If you can’t trust your ISP, who can you trust?


Some Internet Service Providers have apparently been hijacking the search traffic from customers typing keywords into Yahoo and Bing search engines, and now the backlash has begun. Instead of searching on their chosen search page, ISPs — using gear from a company called Paxfire — are reportedly routing the traffic to the ISP’s servers or to Paxfire’s servers and delivering search results that can generate money for firms selected by the ISP as well as the ISP itself. Now Paxfire has been hit with a class-action lawsuit and may face a Congressional inquiry.

From an Electronic Frontier Foundation blog describing the practice:

ICSI Networking’s investigation has revealed that Paxfire’s HTTP proxies selectively siphon search requests out of the proxied traffic flows and redirect them through one or more affiliate marketing programs, presumably resulting in commission payments to Paxfire and the ISPs involved. The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and Ask.com. When looking up brand names such as “apple”, “dell”, “groupon”, and “wsj”, the affiliate programs direct the queries to the corresponding brands’ websites or to search assistance pages instead of providing the intended search engine results page.

The rerouting of traffic was discovered by researchers from the International Computer Science Institute in Berkeley, Calif. and has resulted in a class-action lawsuit filed Monday against Paxfire and RCN, based in Herndon, Va. The New Scientist broke the story last week and has details on how the system worked. It said that since reporting on the lawsuit being filed, RCN and at least 10 other ISPs doing this kind of redirecting have stopped. Meanwhile, Senator Richard Blumenthal (D-Conn.), a member of the Senate subcommittee on Privacy, Technology and the Law, said this week he is interested in investigating the practice.

I’ve reached out to Google,, Microsoft and Yahoo to see if they were aware of the issue and how they view such actions by a service provider. A Google spokesperson said that when the company discovers DNS or query hijacking like what Paxfire and RCN are alleged to have done, it contacts the ISP and/or DNS provider and asks them to stop. The spokesperson said Google isn’t currently aware of any companies that are doing this. A Microsoft spokesperson emailed the following:

We view the redirection of search queries without user consent as inappropriate. The security and privacy of our customers is very important to us at Bing. We recommend people use OpenDNS to protect themselves from being unknowingly redirected.

Google also provides a free DNS service users can try if their ISP DNS server is not returning the right results. Paxfire has also issued its own denial of sorts about the allegations.

If this kind of behavior seems familiar, it’s because ISPs have tried similar efforts to take advantage of their privileged position in the Internet value chain. For example, in 2008, a U.K.-based ISP called BT tested equipment from a deep packet inspection vendor called Phorm without informing its customers. Phorm allowed BT to deliver targeted advertising based on the sites a BT subscriber went to. The U.K. absolved BT and Phorm, but the EU thought the practice of viewing a customer’s IP traffic for the sake of offering ads without letting that customer know, was problematic.

Phorm was similar to a company called NebuAd that had gained traction in the U.S. around the same time, and even had Charter and Embarq (now part of CenturyLink) using its services. In July 2008, Congress called a hearing asking for more information on the practice and after an outcry from consumers, the company fizzled. Yet its legacy lives on in Paxfire, and even companies such as Kindsight, which are still trying to monetize ISPs’ customers through some form of advertising. Even Phorm is still around, selling its services to ISPs in Brazil as recently as last year.

The accusations against Paxfire are a bit more problematic, however, than ISPs doing DNS hijacking — which sends a user to a branded page when they type in an incorrect web site. Consumers can opt out of this practice, and it’s also fairly clear what is happening (although plenty of people still have issues with it). But monitoring a person’s traffic and then redirecting them to deliver results that come from somewhere other than their intended search page is a little like having someone intercept your order for Kobe beef at a fine restaurant and then deliver a plain old steak from a different restaurant.

The issue here is that ISPs, in their quest for revenue, are once again interfering with users without their knowledge or consent. Folks may wish they were dumb pipes, but ISPs are still gatekeepers to the Internet and as such it’s unfortunate that consumers can’t trust them to do the right thing — whether it’s not blocking P2P files and Skype, or trying to sell access to their paying customers to the highest bidder.

You're subscribed! If you like, you can update your settings


Comments have been disabled for this post