re ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "Patrick W. Gilmore" <patrick () ianai net>
> Date: April 10, 2010 4:15:50 PM EDT
> To: Dave Farber <dave () farber net>, Lauren Weinstein  
> <lauren () vortex com>
> Cc: "Patrick W. Gilmore" <patrick () ianai net>
> Subject: Re: [IP] ISP Accused of "Hijacking" Google Search Queries  
> and Subscribers' DNS

> Lauren,
>
> While I would not argue your general conclusions below, I question  
> the use of the term DPI in this case.  Redirecting a TCP port number  
> is definitely above Layer 3, but typically I see the term "DPI" to  
> mean looking into the payload of a packet, not the headers.
>
> Assuming Windstream were only redirecting port 53 traffic (which  
> would have the same symptoms as what you describe), this is pretty  
> standard technology. Frequently high-end routers can do this without  
> additional hardware.
>
> What's more, you will probably get a response from Brett, who uses  
> something like this to redirect port 80 to his web caches.  Of  
> course, his caches probably show the "real" web page, but the  
> traffic is definitely being redirected.
>
> --
> TTFN,
> patrick
>
>
> On Apr 10, 2010, at 3:43 PM, David Farber wrote:
>
> > Begin forwarded message:
> >
> > From: Lauren Weinstein <lauren () vortex com>
> > Date: April 10, 2010 3:28:18 PM EDT
> > To: dave () farber net
> > Subject: ISP Accused of "Hijacking" Google Search Queries and  
> > Subscribers' DNS
> >
> >
> >
> > ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS
> >
> >             http://lauren.vortex.com/archive/000704.html
> >
> >
> > Greetings.  All of the data on this situation isn't in yet, but on  
> > its
> > face this appears to be an extremely problematic situation, seemingly
> > involving ISP "hijacking" of their subscribers' Google-related
> > traffic.
> >
> > Here's what we have so far, based on reports to date.  When reading
> > this, please also keep in mind the "Testing Your Internet Connection
> > for ISP DNS Diversions" page ( http://bit.ly/7DOv5Y ) from
> > NNSquad ( http://www.nnsquad.org ) -- more on this below.
> >
> > Apparently a few days ago, users of Windstream ISP services suddenly
> > discovered that their Firefox-based Google toolbar search queries  
> > were
> > being diverted by Windstream to an alternate Windstream-associated
> > search service, through some form of DNS redirection
> > ( http://bit.ly/aJ3WZB [DSL Reports] ).
> >
> > Complaints by subscribers resulted in confusing responses from
> > Windstream, including the statement that the purpose of their
> > redirection was only to deal with unresolved site lookups and that an
> > opt-out was available.  (Over on NNSquad, we've frequently discussed
> > the unacceptability of such diversions on anything other than an
> > *opt-in* basis.)
> >
> > Shortly after the initial Windstream explanation, a Windstream
> > employee apparently said that:
> >
> >  "We will be making a change to this service tonight based on
> >   feedback from our customers who wish to continue to use Google
> >   for the search box. We apologize for any inconvenience this may
> >   have caused."
> >
> > This is a most remarkable statement -- since it appears to imply that
> > the diversion was not a mistake, but may have been an intentional
> > redirection of Google-related traffic.  After all, if someone is  
> > using
> > a Google search toolbar, one would typically assume that they want
> > *Google* to supply the search results, right?  You don't need rocket
> > science to figure this out.
> >
> > Of particular concern are reports that these changes affected
> > subscribers who were *not* using Windstream's DNS servers, but
> > who had manually changed their DNS settings to other servers such as
> > OpenDNS or Google DNS.  If these reports are correct, they imply that
> > Windstream was tampering with protocols via DPI (Deep Packet
> > Inspection) techniques, which elevates the severity of the situation
> > to an even higher level, regardless of whether or not "opt-out"
> > mechanisms of varying effectiveness were provided.
> >
> > Many Windstream subscribers are very concerned about the privacy
> > implications of this situation, and the apparent unwillingness of
> > Windstream to clearly explain what they are doing and whether or not
> > the diversion of Google search queries was intentional or accidental
> > in the first place ( http://bit.ly/bUrgBF [DSL Reports] ).
> >
> > This all appears to be a very serious situation, and exactly the sort
> > of problem many of us have been warning about for years.
> >
> > The first useful step moving forward regarding this matter should be
> > for Windstream to immediately and definitively come clean publicly
> > about what they did, what they are doing, and what their true
> > intentions were and are.
> >
> > In the meantime, I invite Windstream (and other ISP) subscribers to
> > use the info on the NNSquad Testing Your Internet Connection for ISP
> > DNS Diversions page to test their ISP for DNS tampering, and to  
> > report
> > results to me as described on that page ( http://bit.ly/7DOv5Y ).
> >
> > DNS tampering is unacceptable and can easily create all manner of
> > collateral damage.  Interfering with Google's (or anyone else's)  
> > users
> > is atrocious, especially if done purposely.
> >
> > This is all yet another example of why moving toward reasonable
> > regulation of the Internet access industry is so critically  
> > important.
> >
> > --Lauren--
> > Lauren Weinstein
> > lauren () vortex com
> > Tel: +1 (818) 225-2800
> > http://www.pfir.org/lauren
> > Co-Founder, PFIR
> > - People For Internet Responsibility - http://www.pfir.org
> > Co-Founder, NNSquad
> > - Network Neutrality Squad - http://www.nnsquad.org
> > Founder, GCTIP - Global Coalition
> > for Transparent Internet Performance - http://www.gctip.org
> > Founder, PRIVACY Forum - http://www.vortex.com
> > Member, ACM Committee on Computers and Public Policy
> > Lauren's Blog: http://lauren.vortex.com
> > Twitter: https://twitter.com/laurenweinstein
> >
> >
> >
> >
> >
> >
> > -------------------------------------------
> > Archives: https://www.listbox.com/member/archive/247/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/247/
> > Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com