Slashdot Mirror

← Back to Stories (view on slashdot.org)

Widespread Hijacking of Search Traffic In the US

Posted by Soulskill on from the par-for-the-course dept.

Peter Eckersley writes "The Netalyzr research project from the ICSI networking group has discovered that on a number of U.S. ISPs' networks, search traffic for Bing, Yahoo! and sometimes Google is being redirected to proxy servers operated by a company called Paxfire. In addition to posing a grave privacy problem, this server impersonation is being used to redirect certain searches away from the user's chosen search engine and to affiliate marketing programs instead. Further analysis is available in a post at the EFF."

6 of 194 comments (clear)

  1. Use HTTPS by mrogers · · Score: 5, Informative
    Another good reason to install HTTPS Everywhere, a browser extension that will redirect your Google searches to the HTTPS version of the site. By checking the certificate presented by the server, your browser can then be sure that it's talking directly to Google. (HTTPS Everywhere also works for a lot of other popular sites.)

    Or, if you don't like Google, use DuckDuckGo, which uses HTTPS by default with no need for a browser extension.

    1. Re:Use HTTPS by arth1 · · Score: 3, Informative

      Sure, there are benefits, but as always, TANSTAAFL.

      - https does incur overhead and higher CPU usage on both ends, so it will be slower.
      - I will defeat most of the benefits of running local caching proxy servers (come on, this is /., surely I'm not the only one with a proxy array at home?)
      - Some sites serve different content on the http and https sites.
      - A few even redirects the https to http (to save themselves cycles and bandwidth, while not losing the visitor).

  2. ISPs by Jaysyn · · Score: 4, Informative

    Here is a list of the ISPs mentioned in the article:

    Cavalier
    Cincinnati Bell
    Cogent
    Frontier
    Hughes
    IBBS
    Insight Broadband
    Megapath
    Paetec
    RCN
    Wide Open West
    XO Communication

    --
    There is a war going on for your mind.
  3. Re:Simple Solution by X0563511 · · Score: 3, Informative

    Then use a local resolver, ensure you set up DNSSec checking, and beat everyone with a stick who still doesn't sign their zones.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  4. Re:Do you have a useful tool for identifying this? by nweaver · · Score: 3, Informative

    Yes. Netalyzr specifically detects this condition amongst its many other tests. We also have a Java Command Line Client.

    You can also check by doing a "dig search.yahoo.com". If the authority is "jomax.net", its a Paxfire appliance changing the results.

    --
    Test your net with Netalyzr
  5. Re:I wonder by number11 · · Score: 4, Informative

    Now if only I could vote with my dollars and switch to a different ISP that hasn't done this (Charter is my other option and they "claim" to have stopped).

    Why not simply plug in a different DNS instead of using their crappy one?
    Google 8.8.8.8, 8.8.4.4
    OpenDNS 208.67.222.222, 208.67.220.220
    Verizon 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6 (since these are all same subnet, don't use for both primary and secondary)

    You can use Google Namebench to compare DNS speeds.