dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2010-04-09 15:24:07: Earlier this week we noted that Windstream Communications DSL users were surprised to see that the carrier was suddenly hijacking search results from users' Firefox Google toolbar, and redirecting users to Windstream's own ad-laden search portal. ..


Bill Dollar
join:2009-02-20
New York, NY

Bill Dollar

Member

Come clean Windstream

Accident or not, something out of the ordinary, likely involving deep packet inspection is going on here.

We need all ISPs to be transparent about their network management practices and about their use of DPI, especially when it comes to search data.

Anonymous88
Premium Member
join:2004-06-01
IA

Anonymous88

Premium Member

How?

My cable provider Mediacom also can hijack search results even when using 3rd party DNS servers. It too requires an opt out. Don't know how they do it but would appreciate if someone would shed some light on how this is being done.
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

ISurfTooMuch to Bill Dollar

Member

to Bill Dollar

Re: Come clean Windstream

Indeed, and the people at Windstream need to come clean on this, or no one is ever going to trust them again.

Fess up guys. We all assume you're using DPI, and, unless you come clean and tell us the DPI box is sitting in the dumpster behind your building, we're going to assume you're still using it.

knightmb
Everybody Lies
join:2003-12-01
Franklin, TN

knightmb to Anonymous88

Member

to Anonymous88

Re: How?

said by Anonymous88:

My cable provider Mediacom also can hijack search results even when using 3rd party DNS servers. It too requires an opt out. Don't know how they do it but would appreciate if someone would shed some light on how this is being done.
A captive portal that intercepts google and modifies your search string. Very easy to implement for an entire network with a single box inline.

SirMeowmix_I
@myvzw.com

SirMeowmix_I

Anon

More Information

Karl, thank you so much for exposing this on the front page. To those who asked how, please see »Our Response to Redirect Service Concerns where I went into some technical detail on how they're doing it.

I can elaborate more but this clearly isn't and cannot be DNS tampering without layer 7/DPI since a specific URL structure was targeted. For this to have been DNS (even though users not using Windstream's DNS servers were affected), all of 'www.google.com' would have been impacted and the scope of impact would be limited to users of Windstream's DNS unless they are using DPI to mangle DNS replies from non-Windstream DNS servers.

They are cherry picking, inspecting, transforming, and redirecting search terms based on layer 7 data (HTTP URI) to searchredirect.windstream.net. Take a peek at »searchredirect.windsteam.net. Does this look like a NXDOMAIN landing page? Nope, it's clearly a search engine.

Also note the wording of their explanation, the structure and format of the message, and the inclusion of the word 'individual'.

When they deploy this on a universal scale, targeting all Residential DSL customers as they did, are they still doing any type of "track or monitor any individual customer internet searches"? They're no longer focusing on a specific individual. See my point.

Their refusal to answer the basic questions I asked is the most telling. The biggest issue for me isn't so much that they're doing this, it's that their doing this without admitting it or updating their Privacy Policy to reflect these changes.

It's deceptive and I don't trust them. Not to mention it took them several days to come up with this paper-thin explanation behind their "bug". Note, I am a Windstream DSL customer.

mod_wastrel
anonome
join:2008-03-28

mod_wastrel

Member

OpenDNS needs to offer a new service...

ProxyVPN (by whatever name):

Is your ISP using DPI? We're here to help!

SirMeowmix_I
@myvzw.com

SirMeowmix_I to SirMeowmix_I

Anon

to SirMeowmix_I

Re: More Information

Oops - Typo'd the search page in the URL, see »searchredirect.windstream.net I left out the 'r' in windstream.

Mods - if you can fix my original post many thanks.
axiomatic
join:2006-08-23
Tomball, TX

axiomatic to SirMeowmix_I

Member

to SirMeowmix_I
This goes part and parcel with the fact that ISP's do not believe that anyone other than an employee of an ISP can be a network professional.

They can not fathom that their customers could potentially be smarter than their own admins.

Hubris, it's whats for ISP breakfast.

FLATLINE
join:2007-02-27
Buffalo, NY

FLATLINE to mod_wastrel

Member

to mod_wastrel

Re: OpenDNS needs to offer a new service...

Im not a Windstream customer but I was still hoping by now they would have fessed up. If its a mistake then tell us. Prove it by explaining what happened. Were sensible people but we are also not bound by innocent until proven guilty unless we are in the courtroom participating in a trial. Outside of a trial we can deem you guilty until you prove your innocence. We can and do have this attitude because quite frankly big business no longer sees the average customer as a partner anymore. They treat us like fools and we are sick of it. Honestly is the best policy. It would be a shame to damage your companies reputation over a mistake. It would a shame for your customers to decide to set a precedent and make an example out of Windstream.

Rexter
Libertas, Aequitas, Veritas
join:2002-11-17
cloud 9

Rexter

Member

Done on purpose, struck down by someone higher.

I suspect that this was done on purpose, but when it got media attention, someone higher up put the kibosh on it. They need to come clean! Admit that they made a mistake, and show us policy changes to earn back our trust.

mod_wastrel
anonome
join:2008-03-28

mod_wastrel to FLATLINE

Member

to FLATLINE

Re: OpenDNS needs to offer a new service...

I don't doubt that it could have been a mistake--at least, a mistake for it to have "just happened" when and the way it did; but the fact that it could happen at all suggests something undesirable (from a user/customer viewpoint) all on its own. As it looks now, one gets the impression that they were preparing something, and it got turned on prematurely, perhaps improperly... so now it looks like a "cat's out of the bag" situation... "Oopsy!" just don't cut it. And, as "undesirable" ISP activities go, I doubt they're alone.

OldschoolDSL
Premium Member
join:2006-02-23
Indian Orchard, MA

2 edits

OldschoolDSL

Premium Member

Gag order

A friend of mine who works for this company has let me on "the know".

1.) WindStream is working on new ways to prevent and/or monitor piracy (BitTorrent).
2.) They are also working closely with "someone" for further security.

Employees have been given a Gag Order on the matter. I'm not an employee (don't care for IPS's who spy on their users either).
patcat88
join:2002-04-05
Jamaica, NY

patcat88

Member

NSA? Australia child porn filter? American family friendly filter (ALA Sky Angel, IED bodies on Fox News and WMD on Discovery Military is fine, but no Communism News Network or FX)?
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

1 edit

ISurfTooMuch to OldschoolDSL

Member

to OldschoolDSL
For a minute, I was scratching my head wondering what this incident had to do with stopping piracy, but now I get it. All the ISP has to do is capture the searches users perform at trackers, then they watch to see what files they grab using BitTorrent. Then, BAM!, the RIAA/MPAA not only has your search, but they also have the filename you were downloading, and the best part is--wait for it--they don't have to use a bot to connect to you to try and download anything. The DPI box already has your IP from when you ran the search on the monitored tracker. Hell, if they wanted to, they could have the DPI box redirect your browser straight to the infringement letter within a few seconds. "Congratulations John Smith of 1212 Elm St., Anytown, USA, you've been caught downloading copyrighted material, specifically, 30 Rock, Season 1. To avoid a lawsuit, please input your credit card information in the form below. Thank you."

And for those who couldn't care less about that because pirates are dirty, evil people, there are many other innovative ways that something like this can be used. Maybe someone wants to see who posts information to a site--WikiLeaks, for example. They can try to get the site's logs, but what if there are no logs, or what if the site is hosted overseas? No problem, this solution will get that info. In fact, it will do more than that. It could only pay attention to a single page on the site of interest, and it could do all sorts of other neat tricks, like, once someone visits that page, track the sites and pages they visit afterward. I'm not saying this is happening, but you have to realize that it could happen.

No wonder Windstream is being quiet.

SirMeowmix_I
@eliablehosting.com

SirMeowmix_I

Anon

I doubt it's anti-piracy, I think it's an extension of potential ROI based on data-mining.

I will say I'm all for copyright enforcement. If you don't like the current copyright law structure, change it, don't violate it. Remember, politicians should be a representation of their constituents. Willful disobedience only invokes enforcement.

Squid across tun0 is laughing. I think I can hear him, if you run 'tcpdump -s0 -A -nn src net 192.168 and tcp port 3128 > /dev/dsp'. Anyone speak raw malformed PCM?

He keeps real quiet when running 'tcpdump -i ppp0 -s0 -A -nn "tcp port 80 or port 53" > /dev/dsp'. I'm sorry Windstream.
asdfasdf456
join:2009-08-14
Schenectady, NY

asdfasdf456

Member

Yikes

Whoa, I thought this was a very isolated incident or a problem with my computer when it started happening a few days ago, I didn't think much of it other than it was annoying.

Maybe it's finally time to ditch Windstream's 3/1 (that's as fast as I can get where I am) for a mid tier Comcast connection? I don't know who is the lesser of two evil's, but I know Windstream's upgrade offerings have been nonexistent.

This incident really grinds my gears.

Augustus III
If Only Rome Could See Us Now....
join:2001-01-25
Gainesville, GA

Augustus III

Member

scum

couple years ago when i moved my options changed to windstream or comcast.

windstream i couldnt even find their local office, their website wasnt of any use so i went with cc. i made the better choice by far.

all these fly by night little nasty isps need to be gone with already. haven't they been bleeding lies for far too long now?
ISurfTooMuch
join:2007-04-23
Tuscaloosa, AL

ISurfTooMuch to asdfasdf456

Member

to asdfasdf456

Re: Yikes

If you do decide to leave, be sure to tell them why. The best way to stop behavior like this and discourage anyone else from trying it is to make it hurt them financially.

WyndStreame
@sunwave.com.br

WyndStreame

Anon

Calm Down

Man, some people are getting really worked up about this. I don't think it is much more than a simple mistake. There isn't a vast conspiracy, it is just that you want there to be one. It has been fixed and there is no need to fool around with VPN or whatever. It will just slow down your connection anyway. Just my 2 cents.
Expand your moderator at work
buckeyefan
join:2010-04-27
Lexington, SC

buckeyefan

Member

not an isolated incident

has anyone experienced this more than just the one day? We switched to windstream at the beginning of the year and i have noticed this almost daily. I thought this was isolated to my laptop and desktop since i always am testing our plugins and stuff for Firefox and then usually doing the same on my desktop. I looked for what could be on mine that are not on others, ran all sorts of spyware and malware stuff. Never could fixed it, real frustrating. Then one of the employees had the screen on her computer that said that the url couldn't be found and yadda with the yahoo toolbar stuff. I asked if this had happened before and sure enough it happens a lot to her, she just never told me.
This whole thing is very annoying especially since when it's doing this i can't even go to google.com without being redirected to yahoo toolbar stuff. Now that i know that it's Windstream causing it, it really bugs me. anything i can do about it?