ISPs Covertly Hijacking Search Traffic → Re: Questions answered in this thread...

YES, changing DNS fixes this problem.

THIS particular tampering was based on changing DNS results from the recursive resolver, so using a third-party DNS (eg, Google Public DNS) fixes the problem.

According to the article the issue in this case is that the providers are using deep packet inspection to reroute search results on certain search providers to paid results. The only way to avoid this is encryption and only if they don't MITM (man in the middle) the SSL connection and have free access to your encrypted connections.

This is EXACTLY this issue that created the net-neutrality debate that so many people don't understand. The ISP has free reign over your connection and people don't even realize how badly they could interfere without your knowledge.

That was also my intrepretation of the article, but since nweaver is supposed to know exactly what is being tested and/or intercepted, perhaps the article is in error?

Ah, I see that now. I'm curious, if it's deep packet inspection how does changing DNS server avoid it? Unless the appliance in question only responds to DNS requests that is, but then I don't see how it could alter search results because a DNS request isn't going to include search form submissions unless the providers network is broken.

As the article mentions, that's where specific "keywords" and URLs come into play.

nweaver , please correct me if I am wrong, but I would think if the Paxfire appliance or software knows you are sending a DNS request to Google, they simply return an IP they own, pointing to a web server they control, read your form submission, then alter the traffic as they see fit ... exactly like OpenDNS currently does for all Google searches?

Correct: The paxfire appliance sits in front of the DNS resolver. It returns an address in place of NXDOMAINs (the stated function), and also returns the address of their proxy in place of any request for yahoo, bing, or (formerly, sometimes) Google, in order to route the search engine traffic through the proxy.

And once people start doing this, more ISPs (there are already many doing it how I describe over in Europe) will begin using transparent proxies (read: they don't look for DNS traffic, they transparently monitor your HTTP packets and obtain your search queries and results via that) to achieve the same thing. For example, Sandvine equipment is quite capable of doing this.

Folks can dance around the problem all they want -- go ahead, use different DNS servers. Use private VPNs that act as IP routing proxies, drive yourself batshit crazy getting it all to work. Use HTTPS everywhere and wonder why the web suddenly becomes a complete piece of junk performance-wise (read: you cannot cache HTTPS content). There are drawbacks to everything.

I'll stick with just browsing the web how I always have. If people want to see my search queries for Intel MCA/MCE architecture, working drafts for T13 ATA specifications, and other technical things, awesome. Let 'em. Couldn't care less. I don't feel my privacy is being "invaded" since if the ISP wasn't doing this, the search engine company could be. Paranoia has no bounds/ends, so I choose not to become paranoid.

It may work to change DNS server settings in the specific cases of the stated ISPs who got these Paxfire boxen. But I don't think it would help in the general case.