dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5299
share rss forum feed

PatriotB

join:2011-12-23

1 recommendation

Borderline-illegal search hijacking is back.

I'm at home visiting my family who has Charter for internet. I hook up my computer and decide to use my IE9's "search with Bing" feature. Imagine my surprise when instead of seeing Bing's search page, I see a Charter search page instead.

DNS redirecting for non-existant domains is controversial enough, but this is worse -- when I put in a request for bing.com, I expect to get results from bing.com.

IE9's "search with Bing" feature is equivalent to going to »www.bing.com/search?q=FOO&src=ie9tr. If I type that into the browser, I expect to be taken to Bing. Yet I am taken to some Charter page. What Charter is doing is equivalent to a phone company taking calls to Pizza Hut's phone number and redirecting them to Domino's. Totally unethical and if it isn't illegal it sure should be.

Also, if you do a search for certain words like amazon or safeway, you are taken directly to those websites and not to any search result page at all.

So I decided to do some research to see if this is a known issue, and found this is a well known issue involving 12 different ISPs and a company called Paxfire who sells the technology to the ISPs. "Charter and Iowa Telecom were observed to be redirecting search terms, but have since ceased doing so. Iowa Telecom stopped its redirection between July and September 2010, and Charter stopped in March 2011." according to »www.newscientist.com/article/dn2···l?page=2.

However in May 2011 users on this forum were reporting that the hijacking was still taking place: »Is Charter Hijacking the Bing search feature in IE?. And here it is, December 2011 and Charter is either still at it or back at it again.

The EFF had a scathing article, »www.eff.org/deeplinks/2011/07/wi···n-the-us, and they noted that "Charter also used Paxfire in the past, but appears to have discontinued this practice." Which is apparently now untrue.

Two lawfirms have taken note, one of which, Milberg, has a lawsuit underway (not against Charter): »cases.milberg.com/isp-monitor-re···igation/

It also came to the attention of as Senator Richard Blumenthal of the Senate Judiciary Committee. "These practices may well be a violation of law, including federal wiretap laws," says Blumenthal. "They are clearly a violation of trust that users place in ISPs." »www.newscientist.com/blogs/onepe···che.html

The Charter search page has a "why am I here" link in the corner, which states "Charter has partnered with Yahoo! and other industry leaders to bring our users the best possible search experience. We will continue to expand the functionality of the Charter Search Experience as we work with other leading search technology providers." There is a link to a page where you can disable this "feature". Which I will be doing shortly on behalf of my parents who would never have understood what is really going on here.

Charter needs to get rid of this "feature" entirely. I plan on contacting the authors of the various articles I found, the EFF, Milberg, as well as Senator Blumenthal's office to make sure they are all aware that Charter either never stopped this practice or that they have resumed it again.


desarollo

join:2011-10-01
Monroe, MI

Did you give them non-Charter name servers to use as well?



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

1 edit
reply to PatriotB

Where are you typing your search terms? In the address bar or in the search box?

If you type a single word into the address bar figuring it'll automatically get searched for, often it doesn't work because single words are still acceptable addresses which will be sent to the DNS servers. Once it's not found at the DNS server, it may be redirected to a search engine, be it DNS based or browser based.

Not all browsers will act the same with single words though and personal browser settings may also affect it.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.


mj3431

join:2003-04-21
STL, MO

IE9 no longer has separate address/search bars like previous versions. The standard search mechanism has been integrated into the address bar.



Google DNS

@charter.com
reply to PatriotB

I had this problem with Charter's services before. Switched the DNS in the modem to Google DNS, and have had no problems since then, it even boosted my connection speed a bit since Charter's DNS is slow.

Google DNS is 8.8.8.8 for the primary and 8.8.4.4 for the secondary.



technologiq

join:2000-08-08
Reno, NV
Reviews:
·Charter
reply to PatriotB

As others have said, I would definitely consider moving AWAY from Charters DNS servers.

You can go with Google DNS or any other but I suggest running NameBench (»code.google.com/p/namebench/) or something similar to figure out which will get you the best performance.

Note that some of these providers also do hijacking but you can tell namebench not to bother with those.

I'd recommend making sure your internet connection is idle for the most part before running this test as it has yielded different results for me depending on my usage.



blahblabblah

@charter.com
reply to PatriotB

The answer to any charter dns issue, is to not use charter's dns servers.



nightshade74
Yet another genxer
Premium
join:2004-11-06
Prattville, AL
reply to technologiq

said by technologiq:

You can go with Google DNS or any other but I suggest running NameBench (»code.google.com/p/namebench/) or something similar to figure out which will get you the best performance.

One issue with using other DNS servers is the CDNs.
»www.sajalkayan.com/in-a-cdnd-wor···emy.html

I just said to heck with it and installed Bind. That's
likely overkill for most. Another option is DNSMASQ
w/ "Bogus NX Domain Override".

Unless you're a techie this is one of those rock and a
hard place situations. Stay with charter DNS and get
bogus results but better CDN results. Move to
a 3rd party DNS get non-bogus results but worse
CDN results.


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

Just use Charter's DNS and opt out of the redirects.


zed260
Premium
join:2011-11-11
Cleveland, TN
Reviews:
·Charter
reply to nightshade74

said by nightshade74:

said by technologiq:

You can go with Google DNS or any other but I suggest running NameBench (»code.google.com/p/namebench/) or something similar to figure out which will get you the best performance.

One issue with using other DNS servers is the CDNs.
»www.sajalkayan.com/in-a-cdnd-wor···emy.html

I just said to heck with it and installed Bind. That's
likely overkill for most. Another option is DNSMASQ
w/ "Bogus NX Domain Override".

Unless you're a techie this is one of those rock and a
hard place situations. Stay with charter DNS and get
bogus results but better CDN results. Move to
a 3rd party DNS get non-bogus results but worse
CDN results.

»unbound.net/index.html thats far better in my book

Chubbysumo

join:2009-12-01
Superior, WI
Reviews:
·Charter
reply to DrDrew

said by DrDrew:

Just use Charter's DNS and opt out of the redirects.

the opt out does not stay, and is cookie based, so if you clear your cookies on a regular basis, its pointless to opt out. just use different DNS servers, and the problem goes away.

zed260
Premium
join:2011-11-11
Cleveland, TN
Reviews:
·Charter

said by Chubbysumo:

said by DrDrew:

Just use Charter's DNS and opt out of the redirects.

the opt out does not stay, and is cookie based, so if you clear your cookies on a regular basis, its pointless to opt out. just use different DNS servers, and the problem goes away.

well on charter bussnuss its not cookie based i know because i switched web browsers (not sure if its ip based or cable modom mac based or something else)


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

3 edits
reply to Chubbysumo

said by Chubbysumo:

said by DrDrew:

Just use Charter's DNS and opt out of the redirects.

the opt out does not stay, and is cookie based, so if you clear your cookies on a regular basis, its pointless to opt out. just use different DNS servers, and the problem goes away.

Disabling the DNS redirects is not cookie based. It's based on modem MAC address. Go read their site: »search.charter.net/prefs.php


Cookies are used for some of the web based filtering options, such as "typo correction" and "adult filtering", if you leave the redirect service enabled.

Using non-ISP DNS servers often causes issues such as slow speeds and buffering with video and other sites using CDN services. Since the CDN servers have regional locations and often have direct links to ISP peering points, changing DNS servers frequently redirects requests to non-optimized CDN servers which may not be directly linked to your ISPs network.

TWC's DNS redirect worked the same way.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.

Chubbysumo

join:2009-12-01
Superior, WI

then why do I have to go and reset this every time I clear my cache and cookies? It says its modem MAC based, but every damn time I clear my cookies, I lose the settings and end up back at the charter/yahoo web search for bad addresses.



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

2 edits

said by Chubbysumo:

then why do I have to go and reset this every time I clear my cache and cookies? It says its modem MAC based, but every damn time I clear my cookies, I lose the settings and end up back at the charter/yahoo web search for bad addresses.

Don't know, but I don't have that problem and I clear all my cookies when I shut down my browser.

Although make sure after you opt-out to give it a few minutes (up a hour) for the settings to propagate through the ISPs servers, then reset your modem, release/renew your IP lease, and/or reset your router (since some don't properly clear old IP leases correctly).
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.


cork1958
Cork
Premium
join:2000-02-26

1 edit
reply to Chubbysumo

said by technologiq:

As others have said, I would definitely consider moving AWAY from Charters DNS servers.

You can go with Google DNS or any other but I suggest running NameBench (»code.google.com/p/namebench/) or something similar to figure out which will get you the best performance.

Note that some of these providers also do hijacking but you can tell namebench not to bother with those.

I'd recommend making sure your internet connection is idle for the most part before running this test as it has yielded different results for me depending on my usage.

Almost exactly what I would suggest except I'd suggest NOT using Googles DNS just because it's Google and everybody thinks it's the greatest thing since the invention of the internet!

On ANY connection/ISP I've ever tested using »www.grc.com/dns/benchmark.htm Google hasn't been any where near the top in the results. For that matter, neither has OpenDNS and I don't use either!
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/


said by Chubbysumo:

then why do I have to go and reset this every time I clear my cache and cookies? It says its modem MAC based, but every damn time I clear my cookies, I lose the settings and end up back at the charter/yahoo web search for bad addresses.

If you're using IE and have CrapCleaner, do you have CC set to clean cookies AND index .dat files?

If using Firefox or some other browser that has the option for cleaning Site Preferences, do you have that checked to do so? If so, uncheck that.

I'm fairly sure you know of those things though?

said by DrDrew:

said by Chubbysumo:

then why do I have to go and reset this every time I clear my cache and cookies? It says its modem MAC based, but every damn time I clear my cookies, I lose the settings and end up back at the charter/yahoo web search for bad addresses.

Don't know, but I don't have that problem and I clear all my cookies when I shut down my browser.

Although make sure after you opt-out to give it a few minutes (up a hour) for the settings to propagate through the ISPs servers, then reset your modem, release/renew your IP lease, and/or reset your router (since some don't properly clear old IP leases correctly).

Man! All that over cookies, huh?

KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
reply to DrDrew

Thanks so much! Always new you could opt out back in the day but it was cookie based. I had no idea this pages even existed. I think Charter is keeping it on the down low or not telling customers about it? Since it gives them extra revenue?

said by DrDrew:

said by Chubbysumo:

said by DrDrew:

Just use Charter's DNS and opt out of the redirects.

the opt out does not stay, and is cookie based, so if you clear your cookies on a regular basis, its pointless to opt out. just use different DNS servers, and the problem goes away.

Disabling the DNS redirects is not cookie based. It's based on modem MAC address. Go read their site: »search.charter.net/prefs.php
[att=1]
Cookies are used for some of the web based filtering options, such as "typo correction" and "adult filtering", if you leave the redirect service enabled.

Using non-ISP DNS servers often causes issues such as slow speeds and buffering with video and other sites using CDN services. Since the CDN servers have regional locations and often have direct links to ISP peering points, changing DNS servers frequently redirects requests to non-optimized CDN servers which may not be directly linked to your ISPs network.

TWC's DNS redirect worked the same way.



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

3 edits

said by KoRnGtL15:

Thanks so much! Always new you could opt out back in the day but it was cookie based. I had no idea this pages even existed. I think Charter is keeping it on the down low or not telling customers about it? Since it gives them extra revenue?

Even back in the day it was modem MAC address based, not cookie based. It's the same Yahoo based system now as it was then. It's the same basic system also used by TWC and a few other ISPs.

The first time Charter did it, the config/opt-out address was at »wwww11.charter.net

That address was also on every redirect results page, just like the current config/opt-out address.

[edit] I know it's not cookie based because if I change the settings on my one computer; the Wii, Nooks, iPhone, Blackberry, XP laptop, Mac laptop, iMac, and other devices in the house I haven't set anything on stop getting the redirects. Also the non-browser based tools that don't do anything with cookies like ping, traceroute, dig, lft, mtr, and nslookup won't show signs of redirection.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.


Zeldas7777
Charter - Business Residential
Premium
join:2005-01-25
North Richland Hills, TX
reply to PatriotB

I just want to point out that if you specify your own dns in the modem or router and you use a DHCP to get online ( a dynamic account ) Charter dns can still be forced on your connection. I had to hard-code dns in a firewall box to get rid of charter dns. You can always setup a static network this will also get rid of it. By static network I mean setup static ip to router not internet and disable DHCP in the router. Gamers already do this to eliminate the extra broadcast traffic from DHCP and broadcast from router and each connected computer. This in some cases can also speed up ping times. Like a ping of 30 - 40 could drop to 15 or less.

My two cents good luck.



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

Charter DNS can't be forced on your connection unless they start intercepting DNS requests at the packet/port level.

If your router is picking Charter DNS in addition to user specified DNS, then it's a router config that's allowing that. Smoothwall and some others do this by default and have to be configured not to.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.



Zeldas7777
Charter - Business Residential
Premium
join:2005-01-25
North Richland Hills, TX

I have a brand new valet router and when I had defined it in the router only two per router than how do you explain 3 dns ips in the wan status page. My computer also got 3 dns ips threw DHCP to router. This is interesting new modem to new router to fresh re-install of OS with updates. If you need screen shots I could provide them for you.



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

Like I said SOME routers default config is to append DHCP issued DNS servers to the ones statically entered into it's config.

Flipping through the manual I found on the Cisco Valet, it seems to imply that can happen, but the ISP DNS servers will be lower priority.

If you fill in the 3rd DNS server assignment, instead of just 2, what happens?
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes.



Zeldas7777
Charter - Business Residential
Premium
join:2005-01-25
North Richland Hills, TX

I have seen it before filling all three section of router dns and the 3rd ip get replaced with charter dns ip. I have also seen this with other cable provider.

FYI:
Companies do pay charter for key words and or key phrases. That is why your getting the charter search page results. To make sure that their search results are sent to customer the dns proxies are on their network. Just like opendns uses the same proxies to produce the same kind of results but also help protecting users at the same time. That is why when you hookup your new modem to swap it out you get the charter install page. That is because of a slightly modified proxy rule for authorized users but uses the same proxy dns.