1% Of Internet Traffic Being Fiddled With By ISPs
Page re-writing software may introduce security threats...Tipped by fatness
A new report
(pdf) by researchers at the University of Washington states that roughly one percent of web pages delivered to users are being manipulated in some way
by ISPs. After studying some 50,000 computers, the researchers found that a select few ISPs were injecting ads into Web pages on their networks. The study found that the most frequent culprits are small ISPs like Texas's Redmoon, who used NebuAD technology to inject ads
over existing ad relationships (NebuAD's CEO tells us they've since stopped the practice). From the research:
These changes often have negative consequences for publishers and users: agents may inject or remove ads, spread exploits, or introduce bugs into working pages. Worse, page rewriting software may introduce vulnerabilities into otherwise safe web sites, showing that such software must be carefully scrutinized to ensure the benefits outweigh the risks. Overall, page modifications can present a significant threat to publishers and users when pages are transferred over HTTP.
The researchers have subsequently developed a web page tripwire system
to detect ISP manipulation of web content they say is "more flexible and less costly" than switching to HTTPS for all traffic.
Re: Most "fiddling" is by end users & NOT the ISPs Obviously you've never heard of rogers cable internet up in Canada.
No AdBlock Plus? EDIT: OOOPS! Early, and I haven't had my coffee...ignore me....
| |b10010011Whats a Posting tag?Reviews:
I bet this sits well with the "Whyfirefoxisblocked" guy remember that guy that was blocking Firefox because user could have Adblock+ installed.
Now he will have to start blocking entire ISP's from accessing his page to make sure he gets his precious .0001 cent per ad view and .001 cent per click.
North Tonawanda, NY
Re: I bet this sits well with the "Whyfirefoxisblocked" guy If people start doing that, all I have to do is go into Firefox's config file and change the User Agent to Internet Explorer.
trying to understand why isnt this type of practice and technology not considered hacking. I would think that any manipulation of internet traffic to change what I expect to see on a webpage would be the same as phishing. How can an ISP change a web page to say something that is not on the originating server. Sooner or later some company is going to start paying ISP's to change negative comments about its services on some review site. Imagine comcast changing a consumer reports web page to show results that favor a particular company but in the printed magazine the results are different.
Re: trying to understand It's not hacking if you agree to it- and I'm sure the companies doing this (and probably a lot of those who don't, just in case) have appropriate clauses in the TOS agreement.