1% Of Internet Traffic Being Fiddled With By ISPs Page re-writing software may introduce security threats... Tipped by fatness 
A new report (pdf) by researchers at the University of Washington states that roughly one percent of web pages delivered to users are being manipulated in some way by ISPs. After studying some 50,000 computers, the researchers found that a select few ISPs were injecting ads into Web pages on their networks. The study found that the most frequent culprits are small ISPs like Texas's Redmoon, who used NebuAD technology to inject ads over existing ad relationships (NebuAD's CEO tells us they've since stopped the practice). From the research: These changes often have negative consequences for publishers and users: agents may inject or remove ads, spread exploits, or introduce bugs into working pages. Worse, page rewriting software may introduce vulnerabilities into otherwise safe web sites, showing that such software must be carefully scrutinized to ensure the benefits outweigh the risks. Overall, page modifications can present a significant threat to publishers and users when pages are transferred over HTTP. The researchers have subsequently developed a web page tripwire system to detect ISP manipulation of web content they say is "more flexible and less costly" than switching to HTTPS for all traffic.
|
 |  | | | Re: Most "fiddling" is by end users & NOT the ISPs Obviously you've never heard of rogers cable internet up in Canada. | |
| |  swhx7Premium
join:2006-07-23
Elbonia | Yes, it's less than 1% so far, according to the researchers. That doesn't mean it's not a problem.
If ISPs can get away with altering content on its way to or from the subscribers, it won't stop with ad injection. Eventually they'll be substituting news articles, rewriting emails, and preventing access to information.
It has to be stopped now, because once it becomes a significant source of profit, the pipe owners will apply political influence to prevent anything being done to restrain it. | |
|
 fcislerPremium
join:2004-06-14
Riverhead, NY
1 edit | No AdBlock Plus? EDIT: OOOPS! Early, and I haven't had my coffee...ignore me.... | |
| b10010011Whats a Posting tag?
join:2004-09-07
Bellingham, WA Reviews:
 ·Comcast Formerl..
| I bet this sits well with the "Whyfirefoxisblocked" guy remember that guy that was blocking Firefox because user could have Adblock+ installed.
Now he will have to start blocking entire ISP's from accessing his page to make sure he gets his precious .0001 cent per ad view and .001 cent per click.
| |
| |  Smith6612Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:22 | Re: I bet this sits well with the "Whyfirefoxisblocked" guy If people start doing that, all I have to do is go into Firefox's config file and change the User Agent to Internet Explorer.  | |
| | | patcat88
join:2002-04-05
Jamaica, NY
kudos:1 | Re: I bet this sits well with the "Whyfirefoxisblocked" guy He will then probe your DOM with Javascript. Try to defeat that. | |
|
| Smith6612Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:22
2 edits | NoScript + IETab + Linux machine in basement  | |
|
| | trying to understand why isnt this type of practice and technology not considered hacking. I would think that any manipulation of internet traffic to change what I expect to see on a webpage would be the same as phishing. How can an ISP change a web page to say something that is not on the originating server. Sooner or later some company is going to start paying ISP's to change negative comments about its services on some review site. Imagine comcast changing a consumer reports web page to show results that favor a particular company but in the printed magazine the results are different. | |
| | EPS
join:2008-02-13
Hingham, MA | Re: trying to understand It's not hacking if you agree to it- and I'm sure the companies doing this (and probably a lot of those who don't, just in case) have appropriate clauses in the TOS agreement. | |
|
| |
|
|
Most "fiddling" is by end users & NOT the ISPs
