Print
What do you expect to come up when you search for a term in Google or Bing? Page after page of relevant results, right? Wrong, buster – at least if you're a customer of an ISP that engages in search query redirection. Late last night, a report surfaced that reveals that several ISPs, with the help of a company called PaxFire, have secretly been hijacking your traffic when you search for a certain major keywords. Why? Revenue, of course.
NewScientist broke the news, and the EFF has chimed in with tons of additional information. Hints of redirected traffic first surfaced earlier this year, when two research papers pointed out that all or most of the traffic directed at Bing, Yahoo! and Google were being redirected by some ISPs. Two separate investigations, conducted by the EFF and the ICSI Networking group, unveiled that HTTP proxies operated "either directly by Paxfire, or by the ISPs using web proxies provided by Paxfire ," are the ones behind the deed.
The redirecting only kicked in when major keywords, like "Apple," "Dell" and "Bloomingdales," were searched for. According to the reports, Paxfire selectively hijacks the traffic and redirects it to a marketing company, which instantly reroutes it to the homepage of the retail company being searched for. It happens without notification or consent of the user, and everybody along the chain gets a cut of the advertising commission – again, except for the user. If you search for "Kindle," you're sent to Amazon – no matter what the intent behind your search is. And Paxfire's privacy -- ha! -- policy says that may retain records of a users' queries. Does that apply for people who don't know their traffic is being hijacked?
Want names? We got names. The EFF and ISCI identified the following ISPs as actively involved in search hijacking: Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West, XO Communication, Fuse, and DirecPC. Additionally, Charter and Iowa Telecom hijacked search traffic in the past, but stopped within the past year. The shady ISPs have several million customers between them. Edit: Ars Technica is reporting on a similar finding by a Microsoft/Polytechnic Inst. of NY team. They've added Spacenet, Onvoy and SDN to the list of offenders and say that 2 percent of all US Internet users are affected by the nefarious practice.
The EFF calls out several of the marketing affiliates profiting from the search hijacking: "The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and Ask.com." Note that the Google Affiliate Network isn't Google itself – in fact, NewScientist says Google complained to ISPs about the traffic hijacking earlier this year.
Check out the NewScientist article and the EFF post for lots more information about the issue, especially if you're a customer of one of those ISPs. The EFF recommends running a Netalyzr test to see if you're affected by the problem. They also recommend installing the HTTPS Everywhere extension if you're a Firefox user; the encryption will prevent selective hijacking from occurring.
By the way, today, Reese Richman, a NY law firm, filed a class-action suit against both Paxfire and one of the offending ISPs, NewScientist reports.
Comments are closed on this article
ashenoffken
August 11, 2011 at 8:29pm
Now even my innocent search queries are being exploited.. I just want to know where to find a good recipe of creme brulee, jeez..
Fisher Capital Management Warning
d3v
August 08, 2011 at 11:26am
OpenDNS is also advertising funded so LOL at all those citing it as the saviour.
anthroplop
August 06, 2011 at 9:58am
Briefly worked for a company that dealt Hughes as one of their side projects. Watching the sales representatives attempt to upsell that piece of shit service was disgusting. Viewing the brochure for a price-to-speed comparison was horrid. Every other small detail about Hughes made me want to vomit. This is actually one of the lesser atrocities being performed by those fucks.
If those other ISPs are anything like Hughes, then I'd suspect that the customers are being screwed in so many aspects that this is one of the least of their worries.
Eoraptor
August 05, 2011 at 3:18pm
Mediacom already does such a thing. Though they are slightly mor eupfront about it. Imagine my shock when I was at a customer's house doing an insiatll, typed in a search for belkin in my address bar in firefox, and got a big old "Mediacom Search" banner instead of my default search page.
I felt dirty.
anthroplop
August 06, 2011 at 10:15am
I remember that page. Mediacom was the only viable ISP for me a few years ago. During the early years the service was terrible and was always being shut off for supposed maintenance. Then things started going well enough until they completely disabled the service for 3 weeks and refused to credit me anything.
Here's to hoping some day businesses in general are held to a higher standard. One where fucking over your customers and telling "Kabir" to use the name "Joe" over the phone are viewed as despicable by the companies themselves, because these days our frustrations mean nothing.
At least tell "Joe" to use his real name.
Ghok
August 05, 2011 at 2:07pm
An ISP started doing this in Canada a few years back, to much outrage. (well, not exactly the same thing...)
Nip this in the bud.
I Jedi
August 05, 2011 at 12:35pm
If I read the article right, these ISPs are redirecting search traffic V.I.A. http proxy servers. If this is true, it gives all the more reason for many users to use OpenDNS over the default choice from an ISP. I have Road Runner, so I'm thankful they're not actively engaging in trying to shape my data traffic.
Holly Golightly
August 05, 2011 at 11:25am
Wha??? Boy, the day Cablevision highjacks their Optimum Online like myself, is the day I leave them forever!
I heart Bloomingdales.
