Re: US internet providers hijacking users' search queries

[Scott Helms <khelms () ispalliance net>]

Not trying to be obtuse, but none of the technical docs you cite appear 
to talk about HTTP proxies nor does the newswire report have any 
technical details.  I have tested several of the networks listed in the 
report and in none of the cases I saw was there HTTP proxy activity.  
Picking up on WCCP/TCS isn't that hard (I used to install those myself) 
so unless there is some functionality in IOS and/or JUNOS that allows I 
don't see it happening.  Paxfire can operate all of the proxies they 
want but the network infrastructure has to be able to pass the traffic 
over to those proxies and I don't see it (on at least 3 of the networks 
cited).



> What the FAQ doesn't tell you is that the Paxfire  appliances can 
> tamper with DNS
> traffic  received from authoritative DNS servers not operated by the ISP.
> A paxfire box can alter NXDOMAIN queries, and  queries that respond 
> with known search engines' IPs.
> to send your HTTP traffic to their HTTP proxies instead.
>
> Ty, http://netalyzr.icsi.berkeley.edu/blog/
> "
> In addition, some ISPs employ an optional, unadvertised Paxfire 
> feature that redirects the entire stream of affected customers' web 
> search requests to Bing, Google, and Yahoo via HTTP proxies operated 
> by Paxfire. These proxies seemingly relay most searches and their 
> corresponding results passively, in a process that remains invisible 
> to the user. Certain keyword searches, however, trigger active 
> interference by the HTTP proxies.
> "
>
> http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf
> http://newswire.xbiz.com/view.php?id=137208
>
>
> --
> -JH


--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------