// you’re reading...

Other

Internet protocols could be facing a siege from ISPs

inject
Original image by Dirty Bunny

Rogers, one of the two major Canadian Internet Service Providers, has been busy exercising their position of power. Again. After having been injecting content into HTTP webpages for half a year, Rogers has moved on to hijack DNS as well, replacing “not found” responses with pages full of ads. Though why stop there? Internet comes with many more communication protocols; plenty of opportunities to disrupt expected responses and inject unwanted ads into someone else’s content. All in the name of extra profits.

This is a hypothetical visual study of possible implications. All images below have been edited. It is not the point to single out Rogers; it’s just that they’ve started the trend that users disagree with. The point is that users should disagree with such actions. While not everybody might care about occasional unresolved lookups, there are other services that could be targeted next.

MSN, Yahoo, XMPP (and other) IM protocols

This one might be hitting a lot closer to home, for some, than seeing ads on “missing webpage” responses; even though it’s a similar concept. Only this time in your Instant Messenger. Every once in a while one would send a message just as the contact goes offline… more commonly it’s busy/away/whatever status… so many options to take advantage of!

mockup ISP IM injection

WHOIS

WHOIS is a query/response protocol used to look up information about a domain. It would be easy to inject some plain-text advertising, along with the requested information. While only a small subset of the internet population uses this protocol, it is also a very specific demographic to be targeted with offers regarding domains and other web-related products.

mockup ISP whois injection

RDP — Remote Desktop

While technically the data is encrypted, as it should be, it seems that older clients might use weaker protection schemes and be vulnerable to man-in-the-middle attacks. ISPs often happen to be in the middle. If one’s entire desktop is streamed over the internet, why not supplement some of the experience with sponsored offers?

mockup ISP remote desktop injection

BitTorrent

Actually a lot of ISPs already treat BitTorrent traffic in a special way. Though instead of annoying users with injected downloads and making money, ISPs often unfairly throttle this protocol, annoying users for free.

mockup ISP bittorrent injection

And more!

  • POP3/STMP — inject ads into emails!
  • RTP — manipulate streaming audio/visual content.
  • IRC — similar to Instant Messaging.

The good news is that we are not there, yet. The bad news is that not enough people seem to be aware of this creeping trend. The worse news would be similar tactics catching on in other communication mediums.

In a way an Internet Service Provider is very similar to a Postal Office. Their services are purchased in order to deliver data. Now imagine Canada Post (or FedEx or UPS) operating in a similar manner. It would be like reverse censorship — instead of taking content out, they’ll be putting more in, along with your original package. I’ll doubt they will get away with such practices for long.

a cat opening a mail envelope
Original image by arbyreed

Is it because snail-mail letters are sealed in envelopes, that we expect a them to be delivered without tampering (HTTP page content injection)? And similarly expect a certain level of privacy, instead of getting a package full of ads on topics of “return to sender” mail (DNS hijacking)? And that we expect any letter, regardless of content, having paid equal postage, to be delivered at a similar level of service (BitTorrent throttling)?

Perhaps we’ll need to start placing our internet packets in envelopes as well. Some people think we should encrypt all internet traffic. Besides implementation and adaptation difficulties, this would also add additional strain to the networks… but at least it would help ISPs to stay more honest. I just hope that we will not be forced to do it this way.

Read more



Discussion

  1. Posted by Alfred Ayache | July 31, 2008, 4:11 pm

    Don’t give the bastards any more ideas…

    Reply to comment

  2. Posted by Paul Butler | July 31, 2008, 6:01 pm

    The scary thing is all of those only seem as unrealistic as HTTP and DNS injections would have been a few years ago.

    I like the idea of encrypting all internet traffic – that would give ISPs no choice. Also, unsecured wi-fi is increasingly common in airports and coffee shops, which is potentially a huge security/privacy issue. I wonder what is currently stopping more sites (say, google.com) from allowing HTTPS connections — bandwidth and CPU? Is encrypted traffic really more bandwidth or CPU intensive?

    Reply to comment

  3. Posted by It’s the end of the INTERNET as we know it. | Ben Hovinga | July 31, 2008, 9:57 pm

    [...] now I was reading through my RSS subscriptions on Google Reader when I came across this article at the Computer Science Canada Blog. It just makes me sick when I look at it. There are enough advertisments from the website owners to [...]

  4. Posted by Tony | July 31, 2008, 11:12 pm

    Well BitTorrent and RDP are more on the unrealistic end of things, due to the encryption involved. Though that doesn’t stop ISPs from identifying that traffic as such, and treating it in a special way anyway.

    The problem with encrypted traffic is that it cannot be cached. So yes, that would dramatically increase the bandwidth and CPU (serverside) usage.

    Reply to comment

  5. Posted by Mats | August 1, 2008, 4:31 am

    Advertising income is something huge for most companies. They make a lot of money on it, and when the competition on their market increases most resolve to advertising to fill the gap.
    Advertising is really annoying I think. Sure it’s great to be able to get a 10 minute break when watching TV. You can grab a smoke, a coffee, the possibilities are limitless. But when a 40 minute TV show stretches to over 1 hour including the ads it’s just to much.
    We are being force fed these ads from all over.
    The good thing about it I guess is that people are starting to get fed up with this, most of us use Ad blockers in our browsers. Many of my friends download TV shows of the net just because they are ad free. After all, the only real thing we have is time, and I for one refuse to waste it watching ads.

    Reply to comment

  6. Posted by Olga | August 1, 2008, 8:22 am

    Rogers sux! :)

    Reply to comment

  7. Posted by Chris | August 1, 2008, 9:11 am

    Here is the US our FCC just spanked Comcast for throttling p2p traffic. There are many folks who say the FCC didn’t hit them hard enough, but I think their intent was to fire a warning shot across the bow of any ISPs who are considering monkeying with the data stream.

    Reply to comment

  8. Posted by Dangerouslydead | August 1, 2008, 9:57 am

    Is this even legal? Can they subject us to advertising on our bandwidth when we are paying for every KB that we donwload?

    Reply to comment

  9. Posted by Webektor | August 1, 2008, 10:58 am

    Question is… Do they any discount for their service or offer ad free sevice with a different billing.

    Reply to comment

  10. Posted by Sunil | August 2, 2008, 10:36 pm

    In order to make extra bucks, these ISP’s tend to do some illegal stuffs poking around their noses and trying to change the course of the protocols. For me I pay for the service, but am getting much lesser bandwidth allocated to me. Something has to be done to get these jerks back on the track.

    Reply to comment

  11. Posted by Matthew | August 3, 2008, 12:04 am

    This is pretty scary. It’s a troublesome prospect to be certain. I’m tired enough of the ads I see on web pages, and the last thing I need is to be fed ads by my ISP – especially through some sort of evil injection technique such as this. It’s scares me even more due to the whole net neutrality debacle we had here in the United States.

    Reply to comment

  12. Posted by ddos | August 4, 2008, 12:25 pm

    A situation like that would only be possible with ISP monopoly. You don’t need to be a rocket scientist to figure out which service people would use if one ISP injects you with tons of ads whatever you do and another one doesn’t. However it would be a great idea to use for at wireless hotspots for instance. Instead of making you purchase login information with SMS/credit card you would just have to look at advertisements….to be honest I’d prefer that.

    Reply to comment

  13. Posted by ROGERS SUCKS | August 7, 2008, 12:33 am

    i have rogers and have noticed that damn 404 page. tommorow imma call them and tell them to “stop clogging my internets tubes”. lol. i really will, and really am.

    Reply to comment

  14. Posted by Tony | August 7, 2008, 12:51 am

    If you are, please follow up with their response. I’d be interested in hearing what they have to say about this.

    Reply to comment

  15. Posted by Andrew | August 16, 2008, 10:06 am

    I hate when Rogers does things like that. Unfortunately, people here in Toronto don’t really have a choice. It’s either Rogers or….*shiver*….Bell. I really hope they don’t inject that stuff into more things. Oh yeah, Rogers Sucks, please post the follow up to that. I’d love to see it.

    BTW, what MSN program are you using in OS X? Is it MSN? I just got my Mac so I dont know.

    Reply to comment

  16. Posted by Tony | August 18, 2008, 7:23 pm

    @Andrew — on OS X, the IM clients are typically either iChat or Adium. I use the latter.

    Reply to comment

  17. Posted by Andrew | August 19, 2008, 8:05 am

    Thanks Tony. Yeah, I found out about Adium yesterday and downloaded it. Too bad iChat doesn’t support MSN natively, I really love those webcam effects.

    Reply to comment

  18. Posted by Dusk Eagle | August 25, 2008, 11:44 am

    I phoned Rogers about this and, after they tried to set a cookie on my computer which would’ve done nothing and having me point that out to them, they told me to google for a free dns. I asked them if they offered their own servers which didn’t redirect to a page full of ads and they said no. Screw you, Rogers! (Maybe I should constantly download and delete random large-sized bulk just to cost them more money.)

    Reply to comment

  19. Posted by chris pine | September 17, 2008, 5:34 pm

    I think it would be ok if you were getting the Internet for free, but if you’re paying for their services, looks like they’re trying to nickle and dime you anywhere they can.

    Reply to comment

Post a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>