It concerns me as a pure *annoyance* issue. I would absolutely flip out if my router dared to do this!
Everyone at Belkin should be ashamed of themselves. How could an engineer do this? He should be flogged with a cat-o-nine tails of twisted pair wire... this is evil, evil, evil.
Oh, and to the Belkin Marketing Department: Kill yourselves. Suck a tailpipe, hang yourself, borrow a gun... rid the world of your evil machinations. [ Just planting seeds ]
It's a strange world -- let's keep it that way
I recall an old arguement against censorware was just this kind of intrusion.
The next step, of course, is for a hacker to hijack this "feature" and dump all of a routing companys customers to child porn, warez sites, or nigerian scams galore.
Then there is the temptation of the companies themselves, "You can turn this feature off only by submitting a valid e-mail address." Then they sell off these addresses to spammers worldwide for a profit.
This kind of stuff is worse than big brother. At least in 1984 they didn't force commercials down your throat.
Karma Whoring for Fun and Profit.
Keyboards that occasionally type "www.belkin.com" when they detect you're typing a URL. (But you know, not more than once every eight hours, so it's OK.)
.jpgs of happy people using Belkin products.
USB mass-storage devices that randomly delete files and replace them with
PC Speakers that say "Shop at Belkin!" every couple of minutes.
etc...
With the dizzying array of routers available for purchase, I've often been befuddled by the sheer number of choices that I have when buying new equipment. Which one is better? Why is this router $10 less than this other one when they appear to do the same thing? Which manufacturer should I trust with my data? With razon thin profit margins, and fierce competition in the IT hardware industry, such choices have become extremely difficult.
It's comforting to to know that Belkin has recognized my problem, and has stepped forward in an effort to solve it. They make it so much easier by saying...
"If It's Belkin, You Don't Want It!"(tm)
Thank you Belkin. With your new forward-thinking "Don't Buy Our Stuff" policy, I will be sure to stay on the lookout for other products that you offer, so that they can assist me in making difficult purchasing choices even easier.
Assuming I understand this correctly, it could be dangerous. What if the request that got hi-jacked was me transferring money between two accounts?
Sure, they are probably safe because they only hijack HTTP (port 80) and not HTTPS (port 143). Hopefully anything important I'm doing is on port 143.
I will not buy Belkin anymore. This type of behaviour in a product is unacceptable. Advertising is one thing. Hijacking my requests is much more serious.
Yes, it is a big deal.
First, the original poster on Google said that he got it, unannounced, as part of a router firmware upgrade. No warning or explanation.
Second, Belkin sells a product that is supposed to route Internet traffic, including HTTP. At certain, random points, it does not do that. Instead it sends out an advertisement to a user who has made a valid HTTP request. If Sony started selling a CD player that played a commercial for Coke once every 8 hours, would that be "no big deal"?
I'm not spending another cent on Belkin gear until they reverse the upgrade and pledge not to do it again. Otherwise, simple gear like routers will become spam engines.
This is your typical "Tech vs. Non-Tech" argument. The manufacturer did something to appeal to Non-Techs, and it offended many Techs. Hmm.. wonder if the whole Windows vs Linux thing falls into this category...
... well, when you first buy your car, at some point it will drive itself to McDonalds, unless you tell it "no thanks". Oh and it might randomly do this in the future unless you turn the feature off. Regardless of wether you like McDonalds or not, we had added the feature out of popular demand...
I just wish Belkin would offer firmwares/hardware *without* the "feature". Any hijacking of routed packets is wrong. Sort of like saying
FLR
Emergency rescue team takes a patient to hospital. The patient is in critical state. Suddenly the driver pulls over and exclaims: "We're at the bar that is owned by our hospital manager. Would you like a hamburger?" "For god's sake, I'm dying! Do I look like I wanted a hamburger?!" "Okay, as you wish, but remember, that are best hamburgers in town!" and the driver resumes his way to hospital...
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
If you can highlight the 50 spams waiting on you in your inbox in the morning, press delete, and whisk them off to /dev/null/, is spam really a big deal?
Yes in both cases, because in both cases unwanted marketing has hijacked your use of your private property to display unwanted advertisements. It is unethical, unwanted, and it is on the other side of a line that companies GODDAMNED WELL BETTER UNDERSTAND they are not to cross.
Only on
Yes. Because routers route, period. And when they route, they're supposed to route correctly. Opt-out is bullshit, because it's saying "our product ships broken, until you unbreak it."
Oh please.
[grabs crotch] Remedy this!
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
This is a defective product. It doesn't route IP packets correctly. Return it for repair, replacement, or [preferrably] refund.
Boy did they blow this one. If they had stuck to something simple like your very first HTTP transaction brought up a configuration/advert screen only once, then there wouldn't even be a story.
What if I had bought this for an isolated network? Would it hang up for an appreciable amount of time trying to contact belkin.com?
no it won't. this is slashdot.
sulli
RTFJ.
One day, Belkin's router project manager Eric Deming was sitting around thinking, "How can we get $5,000,000 worth of bad publicity for free, and sink the company in an afternoon?"
Then he had an idea: "That's it! We'll abuse the trust of our customers, and get a story on Slashdot!
Consider that a user is in the midst of filling out a long string of forms. After hitting the submit button, the next HTTP request directs them to this AD instead of the intended web form. Their form chain is broken, and there is potential data loss, as the customer has to start the forms over again. This is a VERY bad precedent to set. If it was the very first page served by the router, that could be different... the first time I tunred on my home router it directed me to a welcome and setup page... which is quite different.
just my $2/100
"Uh. . . Clem" was the answer given by a character on a Firesign Theatre record We're all Bozos on this Bus, circa 1970, when asked by a computer for his name.
..if you can disable it, and the instructions mention that you can and explain how to, is this really that big a deal?
This is not adequate for two reasons.
First, many users will never discover it. For these users, the censorship is involuntary and permenent.
Second, Free speech is a right, not something any entity can predicate on an action at their whim.
The opposite might be acceptable, if the users could deliberately request this "feature". The fact no sane person would activate this "feature" also speaks to the fact it's a corruption of ethics.
Actually, Belkin is not getting ad revenue. They're advertising one of their own products (parental control).
Also, I think Belkin, D-Link, et.al. might well listen. The home wireless router market is a cutthroat, commodity place. To me, they're all basically the same box. Why would I buy from a company that routes me to spam, when there are 5 others that don't on the same shelf for the same price?
After a 18 hour operation, a router was removed from a belkin representative's rectum. When asked how the hardware device got there, all the man could say was "No. More. Spam. I. Promise...."
During the operation, the heart monitor seemed to have contracted a strange glitch; every 100th heartbeat a message about "Herbal Penis Enlargements" would pop up, blocking the stats"
Belkin belongs on fuckedcompany.
I agree that if I'd bought one of those things and it started redirecting my traffic, I'd consider it defective and demand my money back. Belkin's really moronic to think that this won't backfire on them and result in an expensive class-action lawsuit. Maybe they can defuse a lawsuit by offering refunds to anyone who's upset at the feature, but I'm guessing they're too sold on their own flawed logic to understand that what they did is not going to be seen as anything other than making the product do something its owners didn't ask it to do, and that Belkin didn't tell them it would do.
I can smell the class-action attorneys lining up now.
It's the difference between opt-out and opt-in. If Belkin's routers shipped with this "feature" disabled, who in their right mind would turn it on?
"So Mr. Stevens, you are saying that you ordered an Extra Value Meal, and the cashier instead hauled off and punched you in the face."
"That's right."
"And so you are charging the cashier with assault."
"That's right."
"All right. Mr. Defense lawyer, what do you have to say to that?"
"Mr. Stevens: Did you specifically ask my client NOT to punch you in the face?"
"Huh?"
"What did you tell him exactly?"
"Um.. I told him, I would like a number three meal and a Dr. Pepper."
"I see, and that was all?"
"Um, yes."
"Not that you wanted a number three meal, a Dr. Pepper, and to not be punched in the face?"
"Uh.. no, just the #3 and the Dr. Pepper."
"Your honor. How can my client be expected to be held responsible for this when Mr. Stevens was unclear about what he wanted? Had he configured his order correctly, my client would not have punched him in the face. So why is my client the one to blame? What do think Mr. Stevens expected to have happened?"
"Hmm, excellent point. Case dismissed."
I found this quote from Eric Deming in response to the original newsgroup posting quite interesting...
[quote]
By the way, this procedure (disabling the nagware in the router web-config) might have to be done if your router is behind a firewall. Reason: filter.belkin.com sends a response to the Router to set the flag. [/quote]
So Belkin deliberately left a configuration on the router to be modifiable by someone without proper authorization (the owner of the router or the network admin)? Absolute genius. Destroy your company's reputation 100% in one easy step: the backdoor(s) will piss of the geeks, and the nagware-advertising will piss off Joe Sixpack.
"Jesus saves, but everyone else in a 10 foot radius takes full damage from the fireball."
Belkin (verb) - To serreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
It's a decent start at a definition. One could say "I installed this topdesk thing which totally belkined my browser". Let's make their name synonymous with bad behavior.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I was pretty unhappy with this, but was unable to convince my bosses that this was evil or risky. The company had apparently convinced them that they had checked it out with their laywers, and because they weren't changing the site's HTML -- they were putting outside Google's final </html> -- they were safe. (Never got an answer about substituting ads.).
I don't work there anymore, but last I heard it's still going on, and there's a few ISPs, at least in Vancouver, that are doing this. Scary.
Carousel is a lie!
It's a ROUTER. By design, it's supposed to deliver traffic to it's intended destination, to the best of it's ability, 100% of the time. Not route a request to some other place- that's not it's design (well, in the case of Belkin's routers, unlike everyone else's, that is...).
Unlike popups, etc., this is redirecting randomly selected packets going to port 80 (and probably the HTTPS port as well...) to thier server. Take a wild guess how many different things that just broke (SOAP, XML RPC, etc.). Like someone said, I hope nothing mission critical for you is on the inside of this stupid router- because it's BROKEN by design (And "configuring" the Router doesn't include turning frigging adverts off, either...).
It's got to be one of the stupidest things I've heard of in a long time done for the sake of marketing.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
The device was replaced with another brand that works fine. Off line and collecting dust, I've never had a problem with it hijacking my HTML and inserting ads. Now I have another reason to not buy a Belkin product again, but I hardly needed one.
I'm an American. I love this country and the freedoms that we used to have.
Hell, between the RIAA, DirectTv, and now Belkin, I'm running out of companies I can do business with.
Where's my lobbyist? Right here.
I have one of these gems and it redirects the three PCs going through it about once every two weeks. Incidentally, I have clicked the opt out href probably 5 times and each time it gives me an error message saying my request did not go through then I keep getting the redirects.
I was incensed enough about this that I read all the usenet posts in NANAE about it.
In the post by the Belkin employee he notes that clicking the opt out link won't wotk if you're behind a firewall, because the response won't get through your firewall and back to the router. To turn this off, you'll have to go to the local http page hosted by the router, and opt out there. (And I'm not sure even that would work for me; my firewall is set to block localhost (127.0.0.1) to localhsot connections too, unless I've explcitly allowed them for specific applications.)
Also, the Belkin employee proudly states that the hijacking occurs once every eight hours, so if you're only seeing it every two weeks, it may mean that applications other than your browser that make requests to port 80 (http downloaders such as emusic's, rss readers, various applications auto-updating or calling wget, perl scripts, python scripts -- all of these things on my system might make http requests) may be failing silently.
If you see one hijack in your browser every two weeks, that means there are 41 (3 * 14 - 1) http requests in those two weeks being hijacked that are not browser traffic. Given that silent failure, who knows what's been lost, corrupted, or delayed on your computers.
Naturally, I'll never purchase a Belkin product again, unless Belkin certifies that whoever thought this up, and whoever approved it, have been fired.
Selling me a product, claiming it does something, and then making it intentionally fail, in order to sell me another product? Then you'll never sell me anything again.
Opinions on the Twiddler2 hand-held keyboard?
If you word it as you've done above, you make it look like you have a vendetta against Belkin out of spite. You don't need to.
I will be avoiding Belkin products especially those with "intelligence" (such as routers) until it's absolutely clear they will not pull this kind of stunt again. I will be avoiding it for the same reason as most of the people reading this article will, because I demonstrably can't trust Belkin to produce a working one. It doesn't matter if it's a random redirect of port 80, or, say, the box advertising a higher MTU than will work over a PPPoE connection - the fact is it's broken, and it appears to be an incompetent decision that's the source of this.
Belkin needs to demonstrate that this will not happen again, not to reassure everyone they're not really a bunch of utter bastards, but to convince everyone they're not really a bunch of idiots.
You are not alone. This is not normal. None of this is normal.
It's annoying enough to know that when you're sitting at a computer using a browser to surf the Web, a couple requests a day will get hijacked to the spam site.
But what about automated HTTP requests? You might be running some script to wget the latest greatest kernel source and instead it downloads a piece of spam. The hijacked HTTP request might come in the middle of a Gentoo build, or as you mirror a Web site and have a page replaced with an advertisement. You could be tunneling some other protocol over HTTP, and then who knows what this would do.
Very stupid and annoying of Belkin. If they wanted to make their parental control thing so easy to use, just include a CD that says "Put this CD into any computer on your network to enable parental control on your new Belkin router!" Newbies can figure that out. I don't want my own router launching some kind of spoofing attack on me three times a day just so I can view more spam.
What I love is Belkin's claim that they did this because having somebody visit a page violated their "ease of use" requirement. What a joke! As if people can't type in a URL after reading a leaflet included in the box? Are they aware that people type URLs all the time without trouble? They could even install a desktop shortcut to make it even simpler.
Then their letter goes on to explain how to disable the feature in the router (so you don't have to wait to be randomly redirected to the ad), and the instructions are quite vague: navigate to 192.168.2.1, find the setting which says something like (they don't give exact wording or where to find it, just vague directions), and turn it off. Where's the "ease of use" in that? Are they suggesting that this should only be turned off by advanced users and that naive users should simply sign up for their services?
Why can't they just admit that they wanted to prominently promote their subscription-based service? It's not like it isn't obvious what they're up to or anything.
That we won't buy. I mean, the 15' VGA extension cable (I don't have one, but...) could suddenly take over my monitor and display a 640x480x256 ad for Belkin porn filtering for VGA extension cables. The 25' and 14' Belkin network cables on my network could cause my site to display random ads, or worse, fry my D-Link router (or even worse, fry both the router and the $99 if damaged ADSL modem!) The 15' DB-9 extension cable could turn digital photos into ads (I don't use it anymore, but...)
"Belkin support, how can I help you?"
"My router every once in a while replaces my URL with one for Belkin parental controls."
"That's correct."
"But I just spent half an hour filling out the web form, and it doesn't cache, so I have to do it all again."
"You can turn off parental controls by clicking on 'No thanks!'"
"So this is intentional?"
"Yes sir, it's a service to you, provided at no extra cost. It also comes with a free 6 month trial."
"But a router is supposed to ROUTE."
"It can do that, if you change the configuration."
"So, it comes intentionally misconfigured to fail once every eight hours?"
"It's not failing, it's offering a service."
"So it's spamming me."
"It's not spam."
"Why not?"
"Because we're offering you a service you might not know about."
"So it's intentionally misconfigured to send me spam on something I didn't request any information for, dropping my URL and information in the process?"
"Well, yes."
"You should really just kill yourself."
"You're right. Goodbye."
*BANG*
"Dang, should of told him to kill the marketting department first. Well, I can always call back..."
=Blue(23)
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
...and spoke to someone in India who had no clue what I was saying and even less clue why I was upset about it. She kept telling me how to turn it off. I told her, "I've already turned it off! My issue is that it happened in the first place!" She told me how to turn it off. I hung up.
Glad to see someone else is pissed off about this. I turned it off in my router, got mad for an hour or so, and went on using my router.
Coincidentally, Belkin routers can't work with arbitrary MTU's over PPPoE, in case anyone needs further reasons not to buy them. I won't be buying another, even though mine works okay, sort of (I'm the netadmin for my ISP, so I can futz with things to make it work despite itself).
Jouster
Sleazy tactics like this aren't going to end. Theres only one solution. We need to sit around and think up every sleazy, disgusting, wrong, and dishonorable tactic someone could use to pervert the internet and it's standards to make a buck. We take that list, and patent it.
1. Client initiates a connection to www.my-private-site.org on HTTP port.
2. Client is silently redirected to Belkin's site.
3. Unknowing client sends the HTTP request, a POST request which contains some sensitive information.
4. Belkin has now hijacked a connection and received sensitive information that was not intended to go to Belkin.
Logically the thing to do is prosecute Belkin under federal wiretapping and computer crime laws.
This one is a bit more grey than something like versign's site finder. IMHO i think that adds should only part of a product or service if the terms of that service explictly states that there will be ads. At this point we have a choice of using that service or not. So we have a choice of seeing those advertisments.
This goes wrong when advertisments are part of a public space. Like sitefinder or billboards. If we are in that public space, we have no control over wether or not we will see the ads.
As for the belkin routers. In this issue they are not breaking any rules unless they do not inform the consumer that this "feature" is in thier products. A consumer does not have to purchase belkin routers.
In America we are imprisoned by our fear of them.
We have one of those 4-port DVI KVMs (F1DD104U) and I have to tell you, we've gone through at least 3 RMAs on it.
The first DVI port DOES NOT WORK at resolutions above 1024x768. On any of them.
The LCD goes absolutely fucknuts when connected to it.
It's sad. All of ours are being used 3x1 because of it.
Let's face it, Belkin sucks. Cables are way overpriced. Don't ever buy anything from them.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
ericd@belkin.com
Sales Prevention Team
Belkin Corporation.
Glonoinha the MebiByte Slayer
Even if they take this out, it's too late... They did this once, what's to say they won't do it again?
And the count of 3 just got bumped up to 4. And #4 is the guy that fills out the PO's and requisitions for the Director of IT at a nationwide telcom provider. We have 8 data centers, and 6 more are coming online within the next fiscal year. That's just a hair under $50 million USD of product that I research, and give my blessing upon for the Director to rubber stamp.
And not a single center will have ANY product made by Belkin.
I'm not crazy,I'm actively irresponsible.
Here is one [http://www.microsoft.com/hardware/broadbandnetwor king/productdetails.aspx?pid=003]
Oh wait..we hate them too.
Cave, wreck, and deep diver.
Did they even consider the potential liability issues when they came up with this scheme, or did they just say, "hey, let's roll with it"?
Dewey, what part of this looks like authorities should be involved?
We're all part of the public, aren't we?
Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220
melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com
(this is (unless you get redirected by your router) publicly available information at www.belkin.com)
Opinions on the Twiddler2 hand-held keyboard?
Good afternoon.
My name is [name deleted], and I work as IT department manager for a medium sized company in [place deleted]. I write to you in light of the recent unveiling that Belkin are knowingly shipping routers that show commercials to the end users by hijacking HTTP connections.
I am not sure if the product manager, Eric Deming, who designed the product to not work as expected did so understanding the full consequences if - or, rather, when - this information would become public. The one reason Belkin's name has been held in high regard at the company I work for is because of dependability. When it turns out that Belkin is actively designing products to not work dependably, but instead display advertising at the user; that reputation of dependability... well... there's not much left of it. And, as you are aware, for every one of Belkin's products, there is a competing product.
It becomes much worse. It also turns out that Belkin has the ability to remotely modify the behavior of these routers. When I showed this fact to our network security people, they went ballistic and drove straight off to the local equipment store, only to come back two hours later with a bunch of boxes. 30 minutes later, there was a heap of discarded equipment in a disorderly pile in one corner of the networking room. The discarded items all carried the name "Belkin". I signed the receipt for the new equipment with a look, a sigh, and a nod.
To top it off, it seems that your Mr. Deming who designed this behavior believes that every outbound hijackable connection originates from somebody sitting at a computer and browsing the web. However, more important are the automated connections. What would happen if the backup for our commercial data, which is transmitted regularly over the Internet, instead was pushed to Belkin, due to this behavior? What would happen if virus or operating system upgrade connections were the ones hijacked? Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.
This product has been designed to not work, despite charging good money for it. I lack words to describe how shameful this behavior is.
Additionally, if the Belkin corporate culture is one that allows such a technical atrocity to make it to the shelves for one product, then it is obvious it may happen again, or has already happened, for other products. However, rest assured that this company will never again buy another Belkin product as long as I run the IT department.
[signature]
You can blame the marketing department all you want (please do), but at some point it was a geek (maybe someone who reads /.) who actually programmed this functionality. Their boss is probably somewhat of a techie, too. The testers who checked this functionality and the folks who created the web page also have some tech skills and savvy. Did they all think this was right?
The point is that geeks are to blame for this. The marketroids may come up with some stupid ideas, but who actually implements them?
I understand (completely) the self-presevation necessary in today's economy and the unwillingness to say, "No!" to something like this. I hope there were technical objections at Belkin. I hope there were testers jumping up and down and screaming about RFCs and proper routing and a failure rate of 3 per day per unit shipped, but I doubt it.
The next time your boss comes to you with one of these half-baked, assinine ideas, I hope you tell him that you object, as a Geek.
---
Q: Why do marketing guys wear ties? A: To keep the foreskin from flapping up!
You have just guaranteed that I will never buy one of your products. Furthermore I'll make sure I tell anyone I know who is interested in consumer gear of your utterly slimy behaviour along with my recommendation to give you a wide bearth.
In summary you have bought a "router" that has its internal configuration updated by an external event.
That is, I (or anybody on the inside of my net, not just an administrator) can click on a link delivered from outside my area of control and that link SETS A FLAG IN MY ROUTER....???!
So now I have my router with its optional firewall support watching the data transport and reconfiguring itself in response.
This is such a bad idea it is unspeakable.
What if the first guy to see the web page and who isn't the rightful administrator, accepts?
How long until a nice buffer-overrun attack lets a malicious server reporgram my router?
How much of the CPU in the router is wasted looking at each HTTP request in search of this flag setting?
Belkin is "stealing" cycles and security from their customers.
Not smart.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Belkin hasn't just abused customers' trust and falsely advertised this piece of trash as a router, they have also opened up security holes for no other reason than advertising censorware. This behavior isn't just wrong, it's despicable.
That's it. I'm no longer part of Team Sanity.
Some of the settings they're using....
n guage=Englishf iles/5 4g_router.html. com
e zone=54 .18_ dd=1p date=0
b _subsc=2b _report_enable=0
OS parameters
os_name=linux
os_version=3.00.07
la
user_conf_ver=1.01
kernel_mods=et wl slhc ppp_generic pppox pppoe ppp_async mppe
fw_src=http://networking.belkin.com/update/
route_check_host=heartbeat.belkin
NTP Default
ntp_dst_enabled=1
ntp_enable=1
ntp_tim
ntp_sync_interval=1
ntp_server=192.43.24
user_time_yr=1970
user_time_mo=1
user_time
user_time_hr=0
user_time_mn=0
user_time_u
Cerberian
ceb_enable=0
ceb_email_enable=1
ce
ceb_timeout=10
ceb_unavail_block=1
ce
ceb_expire=0
iapp daemon
iappd_oid=00:30:bd
device_type=1
--Rob
I do am unlucky to own (and ignorant to buy, sigh) a Belkin wlan-accesspoint (802.11G). As these accesspoints and wireless routers all carry the same Broadcom-chip and modifications to GPL sourcecode as the Linksys 54G-variants, they should release their sourcecode just as Linksys nicely did.
Now I do believe when that is done that should solve the problem with this re-routing...
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Hi Christine,
Thank you for your kind and timely response.
Please forgive my additional questions, they are technical in nature. I'm sure you're getting a lot of communication on this subject lately.
I understand that the HTTP redirection is not really spam or spyware, it is more of a configuration page. I have applications that regularly download via HTTP:
1. Operating system updates (e.g., Windows Update)
2. Real-time data (e.g., stock quotes)
3. Critical data (e.g., drug interaction updates)
How does your product ensure that one of these HTTP connections (i.e. one not coming from a browser operated by an administrator) does not return the parental controls option page instead of the actual data requested?
The product is now open to receive configuration settings from a remote site (the external website is able to disable the 8 hour reminder). What authentication mechanisms are in place to ensure that the reconfiguration of the router by the remote site is, in fact, authorized? Note that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance requires 512 bit encryption on data transfers. Can I continue to recommend this product in a HIPAA environment?
Thanks again,
Marsh Ray
cc: kmc
Christine Lee wrote:
> >
>
> -----Original Message-----
>From: Marsh Ray [mailto:marsh@mysteray.com]
>Sent: Friday, November 07, 2003 4:21 PM
>To: sales@belkin.com
>Subject: Routers
>
>Dear Sir or Madam,
>
>I heard the wildest rumor today, and am seeking some clarification. Is
>it really true that Belkin routers will misroute http connections to
>advertisement sites?
>
>I have always held your products in high regard and am having a hard
>time beliving this.
>
>Regards,
>
>Marsh Ray
>Belkin customer since 1997
>
The DRM technology promoted by Microsoft, the MPAA, the RIAA, and our legislators (in the U.S.) are all that is needed to implement a network wide censorship of content on the web, in our email, and on any document or media file that traverses the web.
People asking Congress to regulate email, usually using spam as a justification, are asking Congress to assume the right to regulate the content of our private communications. The Patriot Act has already given the government the "right" to monitor it.
If Microsoft's DRM facilities are capable of the user control that they claim they are, then it would also be possible to block the transfer of any document that was not made with that technology, to track the origin of any document to the users computer and userid, and to filter traffic at the router for any specific document. Palladium would enable similar "features" to be implemented as well.
I believe that this is and always has been the motivation behind DRM, and that the censorship will be implemented not only to protect the media giants that currently enjoy monopolies on entertainment, but also to ensure that the message put forth by these companies as "news" will be able to continue unchallenged by smaller sources who are either more concerned for the factuality of what they are reporting, or are unfettered by the necessary allaiances between government and our large corporations and are thus not obligated to report only the sanctioned viewpoint.
Before anyone recommends the tinfoil hat, I'd just like to ask you to consider:
Is it a safe enough bet to allow to chance?
Can we assume that despite this capability being built into the network and our software it will not go unused?
Is a government that seems desiring to curtail our rights (while promissing the payoff of lower taxes) going to show enough restraint to not censor once it is capable?
Are the software and media companies actually idealistic enough to prevent this? or would they willingly participate with an opressive government as long as that government promisses to protect thier market position in the face of growing competition?
Am I overly paranoid for considering this to be a possibility?
Is paranoia justified in situations such as this?
Read, L
Just got this from Eric Deming. Funny, he's working late tonight!
From: Eric Deming [mailto:EricD@belkin.com]
Sent: Friday, November 07, 2003 10:05 PM
Subject: RE: defective router
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
We'll have to see what they come up with next week.
<sig>Guvf vf abg n frperg zrffntr
Wow. That was quick.
Haha! It looks like slashdot had an effect. This is the reply you get from sending email to Eric Deming's address:
Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.
All,
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.
We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.
I'll keep posting as things develop. Stay tuned...
Well, it gets better and better. It looks like Eric Deming canceled his original reply (MessageID: c91e821d.0311051525.70aa9920@posting.google.com).
:)
Wow, that was not the smartest thing to do. I mean, when you have a bunch of techies chasing you don't try and throw them off the sent with Usenet trickery. Use their weakness against them and throw pictures of naked women at them.
KangarooBox - We make IT simple!
The letter makes it clear that Belkin still doesn't get it. The letter isn't an apology, it's an explanation, an excuse for Belkin's reprehensible conduct, and it's full of spin - that's the polite way of saying misinformation, which is the polite way of saying lies.
The letter begins by claiming that "a group of privacy advocates have targeted Belkin Routers". That's not the case at all - a single user posted an explanation of Belkin's router's hijacking, and asked if anyone knew any more about it, in the usenet group news.admin.net-abuse.email. No group was involved, and there was no targeting.
The letter continues with a claim that "[t]he Parental Control registration page is not spam, adware or spyware. It is part of the setup process of the router. It does not "hi-jack" the browser." It is, apparently, part of the set-up process, but that's spam in and of itself: the user hasn't purchased Belkin's "Parental Control", but in the process of installing what he has purchased, the user is forced to sit through an advertisement for another Belkin product, whether or not the user has requested this advertisement. That's the essence of spam.
(And yes, I know that businesses like to claim that unsolicited advertisements are not spam if there is a "pre-existing" relationship with the customer, but that's bunk. Buying a product does not involve an implicit agreement to surrender my time to the manufacturer.)
Even if you're willing to by the argument that installing a product should be made more complicated and time-consuming by subjecting you to advertising, the reason that Belkin's received so much unfavorable publicity is not a one-time ad at install. The problem is the ads repeat indefinitely, every eight hours, until you, the user - Belkin's valued customer - takes some action to make them stop. And this is the same as he sneering spammer who sends you unsolicited email with a "click here to opt out" link. Not only does it steal your time, it steals more of your time before you can make it go away.
The letter goes on to state that "nor does Belkin have the ability to advertise to our customers using our routers as a conduit."
Wait a second, lady. This whole brouhaha started because Belkin continues to use its routers as a conduit to deliver customers to its ad for "Parental Control" every eight hours. If your routers didn't have that ability, we wouldn't all be telling you why we're not going to buy Belkin products anymore. This is a blatant lie, and an insult to the intelligence of anyone reading it. The page the router delivers users to is an ad. It's a solicitation to do additional business with Belkin.
The letter also claims that "[i]f a customer clicks "No Thanks" on the first prompt, the for Parental Control signup will no longer appear." Not entirely true. Belkin Manager Eric Deming admitted in a usenet post (since cowardly cancelled, but mirrored here) that clicking "No Thanks" won't work for users behind firewalls. It also appears that the "No Thanks" gets reset if the router is reset, and anecdotal evidence suggests that the (low) quality of Belkin's routers makes resetting rather more usual than it should be - possibly as often as every 20 minutes.
The letter ends on a surreal note, "[the Belkin advertisement web page] is not a browser pop-up, this means that the Parental Control web page will only be displayed if the user opens the browser". Huh? It's not a br
Opinions on the Twiddler2 hand-held keyboard?
That's my take on it too. They got bitchslapped for implementing a Dumb Idea, and they're now saying, "You're right, that WAS dumb... give us a few days and we'll fix it."
;)
If a company makes a mistake, or even a major blunder, but owns up to it and fixes it, that tells me they really DO care about their customers. This is a far cry from a company that tries to excuse their behaviour and wants US to live with the consequences.
So while I won't buy this *particular* Belkin product, their behaviour is NOT deserving of an across-the-board boycott.
What people also forget in their rush to find "some other product, ANY other product" is that other companies may have implemented naughties that you don't yet KNOW about. So in your haste to punish the erring company, you may well be jumping out of the frying pan and into the fire.
Sometimes I think people who go off the deep end like this should be cast into the outer darkness the first time *they* majorly fuck up. That'd teach 'em a little restraint.
~REZ~ #43301. Who'd fake being me anyway?
Next drop URLs into an almost-invisibly small FRAMEs, and have the main frame show one of those annoying "Site loading" things with a 5 second redirect to the next page of the site, target _TOP(No, there shouldn't be a space between 10 0, it should be 100 -- slashdot doesn't love me)
When the browser hits the "next page", it will trigger some classic windows exploits (for education purposes only, of course)
You could turn off ZoneAlarm and PC-Cillin too if you wanted.
Give a man a fish, he'll eat for a day, but teach a man to phish...