Slashdot Mirror
ISP Is Bypassing Firefox's Location Bar Search
It was only a matter of time before ISPs began doing more than just redirecting failed DNS requests to their own pages.
An anonymous reader writes "It looks like the largest ISP in Hong Kong has started bypassing search results from Firefox's location bar (which typically uses Google), forcing their own search provider (yp.com.hk) onto their users. ... Can an ISP just start re-directing search traffic at will?"
As shown by the recent Comcast - FCC ruling, ISPs can barely be regulated at all (and therefore can do anything they want).
Use a VPN provider of your choice.
We've seen a few ISPs that MitM www.google.com in DNS (you can check for yourself in Netalyzr.
Does anyone know (save me looking at a TCPdump) what domain name firefox uses, is it www.google.com or something else, for the google searches?
Test your net with Netalyzr
Can an ISP just start re-directing search traffic at will?
Not in my book. My ISP started doing some redirection and they got an immediate complaint from me. In person, at their local office. If there was an alternative to their service I would have switched ISP's immediately.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
Of course they can. It's China. They outed the almighty Google and they can tell their citizens to do whatever they want.
If these idiots are too dumb to handle being a dumb pipe, we have no choice but to encrypt everything.
Isn't this basically a Man in the Middle attack?
Can you circumvent by specifying your own set of DNS servers(instead of the DHCP assigned ISPs)?
Yes.
And that's why we should start using encryption for everything...
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
The article is a single post on a forum from one user with no follow-up. Can anyone else confirm the allegation?
So if this is the future...where's my jet pack?
remember this is china...they can redirect other countries traffic and get away with it by bowing and saying sowwie a few times...
At least in countries with sane laws, this is a man-in-the-middle attack on the communication between the user and Google, in the course of which data is falsified. I believe we call people who do something like that "terrorists" nowadays.
This is as sleezy as it gets for an ISP. I hope firefox and google setup some sort of trusted cert and use HTTPS for the traffic from that bar. That might make it much harder for them to do men in the middle attacks of the sort. Google could sue the ISP for impersonation or something similar.
For the love of $deity why would _anybody_ still be using the DNS server that their ISP provides?
Ignoring the multiple FREE DNS providers out there, it is trivally easy to setup your own caching DNS server regardless of the OS platform you use.
With the abundance of 'old' computers that most people upgrade from, it shold be standard practice to setup an old box as a firewall/dns server.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Oblig? SRSLY?
TLDR, brah
Most people still believe that just because you can legally do something, doesn't mean you should. When businesses do every sneaky, duplitious thing they can to make a buck, they push that natural tendency toward expecting civility and something resembling high-mindedness in civilized people straight into the Socialist camp.
As a Capitalist, that really offends me. If businesses want to be treated laissez faire then they damn well better learn to make society not feel like they're a bunch of crooks who care so little about the common good that if regulators aren't going Big Brother on them every nanosecond they'll steal everything that isn't nailed down and cheat everyone who isn't paying 110% attention to every detail of their lives.
This is, after all a Chinese city redirecting search traffic away from Google. Hardly surprising, considering the recent lack of love between the Chinese government and Google (even though Hong Kong is *supposedly* exempt from much of China's more repressive policies)
SJW: Someone who has run out of real oppression, and has to fake it.
A perfect example of why we need net neutrality rules in place. An ISP should not be allowed to modify packets or redirect packets to/from known destinations.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
1) Be an ISP
2) Create an online shop ala amazon.
3) Redirect all users to your shop
4) Profit!
FTA, it's a DNS issue, not a search bar takeover.
I just want direct access to the Internet backbone! Enough of this shit. I've heard more than one story about ISPs doing stuff like redirecting connections, monitoring people, disallowing access to certain sites or services (e.g. bit torrent). I just want to tap into the backbone!
Title is by-passing. I was expecting a funny reply about "you've got to build bypasses!" in the "letter from your ISP" format.
Isn't it ironic that the strongest bastion of communism is actually the most viciously capitalistic business environment?
Seth
$5 / month hosted VPS on linux = awesome!
I use a small, local telephone company for my DSL. They're reliable, not the fastest or the cheapest, but hey, it's pretty much a monopoly unless I want the cruddy cable service provider that is unreliable in their connectivity and just as expensive.
For six years now I've dealt with this. At work I just type a keyword and end up at the site I wanted. At home I do that by mistake and I get a page with an advertisement for something local saying the page couldn't be found.
Extremely annoying, but I don't have much choice as I don't want cable or their cruddy service, so I deal with it.
"For the love of $deity why would _anybody_ still be using the DNS server that their ISP provides? Ignoring the multiple FREE DNS providers out there, it is trivally easy to setup your own caching DNS server regardless of the OS platform you use."
Because the internet stoppped being just for techies 10 years ago? Step out of your little bubble, you dweeb, and look around. First you have to give a crap about the concept of a DNS, which is exactly one step too far for the vast majority of folks.
Rightly so, too. If my family had to worry about things like that they would never have gotten any further than the occasional email.
In my past I've frequently been in your position - wondering why the whole world doesn't give a crap about some ridiculous thing I think is incorrect. However, this year I'm turning 40, and for some reason I'm starting to get the other perspective. The "ridiculous" is on the other side.
I have the same issue in Seamonkey, just posted about it on the Mozillazine forums as well. http://forums.mozillazine.org/viewtopic.php?f=5&t=1811375
What firefox does is first try to do DNS lookups for:
foo
foo.com
www.foo.com
before launching the google search.
Thus NXDOMAIN wildcarding (which is unfortunately growing very common, distressingly so in our data) will mess up the firefox behavior by causing one of the three names to resolve to the "helpful" search page belonging to the ISP.
Test your net with Netalyzr
They can if they are in China.
Use Google's DNS.
8.8.8.8
8.8.4.4
Pretty easy to remember, too.
The latest Slashdot meme.
...they can do whatever they want within the bounds of local laws.
Don't like it? READ THE AGREEMENT NEXT TIME. Sorry, arguing this on moral or ethical grounds is a moot point. They provide the SERVICE, you signed the AGREEMENT.
I have dumped all the asian girls that I was going to ask out (being a fat geek, I have no hope whatsoever with caucasian girls) in protest.
UPC in the Netherlands currently pulls the same kind of trick on you.
Their DNS servers have a catch-all redirect to there own search portal. They have instructions on how to undo it (manually change your dns servers), but the common man doesn't of course know how to do that.
Shouldn't governments protect us from this evil?
One might wonder what the actual mechanism for hijacking the Google search query is. If it happens via their DNS lookup, setting your connection to use OpenDNS for all your DNS lookups would counter it. Come to think of it, using OpenDNS would counter the failed DNS page hijacks too, but this one belives that alone is not worth the effort -- seeing their ads on a page indicating domain lookup failure versus seeing an OpenDNS web page indicating lookup failure doesn't make much difference -- you still won't find the page you seek.
Heck, it happens here in the USA. I'll name names too - Windstream Communications. As of a couple months ago they started redirecting our google search bars to their custom search portal. Annoyed the hell out me. Emailed, but apparently got dumped into the bucket of spam/"unhappy customer, please ignore".
I'm surprised that people haven't started making personal resolvers easy to set up and use - or routers don't start coming with them to bypass the ISP resolvers. After all, all you really need is the list of root servers (which change inrrequently and are available at a well-known place for self-bootstrapping) and that's it. Eliminates pharming (poisoned DNS servers), ISP shenanigans including NXDOMAIN, and possibly others.
Add in the ability to link with DHCP in the router and no more needing annoying IP addresses for a home network.
This isn't new, and this isn't NXDOMAIN hijacking. Windstream, a US DSL provider, was already caught red-handed doing this. Not only this but they also refuse to answer very specific questions asked (see http://www.dslreports.com/forum/r24059591-DPILayer7NXDOMAIN-Privacy-questions-re-Windstream-DSL) and provide a paper-thin excuse as to why it's happening (see http://www.dslreports.com/forum/r24074065-Our-Response-to-Redirect-Service-Concerns).
Affected users are not using the ISP's DNS servers, this is not NXDOMAIN hijacking. This is layer 7 inspection, the sheer fact the URL was transformed, being carefully re-written, from the URI passed to 'www.google.com' discredits what Windsteam has said entirely.
When a user performs a search using the Firefox search bar against Google HTTP/1.1 is used with an HTTP method of GET against Google. The following URI is constructed:
q=[search critera]
ie=[encoding]
oe=[encoding]
aq=
rls=[browser]
So, when I search against Google I pass ?q= for my search term.
When this is redirected to searchredirect.windstream.net the URI is transformed, with the ?q= parameter being extracted. Windstream's site uses this URI structure:
search=[search criteria]
src=[interger value, likely points to an RDBMS based on HTTP_REFERER]
Windstream is not disclosing the truth. For this behavior to occur you would have to be using an MITM proxy or DPI; either way they are inspecting layer 7 traffic, extracting the ?q= URI string passed to Google, and either transparently or via HTTP 302 redirecting customers to searchredirect.windstream.net
They got caught, red handed, and have been fabricated mis-truths from the start.
How HTTP/1.1 GET against /search?q=my_search_term becomes /search.php?search=my_search_term without some form of Layer 7 is impossible. This CANNOT be NXDOMAIN.
Clearly they're not disclosing the full details or hiding behind careful sentence structure and semantics. This appears that there is now an industry initiative and a company behind this search harvesting and privacy invasive technology which is being sold to ISPs. Expect more to come, this isn't isolated to over-seas, it's already happening right here in the US.
-SirMeowmix_I
This might be a wake up call for some - maybe not for others. It's just a small step to go from redirecting search queries and results to redirecting Google Adsense for their own profit.
Never mind the stupid DEA or IPV6
The Rev (AAISP) has pretty much single handedly dragged BT's 21CN from "crap" to "almost OK" by doggedly graphing, logging and chasing down faults and showing BT that their network was completely sucky when they *really* did not want to believe anyone.
Am I wrong?
>> Can an ISP just start re-directing search traffic at will?
ISPs that do this are offering a lower quality service than ISPs that do not do this. There is nothing inherently wrong with low quality. To me its fine as long as they say so in their terms of service, then users can choose to agree to the terms or go somewhere else to get the service they want.
Yes.
But then again customers can stop using them. (Of course theres legal ins and outs depending on the contract you signed... but you read that of course didn't you?)
- http://www.milkme.co.uk
I thought that was standard.
All Google needs to do is modify their search bar to encrypt the outbound search string using Google's public key. By doing that, it makes it difficult to intercept whatever search is being done.
That was the turning point of my life--I went from negative zero to positive zero.
The issue is that the ISP is redirecting your malformed URL before Firefox can, right? And yet the ISP is sleazy and Firefox is a victim?
How about everybody not fiddling with DNS responses, at least not without asking permission first?
I thought it was funny, apparently there aren't as many HHGTTU fans on Slashdot as I thought.
And it's perfectly a on-topic reference.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
1. Apple makes Kurt from Glee look straight.
2. I suspect that, based on their approach to their users, Apple would be more likely to pitch than catch.
Is it just my observation, or are there way too many stupid people in the world?
For all that Hong Kong people may have the right to demonstrate, have a separate judiciary, there are still companies operating in Hong Kong that are being pressured to conform to mainland laws...
A Hong Kong Internet company, called TOM Online, announced it had stopped using Google's search mechanism. "TOM reiterated that as a Chinese company, we adhere to rules and regulations in China where we operate our businesses," the company's parent, Hong Kong-based TOM Group, said in a statement Tuesday.
Companies owned by people/companies subject to Chinese laws, or wishing to do business in China proper, will certainly have to make decisions based on the relations they want to keep with the Chinese government. I can well imagine employees of a HK company being denied visas based on the ire of some Chinese bureaucrat. Or Chinese citizens who own an obstreperous HK company getting harassed because of the behavior of that company.
Such practices are completely unrelated to browsers. I don't know why Firefox is in the title of the submission. It affects any software that resolves addresses using DNS.
duckduckgo is amazing in my book - it
makes me feel warm and fuzzy inside.
I tried most of the major websites and no dice with https.
Here are few that do
https://www.blackle.com/
https://www.powerset.com/
https://www.leapfish.com/
https://www.a9.com/
honorable mention
https://www.vadlo.com/
and a mystery anyone know what's up with this
https://www.ask.com/
https://www.bing.com/
Soon ISPs will be redirecting youtube traffic to here http://www.youtube.com/watch?v=b1WWpKEPdT4
sigh.
IANAL, but isn't it trademark infringement if your browser tries to look up Google by name and an ISP deliberately redirects to a different, similar service?
Oh for fuck's sake. This is the same thing that Network Solutions and ISPs all over the world have tried for years. Nothing new to see here, folks. Just a response to failed DNS queries that redirects to a selected search provider.
It's amazing to me that not a single person in this entire thread (at least that I detected on a fairly close skim) actually read TFA where that was made plain as day.
Switch your DNS and the problem goes away.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
To my mind, intercepting your your conversation with someone else's DNS server and impersonating it, and supplying responses that appear to come from the DNS server you are trying to talk to amount to interception and fraud. Both are normally criminal activities. That's quite apart from possible breach of contract with you by failing too provide the interntet connectivity you are paying for. Any ISP doing that should be reported to the relevant regulatory body.
Wouldn't vpn over port 443 (https) make more sense? This way at least they'd be _expecting_ to see encrypted traffic on that port, instead of what should be clear traffic. And 443 is just about as likely to be open as port 80 is. Or does your employer honestly block all secure web traffic?
How about forcing you to use their DNS? Cox Communications thinks that's all right.
I set my mother up on Google DNS the last time her wireless router cratered, it worked fine for months, suddenly she can't resolve a name. Her wired router, which picks up all its values from Cox was fine. Turned out Cox has silently instituted a "their way or no way" policy.
Unfortunately, Mom can't vote with her wallet because even though there are multiple ISPs serving her geographic location, they are not all available in the same areas.
P.S. Charter Communications started hijacking search results from *its* customers over a year ago, and deny it to this day.
TLDR, brah
If anyone actually had to Read beyond the first line to know what it said, they fail at Slashdot.
antitrust
Comcast is doing this... I have a portable version of firefox running, and comcast hijacks pages not found, and redirects it to their search, instead of allowing me to use Google!
Just because it works, Doesn't make it right. - JTM
``there's usually a way to bypass this''
Yes, there is Google Public DNS. A gratis service provided to any desiring user.
http://code.google.com/speed/public-dns/
``What is Google Public DNS?
Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider. ''
1. They have been doing A
2. Can they do A?
Obviously they have demonstrated that they *can*. Whether or not they should be allowed to is another matter.
I am a netvigator user, and I am very very upset about this Redirect-ing thing!
Just spend 30 mins call them up and complain about it, no one in the CS seems understand much what do I mean instead of suggesting me am my computer infected with Virus.. (BS! they redirect the page at DNS level on that)
Anyway filed a complain and they promise to come back to me in 48hrs.
I solve the problem by using Google OpenDNS
personally thinks they DO NOT have such rights to redirect me to their AD page, and I am also upset because they blocked my port 1723 PPTP, will change to another ISP if they do not give me a fair enough answer.
Browse to http://searchredirect.windstream.net./ Select "Opt Out of this Service" on the bottom right corner of the page.