Slashdot Mirror


ISP Inserting Content Into Users' Webpages

geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.

8 of 396 comments (clear)

  1. No problem as used in this case by iamacat · · Score: 5, Interesting

    It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. Write again when a (non-free) ISP injects ads or blocks competitor's websites.

    1. Re:No problem as used in this case by RedWizzard · · Score: 5, Interesting

      It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. There is a set mechanism: email. And if that's not sufficient they could easily write a little app to provided notification that could be run by users who are worried about exceeding their limit. There is no need for what they are doing. In fact what they are doing is probably copyright infringement: they are creating and distributing a derived work (the modified page) without the author's permission.
  2. common carrier by Richard_J_N · · Score: 4, Interesting

    What a really stupid thing to do. Never mind that it's unethical, they just lost their common-carrier status. Now the RIAA can sue them for contributory infringement ;-)

    At least, that's my understanding of it - ISPs and postal services are legally "common carriers", i.e. they just deliver stuff; they aren't responsible for any legal ramifications of what they deliver. Eg the post service isn't liable if someone mails a forged cheque. BUT...if they demonstrate that they control, inspect, and modify what they are delivering, they might just be liable when someone uses their network to commit fraud.

  3. Web Servers can detect this... by nweaver · · Score: 5, Interesting

    See this old Slashdot article on how servers can detect such modifications when they happen by using a bit of Javascript as an integrity checker.

    (Disclaimer, I'm one of the authors of the work)

    --
    Test your net with Netalyzr
  4. Re:What's the problem? by Nikker · · Score: 4, Interesting

    I am a Rogers customer right now because I am slightly out of the range of a DSL provider. My connection was erratic especially on torrents didn't matter what kind and where from. Suspicious I got a copy of Wireshark and monitored the traffic, all the packets going out appeared to be ok but all the returning packets on my torrent port were corrupted (CRC error), I brought this to their attention and they said the problem didn't exist. I told them to let their NOC know about this and they refused, they told me to send it to the general email box on their help page.

    They say they are testing the waters and they are. Are they testing a way to notify people of their account or are they trying to get people comfortable with them throwing up messages on your screen while you surf? As far as I'm concerned I will cancel and go without rather than putting up with this garbage. As far as I'm concerned the only right they have is to give me the service I'm paying for. As you can probably tell I really just don't trust this company, they don't do their job very well and expect me to put up with it, as far as I'm concerned I will fight this every inch.

    --
    A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  5. Re:I don't think so. by FatdogHaiku · · Score: 5, Interesting

    First, IANAL. I was raised in a law enforcement home and one of my best buddies is a lawyer, so I like to think about this stuff. What I find interesting is the legal defence issue. Evidence requires a chain of custody or it is just "some stuff we found somewhere". When the ISP tampers with the stream, they provide any defendant with proof positive that it is possible that the defendant had nothing to do with whatever it is that has the prosecutor's panties in a knot. The "tree" (internet connection) is tainted and thus it is NOT possible to prove anything except that the defendants connection was compromised. You could wear a jury out questioning every person that worked for the ISP, regardless of their position... when you have no proof you go fishing for doubt. Does someone at the ISP know someone at the prosecutor's office? That's doubt. Was the customer ever rude or mean to an ISP employee? Sounds like revenge... On and on you could go.

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  6. Re:Read between the lines by gnasher719 · · Score: 4, Interesting

    It's all a little dubious if you ask me. I always knew it was possible to fiddle with the stream, but I didn't think anyone would bother because it could possibly break a lot of pages that are held together with fragile HTML-fu. This is not just a bit dubious, it is plain and simple copyright infringement on a massive scale.

    The owner of the web site is creating a data stream, which will 99.99% of the time be copyrighted. Even if the web site owner doesn't own the copyright or has permission to use some copyrighted work, it is still copyrighted by someone else. Modifying the page creates a new derived work. If you create a derived work without permission of the copyright owner, you commit copyright infringement.

  7. Re:Read between the lines by gallen1234 · · Score: 4, Interesting

    I may not have a lot of money but Google has plenty. I suspect that they'll take exception to Rogers fiddling with their carefully designed home page - a page where simplicity and a clean layout are defining characteristics.

    I also suspect that there's a copyright claim here somewhere. If Rogers took Google's home page and modified it then that's a derived work which they would have to have Google's permission to distribute.