site Search:


 
   
story category
1% Of Internet Traffic Being Fiddled With By ISPs
Page re-writing software may introduce security threats...
by Karl Bode Monday 21-Apr-2008 tags: business · security · content
Tipped by fatness See Profile
A new report (pdf) by researchers at the University of Washington states that roughly one percent of web pages delivered to users are being manipulated in some way by ISPs. After studying some 50,000 computers, the researchers found that a select few ISPs were injecting ads into Web pages on their networks. The study found that the most frequent culprits are small ISPs like Texas's Redmoon, who used NebuAD technology to inject ads over existing ad relationships (NebuAD's CEO tells us they've since stopped the practice). From the research:

These changes often have negative consequences for publishers and users: agents may inject or remove ads, spread exploits, or introduce bugs into working pages. Worse, page rewriting software may introduce vulnerabilities into otherwise safe web sites, showing that such software must be carefully scrutinized to ensure the benefits outweigh the risks. Overall, page modifications can present a significant threat to publishers and users when pages are transferred over HTTP.

The researchers have subsequently developed a web page tripwire system to detect ISP manipulation of web content they say is "more flexible and less costly" than switching to HTTPS for all traffic.

view: topics flat text 
Post a:

Linklist
Premium
join:2002-03-03
Longport, NJ
kudos:5

Most "fiddling" is by end users & NOT the ISPs

»www.cs.washington.edu/research/s···res.html
The vast majority of changes were caused by proxy software on the user's machine, such as popup blockers and ad blockers.
Out of 50,171 unique IP addresses, only 16 of the 657 "fiddled" pages were by ISPs:



So, by my calculations, that comes to 16/50171= .03% & not 1%
--
My BLOG .. .. Internet News .. .. My Web Page

Bellundo

@teksavvy.com

Re: Most "fiddling" is by end users & NOT the ISPs

Obviously you've never heard of rogers cable internet up in Canada.

swhx7
Premium
join:2006-07-23
Elbonia
Yes, it's less than 1% so far, according to the researchers. That doesn't mean it's not a problem.

If ISPs can get away with altering content on its way to or from the subscribers, it won't stop with ad injection. Eventually they'll be substituting news articles, rewriting emails, and preventing access to information.

It has to be stopped now, because once it becomes a significant source of profit, the pipe owners will apply political influence to prevent anything being done to restrain it.

fcisler
Premium
join:2004-06-14
Riverhead, NY

1 edit

No AdBlock Plus?

EDIT: OOOPS! Early, and I haven't had my coffee...ignore me....
b10010011
Whats a Posting tag?

join:2004-09-07
Bellingham, WA
Reviews:
·Comcast Formerl..

I bet this sits well with the "Whyfirefoxisblocked" guy

remember that guy that was blocking Firefox because user could have Adblock+ installed.

Now he will have to start blocking entire ISP's from accessing his page to make sure he gets his precious .0001 cent per ad view and .001 cent per click.


Smith6612
Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:22

Re: I bet this sits well with the "Whyfirefoxisblocked" guy

If people start doing that, all I have to do is go into Firefox's config file and change the User Agent to Internet Explorer.
patcat88

join:2002-04-05
Jamaica, NY
kudos:1

Re: I bet this sits well with the "Whyfirefoxisblocked" guy

He will then probe your DOM with Javascript. Try to defeat that.

Smith6612
Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:22

2 edits
NoScript + IETab + Linux machine in basement
ossito16

join:2004-07-31
Whiting, IN

trying to understand

why isnt this type of practice and technology not considered hacking. I would think that any manipulation of internet traffic to change what I expect to see on a webpage would be the same as phishing. How can an ISP change a web page to say something that is not on the originating server. Sooner or later some company is going to start paying ISP's to change negative comments about its services on some review site. Imagine comcast changing a consumer reports web page to show results that favor a particular company but in the printed magazine the results are different.
EPS

join:2008-02-13
Hingham, MA

Re: trying to understand

It's not hacking if you agree to it- and I'm sure the companies doing this (and probably a lot of those who don't, just in case) have appropriate clauses in the TOS agreement.

Wednesday, 19-Jun 05:12:57 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.