A little donnybrook is brewing over a test by Rogers Communication to insert its own messages on top of Google's web page. Lauren Weinstein, a tech consultant and Internet activist, rang an alarm bell on his blog over this practice, worrying about whether this is a form of spying and web traffic modification on the part of Canada's largest ISP.
Later, in an interview, Weinstein argued that this is a classic example of why we need net neutrality. Net neutrality is "not just making sure that data is handled in a competitive and non-discriminatory manner, but it's also that the data that's sent is the data that you get." Well, not quite.
As Mathew Ingram points out, this has very little to do with net neutrality. Lots of web sites insert annoying messages without our permission and at least Rogers provides a way for customers to opt out of what it calls its Internet Subscriber Notification System.
A similar but far more annoying tactic by Verizon in the U.S., however, comes a little closer to raising net neutrality hackles. When its Internet customers mistype URLs, Verizon automatically reroutes them to its own co-branded Yahoo-search engine (click on picture for screen shot), which is a lousy substitute for what I used to get -- a page of search results from Google.
Opting out of this hijacking system isn't the easiest thing in the world, although Verizon does offer a link for doing so. The problem is, the link jumps to a page that doesn't allow a one-click opt-out. This page explains that you can opt out of "DNS assistance" by changing the DNS settings in the router or modem or in your operating system (which Verizon doesn't recommend.)
The process for changing the DNS settings, while not beyond me, is time-consuming and I've always put it off. If Verizon somehow managed to establish DNS settings that reroutes me to its default search engine, why can't it give me the option to automatically undo what it did? (I might be betraying my technical illiteracy here, but I'm not even sure how it was that I used to get Google search results before I became a Verizon FiOS subscriber. Did Comcast, my previous ISP, reroute me to Google in much the same manner that Verizon is rerouting me to Yahoo!?)
So, to the folks in Canada who are upset by Rogers splicing into Google with its own messages, I say: It could be worse. You might get rerouted to Yahoo!'s search engine when you mistype URLs.
Cynthia Brumfield at 9:15 AM|Comments(3)
I hate to start using the often-repeated cliche of slippery slopes, but I believe there has been a misunderstanding here.
If you follow the successive blog posts made by Lauren Weinstein, Rogers-Yahoo is using a product called "In-browser Marketing" made by PerfTech.
http://lauren.vortex.com/archive/000337.html
And if you go to the official site of PerfTech, you will not find the original language used to describe its service -- it's been changed and toned down repeatedly since then.
http://www.perftech.com/
But after browsing their site just a little, I don't think it takes a paranoid personality to believe that "system notifications" (or even "amber alerts") may not be their real purpose here.
Furthermore, I don't think that you should automatically assume that the opt-out link will work as intended. The opt-out option didn't really work for your verizon 404 pages, why do you think it would work for Rogers Yahoo? Plus some web advertisements already obscure entire web pages for specific periods of time. What makes you think that this kind of "In-browser Marketing" won't take more browser space with each passing day?
Now this is not to say that your original point about 404 hijacking isn't valid. It is.
It's just that now, journalists and other bloggers are linking to your article as somekind of proof, that you're taking Rogers Yahoo side on this issue and that you don't think this issue relates to Net Neutrality. So my question is, when will this become a Net Neutrality issue for you? Does the advertisement have to take half the screen? Three-quarters? Does the advertisement have to be completely devoid of any value to the user? How will you know when this point has been reached? And last but not least, what makes Rogers Yahoo a more trusted company than Verizon? Its customer reviews on DSLReports.org certainly don't seem to indicate so.
Posted by: Stephan Branczyk at February 14, 2008 5:57 AM
It is worse. In the DNS game, they are simply using the protocol, as designed to return a specific result instead of an error response. Problematic? Yes. Causes trouble with debugging setups? Yes. However, Rogers is going to silently either (a) HTTP proxy (squid-style) or (b) Application Gateway my HTTP requests through a middleman and modify the CONTENT of the TCP stream on the fly.
This is much more hideous and a larger threat. It means you can no longer trust the otherwise reasonable looking content.
All unsecured internet protocols (DNS, HTTP, IMAP, etc) suffer from potential abuses like these, the answer lies in the end-to-end design principles of the internet and liberal application of encryption OR message authentication mechanisms to ensure that your data arrives intact.
Modifying sessions like this is really quite horrid and soundly against the one of the CORE principles of the internet.
The internet only just works, it has become fragile and is threatened as we start to abuse the designs upon which it is built. M. Handley has an excellent paper discussing this, published in the BT Journal of technology.
Raise the alarm bells, all these abuses of the internet technology need to be prevented through better deployment of resistant technologies.
Posted by: Alan H. at December 13, 2007 5:41 PM
I think you're missing the point with Rogers. Imagine I provide an Internet service that is paid for via webpage advertisement. What if a company decided to modify the webpage I send to you to replace my ad with their ad?
If I cannot guarantee ad placements on the webpages I serve, my advertising revenue will dry up. Even worse, the ISP is taking advantage of my webpage's popularity to sell its own ads.
At least Verizon isn't stealing revenue when you type in a non-existent page.
Posted by: David W. at December 11, 2007 10:02 PM
Blogs We Read
