// you’re reading...

Other

Rogers ISP and their lack of neutral net

Net Neutrality is an important issue to the Internet. Google has put together a short guide that carries a simple message:

Network neutrality is the principle that Internet users should be in control of what content they view and what applications they use on the Internet.

Rogers, one of the main Internet Service Providers in Canada, has been pretty bad in this respect. They’ve already been shape-shifting their traffic, throttling any peer-2-peer traffic. Now the Torontoist reports that Rogers has began injecting their own content into certain popular websites.

Rogers HTTP Injection

While the technique is said to be used only to serve account information messages (as oppose to using email or calling their customers), the technology itself is developed to inject any sort of advertisements into webpages not owned by the ISP. It’s a short path from serving account information to “relevant” Rogers offers, to offers from 3rd party partners. The idea might be too tempting to pass up.

The bluntly obvious problem, as seen in the screenshot, is that Rogers is injecting Yahoo!’s logo into Google’s homepage.

Additionally I would raise some privacy concerns. Their “acknowledge receipt of this message” links are obviously directly tied to one’s account with the company. So regardless of privacy measures, such injections would allow for tracking of individuals and their actions on the page.

The issue has been brought into the blogosphere by Lauren Weinstein. And wired mentioned that Rogers has confirmed such injections.

Rogers vice president of communications Taanta Gupta confirmed that Rogers is experimenting with this technique as a way to communicate with its customers.

This might be good information to communicate to the customers, but modifying their user’s HTTP packets is simply in bad taste. It is not immediately apparent, to an average user, as to how the injected content has gotten there. This slippery slope also puts the possibility of 3rd party content too close to comfort.

Read more

Discussion

  1. Posted by Martin | December 11, 2007, 10:25 pm

    Of course they can track you, they’re your ISP. Everything you do goes through their routers. They don’t need to inject anything in the page to do that.

    Reply to comment

  2. Posted by Paul Butler | December 11, 2007, 10:39 pm

    Martin: Yes, but I think Tony’s point was not that they could record it, but that they are. They record somewhere that you acknowledged the message, which presumably implies that you visited Google at some time. Not the end of the world, but as Tony said, it’s a slippery slope.

    Reply to comment

  3. Posted by Paul Butler | December 11, 2007, 10:59 pm

    I don’t like the idea of an ISP changing what’s in a packet, it’s just an icky feeling. But on a practical level, this seems like a good idea. I mean, privacy concerns aside (and really, if you don’t trust your ISP to keep your information private, you should probably switch ISPs, because they have access to way more data than this), it might be more convenient to some users than an email or phone call. If the user can turn it off (as it appears), I think the net benefit to the average user is positive. It’s nice to see Rogers being proactive about notifying their customers about their quota use though. I’ve been burned by phone data rates by Rogers wireless, and I sure wish they would have notified me in advance. (Tangent: Instead, they removed the feature from the phone that would have told me how much I had used.)

    That said, I avoid Rogers for internet because of the traffic shaping stuff.

    Reply to comment

  4. Posted by Tony | December 11, 2007, 11:06 pm

    Martin: you’re right, the ISP could definitely record all the content that goes through their routers. Injecting ID-laced links just makes it easier. Injecting JavaScript could also let them know what you’re doing on the page itself — think CrazyEgg.

    Reply to comment

  5. Posted by Ben Hovinga | December 13, 2007, 7:32 pm

    This could also be bad with some of the programs that you have on your computer. A program could access a page that will display this account information and send that to a third party company about your account. It could also mess up your programs performance. If you have a program access a specific site that it knows and needs a specific string from a certain line it will not get that string.

    Reply to comment

  6. Posted by Mark Sanborn | December 14, 2007, 11:55 am

    The thought of the internet being controlled by an ISP really irks me. This is not what the internet was founded on and in my opinion drastically slow down its growth and potential.

    I also believe that if it becomes heavily controlled there will be a rising need for net citizens to develop their own private internet, similar to the already in place college network AKA, internet2.

    Reply to comment

  7. Posted by The Net’s Runaway Infrastructure | Think Artificial | December 17, 2007, 8:19 pm

    [...] a recent example of some dubious, related developments, Tony at CompSci Canada discusses the exploits of Rogers, one of the main Internet Service Providers in Canada, injecting information into the pages a user [...]

  8. Posted by TechTools | December 18, 2007, 7:47 pm

    It feels really weird knowing that my ISP has so much power and could control what pages I actually view. Hopefully we could find some change in this and actually find more freedom for the internet.
    It’s tough to say if this will ever happen but this example of Rogers and Yahoo on Google is pretty scary when you think about it.

    Reply to comment

Post a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>