Interesting People mailing list archives
Re 400+ lines of JavaScript into web pages
From: "Dave Farber" <dave () farber net>
Date: Mon, 11 Dec 2017 20:05:29 +0000
---------- Forwarded message --------- From: Roy Levin <roy () levin net> Date: Mon, Dec 11, 2017 at 2:34 PM Subject: RE: [IP] Re Comcast is injecting 400+ lines of JavaScript into web pages To: <dave () farber net> Dave, For IP, if you choose. I don’t understand the apparent compulsion by ISPs to communicate with me by any means they can implement. If the electric company, or gas company, or water company, has to tell me something about my service, they use conventional means of contacting me: phone, email, snail mail. If I fail to respond for whatever reason, and there is a legitimate urgent concern, they will turn off my service, which is likely to get my attention. If the telephone company needs to contact me, and they observe that, when they call, I don’t answer, do they then notice when I happen to be on a phone call with someone and break into that call to deliver their message? No, of course not. Why should ISPs do the equivalent? Roy *From:* Dave Farber [mailto:farber () gmail com] *Sent:* Monday, December 11, 2017 10:54 AM *To:* ip <ip () listbox com> *Subject:* [IP] Re Comcast is injecting 400+ lines of JavaScript into web pages Begin forwarded message: *From: *Brett Glass <brett () lariat net> *Subject: Re: [IP] Fwd: Comcast is injecting 400+ lines of JavaScript into web pages* *Date: *December 11, 2017 at 1:51:28 PM EST *To: *dave () farber net Dave, and everyone: As an ISP, I often have trouble contacting our customers. They change telephone numbers and e-mail addresses without telling us; our notices often wind up in their "spam" folders (sometimes simply because they have words relating to their account); a spouse is sometimes handling household affairs; roommates change; not all telephone numbers accept text messages; etc. At one time, we attempted to use a feature which allowed us to pop up a message on machines that ran Microsoft Windows. Alas, this feature was abused by spammers... and, instead of allowing it to be limited to messages from the local ISP, Microsoft turned it off completely. (It also had the disadvantage of not being cross-platform.) By far the best way to get a user's attention is to get a simple message onto the user's screen. We do not inject Javascript (it is our company policy never to rely upon client-side scripting due to the many security and incompatibility problems it causes), but do sometimes divert the user's browser to a screen asking that he or she call us. Ironically, this too sometimes fails due to SSL, so we have had to tailor the system to do this only during accesses to URLs beginning with http://, not https://. Until and unless an alternative cross-platform method for the ISP to get in touch with users is universally implemented, this will remain the best way of getting a user's attention - and a perfectly reasonable one. Our users have thanked us for it - especially when we've notified them that they appear to have malware infections or need an equipment upgrade. It is also reasonable network management. We therefore believe that any and all responsible ISPs with good customer service should be allowed to do it. --Brett Glass, LARIAT.NET At 08:54 AM 12/10/2017, you wrote: ---------- Forwarded message --------- From: DV Henkel-Wallace <gumby () henkel-wallace org > Date: Sun, Dec 10, 2017 at 10:53 AM Subject: Comcast is injecting 400+ lines of JavaScript into web pages To: David Farber <dave () farber net> Apparently Comcast feels it gets to decide what I should see on the web pages I choose. Injecting random *executable content* is no different from providing other editorial “improvements”. The response from Jason Livingood, who should know better, is particularly tone deaf and self righteous. Unfortunately where I live my “choices” are Comcast and sub-384kb AT&T DSL (despite being less than a mile from the CO and the PAIX for that matter). A snippet from http://forums.xfinity.com/t5/Customer-Service/Are-you-aware-Comcast-is-injecting-400-lines-of-JavaScript-into/td-p/3009551 (code is included downthread). Are you aware? Comcast is injecting 400+ lines of JavaScript into web pages. I just learned of this dispicable Comcast practice today and I am livid. Comcast began injecting 400+ lines of JavaScript code in to pages I requested on the internet so that when the browser renders the web page, the JavaScript generates a pop up trying to up-sell me a new modem. When you call the number in the popup, they're quick to tell you that you need a new modem, which in my case is not true. I later verified with level-2 support that my modem is pefectly fine and I don't need to upgrade. As deceptive as that is however, my major complaint is that Comcast is intercepting web pages and then altering them by filling them with hundreds of lines of code. Even worse is that I've had to speak to 7 different supervisors from all areas of Comcast and they have either never heard of the process, or those who were aware of the practice don't know how to turn it off. Sent from my iPad Archives <https://www.listbox.com/member/archive/247/=now> | Modify <https://www.listbox.com/member/?&> Your Subscription | Unsubscribe Now <https://www.listbox.com/unsubscribe/?&&post_id=20171210105448:70B9CD24-DDC2-11E7-8953-E97FD683EF5B> <http://www.listbox.com/> Archives <https://www.listbox.com/member/archive/247/=now> <https://www.listbox.com/member/archive/rss/247/504330-9015468f>| Modify <https://www.listbox.com/member/?&> Your Subscription | Unsubscribe Now <https://www.listbox.com/unsubscribe/?&&post_id=20171211135436:B9BBFC1C-DEA4-11E7-ABD4-C4D067573D43> <http://www.listbox.com> ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20171211150547:AB7F7F48-DEAE-11E7-8139-F96A66DD64B4 Powered by Listbox: http://www.listbox.com
Current thread:
- Re Comcast is injecting 400+ lines of JavaScript into web pages Dave Farber (Dec 11)
- Message not available
- Re 400+ lines of JavaScript into web pages Dave Farber (Dec 11)
- Message not available