Slashdot Mirror
Mediacom Using DPI To Hijack Searches, 404 Errors
Verteiron writes "Cable company Mediacom recently began using deep packet inspection to redirect 404 errors, Google and Bing searches to their own, ad-laden 'search engine.' Despite repeated complaints from customers, Mediacom continues this connection hijacking even after the user has opted out of the process. Months after the problem was first reported, the company seems unwilling or unable to fix it and has even experimented with injecting their own advertising into sites like Google. How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?"
Can't touch this!
File an anti-trust complaint and break up the monopoly. That is what those laws are for.
I'd hope Google would sue them for copyright violation, changing their webpage in transit, and collect damages per changed page. Additionally they create confusion by diluting Google's trademarks (and those of anyone else whose page is changed). I mean this violates so many laws it isn't funny.
You could serve them with a DMCA cease and decist notice as a normal website author. Fight fire with fire.
Rant and rave about shitty their website is with all the damn flashing advertisements at the top of the screen. If enough people do this, then google might actually take a look instead of ignoring the idiot user complaining about the non-existant.
Then given google is an advertising company they are likely to send the lawyers to stop said ISP from messing with their bread and butter.
What they are doing is fraud. Sue them and use *AA scales to calculate compensatory damages. Assume each false-404 corresponds to one music download, charge the normal $75000 per song.
"How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?""
More regulation, obviously.
t
Came to this story to post exactly the same thing. If you take someone else's copyrighted work (i.e. any web page that is not explicitly placed into the public domain) and create a derived work (that page with adverts), which you then distribute for profit (ad revenue), then you are committing wilful copyright infringement for commercial gain. You can be liable for a statutory penalty of up to $150,000 per work (at least per site, possibly per page) in the USA.
I am TheRaven on Soylent News
In the short-term, an FTC Complaint (https://www.ftccomplaintassistant.gov/) works wonders due to their power to impose fines for every complaint.
File early, file often.
Lies about crimes
It would probably be unethical to suggest arson, so I won't.
Good luck finding one in your local monopoly. (missed that part?) Even in my major metro area, the next best choice is an also-ran DSL service from Verizon at a fraction of the speed for almost as much money.
This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.
Hey slashdot devs, Here's an ad for ya: "VortexCortex: Web Developers Should Know CSS/Algebra!"
Not once have I disabled ads, satisfied to give Slashdot whatever meager income the ads provide, but this has forced my hand...
I'm not sure, but wouldn't this exclude them from common-carrier protections? If so, it should be fairly easy to make them provide you with illegal services (think gambling, not CP - no reason to get FBI on your ass).
What?
It's not exactly what the submission says. If you enter search data in the address bar it may redirect you to Mediacom's servers whether you opt in or not. However if you use the search bar it won't redirect you. This is considered unacceptable by the person who wrote the giant post in the "deep packet inspection..." link above. I'm not going to debate whether this is unacceptable or not, but there is a workaround - just use the search bar. As someone who does not do searches in the address bar that seems OK to me.
Wire Fraud:
A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?
that Mediacom, by using this technique to redirect certain traffic, are in fact violating 18 U.S.C. 1030 (Fraud and Related Activity in Connection with Computers) by committing just that -- FRAUD. If I go to Google to search for an explanation of a math problem but all of my traffic is routed through Mediacom's system first and I then get responses from Mediacom that looks like they are coming from Google - that is fraud. Pure and simple. I _trust_ Google (for the most part) to give me the information I am seeking. I don't trust my ISP that is redirecting traffic and injecting their own ads to increase their profit margins. The ISP exists solely to move data, un-accosted except for "traffic shaping", across their wires. If I type in www.google.com and start a search, by all that is holy and unholy my data had better be going to Google and not be redirected to point B before reaching Google -- isn't that, technically, a man-in-the-middle attack? Which is also a violation of 18 U.S.C. 1030 I believe.
I hate that the United States is lawsuit happy but, let's face it, hitting these assholes in their pocketbooks are probably the only thing that will get them to cease and desist. Even then they'll keep trying or buy immunity or something. Until then though, I'm down with cleaning out their ill-gotten and misdirected coffers.
NOTE: I am not a lawyer and this is not legal advice.
Dream as if you'll live forever.
Live as if you'll die tomorrow.
~Anonymous~
I have a great solution for reducing spam. Don't reply and it will stop. If you don't buy any h3rb4l V1agr4, they eventually notice and stop.
They won't ever notice. For example, my not buying Sony products over the past dozen years is of no discernible impact to Sony. I haven't bought a Dell, but that isn't due to any problem I have with them. How is Sony to infer that I don't care for them, while Dell I just haven't bought from yet?
Yoghurt
I have Mediacom's internet service and the solution is to use a different DNS server other than the ones Mediacom provides. I use Level3's DNS servers (4.2.2.2 and 4.2.2.3) for my DNS lookups and I do not get any redirects. You can either manually set the DNS servers on your computer or set them at the router.
Just "gittin-r-done," day after day.
It is usually not "their" ad server. Advertisers do not trust content providers and prefer to count the hits themselves. This means that it is most likely that the ads being inserted are not on the ISP's servers. The ISP's server are inserting code that directs the client to download ad content which, in turn, generates revenue for the ISP.
Would "adblock" work? Yeah, probably.
The only way companies will truly reform is when they risk losing customers. Stop complaining but cancel your contract and tell them (and the rest of the world) why.
Well, if you are without internet connection, it's a bit harder to tell the world why. :-)
The Tao of math: The numbers you can count are not the real numbers.
Is it possible to use Tor for http and no Tor for https?
I'd say that's the opposite of what you should be doing if you're worried about honeypot Tor exit nodes. You should run HTTPS over Tor and use Perspectives to make sure you aren't getting MITM'ed. Don't run unencrypted stuff over Tor that you don't want anyone else to see.
"When information is power, privacy is freedom" - Jah-Wren Ryel
https anywhere is an excellent suggestion, as it shuts down Phorm-like attacks down.
I'd recommend some additional items as well:
1: If you can do this on your router, I'd find the IPs for the dodgy ISP's ad servers, and block [1] them.
2: Adblock, Ghostery, and BetterPrivacy are a must. At least Adblock, because this protects against incoming malicious software far more than any AV utility. Until ad rotating sites take responsibility and stop allowing clients to serve up malicious code, blocking ads is a security measure.
3: Consider a VPN service. I use one for my mobile devices when using open wireless networks not just to stop FireSheep like attacks, but to keep my personal traffic just between me and the VPN provider.
4: PeerBlock plus iBlocklist. This isn't just for people wanting to infringe on IP, but there are also well maintained IP lists for malicious sites, ad sites, and nasty stuff in general.
[1]: Drop packets going from your machine to the ad server, reject packets going from the adserver to you. The reason behind this -- the drop sends an error packet back, telling your machine that there is an issue, and not to keep waiting until a timeout.
This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.
Why not go the full mile, and decide that the internet is essential infrastructure and should be provided by the state? I know all the usual arguments, "the government is evil per definition", and "all public efforts are big, bumbling wastes of time and money". Both are disingenious, bordering on fraudulent - the state is NOT the government, just for one thing, and most of government is not the politicians; and even politicians are not all thoroughly evil, believe it or not.
And, as a matter of fact, most state driven projects are not all that bad - some are even highly succesful. It's just that bad news sell better and of course, it mets the expectations of the readers that "governments are evil and useless" - why else would they ask us to pay tax?
Couple of things:
(1) robots.txt isn't a legal protocol. Computers don't form contracts, particularly not implicit ones by virtue of the absence of some data associated with a private convention. A lot of what Google does is understood as technically contrary to the law in some countries, to the extent that in some places (e.g. UK) the government has been lobbied by Google to extend the notion of fair use;
(2) Even if robots.txt had some force, the absence of robots.txt conventionally allows for crawling and indexing. I don't see why this can be reasonably understood to extend to all the caching and thumbnailing Google does.
Yes, more regulation is the answer. These companies have been granted a monopoly and should be restrained to the point where they can't do any damage. Deregulating would just cause trouble with laying wires.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
Actually you're wrong. There's a difference between a legal frame injection and illegal redirection.
http://attackvector.lescigales.org/2009/05/06/178/
Go educate yourself. And yes, there IS a law against it.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I got Bellsouth DSL, because cable was not laid on my side of the street. I got the modem and an installation disk. I called and said I was not running an installation disk, please tell me what I need to do special for your connection, if anything.
They said they understood, and I can do it at this web address. The website was basically blank. Are you using internet explorer? No of course I'm not. Well the site only runs in IE. I should have been suspicious, but figured they are idiots.
ActiveX did exactly what the install disk would have done as soon as I opened the page in IE. I'm still finding bits of things. Motive*, MCCI*, att-nap. Of course, bellsouth was bought by ATT, and I was not pleased about finding that out either.
No, the alternative was to regulate the monopoly as if were a monopoly, as opposed to pretending there were free market forces affecting the company.
Good thing they aren't common carriers, then.
That would be wonderful. Here's an anecdote as to why this plan fails for me in particular.
I unfortunately have Mediacom in my area. They've effectively got it made so that you can't do this. First, they charge $20/month more (I believe it was) for a non-contract plan, which adds up, and so now I'll get hit with a $200+ cancellation fee if I try switching. I also pay for an internet/cable package even though I don't want cable because it is cheaper than the same speed internet by itself. A lot of the things they do don't make much sense until you look at it from their point of view - they've got you over a barrel and are going to take as much of your money as they can.
The main problem, alluded to in the summary, is that there really is no other option. When I moved to my current town, I tried finding something else - called their main competitor Qwest up, no service in my area. The only other option was Iowa Telecom, which went under and got bought out within a couple months of when I was trying to set up services. The new company was not in the phone book, did not have a functional website, and I think I finally found their number in a newspaper ad or something. It was going to be about $10 less for substantially slower DSL, and was going to take 3-4 weeks to set up if I remember correctly. Mediacom does take 2-3 weeks to make a house call. And as bad as Mediacom's service had been in my experience, everyone from the area told me Iowa Telecom was worse somehow. In fact there are many who get their internet through a cellular company because a wireless dongle with tiny bandwidth caps and an expensive data plan is superior to Mediacom in many ways.
I live out in the ass end of Iowa in a small town where I'm new without many friends. We are actually too far from every single major city to pick up any television stations, and only get a couple radio stations consistently. I was starved for entertainment before they got my internet hooked up and had a lot more trouble keeping up with friends from school and whatnot. Don't get me wrong, I hate this damn ad page that they're talking about. I hate getting hung up on while on hold with customer service/sales/anybody I call there. I hate getting an envelope stuffed full of ads every month so that I nearly throw away my bill with all of the crap I don't want. I would love to switch from Mediacom, there's just nowhere to go.
You're both right, actually. In the US anyway. It is a natural monopoly, yes - that is why competing cable companies rarely serve the same area. Once the first gets established, the second has no incentive to chase the same customers. The very high initial investment of cables makes it non-viable to enter a market unless the customers have no other alternatives. But it is also a regulated monopoly: Many local authorities (And I'm taking county or municipal level here, not state or federal) do grant service monopolies.
There was an incident some years ago when one of the ISPs (I forget which) started redirecting name-not-found DNS queries to it's own ad-filled error page. An incidential effect of which was to crash HP printers - some obsolete models were trying to connect to a disused update server to fetch updates. When they were instead directed to the ad-page, they did as they were programmed and tried to update. Fortunatly they didn't go so far as to install an ad-banner in place of their firmware, but it still resulted in very difficult to diagnose printer failures. I've been trying to find details on google, but can't seem to dig it up any more.