Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Confirms ISPs Meddle With Web Traffic

Posted by Soulskill on from the you-wouldn't-like-me-when-i'm-angry dept.

Last July, a research team from the University of Washington released an online tool to analyze whether web pages were being altered during the transit from web server to user. On Wednesday, the team released a paper at the Usenix conference analyzing the data collected from the tool. The found, unsurprisingly, that ISPs were indeed injecting ads into web pages viewed by a small number of users. The paper is available at the Usenix site. From PCWorld: "To get their data, the team wrote software that would test whether or not someone visiting a test page on the University of Washington's Web site was viewing HTML that had been altered in transit. In 16 instances ads were injected into the Web page by the visitor's Internet Service provider. The service providers named by the researchers are generally small ISPs such as RedMoon, Mesa Networks and MetroFi, but the paper also named one of the largest ISPs in the U.S., XO Communications, as an ad injector."

3 of 131 comments (clear)

  1. Re:common carrier? by pegdhcp · · Score: 5, Informative

    While IANAL, I used to manage our relations with Telecommunications Authority of Turkey, whose regulations are closely similar to other ITU member organizations. Here we are required to protect customer privacy during their telecommunication activities and only share pertaining data with legal authorities. Similarly we are required to modify some web content (in fact, we are poisoning DNS data) only under legal orders. However it is not clear if the traffic from public web sites are private traffic, while messing with a banking site's traffic and/or a transactional traffic carrying credit card info will certainly put you behind the bars.

  2. USA ISPs are NOT common carriers! by The+tECHIDNA · · Score: 5, Informative

    When will this zombie...er, urban legend die (at least in the US?)

    Cable Internet Service Not Common Carrier ... and that was a ruling by the US Supreme Court.
    Corollary:
    FCC Reclassifies DSL, Drops Common Carrier Rules ... so DSLs don't escape either.

    I'm not rooting for this, but we need to try harder for an actual solution rather than seek the unicorn of a "solution" that didn't/no longer exists.

  3. Toolkit for detecting changes to your own page by csreis · · Score: 5, Informative
    If you're interested in knowing if your own page is being modified in flight, we (the authors of the study) have an open source toolkit for adding a "web tripwire" to your page. It's just a piece of JavaScript code that does an integrity check within the user's browser, and it can report any in-flight changes back to your server.

    The toolkit requires you to run CGI scripts on your server to collect results, but we also have a web tripwire service that is easier to use (available on the same page above). Just add one line of JavaScript to your page, and our server will handle the integrity check and collect the results. We can then provide you with reports of the changes, much like Google Analytics.

    We hope that by spreading web tripwires to other pages, we can at least deter ISPs from making further changes to web pages in-flight.