Blog Post

If you can’t trust your ISP, who can you trust?

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Some Internet Service Providers have apparently been hijacking the search traffic from customers typing keywords into Yahoo (s yhoo) and Bing (s msft) search engines, and now the backlash has begun. Instead of searching on their chosen search page, ISPs — using gear from a company called Paxfire — are reportedly routing the traffic to the ISP’s servers or to Paxfire’s servers and delivering search results that can generate money for firms selected by the ISP as well as the ISP itself. Now Paxfire has been hit with a class-action lawsuit and may face a Congressional inquiry.

From an Electronic Frontier Foundation blog describing the practice:

ICSI Networking’s investigation has revealed that Paxfire’s HTTP proxies selectively siphon search requests out of the proxied traffic flows and redirect them through one or more affiliate marketing programs, presumably resulting in commission payments to Paxfire and the ISPs involved. The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and When looking up brand names such as “apple”, “dell”, “groupon”, and “wsj”, the affiliate programs direct the queries to the corresponding brands’ websites or to search assistance pages instead of providing the intended search engine results page.

The rerouting of traffic was discovered by researchers from the International Computer Science Institute in Berkeley, Calif. and has resulted in a class-action lawsuit filed Monday against Paxfire and RCN, based in Herndon, Va. The New Scientist broke the story last week and has details on how the system worked. It said that since reporting on the lawsuit being filed, RCN and at least 10 other ISPs doing this kind of redirecting have stopped. Meanwhile, Senator Richard Blumenthal (D-Conn.), a member of the Senate subcommittee on Privacy, Technology and the Law, said this week he is interested in investigating the practice.

I’ve reached out to Google, (s goog), Microsoft (s msft) and Yahoo to see if they were aware of the issue and how they view such actions by a service provider. A Google spokesperson said that when the company discovers DNS or query hijacking like what Paxfire and RCN are alleged to have done, it contacts the ISP and/or DNS provider and asks them to stop. The spokesperson said Google isn’t currently aware of any companies that are doing this. A Microsoft spokesperson emailed the following:

We view the redirection of search queries without user consent as inappropriate. The security and privacy of our customers is very important to us at Bing. We recommend people use OpenDNS to protect themselves from being unknowingly redirected.

Google also provides a free DNS service users can try if their ISP DNS server is not returning the right results. Paxfire has also issued its own denial of sorts about the allegations.

If this kind of behavior seems familiar, it’s because ISPs have tried similar efforts to take advantage of their privileged position in the Internet value chain. For example, in 2008, a U.K.-based ISP called BT tested equipment from a deep packet inspection vendor called Phorm without informing its customers. Phorm allowed BT to deliver targeted advertising based on the sites a BT subscriber went to. The U.K. absolved BT and Phorm, but the EU thought the practice of viewing a customer’s IP traffic for the sake of offering ads without letting that customer know, was problematic.

Phorm was similar to a company called NebuAd that had gained traction in the U.S. around the same time, and even had Charter and Embarq (now part of CenturyLink (s ctlk)) using its services. In July 2008, Congress called a hearing asking for more information on the practice and after an outcry from consumers, the company fizzled. Yet its legacy lives on in Paxfire, and even companies such as Kindsight, which are still trying to monetize ISPs’ customers through some form of advertising. Even Phorm is still around, selling its services to ISPs in Brazil as recently as last year.

The accusations against Paxfire are a bit more problematic, however, than ISPs doing DNS hijacking — which sends a user to a branded page when they type in an incorrect web site. Consumers can opt out of this practice, and it’s also fairly clear what is happening (although plenty of people still have issues with it). But monitoring a person’s traffic and then redirecting them to deliver results that come from somewhere other than their intended search page is a little like having someone intercept your order for Kobe beef at a fine restaurant and then deliver a plain old steak from a different restaurant.

The issue here is that ISPs, in their quest for revenue, are once again interfering with users without their knowledge or consent. Folks may wish they were dumb pipes, but ISPs are still gatekeepers to the Internet and as such it’s unfortunate that consumers can’t trust them to do the right thing — whether it’s not blocking P2P files and Skype, or trying to sell access to their paying customers to the highest bidder.

16 Responses to “If you can’t trust your ISP, who can you trust?”

  1. guestington

    i have frontier internet, which is nothing to brag about. when using the firefox browser (the toolbar-esque device) to do a search on yahoo i always get redirected to some frontier site with results. it sucks and doesnt make me want to click ANY link of their results page. using the yahoo site itself doesnt redirect me, so thats how i search now.

  2. I live in an area .5 miles out of the city limits and am stuck with restrictions on what ISPs may operate there. AT&T is provided just across the street, but they are blocked out of our market. So we have a small ISP who has started calling constantly over P2P downloads and the like. ISPs have no right to play big brother and monitor my activity. Smithville is my provider and I recommend staying away from them if you can. I can see what would happen if ISPs aren’t kept honest. Let’s say you have a family member or friend struggling with addiction and you run some searches on the subject. Then all of the sudden you start getting redirected to rehab facilities and start getting marketed to by such a search. Total B.S. Investigate them, sue them, and shut them down.

    • Mike Hammett

      No ISP is artificially blocked from any market. It just depends on if they determine it worthwhile to overcome that obstacle.

      Does your ToS give them that authority? I bet it does. Read your contract before signing and complaining.

  3. Damn ISPs, I think we should all get together and demand that this companies who are selling and buying OUR data start paying us as producers of data a 10% commission on every transaction made. You want to collect my data and sell it fine… but it’ll cost ya.

  4. Stacey…I am not sure this article accurately captures what is going on. The DNS redirect is going occurring in place of a 404 error (aka miskey by the customer). That practice has been occurring for years…and to many customers is actually a benefit. This isnt a scenario where they are replacing search requests off of If you want to really see the real knife fight, look at what Google / Microsoft do to each other when you download one of their search bars. In those situations, there is active redirect happening. Of course, that isnt so different than what Google does to us anyway.

    • The article IS accurate. They are not describing the old redirect when a domain name isn’t found; this is a new attack, where the ISP and its partners actively subvert the intended transaction based on the query keywords. They aren’t returning a result where you should have seen an error; they are instead returning a result that replaces the result you should have expected to get.

  5. Any ISP who interferes with traffic in any way should be stripped of their Common Carrier status. This would open them up to millions of lawsuits based on content. That would teach them right away to stop screwing with people for personal gain.

  6. skihardrusa

    who is the firm handling the class action, because I have this issue, and it is totally annoying everytime I click on a URL I would like to go to in a search query I am rerouted to some b.s. site I had no intention of going too.

  7. These were all small ISPs. As usual, sunlight is the best disinfectant. Once this was publicized, they stopped. Keep up the good work keeping them honest!!!