Several US ISPs Hijacking And Redirecting Their Customers' Search Queries

Posted 08/05/2011 at 11:18am | by Brad Chacos

10

Comments

Print

What do you expect to come up when you search for a term in Google or Bing? Page after page of relevant results, right? Wrong, buster – at least if you're a customer of an ISP that engages in search query redirection. Late last night, a report surfaced that reveals that several ISPs, with the help of a company called PaxFire, have secretly been hijacking your traffic when you search for a certain major keywords. Why? Revenue, of course.

NewScientist broke the news, and the EFF has chimed in with tons of additional information. Hints of redirected traffic first surfaced earlier this year, when two research papers pointed out that all or most of the traffic directed at Bing, Yahoo! and Google were being redirected by some ISPs. Two separate investigations, conducted by the EFF and the ICSI Networking group, unveiled that HTTP proxies operated "either directly by Paxfire, or by the ISPs using web proxies provided by Paxfire ," are the ones behind the deed.

The redirecting only kicked in when major keywords, like "Apple," "Dell" and "Bloomingdales," were searched for. According to the reports, Paxfire selectively hijacks the traffic and redirects it to a marketing company, which instantly reroutes it to the homepage of the retail company being searched for. It happens without notification or consent of the user, and everybody along the chain gets a cut of the advertising commission – again, except for the user. If you search for "Kindle," you're sent to Amazon – no matter what the intent behind your search is. And Paxfire's privacy -- ha! -- policy says that may retain records of a users' queries. Does that apply for people who don't know their traffic is being hijacked?

Want names? We got names. The EFF and ISCI identified the following ISPs as actively involved in search hijacking: Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West, XO Communication, Fuse, and DirecPC. Additionally, Charter and Iowa Telecom hijacked search traffic in the past, but stopped within the past year. The shady ISPs have several million customers between them. Edit: Ars Technica is reporting on a similar finding by a Microsoft/Polytechnic Inst. of NY team. They've added Spacenet, Onvoy and SDN to the list of offenders and say that 2 percent of all US Internet users are affected by the nefarious practice.

The EFF calls out several of the marketing affiliates profiting from the search hijacking: "The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and Ask.com." Note that the Google Affiliate Network isn't Google itself – in fact, NewScientist says Google complained to ISPs about the traffic hijacking earlier this year.

Check out the NewScientist article and the EFF post for lots more information about the issue, especially if you're a customer of one of those ISPs. The EFF recommends running a Netalyzr test to see if you're affected by the problem. They also recommend installing the HTTPS Everywhere extension if you're a Firefox user; the encryption will prevent selective hijacking from occurring.

By the way, today, Reese Richman, a NY law firm, filed a class-action suit against both Paxfire and one of the offending ISPs, NewScientist reports.