Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast's Protected Browsing Is Blocking PayPal, Steam and TorrentFreak, Customers Say (vice.com)

Posted by msmash on from the your-guess-is-as-good-as-ours dept.

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

82 comments

  1. This, in general, is a bad thing by i_ate_god · · Score: 1

    Why does the summary suggest this is a good idea? What's good about it exactly?

    --
    I'm god, but it's a bit of a drag really...
    1. Re: This, in general, is a bad thing by mSparks43 · · Score: 0

      Comcast customers are to stupid to browse the internet on their own.

    2. Re:This, in general, is a bad thing by Anonymous Coward · · Score: 0

      > blocking perfectly harmless sites like PayPal

      If they freeze your assets, you won't call them that.

    3. Re:This, in general, is a bad thing by Anonymous Coward · · Score: 0

      Blocks bandwidth thieves, kids, etc. from doing stuff you don't want them doing without your knowledge. Granted, it also blocks them from doing useful things with your knowledge if you don't know how to turn it off.

    4. Re: This, in general, is a bad thing by Anonymous Coward · · Score: 0

      too

    5. Re: This, in general, is a bad thing by mukinrestak · · Score: 2

      In markets where they have a choice of broadband ISP, sure they're that stupid. Sadly though, not all markets have that choice.

    6. Re: This, in general, is a bad thing by Anonymous Coward · · Score: 1

      Many of comcast's customers wouldn't be comcast customers if they had another choice, but in many areas your choices are 1. Comcast or 2. No internet.

    7. Re:This, in general, is a bad thing by Anonymous Coward · · Score: 0

      Not that it's a great idea in general, but those three? A pretty decent start? It's like the "lawyers on a sinking boat" joke. A lot of the web isn't worth having default privileged access to really.

    8. Re:This, in general, is a bad thing by Luthair · · Score: 1

      Not really different than 9.9.9.9 which people applauded

    9. Re: This, in general, is a bad thing by lister+king+of+smeg · · Score: 1

      As they are the only* option where I live how does that make me stupid. My apartments lease says no satellites (historic building) and they are the only game in the building. More like shafted than stupid.

      Not counting cellular (more expensive and low data caps) and dial-up are not really options.

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    10. Re: This, in general, is a bad thing by CodeHog · · Score: 2

      ^^^ This

      --
      Fat, drunk, and stupid is no way to go through life, son.
    11. Re: This, in general, is a bad thing by ArtemaOne · · Score: 1

      True. I have Comcast, but there are no alternatives for broadband. I generally like my service, just not the 1 terabyte cap that I've gone over the grace twice (you get two free).

    12. Re: This, in general, is a bad thing by mSparks43 · · Score: 1

      Iâ(TM)m pretty sure not being able to establish your own broadband connection counts as stupid, typical state depenancy mentality, always someone elses fault.

    13. Re:This, in general, is a bad thing by Anonymous Coward · · Score: 0

      A lot of the web isn't worth having default privileged access to really.

      All you really need is facebook.

    14. Re: This, in general, is a bad thing by Anonymous Coward · · Score: 0

      Web Site != company itself

  2. Is this on by default? by ArtemaOne · · Score: 1

    Do users turn this on, or is it a default setting? I'd be upset if it were forced on people. This sounds like a violation of net neutrality, which is still in place for a while longer.

    1. Re:Is this on by default? by Anonymous Coward · · Score: 0

      "This sounds like a violation of net neutrality"

      How does one violate something that does not exist?

    2. Re:Is this on by default? by 110010001000 · · Score: 1

      It is the default setting. Turning it off it pretty difficult as it requires you to login to a website and find it in the Security -> Advanced settings. This shouldn't be a surprise. They have been doing it over a year now.

    3. Re:Is this on by default? by ArtemaOne · · Score: 1

      Sounds like they're tightening the screws lately. I'm overseas for a few months, so I'll have to try to log in and fix it by the time I get home.

    4. Re:Is this on by default? by 110010001000 · · Score: 1

      Well get used to it. Eventually they are going to start limit what devices are allowed to connect and what protocols you are going to be allowed to use. It is only a matter of time.

    5. Re:Is this on by default? by Berkyjay · · Score: 1

      Where exactly is the security section?

    6. Re:Is this on by default? by msauve · · Score: 2

      So, they were violating net neutrality a year before the FCC got rid of it.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    7. Re:Is this on by default? by Anonymous Coward · · Score: 0

      Net Neutrality hasn't ended yet, so this isn't a violation. Too many people are just randomly blaming things they know damn well aren't because they're trying to dishonestly make a political point.

    8. Re:Is this on by default? by Anonymous Coward · · Score: 0

      Your argument makes no sense.

    9. Re:Is this on by default? by ArtemaOne · · Score: 1

      The rest of the setence that you eliminated from the quote?

    10. Re:Is this on by default? by ArtemaOne · · Score: 1

      That makes no sense.

    11. Re:Is this on by default? by 110010001000 · · Score: 1

      https://internet.xfinity.com/n...

    12. Re:Is this on by default? by Anonymous Coward · · Score: 0

      It's an opt-out, not a mandate. Plus you probably "elected" to use it when you signed for the service.

    13. Re: Is this on by default? by Anonymous Coward · · Score: 0

      How does one violate something which never actually existed to start with?

      Why is it OK to block the Daily Stormer but wrong to block torrentfreak?

    14. Re:Is this on by default? by Anonymous Coward · · Score: 0

      de wrest of de wurds n letttars frum ur santance?

    15. Re:Is this on by default? by Anonymous Coward · · Score: 0

      And yet you're still supporting and voting for conservatards. I don't want to hear your whining. This is what you asked for.

    16. Re:Is this on by default? by Berkyjay · · Score: 1

      Funny, this says I'm not eligible. Probably because I don't rent their shitty modems and routers. I wonder if that means they can't filter my traffic.

    17. Re:Is this on by default? by Anonymous Coward · · Score: 0

      NN is still the law, and because Comcast only breaks state and local laws as a policy since local politicians are cheaper to buy, this isn't against the law. The NN law hasn't changed in years. Comcast hate us and consonantly works to destroy our lives and the ones of all of our loved ones, but they are careful with federal law since they know that now that we're Trump-ruled, Trump look for any excuse to nail a corporations. Trump is a populist, and nothing would be more popular than attacking Comcast to Comcast has made the decision to shit on all laws except federal because they're terrified Trump will attack them to gain votes.

    18. Re:Is this on by default? by Anonymous Coward · · Score: 0

      Um....they still can filter your traffic. Unless you have VPN?

    19. Re: Is this on by default? by ComputerGeek01 · · Score: 1

      That's completely different. No one blocked the Daily Stormer, they just couldn't find a host for their content.

    20. Re:Is this on by default? by pnutjam · · Score: 1

      I've run a server on my comcast internet for years without a peep.

      --
      Cheap storage VM.
  3. Torrents ARE a source of malware by Anonymous Coward · · Score: 0

    But, hey, we're bashing Comcast. Can´t let facts get in the way of our partying.

    1. Re:Torrents ARE a source of malware by viperidaenz · · Score: 2

      TorrentFreak is a news site about torrents.

      The media industry doesn't like them because they don't publish their view.

    2. Re:Torrents ARE a source of malware by Falconnan · · Score: 1

      And a distribution model used for a lot of open source materials as well. Also, that doesn't really justify this as I am unaware of any technology that isn't a source of malware.

  4. Fake news by Anonymous Coward · · Score: 0

    Nothing to see here. This is just the lamestream media attacking the great Comcast with lies. Everything is fine. There is no chaos, just great energy.

  5. Perfectly harmless? by Anonymous Coward · · Score: 0

    But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal.

    I'm sorry, but PayPal is anything but harmless.

    They want to be used like a bank, but they refuse to be a bank ... they'll arbitrarily empty your bank account or decide your money is now theirs and you don't get a recourse.

    If anything, they've done the world a favor, PayPal are a bunch of assholes and crooks.

    1. Re: Perfectly harmless? by Anonymous Coward · · Score: 0

      Unless you're in Europe, where we forced them to actually be a bank. They still don't offer most of the services a traditional bank does, but we get the same protections.

  6. My 2 Cents by DaMattster · · Score: 2

    This is what happens when you turn to ISPs to solve the problems of the internet; more problems are created. There are plenty of ways to do this for yourself that can be found for a simple Google search. One of the problems with America is that we've stopped using the critical thinking skills that evolution gave us. You need not be a power user to search for solutions. In a former career, I was a System Admin so I simply setup an OpenBSD-based firewall/gateway/proxy out of a spare computer to replace the hunk of garbage my ISP gave me. I've created a list of all of the allowed websites and that's it.

    1. Re:My 2 Cents by Anonymous Coward · · Score: 0

      And things are going to get worse if the Democrats get their way, They're pushing for blocking porn in several states including in Rhode Island where a bill looks like it's going to make it out of committee that fines ISPs unless they block all porn.

    2. Re:My 2 Cents by Anonymous Coward · · Score: 0

      I imagine they're blocking cloudflare or something like that. Which is legitimate given how much garbage they serve up, but will also break the fucking internet... because of how much garbage they serve up. So while the actions of the ISPs, and therefore our reliance on them to police things, certainly plays a role, another big part of this is very likely our increasing centralization of the internet at large -- a single bad rule shouldn't break half the internet.

    3. Re:My 2 Cents by Anonymous Coward · · Score: 0

      So what. Just because the Democrat politicians support it and have written bills that do that doesn't mean Democrats support it. The actions of the politicians do not represent the people.

    4. Re:My 2 Cents by greenwow · · Score: 1

      You can't blame us for the people we vote for. This is their fault, not the fault of their supporters.

    5. Re:My 2 Cents by ArtemaOne · · Score: 2

      No, if you put them in power, you're an enabler.

    6. Re:My 2 Cents by Anonymous Coward · · Score: 0

      OK, lets talk about you and Trump then. Hypocrite.

    7. Re:My 2 Cents by Anonymous Coward · · Score: 0

      Sorry, Mr Shit-pot-stirrer. That isn't party related. That's evangelical Christian related. In the South this same thing is happening with the Republitards.

      TROLL MOAR N00B

    8. Re:My 2 Cents by Anonymous Coward · · Score: 0

      Too bad none of us live in Rhode Island, you dumb asshole?

    9. Re:My 2 Cents by thegarbz · · Score: 1

      There are plenty of ways to do this for yourself that can be found for a simple Google search.

      Why would you google search? There's plenty of ways you can find this solution by yourself. Just ask around for people until you get a somewhat relevant web address and then follow all links you can until you find your comment.

      Ok facetiousness aside, there's a very good reason not to do a lot of this management yourself. It has nothing to do with critical thinking and everything to do with data. Do you single-handedly look at all data coming in and out to determine if it is a virus in the systems you admin? Or do you use a 3rd party company with lots of experience and data to do it? Do you drive around the city taking note of the traffic as it builds up and then stop to calculate your own optimal route, or do you use Google Maps or Waze, or someone else with loads of data about traffic to help you get to your destination? Do you look up a copy of Grey's Anatomy every time you get stabbed and perform surgery on yourself, or do you defer it to an expert, preferably one who has the experience to deal with it?

      Likewise just because you can do a Google search, and because you're an expert system admin doesn't mean you don't already outsource a lot of your work too. Or do you not subscribe to spam lists either?

      The idea that people should filter their own internet just because *you* have a spare computer, and way too much time on your hands is absolutely absurd. Instead what you should be proposing is to manage the lists for other people, not because they are idiots, but because they value their own time.

    10. Re:My 2 Cents by Anonymous Coward · · Score: 0

      So what. Just because the Democrat politicians support it and have written bills that do that doesn't mean Democrats support it. The actions of the politicians do not represent the people.

      While I agree, if you are the average voter, that is incredible cognitive dissonance. I personally loathe political parties, in no small part because they're corrupt in the USA, but the average voter so transparently shapes their own views based on party lines. It's disingenuous to wave away glaring bullshit your own party does when you toe the line (and act hypocritically) in so many other ways. I don't know you, so I can't judge. But, the average America voter cannot say that because their party supports something, doesn't mean they support it, when it's so obviously how they've arrived at most of their views (probably through the biased to one one side or the other MSM in one form or another). There are over 200 Million eligible voters in the USA (and I think like 45% don't vote in presidential elections), yet, for the vast majority of issue, whether social, economic, diplomatic, whatever, the vast majority only holds one of two opinions and the aggregate opinions of all issues cluster the vast majority of voters into two distinct groups. And, you're telling me "Just because the Democrat politicians support it and have written bills that do that doesn't mean Democrats support it"? Yes it does. Same is true for the Republicans. If are the average voter (and, again, I don't know you; maybe I'm preaching to the choir), this is just hand-waiving of some particularly egregious authoritarianism so you don't have to personally confront the hypocrisy and cognitive dissonance in your own views. Most Democrats will happily support whatever the party tells them; Republicans ditto.

    11. Re:My 2 Cents by ArtemaOne · · Score: 1

      I can't help it if you voted for Trump.

    12. Re:My 2 Cents by ArtemaOne · · Score: 1

      No

    13. Re:My 2 Cents by Anonymous Coward · · Score: 0

      That is ridiculous. I am a systems admin and could do the same but thinking any normal non geek out there can setup a setup like this you are deluded.

  7. Somewhat Related: OpenDNS started intercepting... by Anonymous Coward · · Score: 0

    ssl connections (i.e returning their own IP for everything and using some Cisco firewall certificates).
    Luckily Firefox noticed it right away. I was pretty pissed. Switched to google dns, not sure
    ho much better that is. I know, stupid to use OpenDNS. Not sure I want to use my local ISP's
    dns server either. Sigh. Maybe I just need to go back to a massive /etc/hosts file.

  8. Paypal is harmless? by dkone · · Score: 3, Insightful

    Read about some of the things Paypal does. I don't think I would put them in the harmless category.

    1. Re:Paypal is harmless? by Anonymous Coward · · Score: 0

      None of them are harmless. PayPal is PayaPal, torrents are frequently used to spread malware, and Steam is a well known money laundering and illegal gambling platform.

    2. Re:Paypal is harmless? by Impy+the+Impiuos+Imp · · Score: 1

      They profit off of kids gambling, when they should be gamboling.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    3. Re:Paypal is harmless? by jfdavis668 · · Score: 1

      Yea, like fund SpaceX.

  9. Where is this blocked? by Rick+Schumann · · Score: 1

    I've never seen anything like this. Is it some router setting, or do they block it in their network? I use my own router not Comcast's equipment.

  10. Simple solution: different DNS by xfade551 · · Score: 1

    I've been stuck with Comcast. I've always used my own router, and more recently started using my own cable modem. After bumping into this sort of crap -years- ago, I stopped using their Domain Name Servers, and set my router to use the OpenDNS servers. (Yes, I know they got bought up by an "evil corporate entity", so I'm willing to consider suggestions for new alternatives, but I haven't settled on another, yet.)

    1. Re:Simple solution: different DNS by Anonymous Coward · · Score: 0

      I run pfSense which lets you set up a DNS resolver. It queries the authoritative servers directly and caches the results. It works great.
      Let it be said that I still am not tech enough to be sure what's happening--I'm just a humanities dolt--but I run a Pihole that uses the pfSense resolver for DNS; DHCP then assigns the Pihole as the DNS server to client computers.

      I haven't seen a non-self-hosted advertisement of any kind on my home systems for years. Recently I had a friend with a malware-infested Mac stop by, and her computer wouldn't even work--it was looking for sites that my DNS server blocked, so it would just hang. Once I cleaned it up, it worked fine. She was grateful.

      Highly recommended for convenience and security, and even I could figure it out. For most of the people on this site, this is baby talk, I know; but it might help the poster.

    2. Re:Simple solution: different DNS by drinkypoo · · Score: 1

      They're all owned by evil corporate entities. Might as well use google dns, at least it works.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Simple solution: different DNS by pnutjam · · Score: 1

      I think your misunderstanding. I resolver still queries an upstream DNS server. It will usually default to your ISP's, but you can use openDNS, google, or pipe it off to a VPN providers DNS.
      There is nothing that makes a resolver inherently safer.

      --
      Cheap storage VM.
  11. Protect against source of malware? by Anonymous Coward · · Score: 0

    If so, they would start by blocking anything related to Windows, maybe even Microsoft as a whole.

    Then advertisers. Since there are no honest advertisers, "nuke'm all from orbit".

    While at it, use DPI (Deep Packet Inspection) and remove all JavaScript from web pages - let's face it, most of it is malice in one way or another.

    After that, "surfing" becomes "Visit my ISP's login portal, and failing to log in". Problem solved.

  12. They are just getting started... by Anonymous Coward · · Score: 0

    Soon they will say certain sites are high-risk and therefore you'll have to pay extra to access them.

  13. No Problems Here by CodeHog · · Score: 2

    Steam is in nearly constant use in my house and never had an issue accessing PayPal. The price I pay them for access is horrible but in general I don't have Internet access issues through Comcast.

    --
    Fat, drunk, and stupid is no way to go through life, son.
    1. Re:No Problems Here by Anonymous Coward · · Score: 0

      i don't have problems either, but i own my modem, use custom DNS records on my router and i don't subscribe to this specific service.

  14. Why is PayPal mentioned as if it wasn't malware? by Anonymous Coward · · Score: 0

    Objecting to blocking Torrentfreak I can understand.
    With Steam, I can see that some people might not get that it is a DRM service, and hence criminal.
    But who would object to block PayPal? The service that out-banked (read: out-eviled) *banks*??

  15. HTTP is a source of malware by Cajun+Hell · · Score: 1

    WTF do protocols have to do with this? TFA doesn't say they blocked torrents (or web access or email, since those are just as useful for spreading malware).

    --
    "Believe me!" -- Donald Trump
  16. Re: Somewhat Related: OpenDNS started intercepting by Anonymous Coward · · Score: 0

    Or just use your own DNS to query root servers.

  17. Seconded by Anonymous Coward · · Score: 0

    But hey, some blackeyers still believe in banks and NSA being "the good guys(TM)" "because [sic] they're corporate and military".

  18. Comcast should not do this by Anonymous Coward · · Score: 0

    Tired of the net nanny ISP doing what is not their position to do. It is to provide a conduit to the web, and it always goes badly when they implement this sort of stuff. Personally I don't use anything Comcast provides, no anti virus, no hardware, nothing. I don't even use Comcast DNS servers because they too are crap.

  19. Insecure by Anonymous Coward · · Score: 0

    I hate it when my connection is insecure. My connection is beautiful and talented, and should behave without fear and without worrying about what Comcast has to say!

  20. No they aren't` by Anonymous Coward · · Score: 0

    Torrents are not frequently used to spread malware, jackass. They're primarily usedf to spread "copyrighted" media. As retribution, they got the virus guys to mark the NoCD cracks as malware when they aren't even close. I have never gotten a real virus from a torrent but I get several attempts per year from ad servers on supposedly legit websites.

    You are simply attempting obfuscation.

  21. Slashdot has gotten as bad as reddit by Anonymous Coward · · Score: 0

    Cesspool 2.0 right here.

  22. Browsing History by Anonymous Coward · · Score: 0

    Does not fall under any protection though. It is for sale.

  23. Surprised? by Anonymous Coward · · Score: 0

    Is anyone really surprised? It is just Comcast, being Comcast. They are a shithole company, just a cunt hair better than the health insurance industry. I'm just lucky I live in place where I have other options.

  24. As usual, no one reads TFA by Rexdude · · Score: 1

    From the TorrentFreak article -

    The good news is that the blocking ‘feature’ isn’t mandatory. Subscribers can enable and disable it whenever they please, by changing their network settings

    From the link to Xfinity support (emphasis added) -

    Protected Browsing is an opt-in service that Xfinity xFi customers can use to help safeguard their home networks against malicious content. In order to use the feature - which we offer at no additional cost - you must enable it using the Xfinity xFi app. You can also turn it off at any time with a single swipe.

    --
    "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."