Other Internet protocols could be facing a siege from ISPs



Original image by Dirty Bunny

Rogers, one of the two major Canadian Internet Service Providers, has been busy exercising their position of power. Again. After having been injecting content into HTTP webpages for half a year, Rogers has moved on to hijack DNS as well, replacing “not found” responses with pages full of ads. Though why stop there? Internet comes with many more communication protocols; plenty of opportunities to disrupt expected responses and inject unwanted ads into someone else’s content. All in the name of extra profits.

This is a hypothetical visual study of possible implications. All images below have been edited. It is not the point to single out Rogers; it’s just that they’ve started the trend that users disagree with. The point is that users should disagree with such actions. While not everybody might care about occasional unresolved lookups, there are other services that could be targeted next.

MSN, Yahoo, XMPP (and other) IM protocols

This one might be hitting a lot closer to home, for some, than seeing ads on “missing webpage” responses; even though it’s a similar concept. Only this time in your Instant Messenger. Every once in a while one would send a message just as the contact goes offline… more commonly it’s busy/away/whatever status… so many options to take advantage of!

WHOIS

WHOIS is a query/response protocol used to look up information about a domain. It would be easy to inject some plain-text advertising, along with the requested information. While only a small subset of the internet population uses this protocol, it is also a very specific demographic to be targeted with offers regarding domains and other web-related products.

RDP — Remote Desktop

While technically the data is encrypted, as it should be, it seems that older clients might use weaker protection schemes and be vulnerable to man-in-the-middle attacks. ISPs often happen to be in the middle. If one’s entire desktop is streamed over the internet, why not supplement some of the experience with sponsored offers?

BitTorrent

Actually a lot of ISPs already treat BitTorrent traffic in a special way. Though instead of annoying users with injected downloads and making money, ISPs often unfairly throttle this protocol, annoying users for free.

And more!

POP3/STMP — inject ads into emails!

— inject ads into emails! RTP — manipulate streaming audio/visual content.

— manipulate streaming audio/visual content. IRC — similar to Instant Messaging.

The good news is that we are not there, yet. The bad news is that not enough people seem to be aware of this creeping trend. The worse news would be similar tactics catching on in other communication mediums.

In a way an Internet Service Provider is very similar to a Postal Office. Their services are purchased in order to deliver data. Now imagine Canada Post (or FedEx or UPS) operating in a similar manner. It would be like reverse censorship — instead of taking content out, they’ll be putting more in, along with your original package. I’ll doubt they will get away with such practices for long.



Original image by arbyreed

Is it because snail-mail letters are sealed in envelopes, that we expect a them to be delivered without tampering (HTTP page content injection)? And similarly expect a certain level of privacy, instead of getting a package full of ads on topics of “return to sender” mail (DNS hijacking)? And that we expect any letter, regardless of content, having paid equal postage, to be delivered at a similar level of service (BitTorrent throttling)?

Perhaps we’ll need to start placing our internet packets in envelopes as well. Some people think we should encrypt all internet traffic. Besides implementation and adaptation difficulties, this would also add additional strain to the networks… but at least it would help ISPs to stay more honest. I just hope that we will not be forced to do it this way.

Read more