Shared publicly  - 
 
More than ten U.S. Internet Service Providers (ISPs) have apparently been caught hijacking search sessions. Crazy:
"When the user initiates searches for specific keywords from the browser's URL bar or search bar, the proxy no longer relays the query to the intended search engine, but instead redirects the browser's request through affiliate networks, as the equivalent of a click on advertisements."

More info at http://www.newscientist.com/article/dn20768-us-internet-providers-hijacking-users-search-queries.html

Added: To protect yourself against this, you can search Google via SSL search at https://encrypted.google.com . It might also help to change your DNS provider. Google has a Public DNS service: http://code.google.com/speed/public-dns/ and OpenDNS has one too.
211
202
navjot singh's profile photoMarlo Mitchell's profile photoVince Pimentel (CASPER)'s profile photoKooFoo Domains's profile photo
106 comments
 
Dude! That just doesn't sit well.
 
Is that even legal? Isn't there some privacy law for things like that?
 
who the hell will you believe in this world?
 
Information integrity should be one of the great issues of our time. How do I ensure that the packets I ask for are the packets that get delivered?
AJ Kohn
+
1
2
1
 
Those aren't the smallest of providers either. Nobody national that I can tell but some decent regional ones.
 
And who's liable if there's malware on the site they are directed to?
 
Surprised it's only 10 they found.
 
the problem is that they have so much MONEY that they can just buy their way out of trouble.......Its called being above the LAW.....sad but so true
 
This is absolutely outrageous behaviour. I hope customers of these ISPs walk with their feet and let them know in this day and age it isn't to be tolerated.
 
WOW! they have stooped to lowest level now.
 
I use charter and thought I noticed things before that seemed rather... fishy.
 
TWC was doing it.. .dunno if they still are. Just on typos alone...the opt-out didn't work either.
 
If any of us posting get caught doing the same CRIME we would be in jail for it....lol
 
time to start encrypting the search queries??? (actual keys need to vary so they dont simply look for the encrypted strings)
 
Is this new? I thought they had been doing this for a couple years now.
 
shocked to see comcast isn't on the list.
 
Shouldn't SSL avoid this?
 
There is no such thing as privacy on the internet abd this only proves that fact. Regardless of who it is ISP, FBI, or your family... when you put information out there, you can't get it back. Think before you act.
 
they will figure out a way to put it under the rug just like the national DEBT.....
 
saw a similar thing last night at a friend's house. Trying to google what I knew was an error but expected to find the correction. instead I saw the ISP's "helpful" page that told me what I already knew. First advice to said friend, get off the incumbent ISP and go with the indie ISP. Legal or not is not my concern, I don't tolerate such things and is an instant reason to switch, no questions asked and no apologies accepted.
 
This has happened to me many times when searching on Chrome/Google in my apartment. Very frustrating.
 
Perfect reason to change your outbound network DNS to either OpenDNS 208.67.220.220 & 222.222 or Google DNS 8.8.8.8 or 8.8.4.4.
Problem solved.
 
Bad for SEO's almost makes me think it's a good thing.
 
Thank you +***** as an in house little seo i feel powerless. Do everything white hat and customer oriented and still get put in the back of the bus. Time to write my congressman/woman. I don't really feel that more regulation is the answer but I do want to cry foul to someone!
 
There's some very interesting perspectives in this...
ISPs could theoretically hijack all your Internet activities and only show you ads they wanted you to see...
 
i fell victim to this roughly 2-3 weeks ago using google search & it was annoyin as heck...gave me the impression google was behind it, so i used other search engines(which solved the prob by the way)--now i know..thanks
 
I sincerely hope it's not a common practice around the globe..
 
Big deal - how about Google owned Blogspot keeping stolen content up and serving Adsense ads for months - despite numerous attempts to have stolen content removed. Google was built on content theft and copyright violations
 
This should be illegal as is, under existing law. "Interception of communications" -- isn't this FCC territory?
 
Name and shame: "Major users of the Paxfire system include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN, and Wide Open West. Charter also used Paxfire in the past, but appears to have discontinued this practice."
 
This is one of those things where it really effects non-tech folk. I haven't used an ISP DNS server for yonks.
 
+J.C. Kendall , +Dan Cummings Nope - using Google DNS or OpenDNS won't prevent this from happening. You'd need either signed DNS responses and an OS that supports these extensions or IPv6 using header verification.
 
There is always got to be someone messing with something honesty is a tough way to live in this world, Karma is a powerful thing though. Thanks for all the info.
 
Just another reason why network neutrality should be carefully guarded.
 
+David Ashwood do you have any more details on this. Not sure I understand why it wouldn't work (G DNS, OpenDNS)
 
Yep - higher protocols would be one way around it +John Singler - you could probably get away without changing your DNS and https for searches.

Although you'd still have an issue if you use the ISP config tools. They could tweak the search prefs for browsers to send you via the ISP and you wouldn't know unless you regularly checked the padlock in the browser.

+Matt Cutts gDNS/OpenDNS won't protect you much on it's own - an ISP could easily config their boxes to handle this traffic and you wouldn't know - without use of the integrity controls in the DNS protocol or with the use of IPv6.
 
and people wounder why I have my own DNS server for the house...
 
Is anyone going to stop these guys, in the form of legal action? It seems like the major search providers (like Google) could easily quantify damages. I'm not a fan of frivolous lawsuits but if it stops a douche-bag, I'm all for it!
 
+Tarandeep Singh That wouldn't help if you used a welcome CD from a "bad" isp.

+Elliot Tucker When there's a DNS request - the request goes down the networking stack on your computer. The stack turns the DNS provider friendly name into an IP address if needed and then sends out a packet on the network to the IP address with the request. The packet initially starts in the network provided by the ISP - they can decide to route the packet to the internet directly and it'll hit the gDNS/openDNS server. They could however route the packet to their own servers - and do their own special thing with it.

Without using the security integrity extensions of DNS or using header integrity (of the network packed) - you would never know.
 
I've been using the Google Public DNS for at least two years. I knew there was a good reason other than speed.
 
The DNS Security extensions help - but require the OS to have a network stack that understands and uses it. It's a good short term "quick fix" but it's also a false economy - because next week/month/year - there will be another way that ISP's/service can abuse consumers.

IPv6 helps solve a lot of these problems - across the board - rather than with one specific network service.
 
When people type the URL for google dictionary, it only show "Google Dictionary is no longer available." I also feel it is crazy.
 
This is so common it's unreal, and especially frustrating when you're dealing with audience that is still a bit technophobic. it's all too easy to get caught up with the tech adopters and say"here's how to get around this" but what about the crowd who still don't get the internet - they're the ones really suffering from these hijacks. This behavior should be banned.
 
wow! I cannot believe the lengths that companies will go to in the name of revenues - thank goodness my ISP is not listed on the article
 
Very cruel, give us the internet back!
 
+Dustin Bursley ISPs can keep you on their DNS servers easily. they can intercept your dns queries and force them to go to their dns servers. I do that in my house so I don't have to configure it. It is surprisingly easy to do if you know how to configure an enterprise router.
 
+Elliot Tucker There's a number of ways they can slip into what's happening Elliot - but essentially the flow is:

User says go to www.google.com
Computer asks itself who is this mysterious www.google.com
Computer says, DNS Buddy - can you turn the name into an IP address?
DNS (on your machine) asks DNS servers (on the internet) for a translation of the name to an IP address using the network
The network is in the hands of the ISP - so they steal the packet, sending it to their own servers where they perform dark & mysterious things on it using black magic, bluetac and the twisted shapes of half melted barbies
The response comes back, all twisted and nasty (by returning apple.com)
 
+Allen St. John Doesn't really solve anything as you have forwarder addresses in your DNS that resolve what your internal DNS can't. Your ISP can intercept these requests. Unless I am missing something.
 
Next they will man-in-the-middle your login info for email, social media, etc and post ads in your name. We've already seen companies use private photos without permission to advertise products in China.
 
Man in the middle is harder Manny - they're higher level protocols that are easy to protect (and most do) with SSL
 
I would hope that Google would cancel their Adsense accounts at the least.. assuming they use Adsense anywhere, of course.
 
The hosts file won't do anything to protect you. It just provides a shortcut to name -> IP address.

Changing your DNS server won't do anything to protect you either - unless the dns provider is using the DNS security extensions or you and the DNS provider are using IPv6 with header integrity.

Using https is the only thing that would help - but only if you haven't installed a "helper" cd from the ISP to config your computer AND you check for a valid cert when using https.

By a valid cert - you have to check the name is valid - and not one of the easy variations - ie gogle.com
 
+David Ashwood - good tips and to summarize, if you can't trust your ISP, best to go elsewhere. It's like trying to hide from your cat when he's claw-deep onto your head.
 
Yep - Exactly Robert.

It would be nice for one of the big companies (nudge, nudge Google) to setup an IPv6 tunnel/endpoint - which would help bypass this (and many other issues). Users could then run IPv6 over normal IP to the endpoint and surf safe.
 
Yep - A VPN is a solution - it doesn't tolerate man-in-the-middle easily. :)
 
They can't insert themselves into the cert chain without breaking it or without Google signing the ISP's cert.

They can impersonate Google - hence the common misnames that people can put into the url.
 
Please someone tell me how to stop Comcast from hijacking my mistyped domain names.
 
Is there a way to turn on https:// for ALL google services by default? Gmail and Plus are, but what about Reader, etc.?
 
While I do use Google's DNS, I would much rather see Chrome wide SSL.
 
There's a cost with running SSL on the server you're connecting to - and there's also an overhead on the network (latency). It helps with some problems - but doesn't solve a vast majority of issues.
 
This was clearly the next step after hijacking DNS requests for non-existing domains.
 
This happens to me all the time and is totally annoying. It slows you down and they try to get you to click on one of their ads. Where I live it's Time Warner doing this. 
 
Is this behavior legal?
 
+John Singler : true they could be redirecting root DNS servers but would they really be that stupid? ... oh wait... nm. but are the root DNS servers using DNSSEC now? if so wouldn't that just break DNS if they tried to redirect it?
 
Isn't that against some FTC regulation?
 
Hope they stop this - man in the middle meddling, soon.
 
Interesting. Given the uproar over Phorm I think this would be illegal in the UK.
 
How do you update the settings in Chrome to use the encrypted Google search?
 
Astounding. Time to make https the default for everything. Why doesn't https://google.com forward to https://encrypted.google.com I wonder.

Last year, the AT&T rep on the World Wide Web Consortium's Device API and Policy working group was opposed to my proposal to enhance the network device API to measure network neutrality, including DNS fidelity. They convinced one of the co-chairs to go along with them: http://lists.w3.org/Archives/Public/public-device-apis/2010Jul/0020.html And they convinced the Working Group technical lead to go along with them too: http://lists.w3.org/Archives/Public/public-device-apis/2010Sep/0102.html Who is Google's W3C Advisory Board rep? (My W3C membership credentials don't let me view http://www.w3.org/Member/Board/ for some reason.) Would they be willing to support this? I think a little javascript API standardization could go a lot further than the FTC at this point, and kill two birds with one stone since the mobile carriers have recently started playing games with their "unlimited" bandwidth plans.
 
Hi Matt, Sorry for contacting you through Google+. I am still trying to figure it out. First off I want to say THANK YOU for panda. I think panda is helping the people that deserve help. Second, I would love to have you as a guest on my radio show, The American Perspective to discuss success and mentors. JP
 
I'm "The British Matt Cutts" I'll come on your show, on radio I come across as a sort of Piers Morgan Meets Commander Data.
 
I noticed this with Cablevision in New York. I complained about it and went through a bunch of hoops to disable it.
 
I had a similar case with KabelDeutschland (Cable Germany):

Whenever a URL had a typo, which should have led to an error message, they redirected that to a US web server address.

My solution was to change the DNS.

Isn't it time that all Internet communications becomes encrypted, including E-Mail, URLs and DNS?
 
Comcast does it too. But I found the settings that disable the "domain helper". Perhaps the other ISPs have similar settings.
Add a comment...