The five levels of ISP evil

3 Comments

Edit Note: This is a guest post by Dane Jasper, CEO of ISP Sonic.net. The post can also be found on the Sonic.net CEO blog here.

Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.

This is a serious allegation, but it’s the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on:

5: Improper NXDOMAIN handling, also known as “Domain Helper” applications. When a customer attempts to visit an invalid site, instead of returning the RFC standard “no such domain” response, the servers provide a search result which includes sponsored links. Sometimes the results are not well matched to the mis-typed domain, and they promote ads instead with broad commercial appeal like insurance, which will generate a high payout if the customer clicks. Extra evil points for making it difficult to opt out of this, requiring opt-out via a cookie or browser setting rather than providing “clean” DNS servers. (Paxfire’s system is positioned as a search/helper application, but these systems can be easily converted, even without the ISP’s awareness, to an affiliate pumping system.) Evil score: 2 evil points, somewhat evil, but now every major access provider provides helpful results for address typos.

A diagram showing how Phorm's "Webwise" system creates copies of its tracking cookie in each domain the end-user visits, based on the report published by Richard Clayton. Wikipedia.

4: Clickstream Tracking Phorm Evil score: 5

3: Ad Swapping. Transparently proxy all web traffic, and when ad banners are in transit, perform real-time swaps of the ads for other ads for which the ISP is getting a cut of the revenue. Legitimate advertiser ads are sometimes fetched so that no one notices the decline in impressions. The pitch to ISPs from companies like NebuAd sometimes included claims of “partnerships” with content sites to better target ads. Extra evil points for ISPs who provide demographic data to the firm running the ad-swapping system. Evil score: 6.

Our reply: "No, not interested, thanks. -Dane" Email reply to Mark Lewyn, President, Paxfire Inc., Wednesday, October 29, 2008 3:35 PM

2: Affiliate Program Pumping Evil score: 8

1: Rolling Over. In an attempt to avoid costs or under pressure from government or content creators, ISPs have handed over customer information, and even subjected customer traffic to broad snooping. Allegations range from service providers simply quietly handing over customer info to law firms with improperly filed lawsuits and incorrectly served supoenas, to the physical wire-tapping of major fiber optic lines. We’ve got your back. Evil score: 10. Potential for human rights violation.

I’ve got more to say on this last topic, but there is a clock that must run out before I am permitted to write. Tick-tock, a couple days to go.

3 Comments

kevinanchi

Recently a number of ISPs have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.

This is a serious allegation, but it’s the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on…
http://bestpanicattackcure.com/wegmitderpanik.htm

Keith Pieper

This is a good run down of the various bad incarnations of advertising within the ISP space. But I would say that clickstream tracking as you explain it only happens today when users opt-in – the NebuAd fiasco of years back put the entire ad and ISP industry on guard to this practice. If it does happen, I am fairly certain its not with reputable companies or ISPs – there is simply too much at stake. With regards to NXdomain handling, I would say this is largely trying to be in the user’s benefit by showing something of marginal value, giving the user relevant options, rather than a useless error page. The challenge, of course, is relevancy – whatever shows in the page should be of value and relevant. In Paxfire’s case, they might be overstepping the bounds of consumer choice and assuming too much about the user when redirecting them to a paid (not necessarily most relevant) advertiser.

balu

wow..thank you dane for this nice article. i find 2 of them very interesting.. ‘clickstream tracking’ is really unpleasant. And at first, I was in doubt as to what is wrong with ‘affiliate program pumping’.. but ‘poisoning the affiliate ecosystem’ answered it precisely :)

Comments are closed.