how-to block ads
|
Uniqs:
875 |
Share Topic
 |
 |
|
|
| | Questions answered in this thread... I'm one of the Netalyzr developers, and will attempt to answer questions in this thread. I may have intermittent connectivity, so please be patient. | |
|   birdfeedrPremium,MVM
join:2001-08-11
Warwick, RI
kudos:8 | Re: Questions answered in this thread... Will changing DNS servers fix this problem?
Verizon is not on the current list of ISPs, but there's no assurance they won't try to tap that revenue stream in the future. | |
| | | | | | YES, changing DNS fixes this problem.
THIS particular tampering was based on changing DNS results from the recursive resolver, so using a third-party DNS (eg, Google Public DNS) fixes the problem. | |
| | | | | Re: Questions answered in this thread... According to the article the issue in this case is that the providers are using deep packet inspection to reroute search results on certain search providers to paid results. The only way to avoid this is encryption and only if they don't MITM (man in the middle) the SSL connection and have free access to your encrypted connections.
This is EXACTLY this issue that created the net-neutrality debate that so many people don't understand. The ISP has free reign over your connection and people don't even realize how badly they could interfere without your knowledge. | |
| | | | | | | | | | | Re: Questions answered in this thread... Ah, I see that now. I'm curious, if it's deep packet inspection how does changing DNS server avoid it? Unless the appliance in question only responds to DNS requests that is, but then I don't see how it could alter search results because a DNS request isn't going to include search form submissions unless the providers network is broken. | |
| | | | | |  Matt3All noise, no signal.Premium
join:2003-07-20
Jamestown, NC
kudos:12 | Re: Questions answered in this thread... said by rahvin112:Ah, I see that now. I'm curious, if it's deep packet inspection how does changing DNS server avoid it? Unless the appliance in question only responds to DNS requests that is, but then I don't see how it could alter search results because a DNS request isn't going to include search form submissions unless the providers network is broken.
As the article mentions, that's where specific "keywords" and URLs come into play.
nweaver  , please correct me if I am wrong, but I would think if the Paxfire appliance or software knows you are sending a DNS request to Google, they simply return an IP they own, pointing to a web server they control, read your form submission, then alter the traffic as they see fit ... exactly like OpenDNS currently does for all Google searches? | |
| | | | | | | | | Re: Questions answered in this thread... Correct: The paxfire appliance sits in front of the DNS resolver. It returns an address in place of NXDOMAINs (the stated function), and also returns the address of their proxy in place of any request for yahoo, bing, or (formerly, sometimes) Google, in order to route the search engine traffic through the proxy. | |
| | | | | | | |  rchandraStargate Universe fanPremium
join:2000-11-09
14225-2105 | Re: Questions answered in this thread... It may work to change DNS server settings in the specific cases of the stated ISPs who got these Paxfire boxen. But I don't think it would help in the general case. | |
|
| |  koitsuPremium,MVM
join:2002-07-16
Mountain View, CA
kudos:20 | said by nweaver:YES, changing DNS fixes this problem.
THIS particular tampering was based on changing DNS results from the recursive resolver, so using a third-party DNS (eg, Google Public DNS) fixes the problem.
And once people start doing this, more ISPs (there are already many doing it how I describe over in Europe) will begin using transparent proxies (read: they don't look for DNS traffic, they transparently monitor your HTTP packets and obtain your search queries and results via that) to achieve the same thing. For example, Sandvine equipment is quite capable of doing this.
Folks can dance around the problem all they want -- go ahead, use different DNS servers. Use private VPNs that act as IP routing proxies, drive yourself batshit crazy getting it all to work. Use HTTPS everywhere and wonder why the web suddenly becomes a complete piece of junk performance-wise (read: you cannot cache HTTPS content). There are drawbacks to everything.
I'll stick with just browsing the web how I always have. If people want to see my search queries for Intel MCA/MCE architecture, working drafts for T13 ATA specifications, and other technical things, awesome. Let 'em. Couldn't care less. I don't feel my privacy is being "invaded" since if the ISP wasn't doing this, the search engine company could be. Paranoia has no bounds/ends, so I choose not to become paranoid.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer. | |
|
| | | | | | Re: Questions answered in this thread... No.
Mediacom is/was doing in-path HTTP 404 rewriting using a deep-packet-inspection device, where the device detects that the response was a 404 and replaces the response with a JavaScript redirect to an Infospace search page. We detect this behavior and generate an alert when we see it.
They also were apparently changing results when searches were generated by the search bar. We don't detect this behavior (yet). | |
|
| | How about going on the offensive to poison the data being gathered?
Perhaps some sort of plugin for common browsers that takes your search queries, mangles them, then submits them to a central clearinghouse of crapped-up search queries. That clearinghouse - through some sort of random submission process over multiple addresses would submit the garbage data to addresses known to submit data to Paxfire.
If Paxfire's data is compromised - other companies won't trust it and will stop using it. Likewise, if data indicated a company submitting data to Paxfire was gaming the system (for example to inflate ad-view numbers/payments) then Paxfire might drop them.
Outside of some kind of software system to poison the data, a viral, social-network campaign to monkey with query data would work too. For example, get 10,000 people on a particular network to all submit the same exact query 5 times over a 24 hour period, causing a weird data-spike for Paxfire.
Come to think of it, large bot-net owners could rent their bot-nets to shape query results for or against products - or artificially inflate ad-views for an ISP subscribing to Paxfire's services. | |
| | | | Re: Questions answered in this thread... said by waynemr:Come to think of it, large bot-net owners could rent their bot-nets to shape query results for or against products - or artificially inflate ad-views for an ISP subscribing to Paxfire's services.
DON'T give 'them' any IDEAS!  | |
|
| |
|
·
·
·