10 ISP's Found to be Using Search Redirects to Make Easy Money


As someone who spends the majority of my day on the Internet (probably a tad more than I should), I like to think that I have a sacred bond with my Internet Service Provider (ISP).  After all, if my ISP didn’t do their job and provide me with my uplink to the world, I would be entirely disconnected and would likely lose my sanity relatively quickly.  And because I pay a fair price for my Internet services each month, just like every other Internet subscriber out there, I expect that my ISP is not going to tamper with my Internet connection or take advantage of me to make money elsewhere by selling my personal information or anything of the like.

So imagine my frustration and flat-out anger this morning when I read that some ISPs, unsatisfied with the money that they make from subscription fees that consumers like myself shell out on a monthly basis, have decided to hijack the Internet connections of their paying customers in order to redirect said users and make an extra back.  According to this DSL Reports article, there are currently ten major ISPs that have taken up this practice (complete list at the bottom of the article) in which users are not only subject to the redirects enforced by their providers, but also stand a significantly higher risk of having their online activities monitored as well.

In basic, the masterminds behind these genius operations are injecting or replacing search results (e.g. when you search for something on Google or by using your browser’s search bar) with results to the ISPs’ affiliate partners so that the ISP stands to make a commission or referral fee if you make a purchase.

Now, this isn’t exactly a new practice as ISPs have been making supplemental revenue (that is, money not from subscriber fees) have been using their own DNS “error pages” for years now to show results and advertisements whenever you entered or stumbled across an invalid URL or tried to visit a site that was encountering DNS issues.  But even though this practice in itself was looked down upon at the time (some entities such as Comcast ultimately implemented opt-out systems to satisfy upset and privacy-conscious customers) the sad reality is that what is going on here is much worse.

Why?  Well, this time around your results aren’t getting hijacked or redirected only if you stumble upon a bad link, but rather are subjected to your ISPs practices whenever you do anything online.  And this isn’t even something that’s built to be visible to the end-user or something that providers can attempt to “justify” by saying that they’re simply trying to “better the experience” for their users.  This time around, network providers are being incredibly sneaky and deceptive in injecting and changing results while making you believe that your results are normal.

Perhaps the biggest thing that bothers me about this is that while we’re only seeing this mechanism being used for affiliate results now the fact that ISPs are harnessing this technology could very well lead to censorship and pay-offs for ISPs to remove or modify results down the road; just as I thought network neutrality was becoming a reality.

So who is behind this?  According to DSL Reports, a company called Paxfire is responsible not only for the DNS redirection, but also helps ISPs “to actually hijack users search results for popular terms such as “Apple” or “Dell” — allowing them to both track users and profit from search results” as well.  It is also said that “Paxfire’s product also includes an optional, unadvertised, and more alarming feature that drastically expands Paxfire’s window into users’ traffic. Instead of activating only upon error, this product redirects the customers’ entire web search traffic destined for Yahoo!, Bing, and sometimes Google, to a small number of separate web traffic proxies.”

Paxfire also holds a patent that allows “ISPs to directly monitor all searches made by the ISPs’ customers and build up corresponding profiles.”  Think cookies on steroids.

So what can you do to circumvent this type of practice from your ISP?  As sad as it may be, you really are short on options.  Because this type of mechanism has developed beyond a simple DNS redirect changing your DNS resolvers to non-ISP defaults (such as Google’s public DNS service or the more advanced and feature-rich OpenDNS) is not going to solve your problem, as your ISP still can inject packets as they see fit.  Some people are under the impression that using SSL encryption will help alleviate the problem as well, but the fact of the matter is that while most ISPs don’t do it, it’s not out of the question for an ISP to become part of the SSL certificate chain and intercept/decrypt encrypted traffic.

Alternatively, others have suggested the implementation of the Tor network to route encrypted onion-based traffic, but the fact of the matter is that this particular mechanism brings with it much slower connection speeds and because Tor is often looked down upon many websites and networks block Tor-based connections, meaning that a user who implemented it to beef up their security would ultimately limit what they could do or where they could go on the Internet.

Right now my only real hope is that the ISPs behind this will realize that it’s wrong and stop, however I doubt that many will let consumers get between them and their extra profit.

Is the Internet going the way of cable (and satellite) television?  Are our ISPs going to standardize the implementation of commercials and advertisements to make an extra buck off of consumers?  As much as I hope not, it really is starting to look that way.

List of ISP’s doing this: Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West and XO Communications. Charter and Iowa Telecom had been doing this, but stopped. None of the participating ISPs have been willing to comment.