[ NNSquad ] ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS
From: Lauren Weinstein <lauren@vortex.com>
Date: Sat, 10 Apr 2010 12:30:49 -0700


   ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS

               http://lauren.vortex.com/archive/000704.html


Greetings.  All of the data on this situation isn't in yet, but on its
face this appears to be an extremely problematic situation, seemingly
involving ISP "hijacking" of their subscribers' Google-related
traffic.

Here's what we have so far, based on reports to date.  When reading
this, please also keep in mind the "Testing Your Internet Connection
for ISP DNS Diversions" page ( http://bit.ly/7DOv5Y ) from 
NNSquad ( http://www.nnsquad.org ) -- more on this below.

Apparently a few days ago, users of Windstream ISP services suddenly
discovered that their Firefox-based Google toolbar search queries were
being diverted by Windstream to an alternate Windstream-associated
search service, through some form of DNS redirection 
( http://bit.ly/aJ3WZB [DSL Reports] ).

Complaints by subscribers resulted in confusing responses from
Windstream, including the statement that the purpose of their
redirection was only to deal with unresolved site lookups and that an
opt-out was available.  (Over on NNSquad, we've frequently discussed
the unacceptability of such diversions on anything other than an
*opt-in* basis.)

Shortly after the initial Windstream explanation, a Windstream
employee apparently said that:

    "We will be making a change to this service tonight based on
     feedback from our customers who wish to continue to use Google
     for the search box. We apologize for any inconvenience this may
     have caused."

This is a most remarkable statement -- since it appears to imply that
the diversion was not a mistake, but may have been an intentional
redirection of Google-related traffic.  After all, if someone is using
a Google search toolbar, one would typically assume that they want
*Google* to supply the search results, right?  You don't need rocket
science to figure this out.

Of particular concern are reports that these changes affected
subscribers who were *not* using Windstream's DNS servers, but
who had manually changed their DNS settings to other servers such as
OpenDNS or Google DNS.  If these reports are correct, they imply that
Windstream was tampering with protocols via DPI (Deep Packet
Inspection) techniques, which elevates the severity of the situation
to an even higher level, regardless of whether or not "opt-out"
mechanisms of varying effectiveness were provided.

Many Windstream subscribers are very concerned about the privacy
implications of this situation, and the apparent unwillingness of
Windstream to clearly explain what they are doing and whether or not
the diversion of Google search queries was intentional or accidental
in the first place ( http://bit.ly/bUrgBF [DSL Reports] ).

This all appears to be a very serious situation, and exactly the sort
of problem many of us have been warning about for years.

The first useful step moving forward regarding this matter should be
for Windstream to immediately and definitively come clean publicly
about what they did, what they are doing, and what their true
intentions were and are.

In the meantime, I invite Windstream (and other ISP) subscribers to
use the info on the NNSquad Testing Your Internet Connection for ISP
DNS Diversions page to test their ISP for DNS tampering, and to report
results to me as described on that page ( http://bit.ly/7DOv5Y ).

DNS tampering is unacceptable and can easily create all manner of
collateral damage.  Interfering with Google's (or anyone else's) users
is atrocious, especially if done purposely.

This is all yet another example of why moving toward reasonable
regulation of the Internet access industry is so critically important.

--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition 
   for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein

Prev by Date: [ NNSquad ] European ISPs Threaten to Join "Content Owners" to Gang-Up on Google
Next by Date: [ NNSquad ] Newspaper violates comments anonymity to reveal Judge, embroiling both in controversy
Previous by thread: [ NNSquad ] European ISPs Threaten to Join "Content Owners" to Gang-Up on Google
Next by thread: [ NNSquad ] Newspaper violates comments anonymity to reveal Judge, embroiling both in controversy
Index(es):
- Date
- Thread