Slashdot Mirror
Tool Detects "In-Flight" Webpage Alterations
TheWoozle writes "In a follow-up to a recent story about ISPs inserting ads into web pages, the University of Washington security and privacy research group has teamed with the International Computer Science Institute (ICSI) to develop an online tool to help you identify if your ISP is inserting ads or otherwise modifying the web pages you request."
We (the authors of the page) will be answering questions in this thread.
Test your net with Netalyzr
No need for thousands of "All good in Kalamazoo" & "Up to date in Kansas City" posts.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
A friend of mine had a similar problem with his webpages. They were on a free host (rolls eyes). I wrote a script for him to store special tags to denote the beginning and the end of his webpage content. After the webpage was loaded, a script erased everything and replaced all the html with his marked content. Ta-da, no ads!
If you want to be stricter, encode your webpage content with base64 to make sure the ads don't intrude your precious content.
they're not talking about the ISP hosting the web page, they're talkign about your ISP adding ads to random sites that you visit. client-side, not server-side.
It's not the host ISP that's inserting the ads, It's the "Client" ISP, for example Joe Smith buys a computer and buys high speed internet from "ECI" the Evil Cable ISP. Joe Smith visits Bob's Website, Bob, who hates ads never put any on his webpage, and instead makes his money through online sales of his product. Now Joe loads up Bob's webpage to purchase a widget from Bob, and he sees Ads all over Bob's Website. Bob who has GHI (Good Highspeed ISP) visits his website and there's no ads. ECI is putting the Ads on Bob's website. and collecting all the revenue from those ads. Profiting off of Bob's Website.
We've seen a couple cases of NebuAdd, one other that looks interesting, and a fair amount of addblocking/firewall software (eg, ZoneAlarm does some modifications)
We are waiting for the Slashdot and DIGG deluges to pass, however, before we have a more detailed analysis.
Test your net with Netalyzr
We are specifically worried about this case. But we have some thoughts on how to make it more difficult for someone to do that, which will probably end up in a full paper later.
Test your net with Netalyzr
These guys actually want as much traffic as they can get to get a good idea of what isps are doing what. Go ahead, click online tool. It's pretty nifty.
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
Are you pretending to be mentally challenged in order to troll, or do you really not understand even after having it explained to you a little further up the page? It is not the developer's ISP, or the hosting ISP that is doing this! It is the ISP of the people looking at the page. So, you left out a step in your patented eyeball method: signing up for every ISP in existence and loading your page, to see if that particular ISP does it.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Not exactly. A book is just a book. Words on paper. A webpage is FAR more visual than text on page (unless you have been sleeping the last few dozen years). Inserting ads could easily be considered a derivitive work since you are altering the look of the site. What if I didn't want ads? What if my design is a nice soft brown and then you start inserting pink flashing ads? Or God forbid, these clowns insert one of those drive by installer ads, now your business reputation is completely screwed because some major ISP decided to make a buck without checking their sources and your website infected thousands of consumers. Good luck explaining to your customers how it was the ISP magically sneaking ads onto your website.
The only change I can believe in is what I find in my couch cushions.