Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tool Detects "In-Flight" Webpage Alterations

Posted by CmdrTaco on from the its-like-a-foil-hat-for-your-browser dept.

TheWoozle writes "In a follow-up to a recent story about ISPs inserting ads into web pages, the University of Washington security and privacy research group has teamed with the International Computer Science Institute (ICSI) to develop an online tool to help you identify if your ISP is inserting ads or otherwise modifying the web pages you request."

11 of 197 comments (clear)

  1. Should just block all ads, but... by nokilli · · Score: 4, Interesting

    If that isn't desirable, do a patch to Apache that creates a header that holds a hash of the content.
    The hash gets calculated once for static content, which is usually the bulk of the traffic, no? So
    not too big of a hit.

    Browser sees content. Browser sees hash. Browser compares the two...

    --
    Censored by Technorati and now, Blogger too!

    1. Re:Should just block all ads, but... by vux984 · · Score: 5, Insightful

      All these ideas are neat, but ultimately losers.
      MOVE TO ANOTHER PROVIDER TODAY.

      Why should I do that if I don't know the ISP is modifying the web pages in flight? Maybe I need a tool that could somehow detect that? That would sure be useful. Oh wait...Isn't that what this discussion is about?

    2. Re:Should just block all ads, but... by eheldreth · · Score: 4, Funny

      What if the ISP, having the server's (Apache HTTPD) code, recomputes the hash in the same manner. Browser sees content. Browser sees hash. Browser compares the two...gets an OK.
      1.) Claim the hash is to protect the copyright on your site
      2.) Sue any ISP that alters the site without permission under the DMCA
      3.) ???
      4.) Profit!
      --
      The perversity of the Universe tends towards a maximum. - O'Toole's Corollary
  2. Next week on Slashdot by proverbialcow · · Score: 5, Funny

    ISPs intercepting, altering results from online security tool

    --
    The only surefire protection against Microsoft infections is abstinence. - The Onion
    1. Re:Next week on Slashdot by nweaver · · Score: 4, Informative

      We are specifically worried about this case. But we have some thoughts on how to make it more difficult for someone to do that, which will probably end up in a full paper later.

      --
      Test your net with Netalyzr
  3. Answers to questions in this thread by nweaver · · Score: 5, Informative

    We (the authors of the page) will be answering questions in this thread.

    --
    Test your net with Netalyzr
    1. Re:Answers to questions in this thread by nweaver · · Score: 4, Funny

      Strauss Creamery Soft Serve vanilla with sea salt and olive oil from Pizzeria Picco in Larkspur

      --
      Test your net with Netalyzr
  4. Please don't post negative results! by maggard · · Score: 4, Informative

    No need for thousands of "All good in Kalamazoo" & "Up to date in Kansas City" posts.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  5. A possible workaround by Spy+der+Mann · · Score: 4, Informative

    A friend of mine had a similar problem with his webpages. They were on a free host (rolls eyes). I wrote a script for him to store special tags to denote the beginning and the end of his webpage content. After the webpage was loaded, a script erased everything and replaced all the html with his marked content. Ta-da, no ads!

    If you want to be stricter, encode your webpage content with base64 to make sure the ads don't intrude your precious content.

    1. Re:A possible workaround by Raistlin77 · · Score: 5, Insightful

      I'll bet that his user agreement with that free host also clearly states that circumventing their added content in the manner that your script does is prohibited. If they discover your script, they'll likely disable his account.

  6. What about upstream modification by SeanTobin · · Score: 5, Funny

    It seems that everyone is concerned about downstream modification, and is completely ignoring the possibility of upstream modification. What if Sprint started modifying upstream http-posts to start a more viral ad distribution system? Not only would they be able to target their customers, they would also be able to target the customers of anyone who could read the post!

    This is the reason that we need to push for network neutrality. When the only choices are between a giant douche which alters content and a turd sandwich which alters content, the customer ends up screwed in the end.

    --
    Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;