Slashdot Log In
ISPs Inserting Ads Into Your Pages
Posted by
CmdrTaco
on Sat Jun 23, 2007 08:19 AM
from the now-thats-just-slimey dept.
from the now-thats-just-slimey dept.
TheWoozle writes "Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content providers nor the end-users have been notified that this is taking place, and I'm sure that they weren't asked for permission either."
Related Stories
[+]
Tool Detects "In-Flight" Webpage Alterations 197 comments
TheWoozle writes "In a follow-up to a recent story about ISPs inserting ads into web pages, the University of Washington security and privacy research group has teamed with the International Computer Science Institute (ICSI) to develop an online tool to help you identify if your ISP is inserting ads or otherwise modifying the web pages you request."
This discussion has been archived.
No new comments can be posted.
ISPs Inserting Ads Into Your Pages
|
Log In/Create an Account
| Top
| 434 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Suprise! (Score:5, Funny)
Oh wait, we do... crap.
Re:Suprise! (Score:5, Insightful)
(http://www.artefaqs.com/)
Things used to be much worse. Advertisers would have their logos splashed all over TV shows and movies. On TV news they would be on the anchor desks, in the backgrounds, even on the clothes the anchors would wear.
There's a great exhibit in the Old Louisiana State Capitol [glasssteelandstone.com] that is an old TV news set from the 50's. The news was called something like "The Esso Seven O'Clock News" and there's a big Esso logo on the front of the desk, and I think one on the microphone as well as other places.
Quite an eye-opener. At least modern product placement is subtle. I think we're just getting more sensitive to it.
Re:Suprise! (Score:5, Funny)
Re:Suprise! (Score:5, Funny)
So, slashdot, why are you running 50 ads at the top of every page? I thought when I subscribed I wouldn't have to see these anymore, but since you don't have a friendly guy I can call to talk to about it, I'll have to assume you're trying to screw me over here.
Re:Suprise! (Score:5, Funny)
(http://www.vhemt.org/)
Re:Suprise! (Score:5, Insightful)
Actually, I'm more pissed as a content provider then I am as a consumer. How dare they! If I wanted advertising on my content, I'd put it there, and get paid for it. For me, this is totally stealing from content providers and not just annoying to consumers. I mean, isn't that like making money off of other peoples content? Wouldn't that be more like a telephone company forcing you to listen to an add before you place or receive a call? Imagine....
Phone rings and you pick up....
(You) - Hello? (Automated Hell) - Hello, this is A-T-And T, we have a call for you, but first, we'd like you to enjoy a message from our sponsors...
(You) - Click!
Fuck that! Stealing content...bullshit.
Re:Suprise! (Score:5, Interesting)
Everyone, immediately call a lawyer and run away from any ISP that does this. You have been warned.
Re:Suprise! (Score:5, Insightful)
(Last Journal: Friday June 15, @08:57PM)
Clearly you're not familiar with CALEA. They not only log your traffic, they store all the packets so the courts can request them later.
Um, how? Even a 10Mbit pipe is 108GB / day. So how much bandwidth does a typical ISP use, and where do they get enough storage to remember it all?
Re:Suprise! (Score:4, Funny)
(http://www.brainbenc...ript.jsp?pid=5584398)
DNS hijacking does allow defeat of SSL (Score:4, Insightful)
(http://www.whiteboxlinux.org/)
Give this man a cookie, or at least a mod point.
Once they manage to get your browser loaded up with a CA they control it is game over. Imagine, you type www.chase.com into your browser. Remember, THEY also operate your DNS. They resolve www.chase.com to an address they control and generate a certificate linking www.chase.com to that IP. Meanwhile their proxy server connects to the real https://www.chase.com/ [chase.com] and retrieves the homepage. Then their faked out server reencrypts the content and their inserted ad and sends it on to your browser which displays it with the lock intact.
This is what the various secure DNS proposals are intended to address. DNS hijacking allows almost any abuse in the higher layers.
Re:Suprise! (Score:5, Interesting)
I am almost always against laws (which are often worse than the ill they are trying to right), but it seems to me that there ought to be some sort of regulation that requires ISPs (since they are mostly effectively monopolies) to offer a transparent pipe for those who want to avoid all their obnoxious practices.
Re:Suprise! (Score:4, Interesting)
(Last Journal: Monday October 29, @09:37AM)
Re:Suprise! (Score:5, Insightful)
What GeoCities does is OK. The content provider has to agree.
What some ISPs do in return for free internet is OK too (add popups or whatever) - at least that what used to happen. In this case customers KNOW that the popups are from the ISP. But popups *must* be separate from the webpage, not in it.
But if you come along and *insert* ads on my pages and thus benefit from my work, I have no choice but to sue. That is copyright violation. Period. They are costing the content provider money.
Re:Suprise! (Score:5, Informative)
This isn't like creating a derivative work, it is creating a derivative work. They're even profiting from it, as they're selling the ad space thus created.
What about code validation? (Score:5, Interesting)
(http://www.throup.org.uk/)
Re:What about code validation? (Score:5, Interesting)
Re:What about code validation? (Score:4, Informative)
Re:What about code validation? (Score:5, Insightful)
Unfortunately, Internet Explorer is also oblivious to XHTML 1.1's existence, which means you'll be turning away the majority of your visitors (assuming typical demographics).
On the one hand... (Score:4, Insightful)
(Last Journal: Tuesday June 19, @07:48AM)
And on the third hand... isn't this going to break a whole bunch of websites? I'm having a hard time imagining how they could do it without major side effects.
(* I'd be wanting to stuff a few ads up their HTTP stream, I can tell you)
Re:On the one hand... (Score:5, Funny)
And on the third hand... isn't this going to break a whole bunch of websites? I'm having a hard time imagining how they could do it without major side effects.
Don't worry, I'm sure it's been thoroughly tested with Internet Explorer.
Re:On the one hand... (Score:5, Insightful)
(http://www.sosdg.org/)
Why? Profit. It's a great motive.
I've seen this at least a year ago (Score:3, Interesting)
(http://wtanaka.com/ | Last Journal: Wednesday December 06 2006, @06:02AM)
It was especially annoying when the ad insertion code didn't quite work right and caused web pages to break.
I've known about this for a while... (Score:5, Informative)
(http://www.saintaardvarkthecarpeted.com/blog | Last Journal: Monday March 05 2007, @11:58PM)
When I worked at the helpdesk of a small ISP [dowco.com], we were approached by this company [adzilla.com] to see if we were interested in letting them test their ad-inserting proxy server on our customers. I protested that it was scummy and might lead to legal trouble (I was guessing) over changing pages in-flight, but my bosses didn't listen. That was back in 2002 or 2003, and I left shortly after to take another job. No idea what's going on there now.
I'm moving to a new ISP [uniserve.com] since my current one [www.shaw.ca] has started blocking port 25 in and out. I run my own mail server, so I appreciate that Uniserve's TOS [uniserve.com] explicitly allow servers (clause #19). However, they also explicitly say that they insert ads:
Needless to say I'm not happy about that, but in Vancouver my choices are limited: Telus (who'll censor web pages [thetyee.ca] if they belong to a union striking against them), Shaw, or a handful of small ADSL ISPs that all seem to be much the same. Uniserve seems the best of a bad bunch.
Re:I've known about this for a while... (Score:5, Insightful)
(http://www.infamous.net/)
As a content provider, I didn't give them any licence to create derivative works. Creating versions of my pages with ads, is clearly creation of a derivative work.
But of course, it's much more important for copyright law to prevent me from copying a CD for a friend, then to prevent some large ISP from violating my moral rights [wikipedia.org] by whoring out my content.
Re:I've known about this for a while... (Score:4, Informative)
Belkin sucks! (Score:5, Interesting)
They later issued a new firmware that disabled this. But not before I had issued them a "fuck off" feedback. I have never bought another belkin product since and I strongly urge no-one else to do so either. Fuck them.
Links to Belkins suckiness (Re:Belkin sucks! ) (Score:5, Informative)
Yes I know their hardware sucks for other reasons also.
Opt Out Link (Score:5, Informative)
(http://www.miamobi.com/ | Last Journal: Monday October 22, @01:35PM)
I think their behavior with this product is reprehensible. Pass the link on to anyone you know who is affected and encourage them to call their ISP and complain every day until it's removed. If all their call center does is get complaints, they'll reconsider whether it's making them any money.
ISP comparisons need to note this (Score:2)
(http://www.phcomp.co.uk/)
Hit them where it hurts: right where people are deciding which ISP to go with.
Re:ISP comparisons need to note this (Score:4, Informative)
Hit them where it hurts: right where people are deciding which ISP to go with.
That only works if there is actual competition. In most large cities, customers have only two choices. They can go with cable modem service from Some Big Cable Company or DSL service from Some Big Telecom Company. Both usually suck. People living in smaller communities often have no choice at all.
Re:ISP comparisons need to note this (Score:4, Insightful)
(http://www.phcomp.co.uk/)
I may not often agree with Gordon Brown: but him objecting to Sarkozy's attempt to remove 'competition' as a basic tenet of the EU was 100% correct. Protectionism, in the long term, hurts all consumers.
Block the ads? (Score:1)
Support Costs (Score:2)
Data corruption (Score:4, Interesting)
If this continues then someone can write a plugin for Firefox to stop the adverts.
Time to rebuild the freenets. (Score:3, Interesting)
What about freenetworks.org [freenetworks.org]? Are Wifi Coops [wificoop.org] any good? Any others?
Copyright Bonanza (Score:5, Insightful)
(http://slashdot.org/~Doc%20Ruby/journal | Last Journal: Thursday March 31 2005, @01:48PM)
If my ISP copies it for any other purpose, like inserting ads, or copies it into (or as) some other context, like an ad page, it's violating my copyright.
Every copyright violation - every page - makes them liable for a fine. That can really stack up, and costs a lot more than each page view generates in ad revenue.
Unless I've signed away my copyright in some contract with the ISP. Which I personally haven't. Nor should you.
If you have retained your copyright, and your ISP violates it, you should look forward to them handing over their business ownership to pay the damages. Email your lawyer from your other account and get the ball rolling. Why should corporate copyright holders have all the fun?
How to take advantage of this (Score:5, Interesting)
(http://www.idahoev.com/)
1) Generate a unique id for every webpage transmitted. php's uniq() function would be fine. Embed it in the page.
2) Generate a checksum before transmitting the page. Save the id and the checksum, perhaps in a mysql database, when transmitting the page.
3) Embed a javascript that can compute the checksum of the document at the user's end. Have it transmit the checksum back to the server.
4) If the checksum doesn't match, have the javascript transmit the content of the page and it's headers, and perhaps even a traceroute, back to the server.
5) Server stores all of the above in a "pages corrupted in transmission" log.
Log analysis should then give you a list of ISPs who have consistently corrupted your pages, details on what they inserted, and documented # of violations with date and time. You can take this documentation to the court and say "Look! Earthlink/Megapath/AT&T/Whoever has illegally copied my website to market their own advertisements 12,432 times in the last year!". Demand remuneration.
6) Profit!
7) Reduce ISP's willingness to fsck with other people's content and thereby make the world a better place.
8) (Optionally) Have your own javascript strip their ad and/or put a banner at the top that notes "Your ISP has attempted to illegally insert their own advertising into our website, thereby making money off you and me without either of our permission. We strongly suggest you switch internet service providers." -- try to get user pressure on the ISP.
I'm about to head out on a 10-day vacation. When I get back, if one of y'all hasn't written this yet I'll start on it myself.
Re:How to take advantage of this (Score:4, Informative)
(http://slashdot.org/ | Last Journal: Tuesday August 29 2006, @06:44PM)
Of course, I also have Noscript, so I'd not even register in your scheme.
Copyright infringement (Score:4, Interesting)
Phone service providers are doing this too (Score:5, Funny)
There should be legal questions (Score:4, Insightful)
(http://slashdot.org/)
Content providers who earn income from their own web activity should be among the first to file suit against these ISPs. I imagine network TV companies would be VERY offended if advertisments were inserted over, in or around their own presented material and web based business should be expected to have the same offense taken.
Smells to me... (Score:4, Interesting)
(http://slashdot.org/)
Distribution is an exclusive right of the copyright holder.
That they change the content means all paragraph 512 limitations are out the window.
The fair use test (commercial, creative work, almost whole work (all the non-ad content), kills ad revenue) is a 0-4 slam dunk against.
So tell me exactly, what's protecting the ISP from an "allofmp3" style lawsuit for a few trillion, since every web page is a $150,000 lawsuit in itself? Whoever in the legal department who approved this should be terrified.
Go Somewhere Else? (Score:3, Interesting)
(http://www.joel.co.uk/)
In these days of webmail and portable email addresses/domain names, why don't more people do this? It's still a buyer's market, and there's still lots of mom-and-pop ISPs who'll be glad of your business.
All the talk of 'taking legal action' smacks to me as being what's typically wrong with the entire attitude of everyone today. Compensation culture and all that - where there's blame there's a claim.
Don't just stand for it! (Score:3, Funny)
Failing that, exercise your GOD-GIVEN RIGHT to walk into the ISP's main offices with an automatic shotgun.
I figure that either way, you're not gonna be using that ISP any longer.
Fair play. (Score:3, Funny)
(http://www.digimark.net/)
Ah, but there is a weakness (Score:2)
The assumption of the ISP is that the ads are rated "G".
Simply buy ads from their service that will offend all their
users.
The amazing health and psychological benefits of abortion
ought to do it. And at the bottom: This ad brought to you
by your friendly neighborhood ISP.
I don't think.... (Score:1)
I'd sue, but the contract with my ISP waived that right.
Ads == harassment (Score:3, Interesting)
(http://web.lemuria.org/)
Alternatively, lift all restrictions on advertisement. Then we'd at least have nude girls and hardcore porn on every wall and window, instead of beer and washing powder.
Huge privacy concerns. (Score:1)
(http://www.openedsource.net/blog)
This isn't just about plugging a banner into a page surreptitiously.
Who Me? (Score:1)
Massive switch to https (Score:1)
(http://slashdot.org/~davidwr/journal/ | Last Journal: Friday November 09, @09:19PM)
Here is an how-to to help remove those ads (Score:1)
Use a proxy... (Score:2, Informative)
(http://chadjohnson.ath.cx/)
This happened to me 5 years ago (Score:2)
(http://www.schoenfeldt.com/)
Check for referral credit thievery too (Score:2)
A new business niche for ASPs? (Score:2)
Anonymity not in the sense of a cryptographically secure Cypherpunks remailer or a TOR network, but protection from snooping from the local ISP that people are forced to use. Traffic from an ASP can still be logged, but for some ad site to track a person's web viewing habits for marketing purposes, they would have to snarf logs from both the ASP, and the origin ISP.
There are a couple places which offer SSL based proxying via stunnel, and I'm pretty sure one can use stunnel with most existing SSL based web proxying services. This is probably the best bet for general Web use, as stunnel can be easily installed as a Windows service, configured, and forgotten about after configuring the Web browser to use it.
Of course, one can use a full pptp/l2tp VPN, but the advantage of stunnel based proxying is that one doesn't have to worry about their VPN being up to do basic web stuff.
There are ads on webpages? (Score:1)
(http://www.gamerslastwill.com/)
Illegal altering of my web pages (Score:2)
Where I live I have to put up a separate page (like in Germany) where I identify my company for being responsible for the content. Adding ads to my web page over which I have no control means that they have asserted control over my pages, and I can no longer exercise my responsibility for content. What if they serve a virus? What if they decide that porn pays better?
Nope - it would be court or police (unauthorised computer use) immediately. No BS, no delay and no mercy.
Having said that, I did notice on one system that I rarely get 404s now. Any unknown domain makes me end up at GoDaddy. Now, I don't have anything against GoDaddy but I prefer a 404 over crap ads, so I wonder where this came from. No matter, I'm about to nuke and rebuild my XP build anyway - I would just like to know where it came from.
BTW, there's also http://everythingisnt.com/hosts.html [everythingisnt.com] to suppress all the other crap whilst surfing normally. The failure messages are very instructive as you discover just who is handing your details off to advertisers..
sounds like alawsuit waiting to happen (Score:2)
(Last Journal: Saturday October 07 2006, @07:46PM)
I could also see a class action lawsuit against an ISP. If they are selling you 1.5Mbs, and not delivering that bandwidth and then injecting content that will slow your bandwidth even more, I'm sure some lawyer could come up with something about this.
All I have to say, is that this can't end good, but also, I think his could open the door for more need of filtering proxy/firewalls. Instead of just a netgear router/firewall, you would have a ad filtering proxy in there, that you could configure.
History ... (Score:1)
Given the price wars between ISPs, the fact that other providers are also doing this would be no surprise at all.
I don't believe this for one minute... (Score:1)
(Last Journal: Wednesday August 29, @03:43PM)
Remember "free" dial-up? (Score:2)
Kiddie Porn (Score:2)
Comcast inserts local ads on carried TV channels (Score:2)
(http://linuxhomepage.com/)
Comcast inserts local ads on TV channels. But at least they are permitted to do that with the channel producer's permission. In the case of national networks that are optional to carry, this might be part of the contact that have to get that channel carried (reduced rates the producer has to pay, or higher rates Comcast pays, depending on which channel). With over the air stations that they must carry, the station has to get part of that revenue to go along with it (which in theory helps pay the cost of station operation and program sources just like the station ads do). I see nothing wrong with it because the content provider gets some benefit (revenue or carriage) from it, as long as the program content itself is not covered up (which my local Comcast was doing accidentally for a week, once, due to some misprogrammed computer).
However, if the providers of content are not a party to this process, then I do see some serious legal issues, including copyright, with it.
We need to have more web sites make the switch to HTTPS and do redirects from their HTTP to go to their HTTPS sites.
im in ur pages (Score:1)
Pigs Can Fly (Score:1)
Names of ISPs doing this (Score:2)
(http://www.inetwork-plus.com/)
gator-isp.com
bonzai-isp-buddy.com
Experienced this (Score:1)
(http://dekaritae.nothingtrend.com/)
http://img528.imageshack.us/img528/5052/adzilaban
they use the law (Score:1)
Contact the Grateful Dead! (Score:2)
(http://xtifr.w.googlepages.com/home)
If these companies are injecting ads into sites containing the Grateful Dead's non-commercial material, then they are illegally profiting from the Grateful Dead's copyrighted works, and both the Grateful Dead organization and various site owners who are suddenly at risk (such as the Internet Archive [archive.org]) may have the basis for a lawsuit. (The Archive is non-profit, but fairly well funded.)
As a website owner.... (Score:2, Insightful)
But what really worries me is what else are they doing with this technology? Could they programmatically swap out my Adsense Publisher ID with theirs? Could they change the links on my homepage to point to their spam sites? Could they put words in my mouth e.g. my readers suddenly find me favorably reviewing "Male Enhancement" products on my homepage?
site has been added to the list. (Score:1)
(http://www.fanboy.co.nz/adblock/)
turn it off with this... (Score:1)
it bypasses your ISPs proxy.
In the long run.. (Score:2)
(http://www.biglumber.com/ | Last Journal: Tuesday September 18, @12:25PM)
..anything that encourages websites and users to start using https instead of http, is a good thing.
Adblock (Score:1)
Re:2nd level firehose? (Score:2, Offtopic)
(http://www.slashdot.org/ | Last Journal: Monday July 02, @07:37PM)
How did a crap story like this get onto the front page of slashdot?
Re:As this is coming from a hardware box (Score:2)
Are you an idiot or did you just fall off the turnip truck? You don't see MAC addresses unless you're on the same LAN.
That being said, is there any sort of signature by which content providers could identify requests from one of these poxy boxes and block or otherwise sabotage the unauthorized insertions?