Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Inserting Content Into Users' Webpages

Posted by kdawson on from the not-neutrality dept.

geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.

12 of 396 comments (clear)

  1. What's the problem? by squidinkcalligraphy · · Score: 3, Insightful

    Let's get rational for a second here; the ISP is trying to inform you you're reaching your limit, so you don't overshoot it and start having to pay extra. Lets put arguments about limits aside (after all, you've agreed to a contract involving limits). It's in their interests _not_ to inform you, as you'd have to start paying them extra. But they're trying to find a more pervasive way of letting you know. How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.

    --
    "I think it would be a good idea" Gandhi, on Western Civilisation
    1. Re:What's the problem? by patternmatch · · Score: 5, Insightful

      How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.

      Or maybe, just maybe, they could ask you for your regular email when you sign up. This is not rocket science. There is no excuse for an ISP to be arbitrarily modifying the content of a subscriber's traffic.

    2. Re:What's the problem? by timmarhy · · Score: 4, Insightful
      the problem is going to be that modifying the http stream will break web applications and some secure sessions. it'll become even more of a problem as time progresses.

      imho they are creating a solution to a problem that doesn't exist. there's 1000's of widgets out there they could tune to give you an almost real time view of your quota, building their own an interfering with your http traffic is not a good solution.

      --
      If you mod me down, I will become more powerful than you can imagine....
    3. Re:What's the problem? by weorthe · · Score: 5, Insightful

      that software is very evil

      Yes. Imagine a world in which China/Bush's America/Hillary's America no longer censors the web but subtly modifies it instead. Maybe with the cooperation of Yahoo et al. All power inevitably becomes abused. What good is freedom of expression if you can't be sure your expression is your own?

      --
      cat * >> sig
    4. Re:What's the problem? by jerw134 · · Score: 4, Insightful

      The ISP is clearly partnered with Yahoo, just like AT&T is in the US. So the service is called Rogers Yahoo High Speed Internet. It's not an ad, it's their logo.

    5. Re:What's the problem? by Valdrax · · Score: 3, Insightful

      You trust your ISP enough to give them your actual email address? You, sir or madam, are a braver soul than I.

      You also give them your physical street address to have the service hooked up, and every month a small piece of paper containing your checking account's account number and bank routing number. In America, they probably got your social security number too.

      I'm really not afraid of what they're going to do with email compared to all of that.

      --
      If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  2. Hey Rogers! by ScrewMaster · · Score: 4, Insightful

    I got your "customer response" right here.

    Seriously, when it becomes acceptable for the phone company to break into my conversation with "Did you know that Geico can save you ton of money on car insurance?" then my ISP can screw around with my Web pages. Otherwise, get your sticky paws OFF me, you damn dirty apes.

    --
    The higher the technology, the sharper that two-edged sword.
  3. Getting away with murder by javacowboy · · Score: 5, Insightful

    So.... why aren't there any high profile lawsuits against Rogers yet?

    First they throttle BitTorrent traffic. Then, when BitTorrent users encrypted their connections, all encrypted traffic was throttled, making VPN connections unbearably slow.

    The only reason I can think of that they're getting away with this is that...uh...people in Ontario don't telecommute at all?

    Why is everybody letting Rogers get away with these shenanigans? Rogers' practises must be costing some business users serious money. I simply don't understand.

    --
    This space left intentionally blank.
  4. Okay, I know... by gillbates · · Score: 5, Insightful

    This is a dupe, but it's worth commenting on.

    The fundamental problem I see with this is that the ISP is changing the content of webpages to suit their own interests. There are a myriad of problems here, regardless of whether or not the customer accepts it:

    1. Copyright law: technically, the modified web page is a derived work. The ISP can now be held liable for copyright infringement if, say, Google, or the New York Times objects. The potential revenues sinkhole from copyright litigators is far greater than what any ISP could bear.
    2. There are ethical problems with an ISP artificially inflating the size of webpages, especially if they charge for the bandwidth.
    3. This smacks of 1984-esque censorship. Once it becomes commonplace for an ISP to change a web page, how long before government uses this for nefarious purposes.
    4. Consider how the above may be abused: a political rival logs onto Google, and the ISP replaces the normal content with child porn. Enter the police and 10 to 20 years in prison...
    5. If I can't trust my ISP to deliver an unmodified webpage, the only alternative is to use https for everything. While I'm personally favorable to such a thing, I realize it will disenfranchize a lot of part time and small time web operators who don't have the sophistication to setup an https server properly. Thus, one of the great egalitarian aspects of the web dies.

    In light of the fact that a certain ISP blocked access to union websites, this is an alarming event indeed. Democracy depends on the free flow of information, and I'm thinking that it might be appropriate to make such a practice illegal, if only for the sake of preserving democracy. It will first be used for commercial gain, and later, leveraged as a political tool.

    --
    The society for a thought-free internet welcomes you.
  5. Re:Read between the lines by thinkertdm · · Score: 3, Insightful

    Now this is only the beginning. It is only a matter of time before other ISP's start doing the same thing, and you can't stop them. Here's why: 1. Comcast and other ISP's have more money they you do. Loads more. Sure, you may have a case on legal grounds, but they have the money. What are you going to do, stand in front of the CEO of comcast and say "pwease mr, don't do this!" Good luck with that. 2. Think you are going to drop whatever ISP is doing it and jump to the other one? Most places only have 2. It's not like tuna fish, where there are five different brands to choose from. 3. Why should any ISP listen to you, the consumer? See #2 above. 4. While this activity is wrong, no one is doing anything about it. The majority of the population thinks people with high speed are criminals anyway, so we deserve what we get. This isn't even news- if it comes up at all, it's buried after sports and the weather. Look at Comcast blocking bittorrent. Look at the RIAA lobbying in congress. We are screwed. 5. The only right way for an ISP to do things is the best way to make more money. Right or wrong has nothing to do with it. I think the only answer is for a strong net neutrality bill. The ISP's are supposed to answer to the consumer, not the other way around.

  6. Re:I don't think so. by lena_10326 · · Score: 3, Insightful

    But while such garbage might be annoying, it's unlikely it would be illegal content.
    You're surfing on a public computer in Iran.... a popup displays showing hardcore gay sex and red blinking text says CLICK FOR FREE GAY PORN!

    --
    Camping on quad since 1996.
  7. Re:I don't think so. by Darby · · Score: 3, Insightful

    I really don't think that ISPs are going to "insert" kiddie porn, "illegal" music or movies, or "terrorist" content in your Web page requests

    You're almost certainly correct, if by "ISPs" you mean the decision makers of the ISPs, and therefore the official policies thereof.

    However, what this does is fundamentally change the way they run their network thereby opening up massive vulnerabilities.

    Before they decided to make it their official policy to engage in the mass of unethical behaviors this exhibits, in order to insert goat porn, or the like, into a client's browser a disgruntled employee would haver to jump through a mass of hoops (assuming they ever had any working network monitoring tools).

    Now, though, since this fraudulent activity is part of their official corporate policy and therefore necessarily of their infrastructure, all it takes is changing some text which is designed to be easily modified.

    That's the fundamental problem with this policy. Creating a method for potentially malicious people to insert unwanted content into the browsers of their own customers *is* the entirety of the policy.
    I doubt many people think that "goat porn for the masses" is the goal of Rogers, but they are going way out of their way to make sure that doing exactly that is trivial.

    I absolutely hope somebody pulls that argument and wins though, because this absolutely creates more than enough reasonable doubt.

    "But we didn't put that pic of two year olds fucking on his computer"...

    "Oh yeah? You created a process designed for the purpose of manipulating content and creating forgeries of web sites with deliberately falsified content in violation of every standard practice, every commonly sensible idea and every relevant ethical principle. Prove absolutely that each and every one of your employees was entirely uninvolved with this particular case, when you've spent so much time and effort ensuring that it would not only be possible, but trivial."

    It's not that Rogers has a plan for gross porn distribution, it's that they've created a means, a method and a process for doing exactly that with few if any possible legitimate uses.