CenturyLink Blocked Its Customers' Internet Access in Order To Show an Ad

CenturyLink briefly disabled the Internet connections of customers in Utah last week and allowed them back online only after they acknowledged an offer to purchase filtering software. From a report: CenturyLink falsely claimed that it was required to do so by a Utah state law that says ISPs must notify customers "of the ability to block material harmful to minors." In fact, the new law requires only that ISPs notify customers of their filtering software options "in a conspicuous manner"; it does not say that the ISPs must disable Internet access until consumers acknowledge the notification. The law even says that ISPs may make the notification "with a consumer's bill," which shouldn't disable anyone's Internet access.

Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access. "Just had CenturyLink block my Internet and then inject this page into my browser... to advertise their paid filtering software to me," software engineer and Utah resident Rich Snapp tweeted on December 9. "Clicking OK on the notice then restored my Internet... this is NOT okay!"

The Onion

[nwaack]

Every day it seems I see more and more real news articles that look like they belong on The Onion.

Re:The Onion

[jpaine619]

No joke. That was his point. We didn't need a visit from Captain Obvious.

Re:The Onion

[DaMattster]

The Onion is scarily not far fetched at all.

Re: The Onion

[jeff4747]

Hit one button to clear the ad is okay.

I eagerly await your explanation of how my not-web-browsers that still use the Internet will hit that button.

Net Neutrality Is Bad

[Drethon]

Just remember that when providers find new and innovative ways provide services that make them more money.

Re:Net Neutrality Is Bad

You can tell Net Neutrality is bad because my grandma got up and posted a screed against it on the FCC's site, and she's been dead for 15 years. Now that's motivation.

In many countries

[nightfire-unique]

In many countries, the wiretapping and modification of private communication is illegal, and such activities could result in massive fines and/or prison time for those involved. Food for thought.

Re:In many countries

[Shaitan]

"But hey, you need a reason to ignore those allegations to overturn Roe, so I'm sure that distinction won't quite matter to you."

I think you are confusing me with a Republican, your immediate jump to that despite my post targeting R's and D's suggests you are partisan politically, in other words you don't use the reasoning centers of your brain with regard to anything you perceive as political (or at least that is what fancy fMRI studies have shown). So my response isn't really for you, no offense but it would make about as much sense having a conversation with you as a conversation as it does for an agnostic to try to have a conversation with a true believer disparaging the beliefs of another religion.

I do want to see Roe v Wade overturned. It's a bad ruling that happens to prevent the enforcement of some bad state laws. It is the state laws that need changed. Parents do have a right to be informed; so do the fathers and spouses. Abortion should not be a way to dodge facing the music for your actions. Roe v Wade makes it one.

Doctors have a right to a full medical history so they can ethically refuse chronic abuse in the same way they refuse plastic surgery at some point. Especially given that the morning after (really more like 3 day after) pill is readily available and accessible. Roe v Wade prevents this.

These may not be babies and it may not be murder but it is the termination of human potential and everything that life would have become and in a society where courts represent the interests of children vs their parents it logically follows that there should some level of enforced respect for that concept as well. Mothers can give children up for adoption or have an abortion and drop liability for a child. Fathers should have the same right. Currently, Roe v Wade makes this impractical in many ways. The fetus is not part of her body, it is just temporarily incubated in it. It is 50% the father and he has rights. In that respect, paternity tests (which are quite safe) should be standard procedure as part of the care through pregnancy but while related to these other issues this bit has little relation to Roe v Wade specifically.

Re:In many countries

[jeff4747]

I think you are confusing me with a Republican

I don't care what label you apply to yourself. I care what you actually do. Because you can apply all sorts of high-minded labels and justifications for your actions, but the results of those actions are what actually matters.

So feel free to call yourself whatever you want. You're actions are that of a Republican. So you are a Republican.

If you don't want to be a Republican, well then you're going to need to work towards different results. Continuing to back Republicans because you think they're more libertarian or whatever is not going to change the results.

it logically follows that there should some level of enforced respect for that concept as well

25% of pregnancies end in miscarriage. What crime should we charge those women with? 'Cause I can guarantee we can find something she did "wrong" during that pregnancy - every single woman who goes through a miscarriage can.

Also, that 25% statistic is cases where the woman knows she's pregnant. We have no idea how many miscarriages happen before the woman knows she's pregnant. Since we're now in the business of protecting "human potential", how do you propose we proceed protecting these? Shall we require all women to turn over their tampons for testing, to ensure she didn't waste some human potential?

It is 50% the father and he has rights

He does not have a right to force a woman to take risks she does not want to take. And guess what? Pregnancy is risky. So until the fetus can be transferred to his body, she wins any conflict.

About the only "paternity" thing should be he gets to disclaim it, but only if the mother consents and/or can afford to raise the child without support.

paternity tests (which are quite safe)

The rate at which amniocentesis causes miscarriage is higher than the rate of late-term abortions. You are literally causing abortions by demanding paternity tests while banning abortion.

Re:In many countries

[jeff4747]

When's the last time an interviewer brought in a woman to say that you sexually assaulted her 36 years ago and then expected you to prove that you didn't?

Every single employer has asked about my personal and job history (as much as allowed by law). And most employers have asked about criminal accusations via asking if I've been arrested.

Also, Supreme Court Justice is just a teensy-tiny bit more important than my job. Probably deserves a little bit more of an investigation.

Finally, the one woman who was allowed to testify doesn't erase the other women who did come forward, but Grassley forbade. Pattern of behavior is pretty important when evaluating people. But it would appear Grassley was kinda afraid of confirmation taking longer...almost like there was lots more to this pattern of behavior.

But congrats! You got a totally impartial Justice who has sworn vengeance against me. That's totally not going to affect the only branch of our government whose power is only based on the respect of everyone else.

And you need a reason to shoot down every R nomination to the court to overturn the 2nd amendment.

Ah yes, let's see...how many Democrats have actually run on repealing the 2nd amendment? None? Hmmmm....perhaps you are getting a little bit manipulated.

Also, you might wanna brush up on your history a tad. The 2nd amendment was not a personal right free from regulation until a Supreme Court decision in 2003. Until then, gun control was perfectly constitutional. Just like anti-abortion laws were perfectly constitutional until Roe.

Slashdot will resume after this commercial break

[sinij]

Slashdot will resume after this commercial break.

Equifax. Get Unlimited Credit Score reporting. Easy to access, no service refusal for anyone.

Virgin Media in the UK did the same thing

[xack]

It happened a while back, Interrupting my experence on the internet forcing me to make a decision if i wanted a porn block or not (fuck no).

Re:I had to click on a button

[Drethon]

That is NOT OK.

We're in the phase of a civilization where people get ridiculous, right before the collapse.

Lets talk about what happens when the button fails to render properly and getting your internet connection back is impossible. Or when this happens with mobile internet and you have to tap a confirm button on your screen, and all you have is a flip phone...

Two things...

[El+Cubano]

it does not say that the ISPs must disable Internet access until consumers acknowledge the notification. The law even says that ISPs may make the notification "with a consumer's bill," which shouldn't disable anyone's Internet access.

First, what they did actually complies with Subsection (1)(b)(ii)(A). We may not like their approach, but it does comply with the law. Go read the law, it is a rather sparse 5 pages.

Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access.

Second, the proximity to the anniversary of the NN deregulation is both specious and disingenuous. If you know anything about how corporations work you know that legal compliance is an exercise in minimization. The CenturyLink corporate counsel (probably more than one) had to weigh in on this and conclude that this was done in a way that both met the requirements of the law and also did not expose the company to additional liability. It probably had to clear multiple similar hurdles.

So, just like I do when a programmer implements a spec and I look at the product and say, "wow that was wrong," my first thought is always, "the spec must be defective." Granted, there are times where the programmer just makes the wrong choice, but more often than not, the spec really is deficient. If it was a whole team of programmers that produced the wrong thing then the only sensible conclusion is that the spec was faulty.

In this case, the army of lawyers came to a conclusion on a course of action that is making people say, "wow, that cannot be right.". Based on my earlier reasoning, the law is poorly written.

Re:Two things...

[110010001000]

BS. The law says you just need to include the notice in the customers bill. That is a lot cheaper and easier to do than what they implemented.

Re:Two things...

[jeff4747]

Granted, there are times where the programmer just makes the wrong choice

This ad would be one of those times.

The CenturyLink corporate counsel (probably more than one) had to weigh in on this and conclude that this was done in a way that both met the requirements of the law and also did not expose the company to additional liability.

It's blatantly obvious that this decision did not originate with legal. Because the legal department would far, far, far, prefer something written on paper. Like printed on the customer's bill.

Thanks to this ad, the company can be sued under this law because the customer can legitimately claim they did not see the ad. Their poor, corrupted, porn-surfing child clicked the "OK" button. And now the customer was never notified about how the good people at CenturyLink could save them with some filtering software.

So no, this is not legal saying "We must put up an ad!!". This is an MBA saying, "Hey, we could stuff an ad in front of all of our customers, and so many people would sign up that I'll get a huge bonus!!". And legal deciding they probably could win enough of the lawsuits.

Re:I had to click on a button

[Calydor]

Next step is they don't restore the connection until you purchase the software. NEXT step is cutting off your connection while watching Superbowl and only restoring it after you sign up for this more powerful connection for just 59,99 <font size=1>more than you are paying now</font>. After that who knows what reasons they'll think up to cut off your connection whenever they feel like it?

This isn't about pressing a button. This is about the whole thing being a proof-of-concept DDOS from the ISP.

Re:I had to click on a button

[Jason+Levine]

So it's fine for an ISP to disable your Internet until you view an ad that they want you to view? What if it's two or three ads? What if it becomes before any page load and not just at the beginning of a browsing session? What if you're playing an online game and get locked out because the ISP decided that you needed to watch their newest ad and you were busy gaming?

At what point does it go from "it's just a button press so it's okay" to "this is unacceptable !"

Also keep in mind that many ISPs are monopolies in their areas. So your ability to say "I hate all these ads the ISP is forcing me to view so I'm leaving" is highly limited.

Blocked more than just web browsing

[rufey]

I was in the mist of rebooting my Tivo Roamo box, and it simply wouldn't complete its network setup. I spent a good 30 minutes diagnosing my home network. It was getting its IP address via DHCP fine, was pingable, etc....

Its only when I went to the URL that the Tivo was telling me to visit that I ran into the "ad" (I'm in Utah). Sure enough, as soon as I acknowledged the ad, my Tivo was able to connect to the Tivo service. I found it more than a bit annoying that CenturyLink blocked my Internet access and forced me to read an ad for basically web filtering software. I don't have a copy of the ad anymore, but from what I remember, it was mostly talking about blocking porn.

So this blocked more than simple web browsing.

Law does not prohibit blocking either

Centurylink may not have been required by "law" to block access until a specific acknowledgement was given, but it was certainly required by the litigiousness of our decrepit society to do so.

Without it, you know there would be a class action lawsuit claiming someone's child was harmed by porn because CenturyLink failed to show them their filtering options. By forcing acknowledgement, they are covering their butts against such a suit.

Re:I had to click on a button

[squiggleslash]

It's more "I had to be aware that my Internet had been disconnected and I now had to fire up a web browser and click on a button, something that I wouldn't be aware of - and in some cases wouldn't have been able to do anything about either - if I was waiting for an email, setting up a smart device, trying to make an important call using a VoIP service like Vonage, waiting for said call, trying to access my security camera remotely, trying to access my home PC remotely, and all manner of other functions."

Is it reasonable behavior for an ISP?

No, it isn't. If I had a choice of ISPs and was a CenturyLink customer, I absolutely would terminate my contract with CenturyLink over this.

Comcast, take note.

Re:Dude, this was literally the government's fault

[jpaine619]

The state did not require this. I guess you can't even be bothered to read a fucking summary.

Re:Dude, this was literally the government's fault

[laie_techie]

No ISP would be stupid enough to do this unless it was legally required - which it was by Utah law. Network neutrality as regulation will bring MORE insane interpretations of how an ISP should be have like this one - not fewer.

In short if you like ISP's cutting off access for idiotic messaging from the state, then my all means push for more regulation of the internet.

As a resident of Utah, I think you missed part of the summary (not to mention the actual law). ISPs are required to notify customers that filter software is available. My own ISP just notified me through my paper bill.

CenturyLink and pensions

[sgt_doom]

Isn't CenturyLink the telecom with the extensive history in secretly downsizing employees' pensions?

Re:Dude, this was literally the government's fault

[fahrbot-bot]

The state did not require this. I guess you can't even be bothered to read a fucking summary.

Perhaps we should require people to read TFS and acknowledge it by clicking "Ok" before they can post. :-)

Temple garments or bubble-covered swimsuits

[tepples]

Mormon porn comes in two types. One fetishizes the "temple garment" underwear. The other is swimsuit photography covered with a bubble-shaped solid color mask to help a dirty mind fill in the blanks.

Re:Dude, this was literally the government's fault

[HarrySquatter]

Except it wasn't required. One of the co-sponsors of the bill even said so:

Bill sponsor Todd Weiler, a Republican state senator, confirmed on Twitter that the law "did not require that—and no other ISP has done that to comply with the law. They were only required to notify customers of options via email or with an invoice."

M-m-m-monster fail.

Re:https by default

[DaMattster]

That will stop this from being possible. Instead of the ad, all you'd seen in your browser is a security warning that someone is trying to hijack your connection - someone like your ISP.

Well, they could block port 443 outgoing.

Re:Re-read post

[HarrySquatter]

No, this was just a shitty company acting shitty to hawk their shitty software then trying to act like a law made them do it.

Re:Re-read post

[fustakrakich]

It wasn't stupid. It was astute. It was a (maybe unwitting) call to restore net neutrality by showing what will happen without it. Again, we must demand they be put under common carrier rules, and that there be no priority in any particular content. We can do our own filtering, thank you.

Boycott port 80

[viperidaenz]

If you're a CenturyLink customer in Utah and you haven't received any other notification of this blocking service and you don't use port 80 between now and December 31 2018, CenturyLink will be in violation of the new law as they haven't informed you of this optional service.
They're liable for a fine of $10,000

Sounds like a serious liability...

[Locke2005]

When they disable my internet without warning and suddenly my 911 calls over my VoIP line don't work any more!

Re:I had to click on a button

[fustakrakich]

If I had a choice of ISPs

That's the rub, isn't it?

Re:The government DID make them do it

[jeff4747]

The thing you can't quite seem to grasp is there are ways to comply with this law without blocking someone's Internet and displaying an ad. The fact that they chose this particularly idiotic method if complying with the law is the problem.....but it was done by a large corporation, so you are unable to understand that difference.

Re:Re-read post

[AnonyMouseCowWard]

Remind me, what's net neutrality again? About.. not doing anything to alter traffic speed? A law that enforces net neutrality literally asks ISPs to do nothing. There's nothing to interpret. It says "do not f*ck around with your network", which is the exact opposite of what you're suggesting.

This problem was 100% PEBCAK. Sure, the state could have clarified was "conspicuous" means - it's not without fault. However the lawmakers weren't programmers and didn't write exception handling in their law, and some employee at CenturyLink decided to do something stupid, probably without asking their Legal department that would have then clarified the ask.

Who wants the shitty script that did it!!!

[luminousone11]

Their system crashed a couple of times leaving me this nugget.
Sorry I have no clue how to make it formated nicely.
#!/usr/bin/perl use warnings; use strict; use CGI qw/:standard/; use WalledGarden; my $CACHETIME = 3600; our %config; do '/etc/wg.conf'; my $wg = WalledGarden->new(); my $cgi = CGI->new(); my $UD = new Cache::Memcached { 'namespace' => 'excessive_use', 'servers' => $config{ 'memcached_servers' }, 'debug' => 0, 'compress_threshold' => 10_000, }; # Parse the incoming URL string my $host = $ENV{HTTP_HOST}; my $referer = $ENV{HTTP_REFERER}; my $wgurl; if( $referer =~ /http:\/\/$host\/index.html\?wgsid=([^&]*)(?:&wgurl=(.*))*/ ) { $wg->session_id($1); $wgurl = $2; } else { $wg->session_id('NO_SESSION_ID'); } my $url = 'http://customer.notify.centurylink.com/utah_restore_internet.html'; # Allow override for debug/testing/demo if( $wg->is_internal_ip( $wg->remote_ip() )) { my $uname = $cgi->param('uname'); if( defined $uname and $uname =~ /^[A-Za-z0-9]{4,16}$/ ) { $wg->uid( $uname ); } else { $wg->uid('accounttest'); } } # Perform redirect my $uname = $wg->uid(); my $tn = $wg->wtn(); if( $@ or $wg->err() ne '' ) { $wg->log_it( "$uname ($tn) ERROR: Self-release redirected to error.html" ); print redirect( -uri => '/error.html' ); } elsif( $uname eq 'mnlabppp06' or $uname eq 'wgtest-hlrn' or $uname eq 'wgtest-mpls' or $uname eq 'wgtest-stpl') { $wg->log_it( "Test user $uname - skipping self-release" ); print redirect( -uri => $url ); mark_wall_user_out($tn,$uname); } elsif( $wg->is_internal_ip( $wg->remote_ip() )) { $wg->log_it( "$uname ($tn) Internal ip quickout'ed. Not released or DB updated." ); $wg->bigip_quickout(); print header( -type => 'text/plain' ); print "Would now be redirected to $url"; } else { if ( self_release() ) { $wg->log_it( "$uname ($tn): Self-released" ); } else { $wg->log_it( "$uname ($tn): ERROR: Self-release failed." ); } print redirect( -uri => $url ); mark_wall_user_out($tn,$uname); } sub self_release { # Update BigIP quickout table depending and initiate releasing customer from walled garden my $quickout_time = shift; # Value in seconds $quickout_time ? $wg->bigip_quickout($quickout_time) : $wg->bigip_quickout(); $wg->release(); } # End self_release sub mark_wall_user_out { my $tn = shift; my $uname = shift; my $tn1; my $tn2; if ( $tn =~ /:/ ) { ($tn1,$tn2) = split(/:/, $tn); } else { $tn1 = $tn; $tn2 = 0; } my $sql = q( UPDATE state_of_utah SET wg_out_time = NOW(), end_process = NOW(), wg_status = 'COMPLETE' WHERE tn = ? AND notice_year = YEAR(curdate() ) ); $wg->log_it( "$uname ($tn): Self-released" ); my $result = $wg->do_db_write( $sql,$tn1 ); if ( $result->{RowsChanged} > 0 ) { $wg->log_it( "User $uname ($tn) mark_wall_user_out update successful." ); return 1; } else { $wg->log_it( "ERROR: User $uname ($tn) mark_wall_user_out update failed with tn $tn1. SQL: $sql" ); if ( $tn2 ) { # Attempt to update db table with 2nd bonded TN if first TN failed $result = $wg->do_db_write( $sql,$tn2 ); if ( $result->{RowsChanged} > 0 ) { $wg->log_it( "User $uname ($tn) mark_wall_user_out update successful with 2nd tn $tn2." ); return 1; } else { $wg->log_it( "ERROR: User $uname ($tn) mark_wall_user_out update failed with tn $tn2. SQL: $sql" ); } } return 0; } } # End mark_wall_user_out

Re:A customer in Utah

[rufey]

I saw the ad, and use a DNS service over a VPN to prevent CenturyLink from hijacking it in any way, so this wasn't done via DNS. It was actually blocking access. Others here have said it was only blocking port 80, and that would make some sense in my situation because some stuff was working fine, but other stuff didn't work until I discovered this by going to a URL housed on a port 80 web server.

Re:But

[ichthus]

People could have. What if one of the affected customers had VoIP (eg. Obi) and was attempting to call 911 to save someone's life? The call would be blocked, and the attached phone would give no indication as to why.

CenturyLink should burn for this.

Re:A customer in Utah

[luminousone11]

No it was both, The customer webportal domain name is only visable from within Centurylinks network. So, If i was you I would double check your VPN's settings and make sure that DNS traffic is being correctly forwarded over the VPN.

Second During the attack(yes that is what I consider this), port 443 was left alone and was routable etc, only port 80 traffic was blocked, My gmail kept working, my instant messaging client kept working, my udp traffic with the game I was playing kept working.

Some funny shit went down todo this. and their most certainlly was DNS hijacking going on.

I use cloudflares 1.1.1.1 myself, granted UNIFI does not support dns over https, however after this, I will move my DNS onto raspberry that does correctly support dns over https.

Re:Dude, this was literally the government's fault

[dwillden]

As a Utah resident, who read the law, and as a customer of the ISP in question who had to figure-out why the kids were complaining about not being able to game or watch YouTube via their Xbox. I state that both You and the ISP are wrong. The law required no such interruption, it specifically called for an Obvious notification of the availability. No other ISP in the state chose this route, they did what the lawmakers intended, they sent a letter with the Bill, posted the notice on their home page, and sent an email. That is all they were required to do, even Comcast got this one right.