3 Comments

Summary:

Recent allegations of ISPs hijacking search traffic are just the tip of the iceberg. Dane Jasper, CEO of ISP Sonic.net offers his “quick guide to the five levels of ISP evil” and explains just how low some ISPs will go.

iStock_000009671697XSmall

Edit Note: This is a guest post by Dane Jasper, CEO of ISP Sonic.net. The post can also be found on the Sonic.net CEO blog here.

Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.

This is a serious allegation, but it’s the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on:

5: Improper NXDOMAIN handling, also known as “Domain Helper” applications. When a customer attempts to visit an invalid site, instead of returning the RFC standard “no such domain” response, the servers provide a search result which includes sponsored links. Sometimes the results are not well matched to the mis-typed domain, and they promote ads instead with broad commercial appeal like insurance, which will generate a high payout if the customer clicks. Extra evil points for making it difficult to opt out of this, requiring opt-out via a cookie or browser setting rather than providing “clean” DNS servers. (Paxfire’s system is positioned as a search/helper application, but these systems can be easily converted, even without the ISP’s awareness, to an affiliate pumping system.) Evil score: 2 evil points, somewhat evil, but now every major access provider provides helpful results for address typos.

A diagram showing how Phorm's "Webwise" system creates copies of its tracking cookie in each domain the end-user visits, based on the report published by Richard Clayton. Wikipedia.

4: Clickstream Tracking. An ISP is in the unique position as the point of traffic origination, creating the opportunity for very in-depth analysis of Internet usage behavior. Tracking the user’s Clickstream, the site to site to site movement as they browse using a set of tools like Phorm allows service providers to create cash out of information about private use of the Internet. Clickstream data buyers are generally ad targetting; if you visited Ford.com and looked at F-250 trucks, then CNN.com, it might make sense to place ads for large Chevy trucks on the CNN page rather than an ad for fabric softener. Absent this prior knowledge that you were a potential truck buyer, the ads might be for something of less interest to you, and thus less likely to be clicked, to “monetize”. Over time, analysis of the complete Clickstream can provide lots of insight to advertisers. Extra evil points for selling the Clickstream data without telling customers. Evil score: 5. What you do online is private!

3: Ad Swapping. Transparently proxy all web traffic, and when ad banners are in transit, perform real-time swaps of the ads for other ads for which the ISP is getting a cut of the revenue. Legitimate advertiser ads are sometimes fetched so that no one notices the decline in impressions. The pitch to ISPs from companies like NebuAd sometimes included claims of “partnerships” with content sites to better target ads. Extra evil points for ISPs who provide demographic data to the firm running the ad-swapping system. Evil score: 6.

Our reply: "No, not interested, thanks. -Dane" Email reply to Mark Lewyn, President, Paxfire Inc., Wednesday, October 29, 2008 3:35 PM

2: Affiliate Program Pumping. As alleged in the Paxfire scheme, ISPs or their accomplices take incomplete or incorrect domain entries into the URL bar and direct them to an intermediate page, which redirects transparently to a URL which includes an affiliate tag. So, a consumer types “amazon”, and rather than returning an NXDOMAIN, or even a search result, the ISP DNS server directs them to an IP address which does a content reload toward a URL of the form amazon.com/affiliate-id=XYZ. Purchases made subsequently are compensated as if it was legitimate traffic from an affiliate. Evil score: 8, with a bonus point for poisoning the affiliate ecosystem.

1: Rolling Over. In an attempt to avoid costs or under pressure from government or content creators, ISPs have handed over customer information, and even subjected customer traffic to broad snooping. Allegations range from service providers simply quietly handing over customer info to law firms with improperly filed lawsuits and incorrectly served supoenas, to the physical wire-tapping of major fiber optic lines. We’ve got your back. Evil score: 10. Potential for human rights violation.

I’ve got more to say on this last topic, but there is a clock that must run out before I am permitted to write. Tick-tock, a couple days to go.

  1. wow..thank you dane for this nice article. i find 2 of them very interesting.. ‘clickstream tracking’ is really unpleasant. And at first, I was in doubt as to what is wrong with ‘affiliate program pumping’.. but ‘poisoning the affiliate ecosystem’ answered it precisely :)

    Share
  2. This is a good run down of the various bad incarnations of advertising within the ISP space. But I would say that clickstream tracking as you explain it only happens today when users opt-in – the NebuAd fiasco of years back put the entire ad and ISP industry on guard to this practice. If it does happen, I am fairly certain its not with reputable companies or ISPs – there is simply too much at stake. With regards to NXdomain handling, I would say this is largely trying to be in the user’s benefit by showing something of marginal value, giving the user relevant options, rather than a useless error page. The challenge, of course, is relevancy – whatever shows in the page should be of value and relevant. In Paxfire’s case, they might be overstepping the bounds of consumer choice and assuming too much about the user when redirecting them to a paid (not necessarily most relevant) advertiser.

    Share
  3. Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.

    This is a serious allegation, but it’s the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on…
    http://bestpanicattackcure.com/wegmitderpanik.htm

    Share

Comments have been disabled for this post