dslreports logo
site
   
spc
Related:
story category
Rogers Uses Deep Packet Inspection for DNS Redirection
Is hijacking websites for advertising a violation of net neutrality?
by KathrynV 09:49AM Sunday Jul 20 2008 Tipped by backness See Profile
At the end of 2007, we saw a surge in the amount of content that ISPs were injecting into websites in order to gain additional revenue for themselves. Canadian cable operator Rogers was found to be utilizing deep packet inspection to insert Javascript into various websites with messages for users about their monthly caps. At the time, Rogers admitted to the act and said that the company would be testing out a variety of different things like this and gauging customer response.

It appears that Rogers is making good on the plan to keep testing out the use of deep packet inspection and is now doing so in the form of DNS redirection, a practice which many say is a net neutrality violation. Entering an incorrect domain name will now transfer users to a Rogers-sponsored page filled with paid search results and links to additional Rogers content, along with a message from Rogers explaining that the page has been reached in error but is designed to “enhance your web surfing experience by eliminating many of the error pages you encounter as you surf”. Users can opt-out of the DNS redirection if they so choose.

view:
topics flat nest 

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

4 edits

1 recommendation

DNS redirection is NOT deep packet inspection

DNS redirection and deep packet inspection are 2 entirely different animals. DNS redirection is NOT achieved using deep packet inspection. It is done by Rogers having control over their own DNS servers and when you type an invalid or partial domain name it redirects to a Rogers search page instead of the std error message. Changing from Roger's DNS servers to something else like OPENDNS servers fixes that, which wouldn't be possible if they were doing it thru deep packet inspection.

Of course, OpenDNS also provides a redirection page with advertising when you type in a bogus domain name unless you become a free customer and then TURN OFF typo correction as an option. Then it returns an error page like some want. It just doesn't come from Rogers. If you really really need a DNS server that doesn't redirect on errors and just returns the error message, there are some out there. But you will have to look hard for them, as most ISPs now redirect on domain name errors.

And calling it a "Net Neutrality" violation is a stretch, as Techdirt points out in this BBR link:
»Is DNS Redirection a Network Neutrality Violation?
Techdirt doesn't think it's a neutrality violation, as users have the right to use alternative DNS servers:
it's worth keeping in mind that you're not required to use your ISP's DNS server at all. ISPs provide DNS servers as a courtesy, the same way they might provide you with a free email account. But you don't have to use it. You're free to point your computer to another DNS server, such as OpenDNS, just as you can use a third-party email service such as GMail.
The subject is also being discussed in the Rogers forum here at BBR where they also discuss workarounds and some DNS servers(not Rogers) that don't redirect:
»rogers inserting advertisements into my browser - WTF?
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?
Tristan

join:2006-09-10
Nepean, ON
Reviews:
·Start Communicat..
·Rogers Hi-Speed
·Bell Sympatico
·TekSavvy Cable

1 recommendation

Re: DNS redirection is NOT deep packet inspection

I tried OpenDNS, and sure, it works, but I didn't like the fact that they were actually slower for me than Rogers own DNS servers. I am looking for a faster DNS server, that doesn't fool around with my experience (eg: offer searches with ads, mess around with std. error messages, etc.)

It is a Net Neutrality violation to a great many, regardless of what "experts" lead us to believe. Geeks like you and I may know how to switch DNS servers, but the average Joe doesn't even know what a DNS server is, let alone know how to choose one of their own volition. They trust that the service just works, and when it stops working the way they know and love, they loose trust.

Trust is key in the Net Neutrality debate.

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Re: DNS redirection is NOT deep packet inspection

said by Tristan:

I tried OpenDNS, and sure, it works, but I didn't like the fact that they were actually slower for me than Rogers own DNS servers. I am looking for a faster DNS server, that doesn't fool around with my experience

Try the DNS servers mentioned in this post:
»Re: rogers inserting advertisements into my browser - WTF?
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?

GeekGirl1
Premium
join:2007-01-28
Morrisville, PA
kudos:2

Re: DNS redirection is NOT deep packet inspection

And for those on Verizon FiOS which has been doing DNS redirects since late last year: »how to opt out of Verizon's DNS not found page

drjp81

join:2006-01-09
canada
said by FFH:

DNS redirection and deep packet inspection are 2 entirely different animals. DNS redirection is NOT achieved using deep packet inspection...
You totally missed it. Rogers is rederecting failed DNS requests and possibly others based on the DNS names that are passed through it's customer's HTTP requests.

Which means there is a discrimination of what service or protocol you are using for the DNS redirection. So while a ping at www.blababla.com might answer nobody's home, Rogers can hijack a HTTP request without even attempting to resolve the name.

How then can you trust the content of a website?

You go to wikipedia.org, Rogers detect via DPI the URL and domain name you are going to, and the redirect parts of the site with whatever content is commercially viable for them.

That's the plan.
--
Cheers!

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Re: DNS redirection is NOT deep packet inspection

said by drjp81:

You totally missed it. Rogers is rederecting failed DNS requests and possibly others based on the DNS names that are passed through it's customer's HTTP requests.

Which means there is a discrimination of what service or protocol you are using for the DNS redirection.{they all do that. No service is redirecting non-http(s) requests} So while a ping at www.blababla.com might answer nobody's home, Rogers can hijack a HTTP request without even attempting to resolve the name.

How then can you trust the content of a website?

You go to wikipedia.org, Rogers detect via DPI the URL and domain name you are going to, and the redirect parts of the site with whatever content is commercially viable for them.

That's the plan.
But that isn't what they are doing or even what they are being accused of. They are redirecting bad domain names to their search engine and nothing else. Saying they COULD do this or COULD do that doesn't prove anything. Any business supplying DNS services COULD do many things.

Some people don't like redirecting mistaken domain names, but that is done by almost all ISPs now and also many Toolbars - Google included. Most people like the service. For those that don't - there are DNS servers out their that will just return an error when something is mistyped or when a page has an invalid link.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Re: DNS redirection is NOT deep packet inspection

said by FFH:

Some people don't like redirecting mistaken domain names, but that is done by almost all ISPs now
Almost "all" -- do you have a source for that truthiness?
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
Comcast: We never did anything wrong, and we'll never do it again...

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 edit

Re: DNS redirection is NOT deep packet inspection

said by funchords:

said by FFH:

Some people don't like redirecting mistaken domain names, but that is done by almost all ISPs now
Almost "all" -- do you have a source for that truthiness?
BBR. Verizon, TW/RR, Cox, Embarq, Qwest, Rogers, Earthlink, Charter, Bresnan, etc. are all doing it.
»/nsearch?q=dns···vanced=1

So far, as best I could determine with search tools, AT&T & Comcast haven't started doing this yet.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk?

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Re: DNS redirection is NOT deep packet inspection

Awesome, thanks! I agree, there are some big names in there. More than I thought.

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
Deep Packet Inspection is a big game changer. It CAN be used to perform DNS redirection -- it can be used to change any Internet service provided it doesn't require a 3rd-party brokered key to operate.

I agree with you that it probably isn't in use in this case, especially since 3rd party DNS servers aren't also being intercepted.

Still, this stresses the need for rules around the use of DPI. Users shouldn't have to wonder whether or not it is in use. Similarly, if ISPs are going to change the way the Internet works, that ought to be disclosed and optional.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
Comcast: We never did anything wrong, and we'll never do it again...
Tristan

join:2006-09-10
Nepean, ON
Reviews:
·Start Communicat..
·Rogers Hi-Speed
·Bell Sympatico
·TekSavvy Cable

Rogers Service

Rogers continues their goal of being one of the worst-liked broadband ISP's in Canada.

As if the rate increases, DNS resolving issues, encryption throttling, P2P throttling, love-in with Yahoo and poor tech support weren't bad enough...

Messing around with my internet experience in any shape or form constitutes violations of internet integrity, and my trust.

Read this Rogers: I can no longer trust my internet connection! Thanks a lot!

I'd switch to another provider at the drop of a hat, if it weren't for the fact that there are only 2 pipelines I can afford; Cable and DSL, both are operated/managed by Idiots-In-Suits (TM), both are engaged in interfering with our experience, both have been caught in lies and deceit, and both pretty much rule the landscape.

I know there are independant's (Teksavvy), but I'm not prepared to trade my noose for a tighter noose. Until the problem of wholesale customer throttling is solved so that they can be true competitors (which help drive prices down and/or service quality up), I'm stuck with Rogers.

For me, Rogers is the fastest bully on the block. Quite sad really...

Dogfather
Premium
join:2007-12-26
Laguna Hills, CA

1 edit

Injection is illegal

It's illegal (at least in the US) to modify copyrighted works.

In order to insert these messages the ISP intercepts and modifies the HTML of the content (eg Google's HTML being rendered in your browser) to inject a line of code that executes their javascript (that creates the frame etc). Without this javascript line, there can be no ad injection.

The HTML is copyrighted and can not be modified without the permission of the author.

As for DNS redirection...unless the ads on the DNS redirection page use some sort of NebuAd technology, this DNS redirection is just redirection and has nothing to do with DPI.

While redirection drives me nuts and breaks a lot of apps, I know people who actually like it as the results near the top of the page are typically what they were trying to get to.

But these services should be opt-in not opt-out. If DNS redirection is so great and so wanted, the ISPs would have no problem signing people up.

Glaice
Brutal Video Vault
Premium
join:2002-10-01
North Babylon, NY

Re: Injection is illegal

I wonder how Rogers would respond doing that to small and bigger companies/sites..besides the usual bribery BS.

TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
said by Dogfather:

... If DNS redirection is so great and so wanted, the ISPs would have no problem signing people up.
For a fee!
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here.
hottboiinnc
ME

join:2003-10-15
Cleveland, OH
If it was illegal then why hasnt the courts heard any cases about it?

Dogfather
Premium
join:2007-12-26
Laguna Hills, CA

2 edits

Re: Injection is illegal

Because a copyright holder has to bring suit and they won't bother spending the money when Congress is already looking at NebuAd and may do the work for them.
hottboiinnc
ME

join:2003-10-15
Cleveland, OH

1 edit

Re: Injection is illegal

NebuAd does not just toss ads in on any page. They work with ad networks such and doubleclick

But next they'll just do pop-ups or something else to get around anything.

ISPs will also just buy Congress and get their way. besides the Sentors that decided to "look" are only wanting to get their names out due to elections are coming up.

Dogfather
Premium
join:2007-12-26
Laguna Hills, CA

Re: Injection is illegal

Doesn't matter who's ads they are. It's NebuAd that is intercepting and illegally modifying other's copyrighted HTML code to add the javascript execution line required to place the ad (whoevers ad it may end up being).

Meanwhile while ISPs attempt to buy Congress, content providers and ad competitors like Google have more money and have PR on their side.
hottboiinnc
ME

join:2003-10-15
Cleveland, OH

Re: Injection is illegal

NebuAd does not modify any code. They WORK WITH OTHER AD COMPANIES TO DISPLAY THEIR ADS ON THOSE PAGES!

YOU DON'T LISTEN!

Dogfather
Premium
join:2007-12-26
Laguna Hills, CA

1 edit

Re: Injection is illegal

And you don't READ. Faireagle was developed by NebuAd.

»ISPs Injecting Ads Into Pages
»www.theregister.co.uk/2008/06/23···_nebuad/

They ABSOLUTELY modified HTML to inject javascript...that's how Faireagle works.

It's certainly no surprise that 6 of their top goons work for Gator.

n2jtx

join:2001-01-13
Glen Head, NY

Stopping Injection

Injection could be stopped if more sites starting using SSL (https) instead of plain old http. Unfortunately there is more overhead to process https data but it looks like this may be the only way to thwart code injection.
--
I support the right to keep and arm bears.

tp0d
yabbazooie
Premium
join:2001-02-13
Carnegie, PA
kudos:5

1 recommendation

Re: Stopping Injection

I use OpenDNS, it works well. Much faster than the verizon servers...

But I also use a Firefox addon called NoScript. It does exactly what it says, stops the processing of scripts. It operates on a whitelist, with all sites starting out blocked. You have to add the sites you want. A little inconvenient, but stops -all- script viri injections, weird scripts on pages (strange cursors/etc), and kills a lot of ads, namely flash ads (puke)

It would also stop any JS that is added to the page.

-j

Unit649
I B U, Who U B?
Premium
join:2000-01-22
Stockton, CA

1 edit

I would think....

The main issue isn't the fact they are doing it, but the fact that where they disclose it and tell you how to avoid it....is in such small type you'd need to be an ant to be able to read it.

If it was something that, when you got the service, was disclosed plainly and options were given to avoid it, it wouldn't be as big of a deal.

Of course, requiring that you use their DNS in order to get information on how much cap space you have remaining then implies that you have to tolerate it or risk going over the cap.

Tricky, tricky.....

Just keeping up the fine tradition started by cable companies. Pay us $50 a month, and we'll provide you service...injected with advertisements from our sponsors. Its just being extended to the internet now as more people spend more time on it than watching actual TV. If tomorrow reading books suddenly became the next national pastime, advertising agencies would be pushing to put advertisements in them too. I know I was pretty ticked when MAD magazine started allowing ads. Now its 75% ads 25% humor. And you have to pay a fee to buy it too, unless you just stand there and read it in the bookstore, which is entirely possible now since there is less content.

The day is coming when you turn the key to your car and the car will say "We have received the request to start the car. But first, a word from our sponsor."

Google will probably pioneer that too in cooperation with some vehicle provider.

The sick thing is with all this stuff they are doing is that tomorrow they will raise your rates again because they aren't making enough either

Oh, and has anyone noticed lately with any site that, when you click to read an article and a "sponsor ad" appears, that the "skip ad" link is now gone, or doesn't appear till maybe 2 seconds are remaining out of the 10 it makes you wait? And it doesn't redirect after the time either, you have to then click AGAIN to get to it, so you can't even go to another tab for a few seconds while the timer clicks?

Makes me just close the window and say "the heck with it" more and more.

SALAMANCA

join:2008-06-07
Toronto, ON

Right the Wrong

Why isn't anyone holding Rogers accountable for their actions. Bell is being taken to task for throttling their customers and wholesale customers.

We're all seeing the things Rogers is doing to their subscriber's, and it's as though people are saying it's okay. Quietly sitting on the fence turning a blind eye and allowing Rogers to continue doing what they're doing. But God forbid that Bell Canada be allowed to get off with anything. Not that I'm taking sides with Bell Canada, but 'what is good for the goose is good for the gander.'

Why is no one taking Rogers to task and holding them accountable for the actions they've taken towards their subscribers?
Tristan

join:2006-09-10
Nepean, ON
Reviews:
·Start Communicat..
·Rogers Hi-Speed
·Bell Sympatico
·TekSavvy Cable

Re: Right the Wrong

said by SALAMANCA:

Why isn't anyone holding Rogers accountable for their actions. Bell is being taken to task for throttling their customers and wholesale customers.
...
Why is no one taking Rogers to task and holding them accountable for the actions they've taken towards their subscribers?

Aside from my usual telling Rogers that the service is overpriced, or switch ISP's (read: little choice), there's not much I can do.

I just received an email from a friend who asked me how I get anything done working 6 days a week, 8 hrs a day, take care of my 13 month old son, and get the shopping and house work done.

I complain to the CRTC when I can, but I don't even know if it helps - my chocolate teapot is boiling.... BRB

SLD
Premium
join:2002-04-17
San Francisco, CA

Re: I would think....

I'm absolutely surprised that homes are not being contacted to sell ad space on their garage doors!
Tristan

join:2006-09-10
Nepean, ON
Reviews:
·Start Communicat..
·Rogers Hi-Speed
·Bell Sympatico
·TekSavvy Cable

Re: I would think....

said by SLD:

I'm absolutely surprised that homes are not being contacted to sell ad space on their garage doors!
I think there are by-laws that prevent that sort of thing. At least... there used to be here in Nepean - the former city of Nepean used to charge $50.00/mo just for a sandwich board style sign (if memory serves me)
Bangy

join:2000-12-20
Lincoln, RI

No sympathy here

The fact is that if Rogers wasn't such a scumbag operation to begin with people wouldn't be jumping to conclusions like this.

I agree that this particular incident is overblown but Rogers has no one to blame but themselves for the hostile attitude of its customers.

random person

@78.146.95.x

is injecting content creating a derivative work?

Just curious, but are websites copyrighted? If they are, then if an ISP injects anything into them before serving them, is that not creating an unauthorised derivative work under copyright law?

Hondra

@fmc-law.com

URL Manipulation

Rogers is not only manipulating DNS, but also monitoring the URL's we are all attempting to browse to and selectively manipulating those.

A feature of Internet Explorer is "Address Bar Searching". This feature can actually be configured using Tools/Internet Options, then under the Search area, select Settings. This option allows you to select a search provider. By default Microsoft's live.com service is selected, however you can install additional providers such as Google. This is an open service and any provider, including Rogers are capable of creating and distributing providers.

What Rogers has done is review the URL structure used by this feature when using the Microsoft Live.com search provider. This particular provider takes what is typed into the address bar, when DNS name resolution fails redirects your entry too:

»search.live.com/results.aspx?q=y···-Address

The important aspect of this URL is the src=IE-Address component. This particular component is what Rogers is using to decide if they should steal the request and redirect it to their own service. If you browse to the link I provided directly your request will be stolen and sent to Rogers.

If you change your search provider to something other than Live.com, Roger's manipulation will not take into effect, unless they decide to steal this traffic as well.

This is disturbing because Rogers has made the decision for all Internet Explorer users to prevent you from using the Address Bar searching feature for Live.com. They are preventing individuals from accessing a public search engine as intended. This is not only something to be reported to the various sites already mentioned, but to Microsoft and Live.com themselves.

Guiri

@rogers.com

How to bypass the ads in OS X/Linux

You need to use a different DNS server and comment out the domain server from your resolv.conf. This bypasses Roger's packet inspection to a certain degree and their ad revenue that violations Canadian privacy agreements.

For the DNS, plug in any University's DNS servers. They're usually publicly available. Do this in the Network Settings of your operating system.

For the ad redirection:

Open Terminal, type "sudo nano /private/etc/resolv.conf".

Then, #comment out the first line that starts with "domain".