Slashdot Mirror
ISP Is Bypassing Firefox's Location Bar Search
It was only a matter of time before ISPs began doing more than just redirecting failed DNS requests to their own pages.
An anonymous reader writes "It looks like the largest ISP in Hong Kong has started bypassing search results from Firefox's location bar (which typically uses Google), forcing their own search provider (yp.com.hk) onto their users. ... Can an ISP just start re-directing search traffic at will?"
As shown by the recent Comcast - FCC ruling, ISPs can barely be regulated at all (and therefore can do anything they want).
Use a VPN provider of your choice.
We've seen a few ISPs that MitM www.google.com in DNS (you can check for yourself in Netalyzr.
Does anyone know (save me looking at a TCPdump) what domain name firefox uses, is it www.google.com or something else, for the google searches?
Test your net with Netalyzr
Can an ISP just start re-directing search traffic at will?
Not in my book. My ISP started doing some redirection and they got an immediate complaint from me. In person, at their local office. If there was an alternative to their service I would have switched ISP's immediately.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
There is almost certain to be a Sino-Jew behind this treachery.
Of course they can. It's China. They outed the almighty Google and they can tell their citizens to do whatever they want.
If these idiots are too dumb to handle being a dumb pipe, we have no choice but to encrypt everything.
MISTER PROSSER: I’m afraid you’re going have to accept it! This bypass has got to be built and it is going to be built. Nothing you can say or do -
ARTHUR DENT: Why has it got to be built?
MISTER PROSSER: Wha - what do you mean, “why has it got to be built?” It is a bypass! You’ve got to build bypasses!
ARTHUR DENT: Didn’t anyone consider the alternatives?
MISTER PROSSER: There aren’t any alternatives! But you are quite entitled to make any suggestions or protests at the appropriate time!
ARTHUR DENT: Appropriate time?
MISTER PROSSER: Yes.
ARTHUR DENT: The first I knew about it was when a workmen arrived at the door yesterday.
MISTER PROSSER: T- oh!
ARTHUR DENT: I asked him if he’d come to clean the windows and he said he’d come to demolish the house! He didn’t tell me straight away of course. Oh no. First he wiped a couple of windows and charged me a fiver. Then he told me.
MISTER PROSSER: But Mister Dent the plans have been available in the planning office for the last nine months!
ARTHUR DENT: Yes! I went round to find them yesterday afternoon. You’d hadn’t exactly gone out of your way to pull much attention to them have you? I mean, like actually telling anybody or anything.
MISTER PROSSER: The plans were on display.
ARTHUR DENT: Ah! And how many members of the public are in the habit of casually dropping around the local planning office of an evening?
MISTER PROSSER: Er - ah!
ARTHUR DENT: It’s not exactly a noted social venue is it? And even if you had popped in on the off chance that some raving bureaucrat wanted to knock your house down, the plans weren’t immediately obvious to the eye were they?
MISTER PROSSER: That depends where you were looking.
ARTHUR DENT: I eventually had to go down to the cellar!
MISTER PROSSER: That’s the display department.
ARTHUR DENT: With a torch!
MISTER PROSSER: The lights, had probably gone.
ARTHUR DENT: So had the stairs!
MISTER PROSSER: Well you found the notice didn’t you?
ARTHUR DENT: Yes. It was on display in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying “Beware of the Leopard”. Ever thought of going into advertising?
MISTER PROSSER: It’s not as if it is a particularly nice house anyway.
ARTHUR DENT: I happen rather to like it!
MISTER PROSSER: Mister Dent!
ARTHUR DENT: Yes. Hello.
MISTER PROSSER: Have you any idea how much damage that bulldozer would suffer if I just let it roll straight over you?
ARTHUR DENT: How much?
MISTER PROSSER: None at all!
Isn't this basically a Man in the Middle attack?
Can you circumvent by specifying your own set of DNS servers(instead of the DHCP assigned ISPs)?
Yes.
And that's why we should start using encryption for everything...
`echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
The article is a single post on a forum from one user with no follow-up. Can anyone else confirm the allegation?
So if this is the future...where's my jet pack?
remember this is china...they can redirect other countries traffic and get away with it by bowing and saying sowwie a few times...
At least in countries with sane laws, this is a man-in-the-middle attack on the communication between the user and Google, in the course of which data is falsified. I believe we call people who do something like that "terrorists" nowadays.
This is as sleezy as it gets for an ISP. I hope firefox and google setup some sort of trusted cert and use HTTPS for the traffic from that bar. That might make it much harder for them to do men in the middle attacks of the sort. Google could sue the ISP for impersonation or something similar.
For the love of $deity why would _anybody_ still be using the DNS server that their ISP provides?
Ignoring the multiple FREE DNS providers out there, it is trivally easy to setup your own caching DNS server regardless of the OS platform you use.
With the abundance of 'old' computers that most people upgrade from, it shold be standard practice to setup an old box as a firewall/dns server.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Most people still believe that just because you can legally do something, doesn't mean you should. When businesses do every sneaky, duplitious thing they can to make a buck, they push that natural tendency toward expecting civility and something resembling high-mindedness in civilized people straight into the Socialist camp.
As a Capitalist, that really offends me. If businesses want to be treated laissez faire then they damn well better learn to make society not feel like they're a bunch of crooks who care so little about the common good that if regulators aren't going Big Brother on them every nanosecond they'll steal everything that isn't nailed down and cheat everyone who isn't paying 110% attention to every detail of their lives.
This is, after all a Chinese city redirecting search traffic away from Google. Hardly surprising, considering the recent lack of love between the Chinese government and Google (even though Hong Kong is *supposedly* exempt from much of China's more repressive policies)
SJW: Someone who has run out of real oppression, and has to fake it.
A perfect example of why we need net neutrality rules in place. An ISP should not be allowed to modify packets or redirect packets to/from known destinations.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
1) Be an ISP
2) Create an online shop ala amazon.
3) Redirect all users to your shop
4) Profit!
FTA, it's a DNS issue, not a search bar takeover.
abysmal sales and slings are limited, future. Even We strongly urge tangle of fatal lagged behi8d, up today! If you about outside posts. Due to the , a proud member that they can hold 486/66 with 8 I'll have offended up today! If you I've never seen hapless *BSD sux0r status, *BSD something done On slashdot.org 'doing something' [slashdot.org], the most. Look at
I just want direct access to the Internet backbone! Enough of this shit. I've heard more than one story about ISPs doing stuff like redirecting connections, monitoring people, disallowing access to certain sites or services (e.g. bit torrent). I just want to tap into the backbone!
Isn't it ironic that the strongest bastion of communism is actually the most viciously capitalistic business environment?
Seth
$5 / month hosted VPS on linux = awesome!
I use a small, local telephone company for my DSL. They're reliable, not the fastest or the cheapest, but hey, it's pretty much a monopoly unless I want the cruddy cable service provider that is unreliable in their connectivity and just as expensive.
For six years now I've dealt with this. At work I just type a keyword and end up at the site I wanted. At home I do that by mistake and I get a page with an advertisement for something local saying the page couldn't be found.
Extremely annoying, but I don't have much choice as I don't want cable or their cruddy service, so I deal with it.
"For the love of $deity why would _anybody_ still be using the DNS server that their ISP provides? Ignoring the multiple FREE DNS providers out there, it is trivally easy to setup your own caching DNS server regardless of the OS platform you use."
Because the internet stoppped being just for techies 10 years ago? Step out of your little bubble, you dweeb, and look around. First you have to give a crap about the concept of a DNS, which is exactly one step too far for the vast majority of folks.
Rightly so, too. If my family had to worry about things like that they would never have gotten any further than the occasional email.
In my past I've frequently been in your position - wondering why the whole world doesn't give a crap about some ridiculous thing I think is incorrect. However, this year I'm turning 40, and for some reason I'm starting to get the other perspective. The "ridiculous" is on the other side.
I have the same issue in Seamonkey, just posted about it on the Mozillazine forums as well. http://forums.mozillazine.org/viewtopic.php?f=5&t=1811375
What firefox does is first try to do DNS lookups for:
foo
foo.com
www.foo.com
before launching the google search.
Thus NXDOMAIN wildcarding (which is unfortunately growing very common, distressingly so in our data) will mess up the firefox behavior by causing one of the three names to resolve to the "helpful" search page belonging to the ISP.
Test your net with Netalyzr
They can if they are in China.
Use Google's DNS.
8.8.8.8
8.8.4.4
Pretty easy to remember, too.
The latest Slashdot meme.
...they can do whatever they want within the bounds of local laws.
Don't like it? READ THE AGREEMENT NEXT TIME. Sorry, arguing this on moral or ethical grounds is a moot point. They provide the SERVICE, you signed the AGREEMENT.
I have dumped all the asian girls that I was going to ask out (being a fat geek, I have no hope whatsoever with caucasian girls) in protest.
UPC in the Netherlands currently pulls the same kind of trick on you.
Their DNS servers have a catch-all redirect to there own search portal. They have instructions on how to undo it (manually change your dns servers), but the common man doesn't of course know how to do that.
Shouldn't governments protect us from this evil?
One might wonder what the actual mechanism for hijacking the Google search query is. If it happens via their DNS lookup, setting your connection to use OpenDNS for all your DNS lookups would counter it. Come to think of it, using OpenDNS would counter the failed DNS page hijacks too, but this one belives that alone is not worth the effort -- seeing their ads on a page indicating domain lookup failure versus seeing an OpenDNS web page indicating lookup failure doesn't make much difference -- you still won't find the page you seek.
Heck, it happens here in the USA. I'll name names too - Windstream Communications. As of a couple months ago they started redirecting our google search bars to their custom search portal. Annoyed the hell out me. Emailed, but apparently got dumped into the bucket of spam/"unhappy customer, please ignore".
I'm surprised that people haven't started making personal resolvers easy to set up and use - or routers don't start coming with them to bypass the ISP resolvers. After all, all you really need is the list of root servers (which change inrrequently and are available at a well-known place for self-bootstrapping) and that's it. Eliminates pharming (poisoned DNS servers), ISP shenanigans including NXDOMAIN, and possibly others.
Add in the ability to link with DHCP in the router and no more needing annoying IP addresses for a home network.
This isn't new, and this isn't NXDOMAIN hijacking. Windstream, a US DSL provider, was already caught red-handed doing this. Not only this but they also refuse to answer very specific questions asked (see http://www.dslreports.com/forum/r24059591-DPILayer7NXDOMAIN-Privacy-questions-re-Windstream-DSL) and provide a paper-thin excuse as to why it's happening (see http://www.dslreports.com/forum/r24074065-Our-Response-to-Redirect-Service-Concerns).
Affected users are not using the ISP's DNS servers, this is not NXDOMAIN hijacking. This is layer 7 inspection, the sheer fact the URL was transformed, being carefully re-written, from the URI passed to 'www.google.com' discredits what Windsteam has said entirely.
When a user performs a search using the Firefox search bar against Google HTTP/1.1 is used with an HTTP method of GET against Google. The following URI is constructed:
q=[search critera]
ie=[encoding]
oe=[encoding]
aq=
rls=[browser]
So, when I search against Google I pass ?q= for my search term.
When this is redirected to searchredirect.windstream.net the URI is transformed, with the ?q= parameter being extracted. Windstream's site uses this URI structure:
search=[search criteria]
src=[interger value, likely points to an RDBMS based on HTTP_REFERER]
Windstream is not disclosing the truth. For this behavior to occur you would have to be using an MITM proxy or DPI; either way they are inspecting layer 7 traffic, extracting the ?q= URI string passed to Google, and either transparently or via HTTP 302 redirecting customers to searchredirect.windstream.net
They got caught, red handed, and have been fabricated mis-truths from the start.
How HTTP/1.1 GET against /search?q=my_search_term becomes /search.php?search=my_search_term without some form of Layer 7 is impossible. This CANNOT be NXDOMAIN.
Clearly they're not disclosing the full details or hiding behind careful sentence structure and semantics. This appears that there is now an industry initiative and a company behind this search harvesting and privacy invasive technology which is being sold to ISPs. Expect more to come, this isn't isolated to over-seas, it's already happening right here in the US.
-SirMeowmix_I
This might be a wake up call for some - maybe not for others. It's just a small step to go from redirecting search queries and results to redirecting Google Adsense for their own profit.
Never mind the stupid DEA or IPV6
The Rev (AAISP) has pretty much single handedly dragged BT's 21CN from "crap" to "almost OK" by doggedly graphing, logging and chasing down faults and showing BT that their network was completely sucky when they *really* did not want to believe anyone.
Am I wrong?
>> Can an ISP just start re-directing search traffic at will?
ISPs that do this are offering a lower quality service than ISPs that do not do this. There is nothing inherently wrong with low quality. To me its fine as long as they say so in their terms of service, then users can choose to agree to the terms or go somewhere else to get the service they want.
Yes.
But then again customers can stop using them. (Of course theres legal ins and outs depending on the contract you signed... but you read that of course didn't you?)
- http://www.milkme.co.uk
I thought that was standard.
All Google needs to do is modify their search bar to encrypt the outbound search string using Google's public key. By doing that, it makes it difficult to intercept whatever search is being done.
That was the turning point of my life--I went from negative zero to positive zero.
The issue is that the ISP is redirecting your malformed URL before Firefox can, right? And yet the ISP is sleazy and Firefox is a victim?
How about everybody not fiddling with DNS responses, at least not without asking permission first?
1. Apple makes Kurt from Glee look straight.
2. I suspect that, based on their approach to their users, Apple would be more likely to pitch than catch.
Is it just my observation, or are there way too many stupid people in the world?
For all that Hong Kong people may have the right to demonstrate, have a separate judiciary, there are still companies operating in Hong Kong that are being pressured to conform to mainland laws...
A Hong Kong Internet company, called TOM Online, announced it had stopped using Google's search mechanism. "TOM reiterated that as a Chinese company, we adhere to rules and regulations in China where we operate our businesses," the company's parent, Hong Kong-based TOM Group, said in a statement Tuesday.
Companies owned by people/companies subject to Chinese laws, or wishing to do business in China proper, will certainly have to make decisions based on the relations they want to keep with the Chinese government. I can well imagine employees of a HK company being denied visas based on the ire of some Chinese bureaucrat. Or Chinese citizens who own an obstreperous HK company getting harassed because of the behavior of that company.
Such practices are completely unrelated to browsers. I don't know why Firefox is in the title of the submission. It affects any software that resolves addresses using DNS.
duckduckgo is amazing in my book - it
makes me feel warm and fuzzy inside.
I tried most of the major websites and no dice with https.
Here are few that do
https://www.blackle.com/
https://www.powerset.com/
https://www.leapfish.com/
https://www.a9.com/
honorable mention
https://www.vadlo.com/
and a mystery anyone know what's up with this
https://www.ask.com/
https://www.bing.com/
Soon ISPs will be redirecting youtube traffic to here http://www.youtube.com/watch?v=b1WWpKEPdT4
sigh.
IANAL, but isn't it trademark infringement if your browser tries to look up Google by name and an ISP deliberately redirects to a different, similar service?
Oh for fuck's sake. This is the same thing that Network Solutions and ISPs all over the world have tried for years. Nothing new to see here, folks. Just a response to failed DNS queries that redirects to a selected search provider.
It's amazing to me that not a single person in this entire thread (at least that I detected on a fairly close skim) actually read TFA where that was made plain as day.
Switch your DNS and the problem goes away.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
To my mind, intercepting your your conversation with someone else's DNS server and impersonating it, and supplying responses that appear to come from the DNS server you are trying to talk to amount to interception and fraud. Both are normally criminal activities. That's quite apart from possible breach of contract with you by failing too provide the interntet connectivity you are paying for. Any ISP doing that should be reported to the relevant regulatory body.
Wouldn't vpn over port 443 (https) make more sense? This way at least they'd be _expecting_ to see encrypted traffic on that port, instead of what should be clear traffic. And 443 is just about as likely to be open as port 80 is. Or does your employer honestly block all secure web traffic?
How about forcing you to use their DNS? Cox Communications thinks that's all right.
I set my mother up on Google DNS the last time her wireless router cratered, it worked fine for months, suddenly she can't resolve a name. Her wired router, which picks up all its values from Cox was fine. Turned out Cox has silently instituted a "their way or no way" policy.
Unfortunately, Mom can't vote with her wallet because even though there are multiple ISPs serving her geographic location, they are not all available in the same areas.
P.S. Charter Communications started hijacking search results from *its* customers over a year ago, and deny it to this day.
antitrust
Comcast is doing this... I have a portable version of firefox running, and comcast hijacks pages not found, and redirects it to their search, instead of allowing me to use Google!
Just because it works, Doesn't make it right. - JTM
``there's usually a way to bypass this''
Yes, there is Google Public DNS. A gratis service provided to any desiring user.
http://code.google.com/speed/public-dns/
``What is Google Public DNS?
Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider. ''
1. They have been doing A
2. Can they do A?
Obviously they have demonstrated that they *can*. Whether or not they should be allowed to is another matter.
I am a netvigator user, and I am very very upset about this Redirect-ing thing!
Just spend 30 mins call them up and complain about it, no one in the CS seems understand much what do I mean instead of suggesting me am my computer infected with Virus.. (BS! they redirect the page at DNS level on that)
Anyway filed a complain and they promise to come back to me in 48hrs.
I solve the problem by using Google OpenDNS
personally thinks they DO NOT have such rights to redirect me to their AD page, and I am also upset because they blocked my port 1723 PPTP, will change to another ISP if they do not give me a fair enough answer.
Browse to http://searchredirect.windstream.net./ Select "Opt Out of this Service" on the bottom right corner of the page.