Slashdot Mirror
ISPs Inserting Ads Into Your Pages
TheWoozle writes "Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content providers nor the end-users have been notified that this is taking place, and I'm sure that they weren't asked for permission either."
It's not like we pay them for our internet access or anything.
Oh wait, we do... crap.
Patience is a virtue, but haste is my life.
Back in the days of 56k modems some ISPs used to use proxies to make images smaller so sites would appear to download faster. This is a much more despicable use. I leave ads on so I can support the sites that I like, but I would be outraged if it turned out the ads were actually coming from my ISP who I was already paying.
This game will waste your life. Don't clicky!
I know this won't be everyone's primary concern, but what happens to all of those pages carefully crafted to adhere to a specific standard eg HTML 4.01, XHTML 1.1 or whatever else you may choose? Surely, unless these uninvited contributions also adhere to that specific standard, we have no hope of producing standards-compliant documents.
I thought that as I read the linked articles.
How did a crap story like this get onto the front page of slashdot?
Does it go on forever?
On the one hand I'd be really annoyed* if my ISP did this to me, on the other hand maybe there are some people who wold prefer ads and a cheaper monthly fee?
And on the third hand... isn't this going to break a whole bunch of websites? I'm having a hard time imagining how they could do it without major side effects.
(* I'd be wanting to stuff a few ads up their HTTP stream, I can tell you)
ccalam - acoustic versions of new songs.
http://wtanaka.com/node/62
It was especially annoying when the ad insertion code didn't quite work right and caused web pages to break.
When I worked at the helpdesk of a small ISP, we were approached by this company to see if we were interested in letting them test their ad-inserting proxy server on our customers. I protested that it was scummy and might lead to legal trouble (I was guessing) over changing pages in-flight, but my bosses didn't listen. That was back in 2002 or 2003, and I left shortly after to take another job. No idea what's going on there now.
I'm moving to a new ISP since my current one has started blocking port 25 in and out. I run my own mail server, so I appreciate that Uniserve's TOS explicitly allow servers (clause #19). However, they also explicitly say that they insert ads:
Needless to say I'm not happy about that, but in Vancouver my choices are limited: Telus (who'll censor web pages if they belong to a union striking against them), Shaw, or a handful of small ADSL ISPs that all seem to be much the same. Uniserve seems the best of a bad bunch.
Carousel is a lie!
Slow news day.
They later issued a new firmware that disabled this. But not before I had issued them a "fuck off" feedback. I have never bought another belkin product since and I strongly urge no-one else to do so either. Fuck them.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Yes I know their hardware sucks for other reasons also.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
The company that runs the box the ISP installed provides an opt-out option. Go to this page and click opt-out.
I think their behavior with this product is reprehensible. Pass the link on to anyone you know who is affected and encourage them to call their ISP and complain every day until it's removed. If all their call center does is get complaints, they'll reconsider whether it's making them any money.
Some people have a way with words, and some people, um, thingy.
There needs to be a new column in all those ISP comparison charts ... so we get to see who the clean ISPs are.
Hit them where it hurts: right where people are deciding which ISP to go with.
Wouldn't Firefox or Opera users easily be able to block these ads? Not that it matters much to the ISP, as I assume most of their users would be on IE, so they wouldn't be losing that many viewers.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
This is one angle to pursue, you have requested a page and the page you receive has been altered by the proxy, therefore "corrupted" the data.
If this continues then someone can write a plugin for Firefox to stop the adverts.
Back at the start of the net, many people started to build their own little networks (e.g. the "freenets", which existed long before freenet) and make connections with their neighbours. This activity was wiped out when ISPs started providing service at less than cost in order to build their business, making freenets not worth the investment. Now we are back at the stage where ISPs are trying to make money and messing up the service. It's time to restart building those networks and move off the commercial ISPs. Does anybody know any good places to start this? I'm ready to interconnect with my neighbours. How do we arrange sensible cheap long distance interconnectivity?
What about freenetworks.org? Are Wifi Coops any good? Any others?
The content in my pages is copyright implicitly, even if I don't register or even declare it in the pages. The right my ISP has to copy it is only for the purpose of publishing it in the transaction I have explicitly permitted: publishing it on URL requests.
If my ISP copies it for any other purpose, like inserting ads, or copies it into (or as) some other context, like an ad page, it's violating my copyright.
Every copyright violation - every page - makes them liable for a fine. That can really stack up, and costs a lot more than each page view generates in ad revenue.
Unless I've signed away my copyright in some contract with the ISP. Which I personally haven't. Nor should you.
If you have retained your copyright, and your ISP violates it, you should look forward to them handing over their business ownership to pay the damages. Email your lawyer from your other account and get the ball rolling. Why should corporate copyright holders have all the fun?
--
make install -not war
The customers of these asshole ISP's may not be able to stop them, but web site owners might. HTML code is frequently copyrighted. Injecting Javascript into a web page creates an unauthorized derivative work. Some webmaster needs to start sending DMCA takedown notices to ISP's using these ad injection proxies.
The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
hell, i already use privoxy, so 3/4 of the ads are blocked...
anyway, is there a complete list to the providers that use that crap?
So if you mom is suddenly very excited on the phone about the latest washing powder or insists that you shave only with 5-blade Gillette for best results, you should know better.
Poor editing day! Oh wait, that is every day, now.
These ISPs are modifying the content of another source. They alter the format or content or appearance of the requested data or information. Potentially, they endanger the quality of the service being provided on the other end. This is an offense against net neutrality.
Content providers who earn income from their own web activity should be among the first to file suit against these ISPs. I imagine network TV companies would be VERY offended if advertisments were inserted over, in or around their own presented material and web based business should be expected to have the same offense taken.
...like a copyright infringment. The ISP takes the work, creates a derivate, then distributes that derivate to you. Clearly the page is distributed as a whole even though it's made up of parts, you'd certainly relate porn ads to a company if they appeared on that company's webpage which means it's absolutely not its own work. It's like a book club embedding ad pages in the books before shipping them to members.
Distribution is an exclusive right of the copyright holder.
That they change the content means all paragraph 512 limitations are out the window.
The fair use test (commercial, creative work, almost whole work (all the non-ad content), kills ad revenue) is a 0-4 slam dunk against.
So tell me exactly, what's protecting the ISP from an "allofmp3" style lawsuit for a few trillion, since every web page is a $150,000 lawsuit in itself? Whoever in the legal department who approved this should be terrified.
Live today, because you never know what tomorrow brings
Ok, mod me down for this if you will, but why not just vote with your feet and go to a different ISP?
In these days of webmail and portable email addresses/domain names, why don't more people do this? It's still a buyer's market, and there's still lots of mom-and-pop ISPs who'll be glad of your business.
All the talk of 'taking legal action' smacks to me as being what's typically wrong with the entire attitude of everyone today. Compensation culture and all that - where there's blame there's a claim.
Smegma.
Exercise your GOD-GIVEN RIGHT to stop using the offending ISP take your business elsewhere and.
Failing that, exercise your GOD-GIVEN RIGHT to walk into the ISP's main offices with an automatic shotgun.
I figure that either way, you're not gonna be using that ISP any longer.
We should start sending multi-page advertisements with our ISP payments embedded in the middle, to monetize the untapped revenue stream available when the ISPs want to get paid.
-- Gary Goldberg KA3ZYW 301/249-6501 AIM:OgGreeb Digital Marketing Inc., Bowie, MD
And the maker is known - what MAC addresses have been assigned to this maker so I can just toss in a block based on the MAC address ranges?
It would seem pretty straightforward to document uses of your website to sell ads, so that you could sue ISPs for copyright violation. This seems pretty straightforward to me.
1) Generate a unique id for every webpage transmitted. php's uniq() function would be fine. Embed it in the page.
2) Generate a checksum before transmitting the page. Save the id and the checksum, perhaps in a mysql database, when transmitting the page.
3) Embed a javascript that can compute the checksum of the document at the user's end. Have it transmit the checksum back to the server.
4) If the checksum doesn't match, have the javascript transmit the content of the page and it's headers, and perhaps even a traceroute, back to the server.
5) Server stores all of the above in a "pages corrupted in transmission" log.
Log analysis should then give you a list of ISPs who have consistently corrupted your pages, details on what they inserted, and documented # of violations with date and time. You can take this documentation to the court and say "Look! Earthlink/Megapath/AT&T/Whoever has illegally copied my website to market their own advertisements 12,432 times in the last year!". Demand remuneration.
6) Profit!
7) Reduce ISP's willingness to fsck with other people's content and thereby make the world a better place.
8) (Optionally) Have your own javascript strip their ad and/or put a banner at the top that notes "Your ISP has attempted to illegally insert their own advertising into our website, thereby making money off you and me without either of our permission. We strongly suggest you switch internet service providers." -- try to get user pressure on the ISP.
I'm about to head out on a 10-day vacation. When I get back, if one of y'all hasn't written this yet I'll start on it myself.
I stole this sig from someone cleverer than me.
The assumption of the ISP is that the ads are rated "G".
Simply buy ads from their service that will offend all their
users.
The amazing health and psychological benefits of abortion
ought to do it. And at the bottom: This ad brought to you
by your friendly neighborhood ISP.
Eh, it beats the at least 3 articles I've seen this week about the issue with videotaping a cop in PA.
lol: You see no door there!
*Read small print* ...ISP not liable if they lose data...devil owns my soul for eternity...agree to have my details being sold to spammers...pretty standard stu.., no wait... own the rights to genes produced by me and any of my offspring in perpetuity... no not it either. Looks like I never agreed to this.
I'd sue, but the contract with my ISP waived that right.
With this happening I can see more and more websites going to encryption. When I hooked up to a CIA factbook report on a country the other day the link was encrypted. I wasn't particularly worried about someone seeing what I was looking at (the URL runs plaintext to the DNS), but having a SSL connection to the web server ensured I was getting the original page.
"Where have all the good people gone?" - Jack Johnson
Some time soon, we will cross the line where my opinion becomes a majority opinion: That any and all unasked for advertisement is harassment and should carry criminal penalties accordingly. Double the punishment if it masquerades as something else (i.e. fake grassroots campaigns, product placement, etc.)
Alternatively, lift all restrictions on advertisement. Then we'd at least have nude girls and hardcore porn on every wall and window, instead of beer and washing powder.
Assorted stuff I do sometimes: Lemuria.org
Online advertising is fraught with privacy concerns as is. Do you really want your ISP, who has access to your home address and credit details, and potentially your entire browsing history and e-mail records, sharing this info with their advertisers?
This isn't just about plugging a banner into a page surreptitiously.
Isn't this like searching my mail and stamping an add on my birthday card? If they are smart about cost cutting get rid of the junk. I don't need your webspace, or your email, or your start page, or much of the other junk you provide. Give me net access like you used to.
and I am not joking. Since it is often said that we should not worry about net neutrality issues at all and that "free market" and competition will take care of any issues.
As the island of our knowledge grows, so does the shore of our ignorance.
unless these uninvited contributions also adhere to that specific standard, we have no hope of producing standards-compliant documents.
Don't worry about it. I'm sure that the pages will render perfectly in Internet Explorer.
When our name is on the back of your car, we're behind you all the way!
Sites that don't like being screwed with might just switch to pure https.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
How to remove ads from Free webpage providers -> http://smog.cjb.net/html/adkill.htm
As a heavy Bulletin Board programmer/user in the mid 80's, I can tell you that one of the answers was something called Fido Net. This was a network of computers linked by phone lines. In the early morning hours of each day, each "node" would telephone its local designated hub, and transfer message packets destined for some other computer. The hub would call *its* hub, and so forth. Data would be received the same way.
But no matter how you slice it, "browsing" at 300 baud really sucks. Gives new meaning to "crawling the net"!
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Why not just run your internet through your own proxy and remove the ads? Sure, it may be a bit slower, but surely it could be done with something like Privoxy on top of Squid.
Just wait until the lawsuits start pouring in from content providers, you'll see how this free market works...
"I like systems, their application excepted", George Sand (French)
Actually it was a host and not an ISP, but without my consent, knowledge or permission, the turned my 404 page into some random spammy advertisement for some other company. They could not understand why I was mad (or maybe they could, but they would not admit it). I wish I could remember who they were so I could bad mouth them by name. Needless to say, I quit their service and never looked back.
San Francisco Photographers
Is it possible to commandeer ISP proxy in order to "shove" one owns javascript/Java/Flash/etc into everyone's stream?
The banners and text advertisements bandwidth counts toward your monthly limit with these ISPs?
The user can't sue his ISP for this, but the CONTENT owner can. This is analogous to framing someone else's content and displaying your ads, or using your work in an advertising vehicle you did not approve. It could also fall under "Appropriation" and even "false light."
A content author has the right to refuse to let certain advertisers use his work in their advertising. For example, one famous photographer refused to let one if his images be used by the tobacco industry. Now suppose the tobacco company paid an ISP to add their cigarette ad to that photographer's image when a browser displays the image. Clearly misappropriation. Incorporating another person's copyrighted work into your own advertising is a well-recognized violation.
Could somebody using one of these crooked ISPs check to see if they're rewriting referral links to sites like Amazon? I stayed at a hotel years ago which was stealing credits like this. It looke like Kazaa was doing this too. The reason I bring it up is that, if they're scummy enough to inline ads, they're scummy enough to try this. And if they are trying it, it would seem like an easier lawsuit to win, because it's very clearly theft.
I am thinking that there likely will be a business niche for a provider called an ASP. Not an application service provider, but an anonymity service provider.
Anonymity not in the sense of a cryptographically secure Cypherpunks remailer or a TOR network, but protection from snooping from the local ISP that people are forced to use. Traffic from an ASP can still be logged, but for some ad site to track a person's web viewing habits for marketing purposes, they would have to snarf logs from both the ASP, and the origin ISP.
There are a couple places which offer SSL based proxying via stunnel, and I'm pretty sure one can use stunnel with most existing SSL based web proxying services. This is probably the best bet for general Web use, as stunnel can be easily installed as a Windows service, configured, and forgotten about after configuring the Web browser to use it.
Of course, one can use a full pptp/l2tp VPN, but the advantage of stunnel based proxying is that one doesn't have to worry about their VPN being up to do basic web stuff.
I've only read the first couple of replies to this thread, but it didn't look like anyone brought up the fact that this is a violation of Copyrighted material (that of the content provider). I hope someone bitch-slaps the ISP's for this intrusive tactic.
I've been using adblock and Remove It Permanently for so long, I just haven't seen any ads for a few years.
They're using their grammar skills there.
What's more annoying is that Slashdot's new ad system totally breaks the page in IE 7. I know, who here at Slashdot cares about IE 7. well only about 80% of the net who uses it.
Looks great in Fox though.
Karma means nothing to me, so suck it...
What if I run a site on which I place advertisements for which I am paid in order to defray the costs of operating my site? When the ISP inserts their own ads when their customers view my site, they are advertising on my site for free. If I have a very popular site, they are profiting from my popularity. Why would anyone advertise with ME when they can just go to ISPs and advertise on every site? It is a way for ISPs to intercept ad dollars upstream and cut content providers out of the revenue loop. Content providers are taking it on the chin again.
Here's another issue: what if Coca-cola comes to me and asks for an exclusive ad deal, then 50 ISPs start inserting Pepsico ads in my site. In a way, the ISPs are violating the contract I have with Coca-cola, and since the ISPs are not my hosting service, there is nothing in the contract with my host that allows ad insertion and my only recourse is to sue the ISPs. Hopefully I could resolve it before Coca-cola catches wind of it and sues me or terminates my advertisong contract.
I have a commercial website. If my ISP would pull such a stunt I'd drag them by their cojones into court for defacing my pages and putting my end users at risk.
Where I live I have to put up a separate page (like in Germany) where I identify my company for being responsible for the content. Adding ads to my web page over which I have no control means that they have asserted control over my pages, and I can no longer exercise my responsibility for content. What if they serve a virus? What if they decide that porn pays better?
Nope - it would be court or police (unauthorised computer use) immediately. No BS, no delay and no mercy.
Having said that, I did notice on one system that I rarely get 404s now. Any unknown domain makes me end up at GoDaddy. Now, I don't have anything against GoDaddy but I prefer a 404 over crap ads, so I wonder where this came from. No matter, I'm about to nuke and rebuild my XP build anyway - I would just like to know where it came from.
BTW, there's also http://everythingisnt.com/hosts.html to suppress all the other crap whilst surfing normally. The failure messages are very instructive as you discover just who is handing your details off to advertisers..
Insert
I don't follow. Can you explain in more detail?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I could also see a class action lawsuit against an ISP. If they are selling you 1.5Mbs, and not delivering that bandwidth and then injecting content that will slow your bandwidth even more, I'm sure some lawyer could come up with something about this.
All I have to say, is that this can't end good, but also, I think his could open the door for more need of filtering proxy/firewalls. Instead of just a netgear router/firewall, you would have a ad filtering proxy in there, that you could configure.
Only 'flamers' flame!
Does slashdot hate my posts?
Some Canadian ISPs at least have been doing this for years, in a more limited fashion. A friend of mine complained that he was getting banner ads inserted into Google and Yahoo search results pages (and while Google does put ads into their search results, they are not graphical banners) about 5 years ago. Looking at the code for the ad, it was easy to see that it referred to the name of his ISP ...
Given the price wars between ISPs, the fact that other providers are also doing this would be no surprise at all.
I don't (buy Enzyte! Feel like a MAN!) believe that this kind (Get your ULTRA LOW COST HOSTING here!) of advertising actually (Your computer may be infected! Click here for a free scan!) exists...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
40 bits is plenty (unless you are going to be exchanging private info) for ad spoofing protection. While cracking 40 bits is certainly doable, it's not worth doing it to insert an ad (at least in 2007). And 40 bits is trivial for computers to do these days.
now we need to go OSS in diesel cars
Even HTTPS can be ad-pimped if you didn't literally use HTTPS to begin with. If the first access you do is plain HTTP, the ad-pimpers could replace the HTTPS redirect to an HTTPS server of their own. Your browser would accept that because it's using a hostname of the ad-pimper. That server would then do HTTPS to access the original site (which thinks it is seeing a client behaviour in that server). Your only clue would be something funny in the URL, such as "https://yro.slashdot.org:validated-secure@web.moo noveraddison.com/article.pl?sid=07/06/23/1233212". I don't think they know how to pull this off just yet, but I bet they will try it when more sites do redirects to HTTPS (because the average internet user won't really know to do that). They will get away with this because those same average users won't really know of anything wrong in such a URL.
now we need to go OSS in diesel cars
Reminds me of the mid-late '90s when a series of 'free internet' dial-up providers emerged (meaning no financial cost) If you didn't mind a 3rd of the screen real estate being taken up by various ads it was okay, (that was 800x600 days). I think it was a specialized browser or something. I helped a friend sign up to it who just needed to check his email, and I remember the whole thing just really sucked because the already-slow dial-up connection had to download lots of graphical ads making it an even slower experience. You know the old adage: you get what you pay for. At one point the Petro Canada gas stations were giving out free CDs containing this software as a promotion. I don't think it was ever widely used and lasted for only a very brief time but somebody made a heck of a lot of money from it. I'm sure that was the intent from the start, to cash out, because the product wasn't really feasible beyond the initial 'free' pitch.
If they are creating derivative works, then there could be more serious implications than violation of copyright. AFAIK At the moment ISPs in the US are exempt from being done for any kiddie porn that is sent over their lines cos they are just a transparent carrier, they aren't meant to change the content, and in return they are protected from liability for any illegal kiddie porn or oter illegal stuff sent over their lines. or something like that. If their proxy downloads the page, and rewrites it then sends the rewritten page, are they then republishing that page. So if they rewrite a page full of kiddie porn, and then send their own rewritten page to someone, are they not publishing and distributing that kiddie porn, and there fore can be done as kiddie porn distributors?
What if Tetris was invented by Nazis?
Comcast inserts local ads on TV channels. But at least they are permitted to do that with the channel producer's permission. In the case of national networks that are optional to carry, this might be part of the contact that have to get that channel carried (reduced rates the producer has to pay, or higher rates Comcast pays, depending on which channel). With over the air stations that they must carry, the station has to get part of that revenue to go along with it (which in theory helps pay the cost of station operation and program sources just like the station ads do). I see nothing wrong with it because the content provider gets some benefit (revenue or carriage) from it, as long as the program content itself is not covered up (which my local Comcast was doing accidentally for a week, once, due to some misprogrammed computer).
However, if the providers of content are not a party to this process, then I do see some serious legal issues, including copyright, with it.
We need to have more web sites make the switch to HTTPS and do redirects from their HTTP to go to their HTTPS sites.
now we need to go OSS in diesel cars
It used to be pretty common for small ISPs to have HTTP proxy caching servers. It improved performance and saved them a lot of money on bandwidth, back when bandwidth was expensive. It was an especially big win for a few commonly fetched web pages, like www.netscape.com which was the default browser home page.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
ensertin sum adz
The other question is who to sue - just the ISP, or also the box maker? If the ISP just buys the box as a product, and buys a stream of ads from an ad vendor, it may be harder to get at the box maker, but if the box is packaged as a service including the ads, then it's pretty clear that you can nail the box provider. And it's the box provider you really *want* to nail, because this is a business model that deserves to die.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Seattle Wireless has been fairly quiet recently, but they are still working towards a free Seattle 802.11 network. A local network via 802.11 is an effective and minimal investment method for connecting a freenet.
In medium-large markets, there are CLECs like Covad and New Edge that rent copper from the telco and run their own DSLAMs, and in most markets, if the telco is running a DSLAM, they'll wholesale an ATM connection to the ISP, so they're only providing Layer 2 service, though in some cases they'll only do PPPoE which is an ugly tunnelled Layer 2ish hybrid.
Either way, the DSL ISP gets complete control over the IP packets and provides the backbone connectivity to the internet. If they want to set policies against servers or kill your Port 25 packets, they can, or if they want to sell you wide open genuine Internet service with static addresses that lets you do anything you want (except for the no-spamming AUP), they can do that too. The only thing the telco affects is the base cost and the speed. If you want to whine about "I can only get 768/128 here", then yeah, that's a legitimate telco issue, but the "consumers only have two choices and they both suck" whine is bogus.
Speakeasy's probably the best-known US-wide open-policy DSL ISP, but there are a bunch of others, and a lot of regional ones.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Actually, my friend had an anti-virus system that worked via proxy (his server downloads the content, then scans it, then serves it to the end users), which would replace a website's ads with his own. (It was totally sketchy!) His algorithm to determine if a site was a porn site screwed up a few times though, so people got porn ads on non-porn sites.
> To have a man-in-the-middle, all you need is a certificate signed by an authority that your computer trusts. The ISP can surely get that.
Give this man a cookie, or at least a mod point.
Once they manage to get your browser loaded up with a CA they control it is game over. Imagine, you type www.chase.com into your browser. Remember, THEY also operate your DNS. They resolve www.chase.com to an address they control and generate a certificate linking www.chase.com to that IP. Meanwhile their proxy server connects to the real https://www.chase.com/ and retrieves the homepage. Then their faked out server reencrypts the content and their inserted ad and sends it on to your browser which displays it with the lock intact.
This is what the various secure DNS proposals are intended to address. DNS hijacking allows almost any abuse in the higher layers.
Democrat delenda est
SSL.
If they decide to play man in the middle (which I sort of doubt? foolishly?), users will get an error that the hostname doesnt match the cert- and also at that point aren't they committing some kind of hacking offense? But either way, it'll be much more obvious.
With a little searching, I found two ISPs doing this right off the bat:
gator-isp.com
bonzai-isp-buddy.com
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
http://directorblue.blogspot.com/2006/07/think-yo
From the site:
Let's play video games with mailmanZERO
We log everything - we're a global streaming media website not an ISP, and what we log is media player events for statistical analysis purposes - and it chews up 70 to 120 gigabytes per day at our current rate. This costs us about $1200 a month in my disk and server budgets. Which is a relatively small number in my total monthly IT budget. We've been running for just under 11 months now and haven't had to dump anything, but I can see us starting to purge the oldest log records within the next 6 to 12 months.
Around 2003-2004 I subscribed to a Vancouver-area ISP named MDI Internet, and near the end of my term with them they implemented software called Adzila, which worked as described in the article. Here's an example of an ad it inserted on Google search results:
n erae1.png
http://img528.imageshack.us/img528/5052/adzilaban
It is a system, like any other. It has some pretty massive positive feedback loops built into it. There is a reason the rich get richer, and the poor get poorer, and it has nothing to do with government control.
The market fails to allocate resources efficiently in the case of natural monopoly, imbalance of information, and externalities. The government needs to step in to restore balance to the market. Without government oversight, unscrupulous players can leverage market failure modes to dominate the market.
You can hand-wave all you like, shouting about how the market will self-correct, but that will only fool people who have not actually studied history or looked at the market in action. There is a reason all countries gave up laissez faire: it didn't work, and led to horrible, horrible abuses.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Gee, you left out the very next part:
"Modifications are required on the client
This approach, though, does require a slight modification on the client side. Namely, the server has to be "trusted" within the client's certificate chain. "
Therefore, without user acceptance of the Proxy certificate, no go. Your ISP isn't sniffing your SSL traffic. Your boss MIGHT be.
Let's play video games with mailmanZERO
I don't know about you but I get most of my certs through my internet connection.
The only problem I see my ISP having is the initial install when all the old certs on my machine go belly up. After that they could very easily proxy a man in the middle.
That's why I don't do comerse over the internet.
JACEM
DOC Disinformation Obfuscation and Confusion
The carrot to FUD's stick
against the content provider copyright law is an asshole animal disguised to screw everyone involved except huge corporations. #1 anyone can collect damages #2 if your site is truely copyrighted you can collect statutory damages and attorney fees #3 if you rely on inherant copyright all you can collect is ACTUAL damages and must pay your own attorney fees and even if you win you WILL NOT be awarded any more than actual damages. giving this: how the fuck will the average joe get anywhere without just giving away 10K to some fuckhead attorney just to get the ads removed so you can get $0.015 per page view awarded as actual damages. the ISP's are laughing at congress and the copyright office all the way to the bank. Whereupon they quit laughing and spend your money with a big shit eating grin on thier smug fat faces.
Forgive me if I missed it, but what ISP do you have?
ttuttle is a rankmaniac
If these companies are injecting ads into sites containing the Grateful Dead's non-commercial material, then they are illegally profiting from the Grateful Dead's copyrighted works, and both the Grateful Dead organization and various site owners who are suddenly at risk (such as the Internet Archive ) may have the basis for a lawsuit. (The Archive is non-profit, but fairly well funded.)
A: Way to group all conservatives together. FYI, it is in fact LIBERALS that love Big Government and Government regulation. Last I checked, it was Democrats like Hillary Clinton that support Government regulation on violent video games and the like.
B: To destroy your little argument here, the FCC only has the ability to regulate content on BROADCAST NETWORKS--Cable channels regulate themselves. Boy, I bet you feel like an ass now, don't you?
C: Why is it liberals claim to wish to uphold constitutional rights while they continue to support things like gun control. Last time I checked, the right to bear arms was a constitutional guarantee.
Personally, I'd like to see a "signature" icon where the padlock icon goes for un-encrypted, signed pages.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
One of the problems CleanFlicks had was that they were actually making unauthorized edited copies of the DVDs, even though they required a genuine copy of the DVD to be turned over to them for destruction. Another company, ClearPlay, was also sued after they took a different strategy to avoid the copying problem. ClearPlay made DVD players that just played regular DVDs, but the DVD player cut out portions of the movie as it played, based on a file downloaded from ClearPlay onto a USB flash drive which was then plugged into the DVD player. However according to Wikipedia, the ClearPlay suit didn't make it to a verdict before Congress passed a law explicitly making it legal. I doubt the law applied to inserting adds in web pages though.
The similarity of these situations is that theoretically the ISP customer is asking (by agreeing to the ISP terms of service) for the adds to be inserted in the web pages, just as ClearPlay customers are asking for the bad parts to be removed.
This is also similar to software that removes the adds from web pages. A web page without the adds is like a derivative work, created by the viewer, with the assistance of the add block software.
Your ISP told you you need their "installation CD" to connect to the net?
Your ISP is treating you as ignorant prey.
As always, all IMO. Insert "I think" everywhere grammatically possible.
...This is infuriating and a little frightening. Not only are they junking up my webpage and possibly offending my readership(with the content of the ads) but they are leaving my readers with the impression that I'm behind it all! If I was the owner of a Christian chat site and they inserted a "Wanna hook up?" style dating ad I would be mortified.
But what really worries me is what else are they doing with this technology? Could they programmatically swap out my Adsense Publisher ID with theirs? Could they change the links on my homepage to point to their spam sites? Could they put words in my mouth e.g. my readers suddenly find me favorably reviewing "Male Enhancement" products on my homepage?
Site has been added to list, any more examples type of advertisement would be handy
http://www.fanboy.co.nz/adblock/
Then we should get free internet access, this is not like a goverment is giving the access, is a Internet service provider!! There must be law that prohibited this, or at least the Terms of Use...
ghostbar page.
But most ISPs will instruct new customers to use their "Install CDs" that set things up automatically, but usually also install a bunch of useless crap and add the ISP's name and branding to IE. I don't like it, but I would guess that the average customer would use it.
Let's play video games with mailmanZERO
Worst. PR. Move. Ever.
No self-respecting service provider would intentionally break SSL in order to eavesdrop or inject. I wouldn't be surprised if such a move took them all the way from the consumer-news section straight to the courtroom, not to mention the damage they'd get in any press that touched them. Even to the non-technical, the phrase "could be storing your credit card info" has a lot of pull.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
I'm with you there. That's why I'm glad I live in a place large enough to have competition in the phone/Internet sphere (TDS Metrocom and lovin' it). The place I grew up has two choices for Internet: Charter Cable, who can't even get the fuzzy lines out of the cable TV, or Verizon, who... well... do I even need to go into Verizon?
I've found that the smaller shops tend to have less hassle on setup because they use common "plug it in and it works" commodity hardware. Even on dialup, the big guys give you an install CD full of useless branded garbage. The smaller ones give you an instruction sheet on how to set up DUN.
OTOH, the few times I've had to deal with Comcast cable Internet or SBC/Yahoo! DSL (now AT&T, IIRC), It's been a nightmare of Flash for dimwits and crapware installers that were basically required in order to get the hardware online and the drivers installed.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
bitch
I would assume that part of the certificate, signed by the authority, is the public key of whatever website you are visiting. In that case, the ISP cannot:
I may be wrong, as I do not know what actually lies in those certificates, but it sounds as though the above would solve any such problem, without having to use secure DNS's. (A secure DNS would probably do little to help here, as they control your routing too, and can reroute IP addresses whereever).
Don't secure the communication to end-points, just secure/sign the data itself, with keys that are signed in a chain up to a public key you can trust. That way, you don't care what endpoint (www.chase.com or your ISP) the data came from - just that the data was signed by a trusted entity.
The fact that some service agreements (as in of free service) give the isp the right to create derivative works does not change the fact that it's a derivative work.
Unless the title bar of you browser says Internet Explorer - Provided by Comcast/Charter/AT&T/etc.
Lots of ISPs give people CD's to install before connecting to the web. You get things like (Internet explorer provided by xxx) in IE's title bar.
I tell home users to loose these CD's but they seem to think there is some magic in them. They will even install them after I leave. "Yes, I know everything was working when you left, but the CD said to load it"
I am really tempted some times to steal them. There has been a couple of cases where the install CDs have broken things.
If they messed with my cert setup in order to get on the network, what whould happen when I hooked my laptop up to a different network at a hotel or at work?
This type of monkey business would be fun to sneek past a linux box. As I use ssh to connect to my webserver that would be fun for them as well.
I know (and would normally agree), but there's a conflict between minimising the amount of services running on a platform and protection. A hosts file is more a passive way of hijacking the traffic although I ought to update it one day.
:-).
Were I to access a site I don't trust I'd use TOR, but from a Linux platform. This Windows box is in its last month anyway - it'll soon be Kubuntu + VMWare + a small install of XP to keep my mobile phones in sync until I have figured out how to do it without Windows
Insert
That's not all you forgot.
The public key that is transmitted with the certificate decrypts the certificate that was originally encrypted using the private key of the host.
This means that you can't just spoof a certificate, because the host's public key won't decrypt it unless it was encrypted with the hosts private key.
I'm gonna need a spec.
http://www.mysecureisp.com/
it bypasses your ISPs proxy.
Alas, the last drive-in in our area shut down about 5 years ago for a multiplex.
In L.A., the real estate is too valuable to use for a drive-in. Too bad. It's also the best way for parents with small kids to take in a movie. You don't have to worry about pissing off all the other patrons when your kids get cranky. You can have them in their pajamas, etc....
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
From the 3 writeups on this blackbox I've read, it actively inserts code into the HTML stream. By actively rewriting the code it passes on, it's creating a derivative work. If it built a frame & inserted the original page into the frame, you might get away with your argument, but it doesn't seem to be working that way. I would definately say that any page owner would have a good shot at nailing the ISP for 'derivative work' infringement. It's going to be very hard to argue that sticking adds on someone's page by rewriting the code doesn't alter the page.
After that they should be able to go after the box mfg for that wonderful new catagory of 'contributory infringement' that they seem to be keen on using against p2p sites.
It also controls 'derivative works'. That's what's at issue here. If your mobile proxy squeazes my 1280X1024 page down to 640X480 for mobile viewing, it is making a derivative work. However, that type of transformation can be construed as fair use under the copyright law - it transforms the product from one format to another without altering the content beyond what is required for the transformation. Both the MPAA & RIAA have stood in front of congress & proclaimed format shifting is 'fair use'. Of course they proceeded to make the tools to do that illegal but hey, the act is legal
Deliberately altering the original content by adding or removing content is not format shifting, it is creating a derivative work, the original and the altered work do not contain the same content. No contract between the ISP & the end user can permit them to do this, because the ISP doesn't own the copyright to the works in question. If this is done at the hosting end, then it can be legally included in the hosting contract, but not in the provider contract.
..anything that encourages websites and users to start using https instead of http, is a good thing.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Adblock will take care of these too :)
Step 1: Insert ads into all traffic
Step 2: Profit!
Step 3: ???