Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Inserting Content Into Users' Webpages

Posted by kdawson on from the not-neutrality dept.

geekmansworld, among other readers, lets us know that the Canadian ISP Rogers is inserting data into the HTTP streams returned by the Web sites requested by its customers. According to a CBC article, Rogers admits to modifying customers' HTTP data, but says they are merely "trying different things" and testing the customer response.

30 of 396 comments (clear)

  1. Read between the lines by timmarhy · · Score: 5, Informative

    replace "trying different things" with "seeing what we can get away with" and your closer to the truth

    --
    If you mod me down, I will become more powerful than you can imagine....
    1. Re:Read between the lines by Anonymous Coward · · Score: 5, Funny

      And if after hours, a man puts his wii-wii in the mayonaise jar at the restaurant where he works, that's just experimenting too, to see how the customer will react.

    2. Re:Read between the lines by alx5000 · · Score: 5, Funny

      In other, unrelated news, alx5000 has been reported to have blown up a dozen Government buildings in the last 24 hours. When inquired about these events, alx5000 said to admit to modifying governmental property, but remarked he is merely "trying different things" and testing the Government response.

      --
      My 0.02 cents
    3. Re:Read between the lines by Anonymous Coward · · Score: 5, Funny

      Dude, I served my sentence and paid my debt to society ... it's not fair for you to keep bringing this up.

    4. Re:Read between the lines by PayPaI · · Score: 4, Funny

      The Onion already did that.

    5. Re:Read between the lines by gnasher719 · · Score: 4, Interesting

      It's all a little dubious if you ask me. I always knew it was possible to fiddle with the stream, but I didn't think anyone would bother because it could possibly break a lot of pages that are held together with fragile HTML-fu. This is not just a bit dubious, it is plain and simple copyright infringement on a massive scale.

      The owner of the web site is creating a data stream, which will 99.99% of the time be copyrighted. Even if the web site owner doesn't own the copyright or has permission to use some copyrighted work, it is still copyrighted by someone else. Modifying the page creates a new derived work. If you create a derived work without permission of the copyright owner, you commit copyright infringement.

    6. Re:Read between the lines by gallen1234 · · Score: 4, Interesting

      I may not have a lot of money but Google has plenty. I suspect that they'll take exception to Rogers fiddling with their carefully designed home page - a page where simplicity and a clean layout are defining characteristics.

      I also suspect that there's a copyright claim here somewhere. If Rogers took Google's home page and modified it then that's a derived work which they would have to have Google's permission to distribute.

  2. Re:Dupe by A+beautiful+mind · · Score: 5, Funny

    This is not a dupe, it's merely your isp inserting outdated data in to your webpage because Slashdot didn't pay your ISP the brand new anti-crapification fee.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  3. Trying different things... by Z80xxc! · · Score: 5, Funny

    In other news, a mad internet subscriber broke into the headquarters of a Canadian ISP called Rogers. Upon entering, he hit shot two techs, broke 3 servers with a sledgehammer and then proceeded to start a fire in the CEO's office. Upon being apprehended by police, he was let go after informing them that he meant no harm and was just trying some different things to see how the company would react.

  4. Re:What's the problem? by patternmatch · · Score: 5, Insightful

    How else can they do it? Via email? They'd just send it to the email address they provide you with. Who really uses isp-provided email these days? it's all webmail, so they need some window to get through to you, and maybe http is that window.

    Or maybe, just maybe, they could ask you for your regular email when you sign up. This is not rocket science. There is no excuse for an ISP to be arbitrarily modifying the content of a subscriber's traffic.

  5. Re:What's the problem? by timmarhy · · Score: 4, Insightful
    the problem is going to be that modifying the http stream will break web applications and some secure sessions. it'll become even more of a problem as time progresses.

    imho they are creating a solution to a problem that doesn't exist. there's 1000's of widgets out there they could tune to give you an almost real time view of your quota, building their own an interfering with your http traffic is not a good solution.

    --
    If you mod me down, I will become more powerful than you can imagine....
  6. No problem as used in this case by iamacat · · Score: 5, Interesting

    It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. Write again when a (non-free) ISP injects ads or blocks competitor's websites.

    1. Re:No problem as used in this case by RedWizzard · · Score: 5, Interesting

      It seems that the customer would be less unhappy about a warning that he is about to reach a bandwidth cap, page modifications and all, than just get a thousand dollar bill out of the blue. There is no set mechanism for the ISP to communicate with the customer over Internet, so creating one might be justifiable in this case. There is a set mechanism: email. And if that's not sufficient they could easily write a little app to provided notification that could be run by users who are worried about exceeding their limit. There is no need for what they are doing. In fact what they are doing is probably copyright infringement: they are creating and distributing a derived work (the modified page) without the author's permission.
  7. Oblig xkcd by RuBLed · · Score: 5, Funny

    Are they doing that with Oven Mitts? No?! Lame....

  8. Hey Rogers! by ScrewMaster · · Score: 4, Insightful

    I got your "customer response" right here.

    Seriously, when it becomes acceptable for the phone company to break into my conversation with "Did you know that Geico can save you ton of money on car insurance?" then my ISP can screw around with my Web pages. Otherwise, get your sticky paws OFF me, you damn dirty apes.

    --
    The higher the technology, the sharper that two-edged sword.
  9. Re:What's the problem? by weorthe · · Score: 5, Insightful

    that software is very evil

    Yes. Imagine a world in which China/Bush's America/Hillary's America no longer censors the web but subtly modifies it instead. Maybe with the cooperation of Yahoo et al. All power inevitably becomes abused. What good is freedom of expression if you can't be sure your expression is your own?

    --
    cat * >> sig
  10. You've been rogered. by Seor+Jojoba · · Score: 5, Funny

    I propose turning their company name into a verb, "roger", which means to manipulate internet data without the receiver's permission. Everytime you exclaim, "I've been rogered!" or "They rogered my data!" the Rogers company name will hold on to its well-earned place in history. And yes, "roger" already means something else quite similar. With either definition, something is being inserted where it probably shouldn't go.

    1. Re:You've been rogered. by p0tat03 · · Score: 4, Informative

      You may not know this, but "Rogers" is already synonymous with "taking it up the arse" up here in Canada. After all, who else charges $210/month for 500MB of wireless data transfer? Or creates a 3G broadband network but refuses to allow actual 3G phones to access it (restricting you to this huge BRICK of a wireless "modem" they provide you)? Or raising their prices almost 30% in the last 2 years?

      I just wish someone like Google or Microsoft sues Rogers into oblivion for this crap. I'm pretty sure impersonating another corporation's official communications (loading the Google homepage, for example) is fraud.

  11. I have not experienced this by eap · · Score: 5, Funny

    I am a Rogers [V1AGR4] customer, and I [MORTGAGE RATES FALL AGAIN!] think you're all just overreacting [VISTA - THE BEST WINDOWS YET!].

    Now let's have no more talk about this bizarre coverup.

  12. Getting away with murder by javacowboy · · Score: 5, Insightful

    So.... why aren't there any high profile lawsuits against Rogers yet?

    First they throttle BitTorrent traffic. Then, when BitTorrent users encrypted their connections, all encrypted traffic was throttled, making VPN connections unbearably slow.

    The only reason I can think of that they're getting away with this is that...uh...people in Ontario don't telecommute at all?

    Why is everybody letting Rogers get away with these shenanigans? Rogers' practises must be costing some business users serious money. I simply don't understand.

    --
    This space left intentionally blank.
  13. Okay, I know... by gillbates · · Score: 5, Insightful

    This is a dupe, but it's worth commenting on.

    The fundamental problem I see with this is that the ISP is changing the content of webpages to suit their own interests. There are a myriad of problems here, regardless of whether or not the customer accepts it:

    1. Copyright law: technically, the modified web page is a derived work. The ISP can now be held liable for copyright infringement if, say, Google, or the New York Times objects. The potential revenues sinkhole from copyright litigators is far greater than what any ISP could bear.
    2. There are ethical problems with an ISP artificially inflating the size of webpages, especially if they charge for the bandwidth.
    3. This smacks of 1984-esque censorship. Once it becomes commonplace for an ISP to change a web page, how long before government uses this for nefarious purposes.
    4. Consider how the above may be abused: a political rival logs onto Google, and the ISP replaces the normal content with child porn. Enter the police and 10 to 20 years in prison...
    5. If I can't trust my ISP to deliver an unmodified webpage, the only alternative is to use https for everything. While I'm personally favorable to such a thing, I realize it will disenfranchize a lot of part time and small time web operators who don't have the sophistication to setup an https server properly. Thus, one of the great egalitarian aspects of the web dies.

    In light of the fact that a certain ISP blocked access to union websites, this is an alarming event indeed. Democracy depends on the free flow of information, and I'm thinking that it might be appropriate to make such a practice illegal, if only for the sake of preserving democracy. It will first be used for commercial gain, and later, leveraged as a political tool.

    --
    The society for a thought-free internet welcomes you.
  14. common carrier by Richard_J_N · · Score: 4, Interesting

    What a really stupid thing to do. Never mind that it's unethical, they just lost their common-carrier status. Now the RIAA can sue them for contributory infringement ;-)

    At least, that's my understanding of it - ISPs and postal services are legally "common carriers", i.e. they just deliver stuff; they aren't responsible for any legal ramifications of what they deliver. Eg the post service isn't liable if someone mails a forged cheque. BUT...if they demonstrate that they control, inspect, and modify what they are delivering, they might just be liable when someone uses their network to commit fraud.

  15. Web Servers can detect this... by nweaver · · Score: 5, Interesting

    See this old Slashdot article on how servers can detect such modifications when they happen by using a bit of Javascript as an integrity checker.

    (Disclaimer, I'm one of the authors of the work)

    --
    Test your net with Netalyzr
  16. Yep. by Black+Parrot · · Score: 5, Funny

    And I wonder how many times they're going to insert this story into Slashdot.

    --
    Sheesh, evil *and* a jerk. -- Jade
  17. Well I have a thing or two to say about that by CrazyJim1 · · Score: 4, Funny

    As much as I don't like Canada, the totally awesome Rogers ISP is not doing something wrong here. Thats all I have to say. PS, buy a Playstation 3 at 20% off by mentioning the code ROGERS ISP ROCKS at your local S-mart

    --
    God spoke to me.
  18. Re:What's the problem? by Nikker · · Score: 4, Interesting

    I am a Rogers customer right now because I am slightly out of the range of a DSL provider. My connection was erratic especially on torrents didn't matter what kind and where from. Suspicious I got a copy of Wireshark and monitored the traffic, all the packets going out appeared to be ok but all the returning packets on my torrent port were corrupted (CRC error), I brought this to their attention and they said the problem didn't exist. I told them to let their NOC know about this and they refused, they told me to send it to the general email box on their help page.

    They say they are testing the waters and they are. Are they testing a way to notify people of their account or are they trying to get people comfortable with them throwing up messages on your screen while you surf? As far as I'm concerned I will cancel and go without rather than putting up with this garbage. As far as I'm concerned the only right they have is to give me the service I'm paying for. As you can probably tell I really just don't trust this company, they don't do their job very well and expect me to put up with it, as far as I'm concerned I will fight this every inch.

    --
    A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
  19. Re:I don't think so. by ScrappyLaptop · · Score: 5, Funny
    1. ISP inserts banner ads.

    2. Said banner ad space is sold to an company that sells it to the highest bidder.

    3. Highest bidder is a malware filled porn site.

    4. Banner ad fills your IE cache with goat porn that you've never viewed. Then it seduces your goat.

    5. Do not pass Go, do not collect $200.

  20. Re:I don't think so. by FatdogHaiku · · Score: 5, Interesting

    First, IANAL. I was raised in a law enforcement home and one of my best buddies is a lawyer, so I like to think about this stuff. What I find interesting is the legal defence issue. Evidence requires a chain of custody or it is just "some stuff we found somewhere". When the ISP tampers with the stream, they provide any defendant with proof positive that it is possible that the defendant had nothing to do with whatever it is that has the prosecutor's panties in a knot. The "tree" (internet connection) is tainted and thus it is NOT possible to prove anything except that the defendants connection was compromised. You could wear a jury out questioning every person that worked for the ISP, regardless of their position... when you have no proof you go fishing for doubt. Does someone at the ISP know someone at the prosecutor's office? That's doubt. Was the customer ever rude or mean to an ISP employee? Sounds like revenge... On and on you could go.

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  21. Copyright infringement by starfishsystems · · Score: 4, Informative
    Copyright infringement, I like it.

    Even better, the CBC article concludes with a reference to the Telecommunications Act, which states that "a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public."

    Rogers has a long history of playing as dirty as it can get away with. If the old pattern repeats as before, Canadian regulators will respond and Rogers will be forced to back down, leaving everyone -- regulators, investors, competitors, consumers -- slightly more pissed off with it than before.

    --
    Parity: What to do when the weekend comes.
  22. Re:What's the problem? by jerw134 · · Score: 4, Insightful

    The ISP is clearly partnered with Yahoo, just like AT&T is in the US. So the service is called Rogers Yahoo High Speed Internet. It's not an ad, it's their logo.