Interesting People mailing list archives
re ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS
From: Dave Farber <dave () farber net>
Date: Sat, 10 Apr 2010 17:36:15 -0400
Begin forwarded message:
From: "Patrick W. Gilmore" <patrick () ianai net> Date: April 10, 2010 4:15:50 PM EDTTo: Dave Farber <dave () farber net>, Lauren Weinstein <lauren () vortex com>Cc: "Patrick W. Gilmore" <patrick () ianai net>Subject: Re: [IP] ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS
Lauren,While I would not argue your general conclusions below, I question the use of the term DPI in this case. Redirecting a TCP port number is definitely above Layer 3, but typically I see the term "DPI" to mean looking into the payload of a packet, not the headers.Assuming Windstream were only redirecting port 53 traffic (which would have the same symptoms as what you describe), this is pretty standard technology. Frequently high-end routers can do this without additional hardware.What's more, you will probably get a response from Brett, who uses something like this to redirect port 80 to his web caches. Of course, his caches probably show the "real" web page, but the traffic is definitely being redirected.-- TTFN, patrick On Apr 10, 2010, at 3:43 PM, David Farber wrote:Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: April 10, 2010 3:28:18 PM EDT To: dave () farber netSubject: ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNSISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS http://lauren.vortex.com/archive/000704.htmlGreetings. All of the data on this situation isn't in yet, but on itsface this appears to be an extremely problematic situation, seemingly involving ISP "hijacking" of their subscribers' Google-related traffic. Here's what we have so far, based on reports to date. When reading this, please also keep in mind the "Testing Your Internet Connection for ISP DNS Diversions" page ( http://bit.ly/7DOv5Y ) from NNSquad ( http://www.nnsquad.org ) -- more on this below. Apparently a few days ago, users of Windstream ISP services suddenlydiscovered that their Firefox-based Google toolbar search queries werebeing diverted by Windstream to an alternate Windstream-associated search service, through some form of DNS redirection ( http://bit.ly/aJ3WZB [DSL Reports] ). Complaints by subscribers resulted in confusing responses from Windstream, including the statement that the purpose of their redirection was only to deal with unresolved site lookups and that an opt-out was available. (Over on NNSquad, we've frequently discussed the unacceptability of such diversions on anything other than an *opt-in* basis.) Shortly after the initial Windstream explanation, a Windstream employee apparently said that: "We will be making a change to this service tonight based on feedback from our customers who wish to continue to use Google for the search box. We apologize for any inconvenience this may have caused." This is a most remarkable statement -- since it appears to imply that the diversion was not a mistake, but may have been an intentionalredirection of Google-related traffic. After all, if someone is usinga Google search toolbar, one would typically assume that they want *Google* to supply the search results, right? You don't need rocket science to figure this out. Of particular concern are reports that these changes affected subscribers who were *not* using Windstream's DNS servers, but who had manually changed their DNS settings to other servers such as OpenDNS or Google DNS. If these reports are correct, they imply that Windstream was tampering with protocols via DPI (Deep Packet Inspection) techniques, which elevates the severity of the situation to an even higher level, regardless of whether or not "opt-out" mechanisms of varying effectiveness were provided. Many Windstream subscribers are very concerned about the privacy implications of this situation, and the apparent unwillingness of Windstream to clearly explain what they are doing and whether or not the diversion of Google search queries was intentional or accidental in the first place ( http://bit.ly/bUrgBF [DSL Reports] ). This all appears to be a very serious situation, and exactly the sort of problem many of us have been warning about for years. The first useful step moving forward regarding this matter should be for Windstream to immediately and definitively come clean publicly about what they did, what they are doing, and what their true intentions were and are. In the meantime, I invite Windstream (and other ISP) subscribers to use the info on the NNSquad Testing Your Internet Connection for ISPDNS Diversions page to test their ISP for DNS tampering, and to reportresults to me as described on that page ( http://bit.ly/7DOv5Y ). DNS tampering is unacceptable and can easily create all manner ofcollateral damage. Interfering with Google's (or anyone else's) usersis atrocious, especially if done purposely. This is all yet another example of why moving toward reasonableregulation of the Internet access industry is so critically important.--Lauren-- Lauren Weinstein lauren () vortex com Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, GCTIP - Global Coalition for Transparent Internet Performance - http://www.gctip.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- re ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS Dave Farber (Apr 10)
- <Possible follow-ups>
- re ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS Dave Farber (Apr 10)
- re ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS Dave Farber (Apr 10)