Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Privacy

ISP Is Bypassing Firefox's Location Bar Search 385

It was only a matter of time before ISPs began doing more than just redirecting failed DNS requests to their own pages. An anonymous reader writes "It looks like the largest ISP in Hong Kong has started bypassing search results from Firefox's location bar (which typically uses Google), forcing their own search provider (yp.com.hk) onto their users. ... Can an ISP just start re-directing search traffic at will?"
This discussion has been archived. No new comments can be posted.

ISP Is Bypassing Firefox's Location Bar Search

Comments Filter:
  • VPN (Score:3, Insightful)

    by drolli ( 522659 ) on Wednesday April 28, 2010 @10:03AM (#32015002) Journal

    Use a VPN provider of your choice.

    • Re: (Score:2, Insightful)

      by cc1984_ ( 1096355 )

      Use a VPN provider of your choice.

      And immediately get throttled by the ISP for using encryption

      • Does this actually happen in practice? Most people who use VPNs use it because they work from home and their work requires it. I don't think we are at the stage yet where all VPN traffic is assumed to be evil.

        In the past I've had more success torrenting things with comcast while VPN'd into my school, then without a VPN at all. Not that my story is evidence of much, but I haven't witnessed any sort of throttling like you claim.

        • Re: (Score:3, Informative)

          by poetmatt ( 793785 )

          not happen, happened. Lots of ISP's worldwide, not US only, want you to have a business connection just for daring to establish a VPN connection over it. Usually it ends up being somewhere between 10 and 40$ extra a month depending on country/currency/etc to do so.

          right now however, in the us, comcast is staying away from that stuff, at least temporarily. Or if they do throttle, it's on the low end speeds. On my 22/10 they are not throttling anything, nor are they sending warnings and I use what comcast con

      • Re: (Score:3, Informative)

        by coniferous ( 1058330 )
        All encrypted traffic is throttled on my canadian ISP, Rogers. Port 443, BT, VPN. Its pretty rediclious.
  • We've seen a few ISPs that MitM www.google.com in DNS (you can check for yourself in Netalyzr [berkeley.edu].

    Does anyone know (save me looking at a TCPdump) what domain name firefox uses, is it www.google.com or something else, for the google searches?

    • Re:MitM of Google (Score:4, Informative)

      by yakatz ( 1176317 ) on Wednesday April 28, 2010 @10:13AM (#32015238) Homepage Journal
      • Re: (Score:3, Informative)

        by Sir_Lewk ( 967686 )

        Thank [deity].

        I saw that this article was tagged "opendns" and for a moment thought with horror that people were tagging it that as a kind of suggestion that using OpenDNS was a solution to this. It seems like every single fucking time an article comes up about ISPs doing something wrong (generally messing with NXDOMAIN) people come out of the woodwork to suggest using OpenDNS, even though they do the exact same thing and there are plenty of perfectly standards compliant and free DNS providers to chose fro

        • It seems like every single fucking time an article comes up about ISPs doing something wrong (generally messing with NXDOMAIN) people come out of the woodwork to suggest using OpenDNS, even though they do the exact same thing

          They do... But it's generally in a beneficial way (phishing filter, content filtering, etc.) and at the user's discretion. Your ISP may not have any way to opt-out of the NXDOMAIN hi-jinks... But OpenDNS does.

          I happily use OpenDNS at home, as well as at any client that asks for a quick and easy way to make sure folks are surfing for porn.

          there are plenty of perfectly standards compliant and free DNS providers to chose from.

          I've been using Google's DNS [google.com] for the folks who don't want filtering.

          I have, in the past, found the addresses for various higher-level DNS servers and used them successfu

      • Re: (Score:3, Informative)

        by jank1887 ( 815982 )

        a fair followup to show that mainly OpenDNS was just trying to fix what google/dell/others? broke:
        http://blog.opendns.com/2007/05/22/google-turns-the-page/ [opendns.com]

  • Nope (Score:5, Funny)

    by ffreeloader ( 1105115 ) on Wednesday April 28, 2010 @10:03AM (#32015016) Journal

    Can an ISP just start re-directing search traffic at will?

    Not in my book. My ISP started doing some redirection and they got an immediate complaint from me. In person, at their local office. If there was an alternative to their service I would have switched ISP's immediately.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      ... and how did that work out for you?

      • Re:Nope (Score:5, Insightful)

        by ffreeloader ( 1105115 ) on Wednesday April 28, 2010 @10:13AM (#32015236) Journal

        Who knows? They have been quite responsive to complaints about services in the past. Even if I don't get an immediate response my voice was heard. They do know at least one of their customers was angry about their conduct. Should I just silently accept them screwing with me and not voice my concerns? That seems to me a guarantee that they won't change their ways.

        From your post it seems that you think not standing up for yourself is the way to change things. Don't vote. Don't express your opinion. Be a martyr. How's that working for you? Effecting a lot of change in society are you?

        • Re:Nope (Score:4, Funny)

          by John Hasler ( 414242 ) on Wednesday April 28, 2010 @10:32AM (#32015620) Homepage

          > Should I just silently accept them screwing with me and not voice my
          > concerns?

          No. You are supposed to rant selfrightously about evil, greedy corporations and demand that the government "regulate" them into forcing whatever it is that you want on all their customers whether they want it or not, but never make any attempt to communicate your concerns to the company in question. That's the Slashdot way.

    • My ISP started doing some redirection and they got an immediate complaint from me. In person, at their local office.

      I imagine that approch would yield a response that consisted of little other than a look of confusion of amazement, or a blank stare that barely suppressed the "I wish this guy would stop talking and go away."

      When I call ATT and they discover I have fixed IP addresses, I immediately get transferred in a flurried confusion to second level tech support. When the next level discovers my connecti

  • by Anonymous Coward on Wednesday April 28, 2010 @10:05AM (#32015056)
    If these idiots are too dumb to handle being a dumb pipe, we have no choice but to encrypt everything.
    • by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Wednesday April 28, 2010 @02:08PM (#32019410) Journal

      It's getting so bad now the only option might be to fork the Internet's infrastructure, in combination with universal encryption. Replace it with open WiFi/WiMAX wireless mesh networks that only connect to the "corporate Internet" via TOR routers or something similar. Then once the public wireless mesh is popular enough, companies like Google and Hulu will voluntarily tie into it directly to stay relevant. The hard parts would be:

      - Replacing the IANA/ICANN. A democratic online community might be the best solution.
      - Submarine/satellite links. A "community project" wouldn't have the capability to do anything on this scale. Using TOR-like traffic on the "corporate Internet" might be a good short-term option.

      Eventually ISPs that attempt to control traffic (to the extent that even these measures aren't sufficient) would be put out of business, those that stop trying to control traffic might stay in business serving as a backbone to the community Internet.

      If this all seems too idealistic, imagine it could work like torrents: Those who are selfish or malicious have their access restricted or even removed due to rules built into the protocol. The more you share the more you get.

      The way I see it working in the Average Joe's house is like this:

      They have their "local AP" for short-range connections that handles LAN traffic, just like how home wireless APs are used today. Traffic is freely allowed out but inward traffic is restricted in a NAT-like configuration (there is actually a standard for NAT-like security on ipv6, but I can't find the name of it now)

      Then they have their "community AP" that connects to other community wireless nodes. This is the center of the home network and handles all aspects of connecting to the community mesh. It might be a long-range-only AP.

      Then optionally, a "corporate Internet modem" much like the ADSL/cable modems used today. All traffic sent over this connection is either onion-routed or securely tunneled to another "community AP," and of course encrypted like everything else. Providing this connection gives the network better "karma" like the seed ratios on Bittorrent, and therefore gives their network better access to other networks.

      If the technology becomes available I'd be more surprised if this didn't happen. If a DD-WRT like system becomes available with "community Internet support," people will start reflashing their equipment so they can share warez, host services the ISP doesn't allow, etc. Then businesses will get on board for the security and redundancy (and maybe speed - going via "commu-net" to another location might be faster than a "corp-net" connection and cheaper than a wired connection).

      The only weakness is that governments could outlaw the "commu-net," but once big businesses start reaping the rewards their lobbyists should ensure it stays legal.

  • Encryption (Score:5, Insightful)

    by dmbasso ( 1052166 ) on Wednesday April 28, 2010 @10:07AM (#32015088)

    And that's why we should start using encryption for everything...

  • by Interoperable ( 1651953 ) on Wednesday April 28, 2010 @10:07AM (#32015094)
    The article is a single post on a forum from one user with no follow-up. Can anyone else confirm the allegation?
  • Sleezy (Score:5, Interesting)

    by nicolas.kassis ( 875270 ) on Wednesday April 28, 2010 @10:09AM (#32015144)
    This is as sleezy as it gets for an ISP. I hope firefox and google setup some sort of trusted cert and use HTTPS for the traffic from that bar. That might make it much harder for them to do men in the middle attacks of the sort. Google could sue the ISP for impersonation or something similar.
    • by javilon ( 99157 )

      Correct me if I am wrong, but in theory, if Firefox uses the google certificate, there is no way the ISP can do man in the middle attacks, that's the whole point of the certificate.

      So this is the answer, start using https and certificates for everything.

      And on a more general note, all traffic should be encrypted to every web site and for every Internet application.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Wednesday April 28, 2010 @10:10AM (#32015178)
    Comment removed based on user account deletion
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Indeed! Adam Smith's laissez faire was based on thousands of small, independent businesses --not a few monopolies. Perhaps that is why in Europe people are not bothered by the idea of government intrusion in controlling their lives, but rather big business intrusion and controlling their lives.

    • Re: (Score:2, Informative)

      by jimicus ( 737525 )

      As a Capitalist, that really offends me. If businesses want to be treated laissez faire then they damn well better learn to make society not feel like they're a bunch of crooks who care so little about the common good that if regulators aren't going Big Brother on them every nanosecond they'll steal everything that isn't nailed down and cheat everyone who isn't paying 110% attention to every detail of their lives.

      ... which is precisely why there is regulation in every civilised society on the planet, and no such thing as a 100% capitalist society.

      • > ... which is precisely why there is regulation in every civilised society on
        > the planet, and no such thing as a 100% capitalist society.

        People do not become superhuman when they become part of government. They merely acquire power over other people.

    • > ...a bunch of crooks who care so little about the common good that if
      > regulators aren't going Big Brother on them every nanosecond they'll steal
      > everything that isn't nailed down and cheat everyone who isn't paying 110%
      > attention to every detail of their lives.

      That pretty much describes the entire human race. Including the "regulators".

  • by elrous0 ( 869638 ) * on Wednesday April 28, 2010 @10:13AM (#32015228)
    This is, after all a Chinese city redirecting search traffic away from Google. Hardly surprising, considering the recent lack of love between the Chinese government and Google (even though Hong Kong is *supposedly* exempt from much of China's more repressive policies)
    • by diamondsw ( 685967 ) on Wednesday April 28, 2010 @10:54AM (#32016026)

      Despite the handover in 1997, Hong Kong is still very much its own entity, sharing more in common with Seoul and Tokyo than with, say, Shanghai. They have protests, marches, and as far as I could tell the internet wasn't subject to the Great Firewall. Having been there three months ago and a wife there now, I *think* I can say that much.

  • by Fallen Kell ( 165468 ) on Wednesday April 28, 2010 @10:13AM (#32015262)
    A perfect example of why we need net neutrality rules in place. An ISP should not be allowed to modify packets or redirect packets to/from known destinations.
  • 1) Be an ISP
    2) Create an online shop ala amazon.
    3) Redirect all users to your shop
    4) Profit!

  • by the plant doctor ( 842044 ) on Wednesday April 28, 2010 @10:21AM (#32015420)

    I use a small, local telephone company for my DSL. They're reliable, not the fastest or the cheapest, but hey, it's pretty much a monopoly unless I want the cruddy cable service provider that is unreliable in their connectivity and just as expensive.

    For six years now I've dealt with this. At work I just type a keyword and end up at the site I wanted. At home I do that by mistake and I get a page with an advertisement for something local saying the page couldn't be found.

    Extremely annoying, but I don't have much choice as I don't want cable or their cruddy service, so I deal with it.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      use a different DNS server

  • by nweaver ( 113078 ) on Wednesday April 28, 2010 @10:34AM (#32015654) Homepage

    What firefox does is first try to do DNS lookups for:
    foo
    foo.com
    www.foo.com

    before launching the google search.

    Thus NXDOMAIN wildcarding (which is unfortunately growing very common, distressingly so in our data) will mess up the firefox behavior by causing one of the three names to resolve to the "helpful" search page belonging to the ISP.

  • They can if they are in China.

  • China? (Score:4, Informative)

    by PatDev ( 1344467 ) on Wednesday April 28, 2010 @10:46AM (#32015864)
    Heck, it happens here in the USA. I'll name names too - Windstream Communications. As of a couple months ago they started redirecting our google search bars to their custom search portal. Annoyed the hell out me. Emailed, but apparently got dumped into the bucket of spam/"unhappy customer, please ignore".
    • Re:China? (Score:4, Insightful)

      by ErkDemon ( 1202789 ) on Wednesday April 28, 2010 @12:31PM (#32017846) Homepage
      An ISP who tampers with the information stream risks losing the legal protection that they normally get for being a simple telecoms carrier who just "supplies the wires".

      The usual argument is that an ISP isn't legally liable for the information that they carry (as long as they comply with some basic rules), because their whole business model is based on them being a dumb carrier. They don't edit, they can't edit, it's not their job to edit, and if they tried, they'd be failing their customers and be wrecked as a business. If someone emails a piece of child porn across their network, they aren't guilty of aiding and abetting, because it's not their job to read or alter content.

      So if an ISP has decided that it might be able to make a bit of extra money by deciding to divert search requests and exercise editorial control over what their customers are able to access, then ... bad news ... they've just broken that principle, stopped being a simple carrier and started to be an edited service. And with editorial power comes editorial responsibility. And that means that if someone goes on a killing spree and their family decides that they were influenced by content they found on the net, then if the person's ISP felt entitled to edit out Google, but not to edit out gun retailer sites or extremist political sites, the family's lawyer can now try to sue that ISP, on the grounds that the ISP has already discarded the principle that it doesn't filter content.

      Any time an ISP pulls a redirection stunt like this, don't complain to their technicians: write a polite little note to their board of directors, or to their technical director, asking whether the shareholders understand that they're risking operating a corporation without legal "pure carrier status" protection. This is potentially a "shareholder alert" situation. Does the company's prospectus inform shareholders that the company is operating outside the usual "dumb carrier" rules?

      If they're making extra money on the side by stealing Google business, by "diverting the flow", ask them if their legal department has estimated how much they stand to lose if they get sued. Not by Google, but by the mother of some kid that got murdered after meeting someone they shouldn't from an internet chatroom.

      Simple "carrier" ISP's don't edit for a reason. By deliberately firewalling themselves off from editorial powers, they give themselves a degree of immunity from being liable for what they carry. That's not something you throw away lightly. And if I was the CEO of another ISP, I'd be wanting to ring the CEO of this ISP, and ask them what they hell they thought they were doing, and whether they were trying to bring down the entire industry.

  • by Anonymous Coward on Wednesday April 28, 2010 @10:58AM (#32016096)

    This isn't new, and this isn't NXDOMAIN hijacking. Windstream, a US DSL provider, was already caught red-handed doing this. Not only this but they also refuse to answer very specific questions asked (see http://www.dslreports.com/forum/r24059591-DPILayer7NXDOMAIN-Privacy-questions-re-Windstream-DSL [dslreports.com]) and provide a paper-thin excuse as to why it's happening (see http://www.dslreports.com/forum/r24074065-Our-Response-to-Redirect-Service-Concerns [dslreports.com]).

    Affected users are not using the ISP's DNS servers, this is not NXDOMAIN hijacking. This is layer 7 inspection, the sheer fact the URL was transformed, being carefully re-written, from the URI passed to 'www.google.com' discredits what Windsteam has said entirely.

    When a user performs a search using the Firefox search bar against Google HTTP/1.1 is used with an HTTP method of GET against Google. The following URI is constructed:

    q=[search critera]
    ie=[encoding]
    oe=[encoding]
    aq=
    rls=[browser]

    So, when I search against Google I pass ?q= for my search term.

    When this is redirected to searchredirect.windstream.net the URI is transformed, with the ?q= parameter being extracted. Windstream's site uses this URI structure:

    search=[search criteria]
    src=[interger value, likely points to an RDBMS based on HTTP_REFERER]

    Windstream is not disclosing the truth. For this behavior to occur you would have to be using an MITM proxy or DPI; either way they are inspecting layer 7 traffic, extracting the ?q= URI string passed to Google, and either transparently or via HTTP 302 redirecting customers to searchredirect.windstream.net

    They got caught, red handed, and have been fabricated mis-truths from the start.

    How HTTP/1.1 GET against /search?q=my_search_term becomes /search.php?search=my_search_term without some form of Layer 7 is impossible. This CANNOT be NXDOMAIN.

    Clearly they're not disclosing the full details or hiding behind careful sentence structure and semantics. This appears that there is now an industry initiative and a company behind this search harvesting and privacy invasive technology which is being sold to ISPs. Expect more to come, this isn't isolated to over-seas, it's already happening right here in the US.

    -SirMeowmix_I

  • by Billy the Mountain ( 225541 ) on Wednesday April 28, 2010 @11:23AM (#32016560) Journal

    All Google needs to do is modify their search bar to encrypt the outbound search string using Google's public key. By doing that, it makes it difficult to intercept whatever search is being done.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...