Windstream Quickly Fixes Google Toolbar Hijack Now was this an intentional test, or an accident? Yesterday we noted how Windstream Communications had hijacked Google toolbar search results so users were redirected to Windstream's own search portal. While many ISPs now use DNS redirection to push users who enter mistyped or nonexistent URLs to an ISP-run search portal, this appeared to take a significant step beyond the traditional NXDOMAIN tinkering, given it impacted users not using Windstream DNS servers. Consumer group Free Press quickly called for an investigation, and Free Press Research Director S. Derek Turner had this to say: We are still waiting for all the facts to come in, but if initial allegations are true, Windstream has crossed the line and is actively interfering with its subscribers' Internet communications. Hijacking a search query is not much different from deliberately 'redirecting' a user from NYTimes.com to WashingtonPost.com, and a limited 'opt-out' capability is not enough to justify Internet discrimination. This is further proof of the need for strong open Internet rules, comprehensive transparency and disclosure obligations, and a process for relief at the FCC. But was this an unintentional glitch, or was Windstream really testing the next evolution in search advertising shenanigans? Some of our users would like to know if Windstream has started using more sophisticated deep packet inspection practices, though Windstream seems hesitant to discuss the real technical specifics behind the redirection. Ars Technica also covered the story, and in conversations with Windstream still couldn't quite ferret out whether this was a bug or a "feature": "Windstream implemented a network change on Friday, April 2 that affected certain customer Web browser search box queries, producing search results inconsistent with Windstream's prior practices," a spokesperson for the voice/DSL service told us. "Windstream successfully implemented configuration changes today to restore original functionality to these search queries after hearing from affected customers." The question, of course, is whether the company accidentally or deliberately rigged its network software to produce those "inconsistent" results. We asked, but not surprisingly didn't get an answer to that query. Again, hijacking Google toolbar search results (made even worse by not informing users) is such an obnoxiously bad idea, it's very hard to believe that Windstream did this intentionally. Whatever the case, Windstream is taking to Twitter to say that the " unintentional issues with Firefox search" have been resolved. Let us know if that's the case in our comment section below.
|
 cacoPremium
join:2005-03-10
Whittier, AK | Resolved for me last night. I ccommented on twitter and got a Windstream rep. that said all was fixed. The Windstream reps. in BBR threads really are confused. It was either a mistake or a feature that went on the fritz. The one thing for sure is they screwed the pooch and had to fix it ASAP.
With that said,can't complain much since the provide service to me in the boonies with very little or no down time.
--
Politicians and diapers have one thing in common. They should both be changed regularly, and for the same reason. | |
|  NOCManMacChatterPremium
join:2004-09-30
Colorado Springs, CO | Call the FBI Unlawful interception of communications, tampering with a users data session can be illegal. This is not an issue of deep packet inspection, this is deliberate rewriting of your communications from your machine to a server which should be illegal, is also going to break the circle of trust. Hackers could take over these boxes and subject an entire ISP to god knows what. The practice should be dealt with swiftly and severely to ensure other communications providers do not get any ideas. | |
|  | | | Re: Call the FBI said by NOCMan:Unlawful interception of communications, tampering with a users data session can be illegal. This is not an issue of deep packet inspection, this is deliberate rewriting of your communications from your machine to a server which should be illegal, is also going to break the circle of trust. Hackers could take over these boxes and subject an entire ISP to god knows what. The practice should be dealt with swiftly and severely to ensure other communications providers do not get any ideas. Isn't that what Comcast did when they intercepted the torrent packets and sent back.....was it syn packets....to close the connection?
And look what happened to Comcast, nothing. | |
| | |  elveySpamassassin
join:2001-02-17
San Francisco, CA | Re: Call the FBI Absolutely, it would be appropriate to file police reports, and demand investigations.
It was forged TCP RST (reset) packets that Comcast was generating and sending. | |
|
 Toguro
join:2003-10-23
Ottawa, IL | My pitch fork is ready I say if it's true we go teabagger on there ass and teabag them to hell.  | |
| | | How was it done? I think the important question to ask Windstream--and to keep asking until it gets answered--is how this was done. My guess is DPI or a blatant redirection of traffic, and I'm going to stick with that until Windstream can provide a credible alternative explanation.
And I don't buy for one second that this was accidental. How the hell do you accidentally redirect someone's search toolbar? Even assuming there was no DPI involved, and all they were doing was redirecting queries directed at Google, why would someone be playing around with that in the first place?
While the network-wide rollout of this may have been premature, I don't believe this little project was accidental. In a way, though, I'm glad it happened because it shows how traffic can be redirected by the ISP or someone farther upstream. People need to realize how easily intercepted their traffic can be. | |
| nonymousPremium
join:2003-09-08
Glendale, AZ Reviews:
 ·Callcentric
| Bug or feature? "But was this an unintentional glitch, or was Windstream really testing the next evolution in search advertising shenanigans? Some of our users would like to know if Windstream has started using more sophisticated deep packet inspection practices, though Windstream seems hesitant to discuss the real technical specifics behind the redirection. Ars Technica also covered the story, and in conversations with Windstream still couldn't quite ferret out whether this was a bug or a "feature":"
How could you accidentally misdirect a search engine?
Yes a feature to get revenue from the misdirected searches for Windstream. So yes it is a feature just not for the end user. It is a feature for Windstream.
Maybe Google should do to Windstream what they did to China? | |
| | | | Re: Bug or feature? How was this a bug when they provided an "opt-out" from the beginning? | |
| | | nonymousPremium
join:2003-09-08
Glendale, AZ Reviews:
·Callcentric
| Re: Bug or feature? said by lacibaci:How was this a bug when they provided an "opt-out" from the beginning? That was the bug. It was not supposed to have an opt out. | |
|
| | | Windstream's presence on this forum has chosen to ignore my questions entirely. This is troubling since their responses are clearly buffered through some type of PR engine.
I am crafting an email now to Jeff Gardner, the Windstream CEO. This would not be the first time I've spoken with Mr. Gardner.
What has happened can in no way be construed as anything other than DPI gone awry. This is no way can be NXDOMAIN hijacking.
Windstream's silence in all of this simply makes them look more nefarious. There are many who are Windstream subscribers who may not be as outspoken or vocal as myself but rest assured, they are equally as livid as I.
In all of this the biggest take-away is the power of exposure and I thank Karl and the others here at DSLReports for bringing a light into all of this. It's a difficult situation Windstream subscribers are in; not only is Windstream the local telco but also the broadband provider. In many cases Windstream serves a rural community and is a monopoly. Alternate service providers are virtually non-existent.
To add insult to injury now the sole data provider is helping themselves our layer 7 data and manipulating it as necessary to increase revenue by milking it's customers. Instead of being transparent and owning up to the initiative they instead chose to ignore requests for more information or fabricate paper-thin technically inaccurate responses.
Riddle me this, since the Firefox Search toolbar does an HTTP/1.1 GET to 'www.google.com' with a specific URI, and those impacted are not using Windstream's NXDOMAIN hijacking DNS servers, how exactly could this redirection be accomplished without DPI? DPI either at the HTTP level or mangling of DNS responses from non-Windstream DNS servers.
It's not a routing issue when 'www.google.com' directly takes you to Google and a specific URI lands you at searchredirect.windstream.net (note the wonderful incriminating subdomain of 'searchredirect'). Pretty much describes the intended behavior eh?
"Glitch/bug" my ass. | |
| | |  MooJohn
join:2005-12-18
Milledgeville, GA | Re: Bug or feature? I also don't use Windstream DNS yet I've been redirected. I've found that putting a 127.0.0.1 entry for searchdirect.windstream.net will prevent you from landing on their redirect. Of course your traffic is still subjected to their packet inspection but that's a much bigger issue.
DPI = fail, and there's no positive PR spin they can put on that. Gimp your DNS servers if you want to but keep your hands off my traffic.
BTW, the redirection appears to be done to HTTP traffic because straight DNS queries of NX domains still fail as they should.
--
John M - Cranky network guy | |
|
Reviews:
 ·Charter
| could not have been a mistake something like this could not have been a simple "mistake." It was a deliberate test to see if they(the ISP) could redirect any search queries to their own branded search engines. This type of thing is highly illegal, as it means that the ISP was monitoring what its customers were doing on the internet(which is currently against the law) | |
|  DryvlyneFar Beyond DrivenPremium
join:2004-08-30
Newark, OH | Glad I switched Looks like I chose the lesser of 2 evils when I kept TWC as my ISP. My condolences to those of you who don't have a choice. Windstream's customer service is bad enough IMO, but this really takes the cake.
--
In relative terms life is shorter than the blink of an eye. Remember that each and every day because in the end it's not about what you've done but how you've lived.
| |
| | | Maybe it was a mistake Maybe this really was a mistake.
Hear me out on this. I'm not saying the whole thing was a mistake; merely the part where the user didn't get back a Google results page. I mean, Windstream had to know that people would notice something like this and pitch a fit. So what if the actual goal wasn't to display a custom search results page but to transparently capture search queries while returning the Google page. That's a great way to profile your users to see what they're interested in when they run a search and which links they click in the results. Then overlay the banner ads in the sites users visit with ads from your own ad server. And if you want to think in more traditional terms, you can sell subscriber data that includes all sorts of interesting information that companies will pay good money for.
Where this all may have gone wrong was that the users received this custom search results page instead of the Google page they were expecting.
And even if I'm wrong on the details, Windstream's silence speaks volumes. I'd be willing to bet cold hard cash that there have been multiple meetings today to discuss how to spin their way out of this one, and everyone has been told to keep their damn mouths shut until a story can be concocted. | |
| | | | Re: Maybe it was a mistake EXACTLY. Either way, DPI/Layer 7 analysis was involved, without the subscriber being aware.
The more I think about it the more it makes sense that the only accident here was them showing their hand regarding DPI and scraping search data.
So this begs the next question. Do we drop-kick this privacy invading unethical provider or look at VPN solutions to egress TCP 80 data?
Really makes you wonder if they're sufficiently scrubbing personal data. When I use Google I know that Google will log my search terms and their privacy policy is straight forward. When I use my ISP, unless disclosed otherwise, I had to believe there is no DPI and harvesting of data.
I really wish there were some legal recourse here since the subscribers are unaware this was even going on. The cloak-and-dagger approach used by Windstream, coupled with their complete lack of response, is infuriating.
It's obvious I cannot trust my bandwidth provider. | |
| | | | | Re: Maybe it was a mistake If you can switch, then I would. Why give these jokers your money if they're doing stuff like this?
Hurt their bottom line, and they'll get the message. | |
|
|  Anonymous_AnonymousPremium
join:2004-06-21
127.0.0.1
kudos:2
·Comcast
·Time Warner VOIP
·RoadRunner Cable
| said by ISurfTooMuch:Maybe this really was a mistake. Hear me out on this. I'm not saying the whole thing was a mistake; merely the part where the user didn't get back a Google results page. I mean, Windstream had to know that people would notice something like this and pitch a fit. So what if the actual goal wasn't to display a custom search results page but to transparently capture search queries while returning the Google page. That's a great way to profile your users to see what they're interested in when they run a search and which links they click in the results. Then overlay the banner ads in the sites users visit with ads from your own ad server. And if you want to think in more traditional terms, you can sell subscriber data that includes all sorts of interesting information that companies will pay good money for. Where this all may have gone wrong was that the users received this custom search results page instead of the Google page they were expecting. And even if I'm wrong on the details, Windstream's silence speaks volumes. I'd be willing to bet cold hard cash that there have been multiple meetings today to discuss how to spin their way out of this one, and everyone has been told to keep their damn mouths shut until a story can be concocted. i do not click anylinks
i copy and paste the URL in a new tab | |
| | | | | Re: Maybe it was a mistake If they're using DPI, it doesn't matter if you click or paste the link; they'll still know what site you visited. | |
| | | | | Yeah, right! No way this was a mistake. | |
|
cramer
join:2007-04-10
Raleigh, NC
kudos:4 Reviews:
 ·AT&T Southeast
| WCCP anyone? This is actually trivial to setup with cisco gear. I was using WCCP for web content filtering many years ago -- back before the company realized how much of a waste of money and time it was. (Ironically I'm wearing a tee shirt from Surfcontrol. )
We tested an app from a company I cannot remember that would filter almost anything. It was very good at blocking prohibited applications -- AIM, bittorrent, etc. -- and limiting throughput. | |
|
| |
|
|
