Re 400+ lines of JavaScript into web pages

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Roy Levin <roy () levin net>
Date: Mon, Dec 11, 2017 at 2:34 PM
Subject: RE: [IP] Re Comcast is injecting 400+ lines of JavaScript into web
pages
To: <dave () farber net>


Dave,



For IP, if you choose.



I don’t understand the apparent compulsion by ISPs to communicate with me
by any means they can implement.  If the electric company, or gas company,
or water company, has to tell me something about my service, they use
conventional means of contacting me:  phone, email, snail mail.  If I fail
to respond for whatever reason, and there is a legitimate urgent concern,
they will turn off my service, which is likely to get my attention.



If the telephone company needs to contact me, and they observe that, when
they call, I don’t answer, do they then notice when I happen to be on a
phone call with someone and break into that call to deliver their message?
No, of course not.  Why should ISPs do the equivalent?



Roy





*From:* Dave Farber [mailto:farber () gmail com]
*Sent:* Monday, December 11, 2017 10:54 AM
*To:* ip <ip () listbox com>
*Subject:* [IP] Re Comcast is injecting 400+ lines of JavaScript into web
pages







Begin forwarded message:



*From: *Brett Glass <brett () lariat net>

*Subject: Re: [IP] Fwd: Comcast is injecting 400+ lines of JavaScript into
web pages*

*Date: *December 11, 2017 at 1:51:28 PM EST

*To: *dave () farber net



Dave, and everyone:

As an ISP, I often have trouble contacting our customers. They change
telephone numbers and e-mail addresses without telling us; our notices
often wind up in their "spam" folders (sometimes simply because they have
words relating to their account); a spouse is sometimes handling household
affairs; roommates change; not all telephone numbers accept text messages;
etc. At one time, we attempted to use a feature which allowed us to pop up
a message on machines that ran Microsoft Windows. Alas, this feature was
abused by spammers... and, instead of allowing it to be limited to messages
from the local ISP, Microsoft turned it off completely. (It also had the
disadvantage of not being cross-platform.)

By far the best way to get a user's attention is to get a simple message
onto the user's screen. We do not inject Javascript (it is our company
policy never to rely upon client-side scripting due to the many security
and incompatibility problems it causes), but do sometimes divert the user's
browser to a screen asking that he or she call us. Ironically, this too
sometimes fails due to SSL, so we have had to tailor the system to do this
only during accesses to URLs beginning with http://, not https://.

Until and unless an alternative cross-platform method for the ISP to get in
touch with users is universally implemented, this will remain the best way
of getting a user's attention - and a perfectly reasonable one. Our users
have thanked us for it - especially when we've notified them that they
appear to have malware infections or need an equipment upgrade. It is also
reasonable network management. We therefore believe that any and all
responsible ISPs with good customer service should be allowed to do it.

--Brett Glass, LARIAT.NET

At 08:54 AM 12/10/2017, you wrote:



---------- Forwarded message ---------
From: DV Henkel-Wallace <gumby () henkel-wallace org >
Date: Sun, Dec 10, 2017 at 10:53 AM
Subject: Comcast is injecting 400+ lines of JavaScript into web pages
To: David Farber <dave () farber net>


Apparently Comcast feels it gets to decide what I should see on the web
pages I choose.  Injecting random *executable content* is no different from
providing other editorial “improvements”.

The response from Jason Livingood, who should know better, is particularly
tone deaf and self righteous.

Unfortunately where I live my “choices” are Comcast and sub-384kb AT&T DSL
(despite being less than a mile from the CO and the PAIX for that matter).

A snippet from
http://forums.xfinity.com/t5/Customer-Service/Are-you-aware-Comcast-is-injecting-400-lines-of-JavaScript-into/td-p/3009551
(code is included downthread).





Are you aware? Comcast is injecting 400+ lines of JavaScript into web pages.



I just learned of this dispicable Comcast practice today and I am livid.
Comcast began injecting 400+ lines of JavaScript code in to pages I
requested on the internet so that when the browser renders the web page,
the JavaScript generates a pop up trying to up-sell me a new modem.  When
you call the number in the popup, they're quick to tell you that you need a
new modem, which in my case is not true.  I later verified with level-2
support that my modem is pefectly fine and I don't need to upgrade.  As
deceptive as that is however, my major complaint is that Comcast is
intercepting web pages and then altering them by filling them with hundreds
of lines of code.  Even worse is that I've had to speak to 7 different
supervisors from all areas of Comcast and they have either never heard of
the process, or those who were aware of the practice don't know how to turn
it off.


Sent from my iPad
Archives <https://www.listbox.com/member/archive/247/=now> | Modify
<https://www.listbox.com/member/?&;> Your Subscription | Unsubscribe Now
<https://www.listbox.com/unsubscribe/?&&post_id=20171210105448:70B9CD24-DDC2-11E7-8953-E97FD683EF5B>
<http://www.listbox.com/>



Archives <https://www.listbox.com/member/archive/247/=now>
<https://www.listbox.com/member/archive/rss/247/504330-9015468f>| Modify
<https://www.listbox.com/member/?&;>
Your Subscription | Unsubscribe Now
<https://www.listbox.com/unsubscribe/?&&post_id=20171211135436:B9BBFC1C-DEA4-11E7-ABD4-C4D067573D43>

<http://www.listbox.com>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20171211150547:AB7F7F48-DEAE-11E7-8139-F96A66DD64B4
Powered by Listbox: http://www.listbox.com