Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Widespread Hijacking of Search Traffic In the US

Soulskill posted about 3 years ago | from the par-for-the-course dept.

Privacy 194

Peter Eckersley writes "The Netalyzr research project from the ICSI networking group has discovered that on a number of U.S. ISPs' networks, search traffic for Bing, Yahoo! and sometimes Google is being redirected to proxy servers operated by a company called Paxfire. In addition to posing a grave privacy problem, this server impersonation is being used to redirect certain searches away from the user's chosen search engine and to affiliate marketing programs instead. Further analysis is available in a post at the EFF."

cancel ×

194 comments

Sorry! There are no comments related to the filter you selected.

Use HTTPS (5, Informative)

mrogers (85392) | about 3 years ago | (#36995768)

Another good reason to install HTTPS Everywhere [eff.org] , a browser extension that will redirect your Google searches to the HTTPS version of the site. By checking the certificate presented by the server, your browser can then be sure that it's talking directly to Google. (HTTPS Everywhere also works for a lot of other popular sites.)

Or, if you don't like Google, use DuckDuckGo [duckduckgo.com] , which uses HTTPS by default with no need for a browser extension.

Re:Use HTTPS (4, Interesting)

Gaygirlie (1657131) | about 3 years ago | (#36995826)

I too have to recommend HTTPS everywhere, it's a great addon and makes it a lot safer to e.g. Surf the web over an unencrypted WIFI hotspot. And so far I haven't actually had a single glitch because of it.

Re:Use HTTPS (0)

Anonymous Coward | about 3 years ago | (#36995846)

I also use HTTPS everywhere, and DDG as my default search. Its quite good actually.

Re:Use HTTPS (3, Informative)

arth1 (260657) | about 3 years ago | (#36996028)

Sure, there are benefits, but as always, TANSTAAFL.

- https does incur overhead and higher CPU usage on both ends, so it will be slower.
- I will defeat most of the benefits of running local caching proxy servers (come on, this is /., surely I'm not the only one with a proxy array at home?)
- Some sites serve different content on the http and https sites.
- A few even redirects the https to http (to save themselves cycles and bandwidth, while not losing the visitor).

Re:Use HTTPS (3)

silanea (1241518) | about 3 years ago | (#36996086)

- https does incur overhead and higher CPU usage on both ends, so it will be slower.

Firstly, this overhead is manageable. You do not have to be Google to run all your content over HTTPS. Secondly, apparently encrypting every single connection is a necessity of the times to prevent assholes from hijacking traffic, so that overhead is simply the necessary cost of interacting safely over the Internet.

- - I will defeat most of the benefits of running local caching proxy servers (come on, this is /., surely I'm not the only one with a proxy array at home?)

I do not know a single person who runs a proxy at home.

- - Some sites serve different content on the http and https sites. - A few even redirects the https to http (to save themselves cycles and bandwidth, while not losing the visitor).

You can disable individual rules. Over time those websites will have to stop doing those things or they will lose visitors.

Re:Use HTTPS (5, Funny)

PNutts (199112) | about 3 years ago | (#36996274)

I do not know a single person who runs a proxy at home.

You should get out more, or stay in more. I'm not sure which one applies here.

HTTPS requires an IP address per domain (1)

tepples (727027) | about 3 years ago | (#36996800)

You do not have to be Google to run all your content over HTTPS.

But you do pay more per month for hosting if you run your hobby site on HTTPS. Name-based virtual hosting of HTTPS sites requires SNI, but Internet Explorer on Windows XP doesn't support SNI, nor does Android 2.x. So until IE on XP passes out of use and Android 4 (Ice Cream Sandwich) has been out for a couple years, HTTPS will still need a dedicated IPv4 address per certificate, which in practice means per domain. And now that all the /8 blocks are used up, hosting providers such as Go Daddy have started to charge per IP address.

Re:Use HTTPS (1)

Larryish (1215510) | about 3 years ago | (#36996888)

Now you know of at least one.

Privoxy blocks things that Adblock misses.

Re:Use HTTPS (1)

Joce640k (829181) | about 3 years ago | (#36996370)

https does incur overhead and higher CPU usage on both ends, so it will be slower.

Yeah, my quad-core really bogs down when I use https on a connection which can transfer as much as a few hundred kbytes per second..

Re:Use HTTPS (0)

Anonymous Coward | about 3 years ago | (#36996488)

It may not be a huge cost, but it's still a cost.

Re:Use HTTPS (1)

GameboyRMH (1153867) | about 3 years ago | (#36996590)

One that I don't even notice on my PDA...

There's a little more lag but that's happening on the server side.

Re:Use HTTPS (0)

Anonymous Coward | about 3 years ago | (#36996500)

+1

Re:Use HTTPS (1)

GameboyRMH (1153867) | about 3 years ago | (#36996534)

come on, this is /., surely I'm not the only one with a proxy array at home?

You on dial-up or something? I just let my browser cache do the work (RAM cache only, I always disable disk caching to defeat Evercookies).

Re:Use HTTPS (1)

arth1 (260657) | about 3 years ago | (#36996826)

You on dial-up or something? I just let my browser cache do the work (RAM cache only, I always disable disk caching to defeat Evercookies).

No, load balanced Cable+DSL.
According to my local statistics, it saves around 20% bandwidth and increases page load speed around 30% (this is higher because there's a lot of tiny requests going back and forth to servers, where latency is the killer, not the bandwidth). That's significant. And it's also an average - for certain sites, the benefits are much larger.

There are some immediate benefits too, like when someone else in the household IMs me a link, and it pops up instantaneously because all the elements are already loaded, including big video files or flash.
Or when several users (or machines) have to download and install the same updates.

Got an old machine you're not using? Give it a second life as a caching proxy and caching dns forwarder. It's not hard, and if it's a frugal old PIII, the electricity costs are low too.

Re:Use HTTPS (0)

Anonymous Coward | about 3 years ago | (#36996906)

Question for you- I just crossed over to Comcast from ATT, and kept the DSL running until I was sure cable service would work okay. For some reason (laziness, probably), I still have my DSL running. So... Can you point to any of the better resources for implementing load-balanced Cable+DSL? I've found some, but they're not very good. Thanks.

Re:Use HTTPS (1)

Qzukk (229616) | about 3 years ago | (#36996760)

- I will defeat most of the benefits of running local caching proxy servers (come on, this is /., surely I'm not the only one with a proxy array at home?)

This is slashdot, those of us with proxies at home can make them work with https if we wanted them to.

Re:Use HTTPS (1)

cavreader (1903280) | about 3 years ago | (#36996188)

And how long will using HTTPS pevent this? Damn near every security measure except unplugging the network cable has been defeated or made useless.

HTTPS/SSL is a good solution (1)

bigtrike (904535) | about 3 years ago | (#36996264)

Assuming you have a browser capable of secure renegotiation (not IE on XP or older), your ISP would have to set up a certificate authority and someone would have to add the certificates into your browsers to bypass the giant red warnings.

Re:HTTPS/SSL is a good solution (0)

Anonymous Coward | about 3 years ago | (#36996790)

What, your ISP didn't give you a setup CD that they wanted you to install?

It's not that hard to get CA certs installed on people's machines.

Re:Use HTTPS (1)

GameboyRMH (1153867) | about 3 years ago | (#36996630)

They could do an SSL MITM attack, I doubt their buddies in the government would mind, but to prevent that you could use Perspectives. [perspectives-project.org]

MITM in the hosting provider's ISP (1)

tepples (727027) | about 3 years ago | (#36996770)

I don't see how Perspectives will help if the MITM is located in the hosting provider or its upstream ISP.

Re:MITM in the hosting provider's ISP (1)

GameboyRMH (1153867) | about 3 years ago | (#36996846)

Well assuming the ISP hasn't set up a set of fake Perspectives project pages to serve you a tampered version to give false negative results, notary servers in other locations around the world (which you connect to using encryption keys already included in the Perspecives plugin) should see a different certificate, raising a warning.

Re:Use HTTPS (2)

avatar4d (192234) | about 3 years ago | (#36996250)

For users of Chrome, you can change your default Google search to use HTTPS by following the instructions here [google.com]

Re:Use HTTPS (1)

erroneus (253617) | about 3 years ago | (#36996544)

Either that or get these jackasses to respect Network neutrality before the law requires them to.

So now that we can see that ISPs everywhere are interested in hijacking and intercepting your traffic for their profit (and you thought you were paying them to just give you a connection to the internet) are all those people out there on Slashdot still saying we don't need any network neutrality laws?

We live in a capitalist society and their aim it to make money in every way they can. Respect for their customers takes a back seat to all other profit motives.

Currently, the phone companies are enjoined against such activity and for good reason. Why internet services are not required under the same laws to behave the same way is baffling to me.

Re:Use HTTPS (1)

Stellian (673475) | about 3 years ago | (#36996558)

Another good reason to install HTTPS Everywhere

I would also actually run a HTTPS server everywhere if I didn't have to deal with the certificate mafia, and if major browsers would silently accept self-signed without drowning the user in a storm of "RUN FOREST, RUN !!!" messages. This is currently pretty tricky to do on the browser side without opening PayPal to attack (cache the sites that use real certs ? have a hardcoded master list for first connect ?). But it would be very nice if I could publish a flag in DNSSEC that could say "This is my certificate thumbprint, use it", and leverage the secure DNS tree instead of the insecure and bogus certificate industry.

Why again should I have to fork a pile of cash to obtain a bit string that says that I actually own the domain I'm using ? Generating this bit string seems like a task that could easily be automated to the point of being free. I can understand why Microsoft would be against this (and claim tens of thousand to add you to their root zone), but for example Mozilla or Google could create such an automated certification authority, and add it to their trusted root zone since they know they can trust themselves. Such certificates would work just as the "real thing" on Mozilla or Chrome, but would of course get the usual prompts in Internet Explorer.

Re:Use HTTPS (1)

dachshund (300733) | about 3 years ago | (#36996622)

Or, if you're a browser that doesn't support it, just set your default search engine to https://encrypted.google.com/#q= [google.com] followed by the query string.

Re:Use HTTPS (1)

synapse7 (1075571) | about 3 years ago | (#36996734)

Wow I like duckduckgo, I was struck with a feeling I don't think I've had since the first time I used Google after using webcrawler, I like it.

Use https? (0)

Anonymous Coward | about 3 years ago | (#36995772)

will using https://www.google.com help? (if you look at the certificate returned and make sure it's really Google)

Re:Use https? (2)

fuzzyfuzzyfungus (1223518) | about 3 years ago | (#36995912)

HTTPS will(barring CA incompetence or your ISP 'install disk' quietly adding their own root certs) assure you that you are talking to the real google.

If your ISP is fucking with DNS, though, and your attempts to talk to the real google are going to a different IP entirely, it will only warn you of that, not get you where you want to go.

If only because copyright/trademark claims for a US company serving an exact duplicate of the google homepage for monetary gain could pretty quickly hit the zillions, I'm guessing that these "Paxfire" shitbags aren't actually trying to do a 100% spoof of the site you want, just redirecting you to some horrid 'search' page of the sort normally maintained by typosquatters and similar scum.

HTTPS isn't harmful under this circumstance; but it is unlikely to tell you anything you didn't already know, and it isn't even intended to solve the problem you will want to solve...

Re:Use https? (2)

X0563511 (793323) | about 3 years ago | (#36995936)

How convenient [google.com] !

Re:Use https? (1)

X0563511 (793323) | about 3 years ago | (#36995942)

... or if you are feeling adventurous, you can always install your own resolver locally. Unless your ISP would hijack requests going to root servers (which is a whole other level of maliciousness)...

Re:Use https? (1)

isorox (205688) | about 3 years ago | (#36996916)

... or if you are feeling adventurous, you can always install your own resolver locally. Unless your ISP would hijack requests going to root servers (which is a whole other level of maliciousness)...

Or indeed any traffic on UDP53.

The solution is to therefore tunnel your DNS requests to a known server, or even just put everything through your own personal VPN, and terminate with a decent company.

Obviously, the customers should get their $ back (0)

Anonymous Coward | about 3 years ago | (#36995780)

For they aren't getting internet but just a subset. Last time I had that was with aol.

That didn't take long (1)

Skarecrow77 (1714214) | about 3 years ago | (#36995808)

Site slashdotted in under 5 minutes.

Re:That didn't take long (1)

Anonymous Coward | about 3 years ago | (#36995878)

nah, you are being redirected.

Re:That didn't take long (3, Funny)

alostpacket (1972110) | about 3 years ago | (#36996038)

Works fine for me. I just won 2 free $250 Walmart Pirce club cards and I get 20% off my next purchase of a HiPhone 5 Nano from Somy. Pretty exciting.

Re:That didn't take long (1)

Joce640k (829181) | about 3 years ago | (#36996422)

Hah! I installed their little app and I won a FREE iPad. It's in the mail as I write this...

Re:That didn't take long (-1)

Anonymous Coward | about 3 years ago | (#36996072)

That's fucking funny.

Re:That didn't take long (1)

nweaver (113078) | about 3 years ago | (#36996138)

Netalyzr is up for me, connecting from Washington DC starbucks, as are the EFF and New Scientist articles.

ISPs (4, Informative)

Jaysyn (203771) | about 3 years ago | (#36995854)

Here is a list of the ISPs mentioned in the article:

Cavalier
Cincinnati Bell
Cogent
Frontier
Hughes
IBBS
Insight Broadband
Megapath
Paetec
RCN
Wide Open West
XO Communication

Re:ISPs (0)

Anonymous Coward | about 3 years ago | (#36996118)

I really hate Comcast and AT&T, but it's times like this when I'm reminded that larger ISPs can't generally get away with consumer privacy violations because of the large amount of attention heaped on them.

I guess this sentiment also aligns with my irrational distrust of most startup web companies :).

Re:ISPs (1)

Anonymous Coward | about 3 years ago | (#36996504)

You do realize a lot of the ISPs mentioned here are simply subsidiaries of the larger ISPs, right?

XO Communication, for example, is just the end-of-the-line provider of an ATT&T backbone.

Re:ISPs (0)

Anonymous Coward | about 3 years ago | (#36996602)

**AT&T

It's too early in the morning for this.

Re:ISPs (1)

Kreigaffe (765218) | about 3 years ago | (#36996346)

No Comcast? No Cox? Heck, none of the big evil corps? I am... everything I learned on /. is wrong! My world has been thrown askew!

Re:ISPs (0)

Anonymous Coward | about 3 years ago | (#36996844)

I would have bet money the scum at comcast would have been in on this one. Maybe they just hadn't thought of it yet.

Simple Solution (1)

Anonymous Coward | about 3 years ago | (#36995858)

Don't use your ISP's DNS. Use Google DNS: 8.8.8.8 and 8.8.4.4. No way that's hijacked.

Re:Simple Solution (0)

Anonymous Coward | about 3 years ago | (#36995892)

It is incredibly simple to hijack dns requests.

Re:Simple Solution (3, Informative)

X0563511 (793323) | about 3 years ago | (#36995956)

Then use a local resolver, ensure you set up DNSSec checking, and beat everyone with a stick who still doesn't sign their zones.

Re:Simple Solution (0)

Anonymous Coward | about 3 years ago | (#36996172)

you're going to run out of sticks.

Re:Simple Solution (1)

erroneus (253617) | about 3 years ago | (#36996664)

Use HTTPS, use your own resolver with DNSSec, do this technical measure or that.

The fact is, you are going across a pipe controlled by another party and without laws and penalties to discourage and prohibit this behavior, this is what we can expect and will continue to get. And at the moment, they feel no guilt nor shame about this at all. They want more money (because if you're not growing, you're dying) and they will sell you and your mother to get it.

Re:Simple Solution (1)

fuzzyfuzzyfungus (1223518) | about 3 years ago | (#36995962)

It would be slightly more difficult/costly than just tweaking the DNS server and getting 95% of the suckers for free; but your ISP isn't exactly technologically incapable of simply dropping traffic to/from known independent DNS servers, or rewriting responses therefrom...

Re:Simple Solution (1)

Skapare (16644) | about 3 years ago | (#36996076)

That can easily be hijacked by the ISP. They simply set up a DNS server host, add these IP addresses to an interface, and add routes to direct the traffic to that server. Done.

Re:Simple Solution (0)

Anonymous Coward | about 3 years ago | (#36996198)

As long as you're OK with delayed delivery from providers like Akamai. I used to use OpenDNS, until I noticed it was the reason why YouTube was so slow. Netflix too.

Re:Simple Solution (1)

GameboyRMH (1153867) | about 3 years ago | (#36996658)

Not hijacked but I get a bad feeling about sending my DNS requests through an advertising company that's already nearly omnipresent and omniscient (unless you've blocked their scripts and cookies) on the web...

I wonder (1)

Bob the Super Hamste (1152367) | about 3 years ago | (#36995866)

As I can't RTFA I do wonder if this explains some of the strangeness I see in doing searches between by work machine and my home machine. This really shouldn't surprise anyone as ISPs have been know to redirect DNS look up failures.

Re:I wonder (1)

Bob the Super Hamste (1152367) | about 3 years ago | (#36995902)

After the new scientist link finally loaded it does appear that this is indeed the case as one of the listed ISPs is my home ISP (Frontier). Now if only I could vote with my dollars and switch to a different ISP that hasn't done this (Charter is my other option and they "claim" to have stopped).

Re:I wonder (4, Informative)

number11 (129686) | about 3 years ago | (#36996562)

Now if only I could vote with my dollars and switch to a different ISP that hasn't done this (Charter is my other option and they "claim" to have stopped).

Why not simply plug in a different DNS instead of using their crappy one?
Google 8.8.8.8, 8.8.4.4
OpenDNS 208.67.222.222, 208.67.220.220
Verizon 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4, 4.2.2.5, 4.2.2.6 (since these are all same subnet, don't use for both primary and secondary)

You can use Google Namebench [google.com] to compare DNS speeds.

Re:I wonder (1)

lee1 (219161) | about 3 years ago | (#36996840)

If the strangeness is you getting different results from different computers, it could be due to this [lee-phillips.org] .

warn visitors (0)

Anonymous Coward | about 3 years ago | (#36995876)

What I want to know is, can I tell if a visitor came from one of these hijacked searches? Maybe using javascript, and then warn them of the problem with their isp? I think it would be useful to tell them about using google over https, and maybe link them to the EFF article. Of course at the same time providing the same content, just with a warning.

Re:warn visitors (1)

X0563511 (793323) | about 3 years ago | (#36995974)

Probably not. You would think to try the referral URL, however that includes the DNS entry. That said, the ISP is already monkeying with the traffic, so they can always rewrite this header anyway.

Re:warn visitors (0)

Anonymous Coward | about 3 years ago | (#36996384)

It might be possible to use javascript to tell the browser to load a page from a fake hostname within your domain and then check the status of it. If it was successful, someone is tampering with dns.

Re:warn visitors (1)

nweaver (113078) | about 3 years ago | (#36996104)

Google did. This is why the ISPs that were proxying Google stopped in the past couple of months: Google's abuse-detection threw up a CAPTCHA on the queries, and then Google posted about it.

Also, you can run Netalyzr [berkeley.edu] to detect this condition.

That's not a privacy concern... (4, Insightful)

Anonymous Coward | about 3 years ago | (#36995900)

... that's a fucking computer crime.

Re:That's not a privacy concern... (3, Insightful)

GameboyRMH (1153867) | about 3 years ago | (#36996686)

No no no, big corporations did this, it's just a privacy concern ^_^

Comcast (1)

OzPeter (195038) | about 3 years ago | (#36995908)

For once Comcast does good as my local ISP. All it does is hijack the page if the DNS doesn't resolve and then puts up its own results of what it thinks the domain should be.

Re:Comcast (1)

Bob the Super Hamste (1152367) | about 3 years ago | (#36995964)

Any time my ISP does that I add the returned search site to my etc/hosts file so it will never load again as Frontier seems to like to send you to crappy search pages

Re:Comcast (0)

Anonymous Coward | about 3 years ago | (#36996094)

Just switch to OpenDNS.

Re:Comcast (1)

nweaver (113078) | about 3 years ago | (#36996208)

OpenDNS also does NXDOMAIN wildcarding.

If you want a clean public DNS, Google Public DNS is a better choice.

If you want a DNS that includes considerable filtering of known badness and other controls, at the cost of NXDOMAIN wildcarding, use OpenDNS.

Re:Comcast (1)

X0563511 (793323) | about 3 years ago | (#36995986)

This is available [google.com] should you wish to stop even that behavior.

Re:Comcast (1)

Skapare (16644) | about 3 years ago | (#36996174)

And of course Comcast would never hijack the 8.8.8.8 and 8.8.4.4 name servers by rerouting those IPs to its own name server.

Re:Comcast (1)

X0563511 (793323) | about 3 years ago | (#36996278)

... and in doing so, invite all kinds of fun [slashdot.org] to the party!

In short, they would have to be stupid to do so.

Re:Comcast (1)

Bucc5062 (856482) | about 3 years ago | (#36996184)

Okay, I read through the information as went so far as to set up my laptop to use the Google public server. What's the catch? I read their write-ups about security, but frankly, I'm not a network guy and had eyes glazing fast.

If the end result is that by using 8.8.8.8 I am blocking the ability for an ISP to spoof or redirect my searches, then mission accomplished, but TANSTAAFL! What does Google get from providing this service? Better ads dollars?

Re:Comcast (1)

X0563511 (793323) | about 3 years ago | (#36996260)

Okay, I read through the information as went so far as to set up my laptop to use the Google public server. What's the catch? I read their write-ups about security, but frankly, I'm not a network guy and had eyes glazing fast.

If the end result is that by using 8.8.8.8 I am blocking the ability for an ISP to spoof or redirect my searches, then mission accomplished, but TANSTAAFL! What does Google get [google.com] from providing this service? Better ads dollars [google.com] ?

These questions are answered in the FAQ. I linked them above in your quote.

Unless they are outright lying, this is one of those projects they do "For the Good of the Community"

Now, since DNS is a cleartext protocol, there's no technical reason why your ISP cannot interfere with this if they wish to. This said, doing so is more involved than simply tinkering with their own DNS servers, and this gets into a grey area legally.

Before, they were simply altering the behavior of their DNS systems, which you requested the use of (by using them). If they were to alter your requests to, say, 8.8.8.8, then they would be deliberately violating their common-carrier status and exposing themselves to all kinds of lawyer-bait.

Re:Comcast (1)

nabsltd (1313397) | about 3 years ago | (#36996458)

If they were to alter your requests to, say, 8.8.8.8, then they would be deliberately violating their common-carrier status and exposing themselves to all kinds of lawyer-bait.

ISPs are not common carriers [wikipedia.org] , and this sort of level of proxying happens all the time. In particular, many ISPs re-direct all outgoing connections to port 25 to their own mail server, and similarly all connections to port 53 (DNS) are sent to their own DNS server. It's not that they are "altering requests to 8.8.8.8", but rather they are altering requests to particular ports.

Also, almost every ISP blocks incoming requests to well-known "server" ports for their non-business customers. If "altering requests" was a problem, then every ISP would be in trouble for this.

Re:Comcast (1)

X0563511 (793323) | about 3 years ago | (#36996510)

Redirections are one thing, but in-place modification... that's just not cool.

Re:Comcast (0)

Anonymous Coward | about 3 years ago | (#36996206)

So is the Comcast account panel where that option is configurable.

Re:Comcast (1)

X0563511 (793323) | about 3 years ago | (#36996288)

True enough. Not all ISPs that do this allow you to turn it off, however. Comcast is doing something right in that respect - at least they let you opt out cleanly.

Comcast lets you turn it off (0)

Anonymous Coward | about 3 years ago | (#36996168)

Comcast lets you turn that off. It's in your user control panel.
After the setting is on, they give you new DNS servers the next time you renew your DHCP lease. The new servers obey the spec and return NXDOMAIN rather than search results.

Re:Comcast (2)

Skapare (16644) | about 3 years ago | (#36996246)

I just tested Comcast's DNS lookup. They are redirecting SLDs that get NXDOMAIN from the TLD server. However, for hostnames within registered and working SLDs, they are redirecting SOME of those, as well. In particular my test for a couple of my own domains shows that for .net they are not doing 3rd level name redirection, but for .us they are. IMHO, the 3rd level redirection is bad.

The list of ISPs (2)

Bob the Super Hamste (1152367) | about 3 years ago | (#36995924)

For those of you wondering what ISPs are doing this the New Scientist article has it:

List of ISPs that are redirecting some search queries

Cavalier
Cincinnati Bell
Cogent
Frontier
Hughes
IBBS
Insight Broadband
Megapath
Paetec
RCN
Wide Open West
XO Communication

Charter and Iowa Telecom were observed to be redirecting search terms, but have since ceased doing so. Iowa Telecom stopped its redirection between July and September 2010, and Charter stopped in March 2011.

Re:The list of ISPs (2)

Cornwallis (1188489) | about 3 years ago | (#36996036)

Add One Communications (now owned by Earthlink) to the list.

Re:The list of ISPs (1)

nweaver (113078) | about 3 years ago | (#36996120)

Could you email a Netalyzr [berkeley.edu] execution from One Communications to netalyzr-help@icsi.berkeley.edu, so we can verify this? It could be due to IBBS, which runs DNS for multiple ISPs.

Re:The list of ISPs (1)

Cornwallis (1188489) | about 3 years ago | (#36996242)

Yes. Let me switch back and I'll email the results.

Re:The list of ISPs (1)

cswiger (63672) | about 3 years ago | (#36996474)

Add Verizon DSL in Manhattan, NY:

http://n3.netalyzr.icsi.berkeley.edu/summary/id=ae81b058-20468-26aad796-356d-4fce-806b [berkeley.edu]

I was using my own nameservers before, but I'd recently swapped out my older Linksys BEFSR81 (which was becoming flaky) to an E2100L.
Its DHCP server was using Verizon-supplied nameservers by default. Fixed that, thank you ICSI team.

Search Query Privacy (0)

Anonymous Coward | about 3 years ago | (#36995992)

For those interested, check out the book Googling Security: How Much Does Google Know About You. It provides a great deal of information on the implications of search query privacy.

Re:Search Query Privacy (0)

Anonymous Coward | about 3 years ago | (#36996160)

Strange, I googled it and got zero results.

Use a VPN always. (1)

drolli (522659) | about 3 years ago | (#36996048)

anyway thats not a bad idea. In that case also an hijacked machine withing you own network plays a lesser role.

Make sure to include DNS in your VPN... (1)

nweaver (113078) | about 3 years ago | (#36996126)

Make double-sure that your VPN also tunnels the DNS requests, by checking the configuration and/or by using TCPdump. EG, its pretty easy to accidentally set-up firefox through an SSH tunnel in a way where the DNS requests don't pass through the tunnel.

Questions answered in this thread... (5, Interesting)

nweaver (113078) | about 3 years ago | (#36996084)

I am one of the Netalyzr developers involved in this work. I or my colleagues will answer questions in this thread, but I may be offline for a little while so responses may be somewhat delayed at times.

Do you have a useful tool for identifying this? (1)

bigtrike (904535) | about 3 years ago | (#36996302)

Is there some easy way we can check for this, such as with a curl or wget command line script? A great way to defeat this practice would be to notify the businesses that are needlessly paying commissions out even though they are the first result.

Re:Do you have a useful tool for identifying this? (3, Informative)

nweaver (113078) | about 3 years ago | (#36996338)

Yes. Netalyzr [berkeley.edu] specifically detects this condition amongst its many other tests. We also have a Java Command Line Client [berkeley.edu] .

You can also check by doing a "dig search.yahoo.com". If the authority is "jomax.net", its a Paxfire appliance changing the results.

Re:Questions answered in this thread... (1)

PineGreen (446635) | about 3 years ago | (#36996516)

How much does the use of neutral (for example google's) DNS services rather than default ISP's DNS help?

Re:Questions answered in this thread... (0)

Anonymous Coward | about 3 years ago | (#36996812)

I was wondering this as well. I've been using google's DNS servers for a few months now, as they are faster than my ISP's, and don't go down on a semi regular basis.

(Comcast in Minneapolis, here.)

Re:Questions answered in this thread... (2)

nweaver (113078) | about 3 years ago | (#36996868)

They do NOT intercept DNS that's not directed to the ISP's resolvers, thus using Google Public DNS allows you to avoid this redirection completely if you are affected.

Criminal (0)

Anonymous Coward | about 3 years ago | (#36996312)

Hijacking traffic like this is almost certainly a breach of RIPA and the Computer Misuse Act. This is before we get into issues like corporate governance and who is profiting from this.

Jail time for anyone involved in this. Now.

Suddenlink redirects 404's (1)

BlueKitties (1541613) | about 3 years ago | (#36996428)

I live about 30 miles from the East Texas court most of these tech patent disputes take place at. The only (see: ONLY) high-speed service in my area is Suddenlink. The alternative sold out a few years ago. Well, lo-and-behold, everytime I mistype a URL I don't get a 404 -- I get a search result (all clad in ads) with "Suddenlink" across the top of the page. This is why so many people are worried about ISP's screwing up the Internet. First, even if Suddenlink argues they're doing me a favor, why do they get to decide which search engine my 404 is sent to? Second, that makes it awfully tempting for Suddenlink to monitor my Internet activity for targeted advertising in their 404 redirect page. And third, what the buggar are the data retention policies for the site they redirect to?

Net Neutrality (1)

lavagolemking (1352431) | about 3 years ago | (#36996572)

Ok, I know this is just DNS and not some network-level hijacking, but crap like this is exactly why we need net neutrality. Capitalizing on customers' traffic by redirecting their searches (or otherwise interfering with customers' activities) is type of behavior net neutrality activists have claimed will happen for a long time, and that ISPs have claimed will never happen. Odd that the big players aren't the culprits for once (they're probably scared of regulation after the bittorrent scandal [slashdot.org] ), but I'm sure if this is successful, or if a corrupt judge somewhere rules there is nothing wrong with what's going on, then we can expect to see all the big players stepping in and this will become a lot more widespread than it already is.

Mistyped URLs (2)

macraig (621737) | about 3 years ago | (#36996676)

"... additional revenue through advertising based on mistyped URLs."

This is why perfect spelling is so important.

Who makes theses decisions to hijack search traffi (1)

Stan92057 (737634) | about 3 years ago | (#36996926)

Who makes theses decisions to hijack search traffic? Do any of theses corporation use there lawyers. I mean this is a no brainier stupid/illegal move and why did they think someone wouldn't find out? I have RCN i can say this hasn't happened to me but i don't use the search bar i search right from google.com.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>