Slashdot Mirror
How One Man Fought His ISP's Bad Behavior and Won
An anonymous reader writes "Eric Helgeson documents his experience with an unscrupulous ISP that was injecting affiliate IDs into the URLs for online retailers. 'It appears that the method they were using was to poison the A record of retailers and do a 301 redirect back to the www cname. This is due to the way apex, or 'naked' domain names work.' Upon contacting the ISP, they offered him access to two DNS servers that don't perform the injection, but they showed no indication that they would stop, or opt-out any other subscribers. (It was also the only wireless provider in his area, so he couldn't just switch to a competitor.) Helgeson then sent the data he gathered to the affiliate programs of major retailers on the assumption that they'd be upset by this as well. He was right, and they put a stop to it. He says, 'ISP's ask you to not do crummy things on their networks, so how about they don't do the same to their customers?'"
Google DNS is 8.8.8.8. and 8.8.4.4
Open DNS is 208.67.222.222 and 208.67.220.220
Norton Safe Connect (personal use, not for business) is 199.85.126.10 and 199.85.127.10. Supposed to protect against malware, phishing sites, and scams.
https://dns.norton.com/dnsweb/homePage.do
Life is not for the lazy.
From the featured article: "There is currently no way to validate the DNS record you’re being served is what the person hosting the website intended." Apparently the author hasn't heard of DNSSEC.
(It was also the only wireless provider in his area, so he couldn't just switch to a competitor.)
No, the blog says:
You may be asking why don’t I switch ISPs? Well they are the only one besides a wireless provider in my area.
Which means there are 2 ISPs. The one he's using is not wireless, and the other one is wireless.
Name of the ISP please?
Being from the part of Minnesota that Arvig is based in, I can tell ya, this behavior is very typical of them.
When I had gotten set up upon moving into the area, the install tech bragged how all the homes (over 200 of them) on this part of town were all connected on 1 cable loop. It was a heads up from the tech that I should have paid attention to. I ended up cancelling my service early due to a consistent 1mb down every Friday and Saturday when I was paying for 10mb. Customer service actually said "we guarantee up to 10mb" "10mb is the maximum you will get"
So many have switched over to 4g hotspots, they actually cut the offices hours here.
Saw this in Reddit this morning but thanks for reposting it.
Seriously, the drawback to using public DNS like OpenDNS and Google DNS is that they present a serious performance problem.
Even though the physical DNS servers are "anycast" and geographically diverse, the IP addresses are still the same. Threrefore, the large content delivery networks (CDNs) like Akamai and LimeLight still use the IP address of the DNS server to judge your location.
Therefore, any service that uses a CDN (even Google's use them in spite of their own network) will really serve your content out of a data center that is not geographically or logically near your machine's location.
The article (if you read it) mentions that his ISP, like most that have similar revenue-extracting services, really does offer alternative DNS servers that do not pack affiliate cookies. You should use those if you want to enjoy high-performance, edge-serve content via Akamai (AKAM) and LimeLight (LLNW).
Otherwise, you'll all get your edge content served from some random data center in the central USA.
Kriston
VPN.
Not much else you can do.
It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.
Do a search for "DNSjumper". It's a great little tool that lets one well...uh...jump around various DNS servers and arrange them in any order you want, ping them much easier and more often and makes it comfortable to change one or all if you feel your current list isn't to your liking. (I'm not sure of the author's or company's official website, so I don't want to push one source over another).
Is any of the P2P DNS solutions (and which one?) a viable alternative to the Google DNS or OpenDNS? Does anyone have experiences that they would like to share?
I think I read 75% of the things here elsewhere around a day in advance.
Slashdot isn't (well, in its prime) where you come for breaking news, it's where you go (again, back in its prime) for great intellectual technological discussions.
Since when does being a Socialist mean 'someone who has a different opinion than me'?
There are plenty of people out there (myself included) who wish they could get Comcast. Satellite sucks...
Thirty four characters live here.
I don't think the online retailers would agree. The ISP is doing nothing to promote specific items or online stores, so why should the online stores subsidize your internet connection?
"Remember, there never were pineapple-almond cookies here."
I'm in a worse situation - my apartment complex signed a deal with a certain niche ISP by the extremely vague name of "Telcom", to provide internet at a fixed rate (the base package is part of my rent, so I don't even know what they're charging). While we're officially allowed to buy our own if we so choose, a) I'd still be paying Telcom for their TV/Phone/Internet deal, and b) not a single other ISP is actually offering anything to this apartment. Every building bordering it, sure, but even in the months-long hiatus where Telcom couldn't get the building hooked up but the deal had been made, nobody would give me service.
A few months ago, there was a peculiar outage. They have glitches every so often where the connection dies for an hour or so, so I didn't think much of it until I realized Bittorrent was still downloading. A few more investigations showed that pings by IP worked, but not by hostname - but never with an actual DNS error. I didn't bother investigating further, and just set my DNS server to 8.8.8.8 because that was all I could remember off the top of my head. I now suspect they may have been trying to implement something like this, because that's just the kind of scummy move they'd do.
I started keeping track of their uptime last month. By my numbers, they got one nine of reliability - 90% uptime.
I'd switch in a heartbeat as soon as anyone dared to sell me anything else.
Most of the "news" on here is days or even weeks old by the time its posted. I remember when sites actually linked to slashdot for news.
Only the State obtains its revenue by coercion. - Murray Rothbard
Your ISP can still spoof the DNS responses. That's what hotels do.
But assuming they don't, no reason not to just run your own cacheing DNS resolver on your local network. It's very easy to do and might even be faster than third parties like GOOG, OpenDNS or Nominum. Certainly faster for people who determine your location via DNS resolver address.
(That Hiroku article is bizarre. Tip: "root domain" means something different. You can put a CNAME on any name. And why would one sort require hard coding your IP address???)
> It's not good enough that they track you at every site that uses Analytics,
> every site that uses AdWords, every site you go to from their search engine,
> every site you visit with their Toolbar in play. (I'm forgetting a hundred other ways they suck your data.)
Factoring in a few of the other ways you didn't list, like sites with YouTube videos, we can guess Google is aware of about 85% of consumer web traffic. Using their DNS would tell them the only the hostname of the other 15%, and only once per TTL. So call that 7% from using Google's DNS.
Using anyone else's DNS gives that other company 100% of your lookups rather than the 0% they had before. 100% is a lot more than 7% or 15%, so you're giving up a lot more privacy by using any DNS other than Google.
In other words, Google already knows which sites you're visiting - you got to those sites by searching Google. Why would you also give that information to some other company?
That was my thought process after I found that Chrome is so good for web development. I'm using Chrome, so Google has a profile of my web surfing. There is no reason to let another company have the same information, so I'm better off using Google services all around. (Besides the fact that Google provides good services, which get better as they are integrated.)
First of all, Amazon doesn't get a very high percentage of affiliate tagged traffic/purchases. If every ISP would do this, it would get 100% and the whole business model wouldn't work any more. Amazon would have to pay out way too many affiliate bonuses. Second, any affiliate that the user might choose, would lose out because their tag would get replaced by that of the ISP.
I was promised a flying car. Where is my flying car?
I don't know what the exact laws on net neutrality is where this happened. However, if an ISP were to do this in the Netherlands, they would get hit with fraud, net neutrality and "criminal organization" charges. You'd have to have some pretty good lawyers to be able to stay in business at all
I was promised a flying car. Where is my flying car?
To be clear, the ISP has committed a criminal act (fraud), it is obtaining financial gain by deception - the concealment of the fact that no person willingly used an affiliate link.
I think that if they weren't prosecuted then they committed a crime and got away with it. The victims being the retailers and any legitimate affiliates who lost out (if that is the case).
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Well, I like to use Slashdot as a filter to make sure I didn't miss anything. It may not post the fastest, but generally it covers most things.
There appears to now be a similar, open-source DNS benchmarking program available: namebench. I haven't tried it out, but it looks promising.
I'm a leaf on the wind. Watch how I soar.
I read the first couple of paragraphs at the link given and I still do NOT know what the ISP did.
Fata viam invenient.
How is it possible, that this post was modded Funny? Slashdot is exactly what this post describes. Slashdot is mainly great because of great comments and well done comment rating system.
It's funny, because the great comment/discussion you're talking about has been going downhill for a very long time. Just look at the first post on this topic, for a case in point.
Affiliate programs are a form of advertising that work by giving you an ID that you add to the URL of a link on your server to a particular seller's site (Amazon, etc.). This ID allows the seller to determine which affiliate drove that click to their site, and the affiliate (the ISP in this case) is paid a fee for sending that click to them. What's happening here is that the ISP is taking the initial DNS request and doing a redirect to a URL that includes their affiliate ID for vendor sites they participate in affiliate programs, but they're doing it for *all* DNS requests for those sites, not merely in response to clicking the advertising links provided by the seller.
For instance, Amazon offers page banners for their affiliates to post on their own sites that contain links to products you might be interested in, and if you click one of those links, whoever is hosting the banner will get paid for that click based on the affiliate ID contained in the links in the banner. In this case, if you just enter "www.amazon.com" in your browser, the ISP is adding an affiliate ID to the redirected URL your browser is given, so the ISP is being paid by Amazon, who thinks that someone clicked on one of their ads even though the ISP didn't display a banner or otherwise perform the service that Amazon is paying for. The ISP is exploiting the trust that the seller is extending to their affiliates in order to get paid more than they're entitled to, and they're basically stealing money from the seller for advertising that was never provided.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Anyone can get Comcast. I imagine you might be unwilling to do what it takes, namely to move into Comcast's service area. (References: move; ; move)
CDN's don't base the DNS server you use as the basis for decided where to serve content, *they base it on the destination IP address (i.e. your computer)* They couldn't use DNS servers simply because large ISP's like AT&T or Comcast all use the same DNS server IP addresses.
Furthermore, how would they ever get the identity of the domain server your system uses during the three-way handshake? If they can, please tell us how. I'd really like to know.
Short, simplistic answer: the ISP found a way to fraudulently skim a percentage from online retailers for every purchase made by the ISP customers.
Slightly more detailed answer: the ISP directed users looking for online merchants like "amazon.com" to it's own bogus server. That bogus server then re-directs the user's browser to the merchant's server in such a way the consumer doesn't notice and the merchant thinks the customer is following a product referral from an advertising partner. Thus the ISP collects a kickback intended for people who make product recommendations and referrals, without actually having made any recommendation or referral.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Nobody has answered the questions I posed. Does the user see an even slightly different page? Do they get different prices on stuff on the site? Who are these affiliates?
I could understand if amazon.com was being redirected to a rival company, or if (as some ISPs have done) typos and invalid DNS entries got redirected to a page stuffed with advertising.
Excuse me if I don't understand this aspect of Amazon's trading practice - but then you are probably sitting in your mom's basement spending her money on Amazon all day long. Okay now we're even.
Only reason I'm looking at it is because I browse at -1. So looks to be functioning just fine.
I admit that my comment was not perfectly rigorous. Category 1 can't read my assertion anyway, and category 2 can be fixed by adding "or foreign counterparts" where appropriate.
Question:
How is it possible, that this post was modded Funny?
Answer:
Slashdot is mainly great because of well done comment rating system.
The CDN just sends you to the edge servers that are closest peer to the DNS server. I thought there was a very elaborate geolocation scheme, but there is not. They merely use the location of the DNS server that resolves your query.
I was so disappointed. There is no magic. They do not know nor care about the end user's IP address. The CDN just sends you to the edge servers that are closest peer to the DNS server. Certain companies actually seem to own patents on this simple technique.
Kriston
Lol, this one should have been modded funny.
You will not be surprised (if you've been here a while) to learn that Slashdot doesn't have DNSSEC.
I'm not surprised in the least, given that Slashdot offers HTTPS protection of the session cookie only to subscribers.