[Chapter-delegates] Canadian ISP Rogers violates net neutralityby hijacking failed DNS lookups

James Butler jbutler at isoc-la.org
Mon Jul 21 14:05:59 PDT 2008 

FYI:

Phorm and its counterparts, NebuAd and others, have made and are continuing to attempt to make agreements with ISPs, including British Telecom and Virgin Media in the United Kingdom and Charter and WOW! in the United States, among several other ISPs.

These companies engage in "behavioral ad targeting", a practice that compiles "anonymized" profiles of network users' behaviors and serves "targeted" advertisements to those users via websites that agree to include Phorm/NebuAd code in their pages for this purpose.

In order to accomplish this, Phorm and NebuAd (among others) perform "deep packet inspection" of all network traffic in order to develop their profiles. This includes intercepting and modifying all packets, redirecting them through Phorm/NebuAd analysis programs hosted by the participating ISPs, and then releasing outbound packets to their original destination.

All inbound packets are inspected for (a) profile-matching identifiers and (b) participant destination identifiers. If a sequence of inbound packets matches both parameters (i.e. the profile is enabled for targeted ad receipt and the website is enabled for targeted ad injection), then the packets are modified to satisfy the goals of the ad server (Phorm/NebuAd) and the delivery mechanism provider (website).

These are so-called "opt-out" "services", as described by Phorm and NebuAd, where a cookie is placed on the user's machine when they make the effort to visit Phorm/NebuAd websites and follow the instructions to "opt-out" of the program. NOTE: This does not halt the "deep packet inspection" or analysis of the user's network activity, rather is simply informs Phorm/NebuAd of the user's preference not to receive any targeted advertisements. ALL packets continue to be inspected and routed through the analysis programs regardless of the user's "opt-out" status.

As you may surmise, once these systems are in place at the ISP, the ISP may then use the packet inspection processes for other purposes, including message delivery and service denial. The description in this thread of the activity related to observed rerouting could easily be the result of the use of these systems without any intrusion into the user's personal computing space.

Phorm and NebuAd, among others, are both in the process of being challenged by various governmental agencies, including the United States Congress in the U.S.A. and the European Commission, through its pressure on the British government to begin a serious investigation of Phorm's technology.

Please contact your country's authority in these matters and express your opposition to these seriously invasive systems.

James Butler
Internet Society - Los Angeles Chapter
Chairman of the Board
jbutler at isoc-la.org

*********** REPLY SEPARATOR  ***********

On 7/21/08 at 3:28 PM Alejandro Martínez Varela wrote:

>This might not be the case, but Airtel uses Phorm to profile users 
>browsing and it is worth mentioning how some ISPs are hijacking users 
>browsing through cookie manipulations and temporary web redirects to 
>"add value" through targeted publicity with such applications as Phorm.
>
>http://www.thisismoney.co.uk/bbphone/article.html?in_article_id=432233&in_page_id=182 
>
>
>Just another example of a "legal" surf coaching some ISPs have set up 
>that profiles users and messes with the connection itself. This is a big 
>issue and should be look at in detail.
>
>Varela.
>
>
>Alejandro Pisanty wrote:
>> S.,
>> 
>> have you ascertained fully that your computer has been hacked into by
>the 
>> ISP, or is there some other form of interception, on the network, 
>> occurring?
>> 
>> The scenario of the ISP hacking into all of its users' computers seems 
>> highly unlikely to me. And, you should have available - as an ISOC 
>> Chapter! - the services of someone knowledgeable in computer forensics
>to 
>> check your computer, as well as to set up a decoy where logs are kept of 
>> all activity, etc. to prove this hacking beyond any doubt.
>> 
>> What is less unlikely is that they have modified configurations in your 
>> (ADSL or other technology) modem. That would be a different story,
>though 
>> many of us would raise hell and call it "pharming" if it was an
>egregious 
>> enough redirection of the DNS calls.
>> 
>> Beyond that: other than in closed networks, like a hotel's, no-one
>should 
>> stand between you and the DNS. But then, no-one should stand between you 
>> and the Internet... unless you have accepted it in the small print of
>your 
>> contract with your ISP (Arnoud: this applies to your response as well.)
>> 
>> Yours,
>> 
>> Alejandro Pisanty
>> 
>> 
>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .  .
> .
>>       Dr. Alejandro Pisanty
>> UNAM, Av. Universidad 3000, 04510 Mexico DF Mexico
>> 
>> Tels. +52-(1)-55-5105-6044, +52-(1)-55-5418-3732
>> 
>> *Mi blog/My blog: http://pisanty.blogspot.com
>> *LinkedIn profile: http://www.linkedin.com/in/pisanty
>> *Unete al grupo UNAM en LinkedIn,
>http://www.linkedin.com/e/gis/22285/4A106C0C8614
>> 
>> ---->> Unete a ISOC Mexico, http://www.isoc.org
>>   Participa en ICANN, http://www.icann.org
>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 
>.  .
>> 
>> 
>> On Mon, 21 Jul 2008, Sivasubramanian Muthusamy wrote:
>> 
>>> Date: Mon, 21 Jul 2008 21:31:11 +0530
>>> From: Sivasubramanian Muthusamy <isolatedn at gmail.com>
>>> To: Gilles Massen <gilles at isoc.lu>
>>> Cc: chapter-delegates at elists.isoc.org,
>>>     Patrick Vande Walle <patrick at vande-walle.eu>
>>> Subject: Re: [Chapter-delegates] Canadian ISP Rogers violates net
>neutrality
>>>     	by hijacking failed DNS lookups
>>>
>>> Hello Alejandro,
>>>
>>> 1.  I followed the original link and from there tried to go to
>>> http://www.digitalhome.ca/forum/forumdisplay.php?f=28 or to page
>>> http://www.digitalhome.ca/forum. Both pages returned a 403 error.
>>>
>>> 2.  My ISP is Bharti AIRTEL,  I have noticed a more serious issue of a
>>> possible backdoor intrusion by the ISP, which is a possible breach of
>>> consumer privacy. This ISP - Airtel Broadband  is evidently in a
>position to
>>> control the browser in MY COMPUTER to take over my browser to redirect
>any
>>> URL to an Airtel page that says you are temporarily disconnected ( The
>ISP's
>>> tolerance for late payments even for long standing subscribers is not
>even a
>>> day past the due date, which is sometimes missed )
>>>
>>> I have asked them in several repeated email messages
>>>
>>> a) How did you get into my computer to override my browser home page
>>> settings ?
>>> b) What gives you the right to do that ?
>>> c) If you can do as much of a hack in all customer computers as to
>>> override the browser settings and ensure that any address typed in the
>>> address bar takes the browser to
>>> http://203.145.184.29/cgi-bin/airtel/frontpage.pl, what else couldn't
>>> you have done ?
>>>
>>> This issue was raised in several repeated email messages, routinely
>>> acknowledged but was conveniently left unanswered. In India Consumer
>Forums
>>> are grossly inadequate and largely controlled or influenced by the
>>> Industrial groups; Consumer legislation, the judicial process are
>>> inadequate, so these large companies simply brush aside any
>communication
>>> that questions their ways of working
>>>
>>> Sivasubramanian M.
>>>
>>>
>>>
>>> On Mon, Jul 21, 2008 at 7:05 PM, Gilles Massen <gilles at isoc.lu> wrote:
>>>
>>>> Alejandro, Patrick, et al,
>>>>
>>>> There are more and more ISPs that tweak their DNS servers to return an
>IP
>>>> address when they should return that a name does not exist. Rogers is
>only
>>>> the last on a growing list.
>>>>
>>>> Personally, I'd never accept that behaviour from my ISP, I'd either
>change
>>>> or
>>>> work around it (with services like OpenDNS, where you can at least
>opt-out
>>>> from such an 'enhanced user experience').
>>>>
>>>> Verisign was the same idea on another level, and you could not easily
>work
>>>> around it, so I'm quite happy that that's gone.
>>>>
>>>> But let's face it: net neutrality is slowly disappearing...be it by
>>>> changing
>>>> the content of DNS replies, or by treating P2P traffic differently. To
>>>> many 'optimisations' do simply that: manipulate what's on the wire.
>>>>
>>>> Best,
>>>> Gilles
>>>>
>>>>
>>>>
>>>>
>>>> On Monday 21 July 2008 01:54, Alejandro Pisanty wrote:
>>>>> Patrick,
>>>>>
>>>>> reminds me of the spat on wildcards with Verisign some years ago.
>Quoting
>>>>> it could be a good precedent Rogers clients may want to use. Rogers
>may
>>>>> not want to get into a similar mess.
>>>>>
>>>>> Yours,
>>>>>
>>>>> Alejandro Pisanty
>>>>>
>>>>>
>>>>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .
> .
>>>>  .
>>>>>       Dr. Alejandro Pisanty
>>>>> UNAM, Av. Universidad 3000, 04510 Mexico DF Mexico
>>>>>
>>>>> Tels. +52-(1)-55-5105-6044, +52-(1)-55-5418-3732
>>>>>
>>>>> *Mi blog/My blog: http://pisanty.blogspot.com
>>>>> *LinkedIn profile: http://www.linkedin.com/in/pisanty
>>>>> *Unete al grupo UNAM en LinkedIn,
>>>>> http://www.linkedin.com/e/gis/22285/4A106C0C8614
>>>>>
>>>>> ---->> Unete a ISOC Mexico, http://www.isoc.org
>>>>>   Participa en ICANN, http://www.icann.org
>>>>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 
>.  .
>>>>> .
>>>>>
>>>>> On Sun, 20 Jul 2008, Patrick Vande Walle wrote:
>>>>>> Date: Sun, 20 Jul 2008 21:57:11 +0200
>>>>>> From: Patrick Vande Walle <patrick at vande-walle.eu>
>>>>>> To: isoc Chapter Delegates <chapter-delegates at elists.isoc.org>,
>>>>>>     ISOC Extended Board <isoc-ext-board at elists.isoc.org>
>>>>>> Subject: [Isoc-ext-board] Canadian ISP Rogers violates net neutrality
>>>> by
>>>>>>     hijacking failed DNS lookups
>>>>>>
>>>>>> http://www.digitalhome.ca/content/view/2689/206/
>>>>>>
>>>>>> In what appears to be a violation of Net Neutrality by Rogers Cable,
>>>>>> Digital Home readers are reporting that Rogers High Speed Internet
>>>>>> service has begun redirecting customers "Server not found pages" to
>>>>>> webpages laden with Rogers advertising.
>>>>>>
>>>>>> See original link for more details and screenshots.
>>>>>>
>>>>>> --
>>>>>> Patrick Vande Walle
>>>>
>>>> _______________________________________________
>>>> Chapter-delegates mailing list
>>>> Chapter-delegates at elists.isoc.org
>>>> http://elists.isoc.org/mailman/listinfo/chapter-delegates
>>>>
>>>
>>>
>>> -- 
>>> http://www.linkedin.com/in/sivasubramanianmuthusamy
>>>
>> 
>> _______________________________________________
>> Chapter-delegates mailing list
>> Chapter-delegates at elists.isoc.org
>> http://elists.isoc.org/mailman/listinfo/chapter-delegates
>> 
>
>_______________________________________________
>Chapter-delegates mailing list
>Chapter-delegates at elists.isoc.org
>http://elists.isoc.org/mailman/listinfo/chapter-delegates

More information about the Chapter-delegates mailing list