ISP Is Bypassing Firefox's Location Bar Search

It was only a matter of time before ISPs began doing more than just redirecting failed DNS requests to their own pages. An anonymous reader writes "It looks like the largest ISP in Hong Kong has started bypassing search results from Firefox's location bar (which typically uses Google), forcing their own search provider (yp.com.hk) onto their users. ... Can an ISP just start re-directing search traffic at will?"

Sleezy

[nicolas.kassis]

This is as sleezy as it gets for an ISP. I hope firefox and google setup some sort of trusted cert and use HTTPS for the traffic from that bar. That might make it much harder for them to do men in the middle attacks of the sort. Google could sue the ISP for impersonation or something similar.

My ISP has been doing this for some time now

[the plant doctor]

I use a small, local telephone company for my DSL. They're reliable, not the fastest or the cheapest, but hey, it's pretty much a monopoly unless I want the cruddy cable service provider that is unreliable in their connectivity and just as expensive.

For six years now I've dealt with this. At work I just type a keyword and end up at the site I wanted. At home I do that by mistake and I get a page with an advertisement for something local saying the page couldn't be found.

Extremely annoying, but I don't have much choice as I don't want cable or their cruddy service, so I deal with it.

Re:Encryption

[Anonymous Coward]

It's obviously better with authentication, but even if you don't authenticate and they MitM you, you're costing them some resources. Best of all, a Man in the Middle might not know whether you have authentication or not. If you know the other guy's key id and the MitM thinks you don't, then you've just honeypotted them.

Re:Windstream, DSL US ISP is already doing this

[nweaver]

If you are a windstream customer, could you please run netalyzr (http://netalyzr.icsi.berkeley.edu) and send teh results URL to netalyzr-help@icsi.berkeley.edu?

I'd like to investigate this in further detail.

Re:Sure they can

[s73v3r]

I find it quite disgusting that an ISP can fuck with your traffic like this on an "opt-out" basis. If I send a search query to Google, then I wanted my search results from Google, dammit! If I wanted to use your shitty, 3rd rate search engine which gives you a kickback, I would have sent my search query to them. If they want to do something like this, it should be mandatory opt-in, and I should get a discount on my bill for using the provider which gives you a kickback.

China still has influence on Hong Kong

[sabt-pestnu]

For all that Hong Kong people may have the right to demonstrate, have a separate judiciary, there are still companies operating in Hong Kong that are being pressured to conform [washingtonpost.com] to mainland laws...

A Hong Kong Internet company, called TOM Online, announced it had stopped using Google's search mechanism. "TOM reiterated that as a Chinese company, we adhere to rules and regulations in China where we operate our businesses," the company's parent, Hong Kong-based TOM Group, said in a statement Tuesday.

Companies owned by people/companies subject to Chinese laws, or wishing to do business in China proper, will certainly have to make decisions based on the relations they want to keep with the Chinese government. I can well imagine employees of a HK company being denied visas based on the ire of some Chinese bureaucrat. Or Chinese citizens who own an obstreperous HK company getting harassed because of the behavior of that company.

https://duckduckgo.com/

[tofupup]

duckduckgo is amazing in my book - it
makes me feel warm and fuzzy inside.

I tried most of the major websites and no dice with https.

Here are few that do
https://www.blackle.com/
https://www.powerset.com/
https://www.leapfish.com/
https://www.a9.com/

honorable mention
https://www.vadlo.com/

and a mystery anyone know what's up with this
https://www.ask.com/
https://www.bing.com/

Re:time for end to end encryption

[GameboyRMH]

It's getting so bad now the only option might be to fork the Internet's infrastructure, in combination with universal encryption. Replace it with open WiFi/WiMAX wireless mesh networks that only connect to the "corporate Internet" via TOR routers or something similar. Then once the public wireless mesh is popular enough, companies like Google and Hulu will voluntarily tie into it directly to stay relevant. The hard parts would be:

- Replacing the IANA/ICANN. A democratic online community might be the best solution.
- Submarine/satellite links. A "community project" wouldn't have the capability to do anything on this scale. Using TOR-like traffic on the "corporate Internet" might be a good short-term option.

Eventually ISPs that attempt to control traffic (to the extent that even these measures aren't sufficient) would be put out of business, those that stop trying to control traffic might stay in business serving as a backbone to the community Internet.

If this all seems too idealistic, imagine it could work like torrents: Those who are selfish or malicious have their access restricted or even removed due to rules built into the protocol. The more you share the more you get.

The way I see it working in the Average Joe's house is like this:

They have their "local AP" for short-range connections that handles LAN traffic, just like how home wireless APs are used today. Traffic is freely allowed out but inward traffic is restricted in a NAT-like configuration (there is actually a standard for NAT-like security on ipv6, but I can't find the name of it now)

Then they have their "community AP" that connects to other community wireless nodes. This is the center of the home network and handles all aspects of connecting to the community mesh. It might be a long-range-only AP.

Then optionally, a "corporate Internet modem" much like the ADSL/cable modems used today. All traffic sent over this connection is either onion-routed or securely tunneled to another "community AP," and of course encrypted like everything else. Providing this connection gives the network better "karma" like the seed ratios on Bittorrent, and therefore gives their network better access to other networks.

If the technology becomes available I'd be more surprised if this didn't happen. If a DD-WRT like system becomes available with "community Internet support," people will start reflashing their equipment so they can share warez, host services the ISP doesn't allow, etc. Then businesses will get on board for the security and redundancy (and maybe speed - going via "commu-net" to another location might be faster than a "corp-net" connection and cheaper than a wired connection).

The only weakness is that governments could outlaw the "commu-net," but once big businesses start reaping the rewards their lobbyists should ensure it stays legal.