Discussion:
Charter Communications going to sniff traffic for advertising?
(too old to reply)
Jake Matthews
2008-05-14 20:31:57 UTC
Permalink
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.

Looks like the only way to somewhat opt out is by getting a cookie set
at the below link - which is not only a dumb idea, but still - not even
https.
http://connect.charter.com/cas/portal/settings/privacyoptout.aspx

Anyones thoughts on this?

-j
Jean-Michel Planche
2008-05-14 20:47:12 UTC
Permalink
In same spirit, something worst I think ...
If you are in some airport with a GSM/Wifi phone, you are going to
receive a mail, from local Wifi provider to explain you how to reach
his (local wifi) network.
Tested in Roissy / France, with iPhone. iPhone will switch from edge
to wifi connection. I think that some application try to reach their
server (like mail) and local provider sniff differents things (user
name / mail sure but what about passwd ??) to send you back an email.
Interesting ...



-----------------------------
Jean-Michel Planche blog: http://www.jmp.net
Chairman and co-founder Witbe web : http://www.witbe.net
Follow me http://www.twitter.com/jmplanche
-------------------------------------------
2.0 Monitoring : relevant End to End monitoring for critical app. and
carrier class services
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
Looks like the only way to somewhat opt out is by getting a cookie set
at the below link - which is not only a dumb idea, but still - not even
https.
http://connect.charter.com/cas/portal/settings/privacyoptout.aspx
Anyones thoughts on this?
-j
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Blake Pfankuch
2008-05-15 12:31:59 UTC
Permalink
I noticed this as well with a windows mobile device and activesync over the ail. Enforcing SSL communication seems to have fixed it, as I no longer get these after doing that. Of course this assumes that your mail server does not need plain text authentication. I noticed this a lot when I was flying back and forth from Houston and DFW out of Denver. Never identified the culprit of who was harvesting but....

-----Original Message-----
From: Jean-Michel Planche [mailto:***@witbe.net]
Sent: Wednesday, May 14, 2008 2:47 PM
To: Jake Matthews
Cc: ***@nanog.org
Subject: Re: [NANOG] Charter Communications going to sniff traffic foradvertising?

In same spirit, something worst I think ...
If you are in some airport with a GSM/Wifi phone, you are going to
receive a mail, from local Wifi provider to explain you how to reach
his (local wifi) network.
Tested in Roissy / France, with iPhone. iPhone will switch from edge
to wifi connection. I think that some application try to reach their
server (like mail) and local provider sniff differents things (user
name / mail sure but what about passwd ??) to send you back an email.
Interesting ...



-----------------------------
Jean-Michel Planche blog: http://www.jmp.net
Chairman and co-founder Witbe web : http://www.witbe.net
Follow me http://www.twitter.com/jmplanche
-------------------------------------------
2.0 Monitoring : relevant End to End monitoring for critical app. and
carrier class services
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
Looks like the only way to somewhat opt out is by getting a cookie set
at the below link - which is not only a dumb idea, but still - not even
https.
http://connect.charter.com/cas/portal/settings/privacyoptout.aspx
Anyones thoughts on this?
-j
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Owen DeLong
2008-05-15 13:34:25 UTC
Permalink
I've found that using SSL for all my SMTP and IMAP transactions
and not entering personally identifying information into non-SSL
web pages greatly reduces the amount of harvesting results I see.

As to Charter, I opt out by simply not purchasing anything from them.
It seems to work far better than bothering with their silly cookie
process.

Owen
Post by Blake Pfankuch
I noticed this as well with a windows mobile device and activesync
over the ail. Enforcing SSL communication seems to have fixed it,
as I no longer get these after doing that. Of course this assumes
that your mail server does not need plain text authentication. I
noticed this a lot when I was flying back and forth from Houston and
DFW out of Denver. Never identified the culprit of who was
harvesting but....
-----Original Message-----
Sent: Wednesday, May 14, 2008 2:47 PM
To: Jake Matthews
Subject: Re: [NANOG] Charter Communications going to sniff traffic foradvertising?
In same spirit, something worst I think ...
If you are in some airport with a GSM/Wifi phone, you are going to
receive a mail, from local Wifi provider to explain you how to reach
his (local wifi) network.
Tested in Roissy / France, with iPhone. iPhone will switch from edge
to wifi connection. I think that some application try to reach their
server (like mail) and local provider sniff differents things (user
name / mail sure but what about passwd ??) to send you back an email.
Interesting ...
-----------------------------
Jean-Michel Planche blog: http://www.jmp.net
Chairman and co-founder Witbe web : http://www.witbe.net
Follow me http://www.twitter.com/jmplanche
-------------------------------------------
2.0 Monitoring : relevant End to End monitoring for critical app. and
carrier class services
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
Looks like the only way to somewhat opt out is by getting a cookie set
at the below link - which is not only a dumb idea, but still - not even
https.
http://connect.charter.com/cas/portal/settings/privacyoptout.aspx
Anyones thoughts on this?
-j
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Jared Mauch
2008-05-15 13:46:05 UTC
Permalink
Post by Owen DeLong
I've found that using SSL for all my SMTP and IMAP transactions
and not entering personally identifying information into non-SSL
web pages greatly reduces the amount of harvesting results I see.
As to Charter, I opt out by simply not purchasing anything from them.
It seems to work far better than bothering with their silly cookie
process.
I think that's fine and all, but there are people where choice doesn't
exist.

I would chose FIOS (or a fios-like service) for my home internet.
That choice does not exist.

Verizon has not built that infrastructure in my state, nor does it
appear they have any plans to.

Where choice does not exist, and there is no high-speed duopoly to
choose between, what would you do? Build your own infrastructure a
few miles at a cost of $2-50+/foot?

- Jared
Steven M. Bellovin
2008-05-15 13:58:23 UTC
Permalink
On Thu, 15 May 2008 09:46:05 -0400
Post by Jared Mauch
Post by Owen DeLong
I've found that using SSL for all my SMTP and IMAP transactions
and not entering personally identifying information into non-SSL
web pages greatly reduces the amount of harvesting results I see.
As to Charter, I opt out by simply not purchasing anything from
them. It seems to work far better than bothering with their silly
cookie process.
I think that's fine and all, but there are people where choice
doesn't exist.
I would chose FIOS (or a fios-like service) for my home internet.
That choice does not exist.
Verizon has not built that infrastructure in my state, nor does it
appear they have any plans to.
Where choice does not exist, and there is no high-speed duopoly to
choose between, what would you do? Build your own infrastructure a
few miles at a cost of $2-50+/foot?
The other day, the Wall Street Journal ran a brief piece on VPN
providers... The threat they had in mind was wireless hotspots, but
any sort of on-link evil can be dealt with that way.


--Steve Bellovin, http://www.cs.columbia.edu/~smb
Christopher Morrow
2008-05-15 17:30:52 UTC
Permalink
Post by Steven M. Bellovin
On Thu, 15 May 2008 09:46:05 -0400
The other day, the Wall Street Journal ran a brief piece on VPN
providers... The threat they had in mind was wireless hotspots, but
any sort of on-link evil can be dealt with that way.
sure would be nice if some vendor would partner with a CDN-type group
(or a vendor that had enough 'local presence') to offer this sort of
thing... It doesnt' neessarily have to be IPSEC or SSL I bet... though
longer term SSL or IPSEC seem like better options (since phorm/blah
will quickly start poking into PPTP/gre tunnels as well).

Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs going
up/not-decreasing).

-Chris
Luke S Crawford
2008-05-15 18:14:31 UTC
Permalink
Post by Christopher Morrow
Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs going
up/not-decreasing).
Unlike running fiber to your door, renting a VPS and setting up a
vpn server is quite inexpensive to do yourself.
Christopher Morrow
2008-05-15 19:01:41 UTC
Permalink
Post by Luke S Crawford
Post by Christopher Morrow
Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs going
up/not-decreasing).
Unlike running fiber to your door, renting a VPS and setting up a
vpn server is quite inexpensive to do yourself.
note the 'close to the user' part of the plan ... limit addtional
latency and user experience hit. but other than that sure.
Steven M. Bellovin
2008-05-15 18:22:43 UTC
Permalink
On Thu, 15 May 2008 13:30:52 -0400
Post by Christopher Morrow
Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs going
up/not-decreasing).
They're not more trustworthy, but since they don't require widespread
local physical infrastructure it's potentially a more competitive
market.


--Steve Bellovin, http://www.cs.columbia.edu/~smb
Christopher Morrow
2008-05-15 19:07:35 UTC
Permalink
Post by Steven M. Bellovin
On Thu, 15 May 2008 13:30:52 -0400
Post by Christopher Morrow
Oh, how do you know you can trust the VPN folks anymore than the
cable-modem folks though? eventually the same cost issues are going to
arise for the VPN folks as did for cable-modem/dsl folks (downward
pressure on pricing and infra/opex/capex costs going
up/not-decreasing).
They're not more trustworthy, but since they don't require widespread
local physical infrastructure it's potentially a more competitive
market.
right, so not 'today' not 'tomorrow' if this becomes a service that is
percieved as valuable and useful more providers will pop in this
market (like cable vs dsl vs dialup), pricing pressure will start,
profit margins will shrink... then ... Oh look! If I give my user meta
data to CompanyX I'll get profit without any real capex expenditure!
Yea, free money!!!

So, how long until that happens? Hopefully when that happens there
will be enough other vpn provider options so it won't matter as much
as it does in the current US Duopoly... I mean 'competitive local
landscape'.

-Chris

Majdi S. Abbas
2008-05-14 20:49:49 UTC
Permalink
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
I think you'd find they'd run pretty far afoul of 18 USC 2511
for that, without prior consent (18 USC 2511 2) (c)).

I looked at that page, and as far as I can tell, they are just
referring to web ads, likely placed on their consumer portal site.

Where do you get the notion that they are intercepting traffic?
Everything I see refers to a third party ad network, with no subscriber
data provided by charter. i.e. a typical advertisers tracking
cookie.

Using another cookie to opt out of the first cookie isn't
unusual, since it's the same mechanism that would be involved in the
first place.

In any case, trying to correlate captured traffic to a
cookie that would only be exposed in web traffic and to the site that
set it, would not be reliably possible.

--msa
Jake Matthews
2008-05-14 21:19:26 UTC
Permalink
Post by Majdi S. Abbas
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
I think you'd find they'd run pretty far afoul of 18 USC 2511
for that, without prior consent (18 USC 2511 2) (c)).
I looked at that page, and as far as I can tell, they are just
referring to web ads, likely placed on their consumer portal site.
Where do you get the notion that they are intercepting traffic?
Everything I see refers to a third party ad network, with no subscriber
data provided by charter. i.e. a typical advertisers tracking
cookie.
Using another cookie to opt out of the first cookie isn't
unusual, since it's the same mechanism that would be involved in the
first place.
In any case, trying to correlate captured traffic to a
cookie that would only be exposed in web traffic and to the site that
set it, would not be reliably possible.
--msa
http://www.dslreports.com/forum/r20461817-HSI-Charter-to-monitor-surfing-insert-its-own-targeted-ads

Apparently, not just their portal.
John Menerick
2008-05-14 22:19:34 UTC
Permalink
Something Jon Devree and I were thinking about: How would they handle
cookies the size of 1 MB or larger? Scary as it sounds, looks like a simple
DOS attack waiting to happen :\


JOhn Menerick
Post by Jake Matthews
Post by Majdi S. Abbas
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
I think you'd find they'd run pretty far afoul of 18 USC 2511
for that, without prior consent (18 USC 2511 2) (c)).
I looked at that page, and as far as I can tell, they are just
referring to web ads, likely placed on their consumer portal site.
Where do you get the notion that they are intercepting traffic?
Everything I see refers to a third party ad network, with no subscriber
data provided by charter. i.e. a typical advertisers tracking
cookie.
Using another cookie to opt out of the first cookie isn't
unusual, since it's the same mechanism that would be involved in the
first place.
In any case, trying to correlate captured traffic to a
cookie that would only be exposed in web traffic and to the site that
set it, would not be reliably possible.
--msa
http://www.dslreports.com/forum/r20461817-HSI-Charter-to-monitor-surfing-insert-its-own-targeted-ads
Apparently, not just their portal.
_______________________________________________
NANOG mailing list
http://mailman.nanog.org/mailman/listinfo/nanog
Deepak Jain
2008-05-14 22:30:42 UTC
Permalink
Post by Jake Matthews
http://www.dslreports.com/forum/r20461817-HSI-Charter-to-monitor-surfing-insert-its-own-targeted-ads
This is definitely taking the position that its "their" pipe and not the
*Internet*. I can only imagine the issues that will get wrangled around
in the courts over this. (ahem, Google, ahem).

This is not fundamentally different than a TV station digitally
inserting their own ads on the stadium instead of whatever is there you
might see in person. This *seems* like a problem because most people
only have 1 connectivity provider at a time and often few options around it.

Regulation could address this, a differentiated service could address
this, but this smacks of paying for a service to then get additional ads
sent to you. (like everytime you dialed a number into your Skype for
Pizza Delivery, they sent you to their paid-Pizza Delivery provider
instead).

Depending on how invasive (or effective) this gets, it has wild
common-carrier implications.

Deepak Jain
AiNET
Patrick Clochesy
2008-05-14 22:40:42 UTC
Permalink
I think that a TV station cannot just digitally insert an ad into copyrighted material, as it would be considered a derivative work. .. they have approval and pay to do that.

I wonder what the legal implications for a web page would be, I would almost assume they would be the same.

-Patrick

----- Original Message -----
From: "Deepak Jain" <***@ai.net>
To: "Jake Matthews" <***@cia.com>
Cc: ***@nanog.org
Sent: Wednesday, May 14, 2008 3:30:42 PM (GMT-0800) America/Los_Angeles
Subject: Re: [NANOG] Charter Communications going to sniff traffic for advertising?
Post by Jake Matthews
http://www.dslreports.com/forum/r20461817-HSI-Charter-to-monitor-surfing-insert-its-own-targeted-ads
This is definitely taking the position that its "their" pipe and not the
*Internet*. I can only imagine the issues that will get wrangled around
in the courts over this. (ahem, Google, ahem).

This is not fundamentally different than a TV station digitally
inserting their own ads on the stadium instead of whatever is there you
might see in person. This *seems* like a problem because most people
only have 1 connectivity provider at a time and often few options around it.

Regulation could address this, a differentiated service could address
this, but this smacks of paying for a service to then get additional ads
sent to you. (like everytime you dialed a number into your Skype for
Pizza Delivery, they sent you to their paid-Pizza Delivery provider
instead).

Depending on how invasive (or effective) this gets, it has wild
common-carrier implications.

Deepak Jain
AiNET





_______________________________________________
NANOG mailing list
***@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
Simon Lockhart
2008-05-14 22:47:22 UTC
Permalink
Post by Jake Matthews
Apparently Charter is going to packetsniff its users and use that for
commercial purposes.
Anyones thoughts on this?
There's a company called Phorm (www.phorm.com) trying to do this in the UK,
running some trials with some of the large broadband providers.

It hasn't gone down well at all...

http://www.theregister.co.uk/2008/02/29/phorm_roundup/

Simon
--
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration *
Director | * Domain & Web Hosting * Internet Consultancy *
Bogons Ltd | * http://www.bogons.net/ * Email: ***@bogons.net *
Rich Kulawiec
2008-05-15 12:59:03 UTC
Permalink
Post by Simon Lockhart
There's a company called Phorm (www.phorm.com) trying to do this in the UK,
running some trials with some of the large broadband providers.
Phorm has been linked to the Russian Business Network (RBN), which
is unsurprising given that Phorm is in the spyware/adware business.
For a particular insightful writeup, please see:

Some notes from the Phorm sales pitch
http://yro.slashdot.org/comments.pl?sid=489948&cid=22777122

---Rsk
Loading...