Tuesday, 24 June 2008


Net neutrality again- another abuse, is it *finally* time?

Here we go again! Somebody called Nebu-Ad, with the connivance of some ISPs, has been caught modifying web pages:

“There was an extra 133 bytes of JavaScript code being added to web pages being sent...”

That bit of JavaScript code... instructed the browser to load additional script from the domain a.faireagle.com. (
FairEagle is a subsidiary of NebuAd...)
...while forging network packets from third-party sites...
“...even though it wasn't coming from Google, it was identified as being from www.google.com.”

I’m sure all you hackers out there immediately understood the humorous possibilities of hijacking the Nebu-Ad system. Start by using it to inject evil child pr0n onto random web pages, then stand back and watch the fun while the affected site owners (think NewYorkTimes.com, or Whitehouse.gov) try to explain all those embarrassing screen captures to the FBI. If that’s too noisy for you, there’s minor amusement to be had in touching off an IRS investigation of some innocent not-for-profit organization by loading its web pages with a bunch of commercial advertising. And just imagine creating some “extra” web ads for your “favorite” candidate, then tipping off the FEC. Why, the possibilities are endless!

Fun is fun, but enough is enough.  We already know that about 1 percent of web pages are being changed in transit.  There’s already a scandal underway in the U.K. revolving around secret tests (conducted by BT Internet) of a Nebu-Ad-like system that substituted ads while it silently tracked user behaviour.  Before that, Comcast got caught traffic-shaping-by-forging-reset-packets.  And then there are Verizon Communications’ senior vice president and deputy general counsel John Thorne and AT&T’s CEO Ed Whitacre, both of whom have been making “Nice packets ya got there... too bad if something might happen to them” noises in the direction of Google and Yahoo![1]  What’s become obvious is that ISPs can no longer be trusted to simply “deliver the bits.”

Aside from the problem of responsibility– how can a site owner be liable for something on a web page when what the viewer sees is different from what the server sent out?– and the possibility of massive copyright violation– does a modified page consititute a “derivative work”?– there’s also the likelihood of massive breakdown of the web’s advertising model. If ISPs substitute or inject ads willy-nilly, how can a site owner know that his ads are being seen?

The issue of advertising– who gets paid– may not be as vital to the web purists as the others, but because it involves massive amounts of money it will most likely determine the direction of any solution.  Site owners, not interlopers, need the proceeds of any clicks on their pages.  Advertisers require reliable site traffic stats when making their buys.  Both fail when ads are silently replaced somewhere downstream.  And nobody wants to be blamed for something they didn’t have anything to do with.

Look for the pressure to come from the advertisers.  Says Google spokesman Michael Kirkland, “We’re obviously aware of this issue and are looking into it.” Here’s hoping they decide to stop looking and start spreading some money in the direction of the boodlers in Congress and the FCC.

Meanwhile, we can all help things along by adding adjuggler.nebuad.com and a.faireagle.com to our HOSTS files.

Complete story at The Register
Download Robb Topolski’s report here [PDF]

[1] Though they poor-mouth their networks’ ability to handle high-bandwidth applications, there seems to be plenty of capacity to monitor their customers’ data for the RIAA and the MPAA.

Posted by: Old Grouch in Rants at 04:53:31 GMT | No Comments | Add Comment
Post contains 583 words, total size 7 kb.

Comments are disabled. Post is locked.
71kb generated in CPU 0.04, elapsed 0.2459 seconds.
51 queries taking 0.212 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.