Saturday, April 24, 2010

Windstream is hijacking Google searches

Apparently a few days ago, users of Windstream ISP services suddenly
discovered that their Firefox-based Google toolbar search queries were
being diverted by Windstream to an alternate Windstream-associated search service, through some form of DNS redirection ( http://bit.ly/aJ3WZB [DSL Reports] ). Complaints by subscribers resulted in confusing responses from Windstream, including the statement that the purpose of their redirection was only to deal with unresolved site lookups and that an opt-out was available. (Over on NNSquad, we've frequently discussed the unacceptability of such diversions on anything other than an *opt-in* basis.) Shortly after the initial Windstream explanation, a Windstream employee apparently said that: "We will be making a change to this service tonight based on feedback from our customers who wish to continue to use Google for the search box. We apologize for any inconvenience this may have caused." This is a most remarkable statement -- since it appears to imply that the diversion was not a mistake, but may have been an intentional 
redirection of Google-related traffic. After all, if someone is using
a Google search toolbar, one would typically assume that they want *Google* to supply the search results, right? You don't need rocket science to figure this out. Of particular concern are reports that these changes affected subscribers who were *not* using Windstream's DNS servers, but who had manually changed their DNS settings to other servers such as OpenDNS or Google DNS. If these reports are correct, they imply that Windstream was tampering with protocols via DPI (Deep Packet Inspection) techniques, which elevates the severity of the situation to an even higher level, regardless of whether or not "opt-out" mechanisms of varying effectiveness were provided. Many Windstream subscribers are very concerned about the privacy implications of this situation, and the apparent unwillingness of Windstream to clearly explain what they are doing and whether or not the diversion of Google search queries was intentional or accidental in the first place ( http://bit.ly/bUrgBF [DSL Reports] ). This all appears to be a very serious situation, and exactly the sort of problem many of us have been warning about for years. The first useful step moving forward regarding this matter should be for Windstream to immediately and definitively come clean publicly about what they did, what they are doing, and what their true intentions were and are. In the meantime, I invite Windstream (and other ISP) subscribers to use the info on the NNSquad Testing Your Internet Connection for ISP 
DNS Diversions page to test their ISP for DNS tampering, and to report
results to me as described on that page ( http://bit.ly/7DOv5Y ). DNS tampering is unacceptable and can easily create all manner of 
collateral damage. Interfering with Google's (or anyone else's) users
is atrocious, especially if done purposely. This is all yet another example of why moving toward reasonable 
regulation of the Internet access industry is so critically important.
--Lauren-- Lauren Weinstein lauren () vortex com Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, GCTIP - Global Coalition for Transparent Internet Performance - http://www.gctip.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein 

Posted via email from danny6114's Pre- posterous

No comments:

Post a Comment