Confirmed: ISP modifies Google home page

Lauren Weinstein alerted readers that Canadian ISP Rogers was modifying the Google home page for some of its users:

Rogers intercepts and modifies Google home page

Go over to Lauren’s blog and click on the thumbnail to see the full-size image; it may be your only chance to see the word “Yahoo!” on Google’s home page in three different places. 🙂

Wired managed to snag an official confirmation from the ISP that Rogers is doing this.

I don’t always agree with Lauren, but I think we agree that this is pretty uncool.

141 Responses to Confirmed: ISP modifies Google home page (Leave a comment)

  1. P.S. If you’d like to hear more from Lauren, he did a talk at Google’s Santa Monica office last year: http://video.google.com/videoplay?docid=-2700379110263269822

  2. Matt,

    And what would your answer be to the question raised by Lauren:

    “Question: Will Web service providers such as Google and many others, who have spent vast resources in both talent and treasure creating and maintaining their services’ appearances and quality, be willing to stand still while any ISP intercepts and modifies their traffic in such a manner?” 🙂

  3. Rogers is a terrible company. I switched from their internet service a while ago and I’m really not surprised at this move at all. The Canadian ISP scene is pretty bleak. It would be nice to see Google take some legal action about this. You’re right. It is very uncool. Who wants content highjacked by their ISP? How can we know what is the real web and what is Roger’s latest marketing scheme?

    Please keep us update on this. I’m very curious to see what you guys do about it.

  4. Nick and Harith, it’s just my personal opinion that Rogers is being uncool. I couldn’t say what Google’s official take on it is.

  5. My guess is Google will see them in Court 🙂

  6. I found out about this yesterday on my nifty iGoogle homepage, via subscription to TechDirt:

    http://techdirt.com/articles/20071210/184436.shtml

    The headline is that Verizon is anti-spyware, except its own. Very precise and very compelling.

  7. Addendum:

    I could SWEAR for sure it said Verizon in the headline and at TechDirt yesterday. My bad, either it was corrected or I was seeing things and need more sleep.

  8. what are the implications for us webmasters? are there things we can do to prevent stuff like this appearing on our lovely ad-free websites?

  9. “Uncool”?!

  10. No, I haven’t gone daft (not yet). Quote from TechDirt:

    http://techdirt.com/article.php?sid=20071206/191923&op=sharethis

    =====================================

    Verizon’s Idea Of Security: We Block Spyware… Unless It’s From Our Partners
    from the security-for-the-weak dept
    Rich Kulawiec writes in after digging a bit deeper into a well publicized study done for Verizon, claiming that most Americans have a false sense of security on their computers. Digging a little deeper, you realize that the “study” is really a marketing ploy for a new security service Verizon is offering with RadialPoint (oddly, this seems to come just two months after Verizon announced a different security service). As for this new offering, there’s a free scan and then a subscription service. Of course, in order to run the security scan on your computer you need to: (1) be running windows (2) disable your pop-up blocker and (3) run IE. As Kulawiec notes, “none of which are good ideas for anyone who actually cares about security.” Kulawiec then went to check out the terms of service for the subscription offering and found some questionable claims:

    a. You acknowledge, agree and consent to the following: (i)
    the Radialpoint Software, in its default configuration, does
    not block ads from third parties or Verizon or its affiliates
    and business partners, and may not identify as spyware certain
    websites and applications from Verizon and its affiliates or
    business partners,

    and

    (ii) Radialpoint Inc. and/or Verizon and
    its affiliates have the right and do access and modify the
    Software as well as the software (including registry settings
    on your computer) and/or your hardware for various purposes
    in connection with the Service (e.g. for the installation and
    implementation of the Software and updates to it) as well as
    to download, install and/or gather, obtain, collect and then
    use, in relation to the delivery and operation of Services,
    various information and data, including information necessary
    to identify you and your computer to ensure that Services are
    received as well as information necessary for the reporting of
    these services , and (iii) use of such information and data by
    Verizon will be in accordance with Verizon’s privacy policy.

    That certainly sounds like Verizon won’t block spyware from ad partners and will also spy on you and report the data back to Verizon. Yikes. No wonder people’s computers aren’t as secure as they think. If they’re installing Verizon’s anti-spyware offering, the company’s own terms of service make it clear that you’re basically opening up your computer to them. As for not blocking partner company’s spyware, that’s the same thing that Yahoo got into trouble over years ago — but apparently Verizon hopes people have forgotten.

    ===================================

    If the commet is too long to “take” I’ll blog it and post a link.

  11. Correct me if I am wrong, but this really doesn’t have anything to do with Google at all, does it? Isn’t it just a warning that the user is or is about to go over their bandwidth limit for the month? Based upon my understanding the user would have had their page framed in the same manner if they had visited yahoo.com or any other website for that matter.

  12. Definitely a bad style practice and very suitable to be ilegal. I have seen an unusual behaviour in the Google homepage in Spain, no sure the same reason is behind, but in the “Go To Google” the domain pointed to is “Google.cat” instead of Google.es… weird…

    http://seopositivo.blogspot.com/2007/12/googlecat-por-defecto.html

  13. damm thats scummy

    Some marketing weasel needs to get a p45

  14. It seems bizarre that they would only be targeting Google – surely if they’re trying to send a message, they’ll display it on every web page until the user clicks either of the two acknowledgement links.

    Of course, that doesn’t make it any more acceptable!

    The sad thing is that it appears they’re trying to be good – alerting a user that they’re reaching their limit and will start paying unless they stop what they’re doing, quickly. Best intentions, etc.

  15. As far as I can tell:

    1. This isn’t specific to Google – they serve on every site.

    2. This isn’t an ad/promotion of their products, it’s a notification that the user is reaching their bandwidth limit.

    It probably doesn’t need to be so overwhelming, but as long as this only appears once or twice it’s not too annoying.

    My ISP serves interstitials for this type of thing which are much more of an interruption.

  16. So it would be nice if Google (and other) sites would allow https to prevent such man-in-the-middle attacks.

  17. I don’t really see what the big deal is. So they made a change in the world most popular frontpage. I would say this is a rather clever way of keeping their users updated on their bandwidth usage.

  18. This is essentially fear-mongering. I’ve debunked it on my blog, but that’s shouting to the wind.

    DEBUNKING “Google Hijacked” – The Sky, err, The Internet, Is NOT Falling!

  19. What’s the big deal? It’s another form of a pop-up that can be easily closed and dismissed.

    Were they also modifying search results to hide any controversial topics in Canada? Because that would be seriously uncool.

  20. Matt –

    Time to buy that pesky country and turn it into Googleplex/North.

    On the upside, you’d control the tar sands and could force people to drive Prii and walk around with solar headgear.

    -OT

  21. While I don’t agree with that kind of marketing, it’s certainly an original idea. Fortunately my ISP knows better than that, though. 😉

    Steve

  22. You seem obsessed with the fact that it’s on a Google page. This could be on any page. They are trying to provide courtesy to customers similar to how some cell phone companies send you a text message when you’re almost out of minutes for a month or some hosting providers send you an email saying you’re almost out of bandwidth. I would prefer to have this message show up than receive a bill where I have extra charges tacked on because I used 100 GB of internet this month.

    Maybe you feel like taking a hard line is necessary for when ISPs abuse this, but that’s where there’s a need for consumer choice so people can switch. Unfortunately, there isn’t choice for a lot of people right now.

  23. Can’t the user simply use a Greasemonkey script to get rid of these type of annoying banners, headers and ads?

  24. Matt,

    I’d be curious – is this coming up on every page for the user or just Google in general? Scummy, yes… but bandwidth charges from their ISP? Sounds like they need to step away from the internet for a little while :).

  25. OT but you might be interested in this thread on linked in

    http://www.linkedin.com/answers/technology/web-development/TCH_WDD/140727-5396830?browseIdx=4&sik=1197376848698&goback=%2Each_TCH

    Some people offering cloaking services are respnding to this guy asking a basic seo question (i tried emailing you but it bounced)

  26. I agree with SEO mash and Seth. Isnt this just ISP spam that would appear on any website, not just Google.

  27. One one hand, drop the hammer on them, on another, at least they are using Google, and on still another, at least the customer is being warned that are about to be scalped for bandwidth charges! Walk gently…

  28. Although I do agree that modifying the look of someone else’s site is probably not the best way to go about his, in that particular situation, looks like it’s pretty clearly labeled as what it is and I can’t imagine anyone would think this is part of Google’s home page…

    One thing I definitely disagree though is the way the news is reported… this article, and especially the one it links to, is more misleading than the ISP’s bandwidth warning message IMO. This has nothing to do with Google… This message appears on any site you first load in your browser right?

  29. I guess that ISP just killed it self.

  30. Bushido – why should users have to? You shouldn’t have to install extensions and filters just to see the web properly and remove crappy advertising.

    Here’s a question, to spark debate: Does this differ from Google’s (or any other image search engine come to that) own framing of other site’s content on their image search, from a moral perspective?

  31. poor google..

    greed begets greed…..

  32. Omar Yesid Mariño

    That is really an abuse. It is the same as the journalists manipulating the news on television.

  33. I think there is a potential for wrong doing here but I don’t think that this particular example is evil. I remember a few years back trying to log into airport wifi and being hijacked with ads on top of everything, that’s much closer to evil than this. This really does just seem like an isp warning it’s user of a nearing bandwidth limit.

  34. They at least put a “click here if you do not want to receive this message any further” on it. Doesn’t really seem like an issue to me.

  35. I wonder what the copyright issues are here. As webmasters/content producers, don’t we have certain rights over the content that’s displayed on(or over) our sites?

    I, as well as about 95% of the Internet these days, basically survive on ad revenue. If an ISP is doing this, isn’t it actually stealing from us? Isn’t it subverting/interfering with branding?

    Isn’t it markedly degrading the user experience, and thereby violating the customer’s access to material?

    What if an ISP decides to run advertising which is in direct conflict with the content provider/users? For example, it is entirely likely that porn ads, spyware, or anti-semitic banners and ads could be over-laid on Disney.com, or HolocaustSurvivors.org !?! Or Democratic candidates’ ads on Republicans’ sites, and vice versa… This simple act of overlaying content/ads on others’ sites ALREADY confirms that this is an unethical company, so such inappropriate advertising is entirely within the realm of possibility.

    What if ads/messages are displayed which violate others’ copyrights? Who will be held responsible? Will content providers with absolutely no knowledge of which ads were displayed on/over their sites be hauled into court to defend themselves against an ISP’s actions?

    It’s only fear-mongering if it is unlikely…
    This is FAR too real to be ignored…

    End Rogers, Google. You’ve got the $ it takes to financially/legally bury Rogers — and in this case, you’ll be sticking up for every “Little Guy” on the Net who can’t afford to defend him-/herself. Make an example of them, so no one else decides this is a good idea to make an extra buck.

    Now THAT constitutes an opportunity to live up to your motto!

  36. Aaron re Doesn’t really seem like an issue to me.

    and Seth re fear mongering

    Trouble is you start putting your common carier status at risk if you start doing this and ther will be plentey of induhviduals who will try and extort money.

  37. This is not new, and is hardly newsworthy. I’ve seen the same thing done on free wifi networks, and in hotel provided wifi for about a year. The intent of this specific message is not much different than forcing the user to a User Agreement page at the start of a session, which seems pretty reasonable.

    A couple things that would make this evil:
    – They display ads based on the page content or URL (ie: displaying Ford ads on a Chevy website)
    – They interfere with the intended presentation of the page (ie, replacing paid links with their own, obscuring page content, etc)
    – They target only certain websites
    – They modify the page content
    – Their javascript breaks other javascript on the page

  38. Seth, I’m not trying to say that the sky is falling. But the trend toward deep-packet-inspection by ISPs is disturbing enough. I didn’t know that they could splice new content into web pages at will, for example.

  39. Just checked out Lauren’s site — Rock On! “Brother Biker Helps Bust Robber-Baron ISP”

    😀

  40. “Can’t the user simply use a Greasemonkey script to get rid of these type of annoying banners, headers and ads?”

    My grandmother has the worst time debugging greasemonkey scripts that she creates between knitting and driving 20MPH on the highway.

  41. Matt, you do realize that Rogers is injecting this message on ANY web content, not just Google, right?

    And Nick, you do realize that the city of Toronto alone has over 70 ISPs, right? And about 3/4 of those are broadband DSL. I’d hardly call the “Canadian ISP scene” bleak. The USA on the other hand…

    A few years ago Rogers called me, saying I’d crossed some invisible line in the sand by downloading too much while using their “unlimited” internet access. I ditched them for several years but came back to them when I moved. At least nowadays they’re upfront about their caps, and I presume they switched to this notification technology to minimize having to break the news to people over the phone. FYI, the cap for Rogers Express, their most popular package, was 60GB/month when I subscribed last year, but the screenshot shows 75GB/month so maybe it’s been increased.

    And for the record, I absolutely despised Rogers a few years ago but my wife and I have had almost nothing but pure bliss with their service nowadays. We have Rogers Extreme which gives 8Mb down and 1Mb up with 100GB/month cap. We download plenty since we ditched our TV cable and watch nothing but Miro and torrent content. We’ve never been notified of any overage, but if we do at least we’ll know when we’re 75% of the way there so we can ration it out.

  42. This looks like a notification of an over limit account. Are you sure they are doing “deep packet” inspection or did the user possibly reach a transfer limit and happen to be on the google homepage?

    They may be splicing it in at will, they may also be splicing it in at the will of the user. It is possible that this user downloaded certain software and agreed to the insertion (which would save the user money on overage fees, surely something you are not against?)

    Maybe I am confused but I think you are making a mountain out of a molehill on this one.

  43. SEO Mash…. stop being so observant, you’ll ruin the fun.

  44. Well, there are two issues here. One is this specific modification, which to me isn’t a big deal. I have Comcast, and I’d love to get some sort of notification if I’m near their invisible and undisclosed transfer limit.

    Then there’s the Pandora’s Box that this opens up. How big of a jump is it to quietly changing ad banners to ones that will make them some money? No difference technologically, so it’s based on whether or not you trust your ISP not to try something sleazy like that. I don’t think many of us have lots of faith in our ISP’s non-sleaziness.

  45. geeze talk about overreaction, i mean is it so bad that the isp gets paid for the bandwidth its users are taking? I think that its actually a pretty smart way to get the attention of people, cause emails Im sure get overlooked. This would get my attention.

    google doesnt have any control over their page once it gets requested and uploaded to the end user from the server anyways. compared to what china is doing this seems hardly post worthy at all.

  46. I am not in a position to replicate this, so could you clarify a few points for me please:

    1. Is this specific to Google pages or is it being applied across the board.
    2. Is this a frame or is it actual HTML injected above the page’s own HTML?
    3. If it is not widespread and not a frame, are the sites targeted all similar in the simplicity of their HTML?

    It looks like an ISP simply injecting an easily disabled warning to subscribers who are about to exceed their bandwidth allowance for the given month above web pages in their browser.

  47. Chris – they have to do deep packet inspection (i.e. intercept and modify the data field of packets, not just the headers) in order to insert any kind of notice. They have to parse the HTML and modify it in a fairly smart way to make the message appear as part of the Web page. If it’s being inserted on pages other than Google too, that is in some sense even worse because it means they’re breaking into and modifying packets across the board instead of just to Google’s IP addresses.

    The end result is that you can’t trust Web pages viewed through a Rogers internet connection – because you can’t be sure how much of the page is really from the server you meant to connect to, and how much is inserted or modified by the ISP. You just have to take their word for it that all they’re doing is inserting “over bandwidth” messages and that they’re not examining the contents of your pages in a more seriously privacy-violating way. The infrastructure needed to insert these messages is exactly the same as the infrastructure needed for an illegal wiretap. It’s not a good thing to have this kind of thing going on no matter how innocuous the claimed purpose may be.

    Physical analogies are dangerous, but imagine the pizzaria that, for extra convenience, doesn’t require you to come to the door and pay for your pies. Instead, the delivery person will pick the lock on your door, enter your home, and place the pizza directly on your table, while their staff in the back office are breaking into your bank’s computer to transfer the money directly out of your account. No need to even give them your account number. They already know it. This special service is provided free of charge, by default, and it’s not advertised. You don’t know it’s going to happen until after it does. If you wish, you can opt out by telling the pizza delivery person “don’t do this again” when you discover him or her unexpectedly inside your house.

    Should pizzarias operate that way?

    ISPs should not, and that’s an absolute. It doesn’t matter how innocuous their claimed reason for doing it might be.

  48. While I don’t condone altering someone else’s web pages, at least the Rogers manipulation is obvious.

    In contrast, the RedZee Top3 Program uses a toolbar that actually manipulates the Google search results in order to inject unmarked sponsored listings (http://www.searchengineguide.com/ross-dunn/seeing-red-sear.php).

  49. I worked for an ISP back in ~1999 who had developed these types of capabilities, but had not actually used it for obvious reasons. No matter what way you stack this up, it’s bad news.

    Comcast Blocking Bittorrent
    AT&T Silencing Bush Bashers
    Rogers Hijacking Web Pages

    Seems like the best cases for Net Neutrality are made by the ISPs themselves 😉

  50. How is this any different then when a hotel frames a page with there info…or what about how about.com frames sites?

  51. Oliver Taco might be joking about Canada, but North Dakota actually makes sense. Build a few data centers, convert the rest to wind power and organic free-range buffalo ranches, and the best part is, you get two US Senators. Even MSFT has to share its Senators with Boeing.

  52. And now, a Canadian perspective…

    First of all, for those of you who don’t know what Rogers is, they’re not just an ISP…they’re a giant conglomerate with their hands in a lot of pies. Here are some of them:

    Cable ISP (which they pretty well have a monopoly on in Eastern Canada)
    Cable TV (see cable ISP)
    Telephone service
    VoIP
    TV stations and their associated websites (e.g. Sportsnet).
    Radio stations (e.g. The FAN 590)
    The Toronto Blue Jays baseball club
    The former Skydome, now known as the Rogers Centre

    So they’re not some small pissant company, and if Google were to try to sue them, they’d battle another company whose pockets are at least comparably deep to their own (quite possibly a lot deeper). Google suing Rogers? Don’t hold your breath….although it would be a hell of a battle from a purely outsider standpoint.

    Next, there may be a deeper issue here that no one has considered: did the user install Self Healing Software? For those who don’t know, Self Healing Software is a piece of software included with every residential Rogers cable internet install and according to Rogers, designed to diagnose and fix common network errors for the average user…and like most software of this type, totally useless. It wouldn’t surprise me if the “concerned reader” installed the software, not knowing any better, and thus opened the floodgates. I not only use Rogers myself, but most of my clients use it at home and at work, as do most of my friends and family (including a Bell technician, which I always found kind of funny), and no one has mentioned this to me yet. With the friends I have, this should have come up by now.

    And, as Pratt said, it has the option to disable the messages. Assuming the option works, the user disables the messages and it really isn’t that big of a deal. It doesn’t appear to be Google-specific, either, since the user has at least one other tab with the same message (that could come from any site.)

  53. And Nick, you do realize that the city of Toronto alone has over 70 ISPs, right? And about 3/4 of those are broadband DSL. I’d hardly call the “Canadian ISP scene” bleak.

    And all of those DSL companies are at the mercy of Bell Canada (aka the ultimate spawn of Satan) and its monopolistic deterioration of the phone lines. “Our mandate is to provide reliable telephone service first, and reliable Internet service second.” Translation: we’ll just keep splicing and splicing lines rather than adding in the central offices required to properly service new lines and customers.

    Rogers isn’t exactly a great company either, but they’re a hell of a lot better than a DSL alternative around here. And unlike Bell, they’ll at least give you an explanation of the issue and assume some responsibility. There’s also nothing quite like hearing from a Bell technician that the reason your phone line was crossed is that another technician can’t count.

    Nick’s right. The Canadian ISP scene is bleak, and there’s no sign of it improving in the future. Rogers is “okay”, and that puts them at the top of the dung heap.

  54. Not that I think this is cool, but….

    I don’t see why this would be illegal at all and why it couldn’t be used as a way to raise revenue for ISP’s.

    Why should content delivery system like ISP’s be disallowed to display content to their users? I don’t see it as violating any law. Don’t newspapers place ads in their own newspaper for free? Don’t cable companies advertise their services on their own cable channels? Hell, our weather channel runs local ads in a box that scrolls across the bottom of the screen.

    Let the market figure it out. Maybe offer 2 levels of internet service, one that is subsidized by advertisement and one that is free of ads, but cost more money.

    This only appears wrong because we have never seen it before. Don’t you think that if people watched TV for years with no commercials and then the first commercial appeared that the viewing public would be upset?

  55. Matt, could really use your help, any chance you can email me?

    Thanks,

    OnlyMe

  56. If it were OK to alter others’ websites and force customer notifications, what would stop them from adding a little extra later on, like news about the ISP, other products from the ISP, and before you know it, links to its partners?

    What if they leave Google or Yahoo alone and start targeting websites selectively?

    An email alert is sufficient as a bill reminder or over-the-limit reminder; let’s not display a warning message on my TV screen everytime my Satellite bill is due in 5 days.

  57. As long as the message that appears are ONLY essential service messages to account holders then I don’t see the problem, the fact that they chose the Google homepage even makes sense – lets face it most people go to Google more than any other site.

    Now, with that said, if they cross the line and start selling ad space then that is a whole different matter, they should then be burnt at the stake!

  58. Whether this is right or wrong (or good or evil) seems like a judgment call. Just look through a few of these posts and you’ll see it’s all over the map as to what people think about this.

    It’s a judgment call just like Google penalizing sites that sell text links and PR is a judgment call. Rogers could make the same argument that Matt made last week – this warning is for the benefit of their users.

    Personally I don’t see anything wrong with Google penalizing sites that sell PR text links (even though I actually do it on several of my own sites) nor do I see anything wrong with an ISP inserting helpful content. It’s their company and they can do what they like. And if either company’s user base doesn’t like it they have other choices, too. I can buy the argument that a company tries to do what it thinks is in the best interest of their users.

    But I find it ironic that Matt thinks this judgment call is “uncool” while he thinks Google’s judgment call of penalizing sites that sell PR text links is apparently quite cool.

  59. Matt is correct. I agree with him 100% that Rogers’ behavior in this regard is uncool. Actually, “uncool” is an appropriately diplomatic term, but get me over a drink and I’ll probably offer a more descriptive invective to illustrate my feelings on this issue.

    It’s a mistake for anyone to judge this event in terms of the relatively benign notification message that was displayed in the current test environment. Just a glance at the PerfTech home page
    ( http://www.perftech.com ) reveals immediately what this all is really about — ISPs interjecting themselves into unencrypted server-user communications for their own commercial purposes, significantly modifying the user experience that Google and other Web sites carefully construct with considerable effort and expense.

    But putting aside the specific content of such intruded messages, imagine for a moment the reaction if the postal service pulled a similar stunt? What if your personal mail was opened, USPS promotions and perhaps ads inserted, the envelope resealed, and *then* delivered? How would most people react? Not very well, I’d wager.

    ISPs are moving in exactly this direction. Not satisfied with the income streams from being “merely” Internet access providers, they increasingly feel that they have the right to slice and dice the relationship between Web services and those services’ users as they see fit.

    If this is not halted, either through policy, legislative, or (as I’ve suggested in follow-on blog postings) pervasive encryption, we’ve seen only the tip of the ISPs’ noses under the tent. Unchecked, their entire bodies will soon follow.

    –Lauren–
    lauren@vortex.com

  60. Matt, hardly what you are portraying I have been using Rogers for many years they are just as “Net neutral” as any other Telco. WiMax will kill them all and we can go on to a completely Google net… and you and your employers will be happy you have wrung every last dollar out of the system. Rogers can do what they want with their system just like Google can with their NOFOLLOW link stuff. At least they didn’t guess what the users usage was, unlike, Google guesses at the intention of publishers and directory owners link intentions are. This is definitely a case of the kettle calling the pot black!

  61. Matt is correct. I agree with him 100% that Rogers’ behavior is decidedly uncool. Actually, while “uncool” is an appropriately diplomatic word, get me over a drink and I’ll probably provide a more illustrative invective that better demonstrates my feelings about this issue and why I blogged it in the first place.

    I believe it’s a significant mistake for anyone to be sidetracked by the relatively benign nature of Rogers’ injected message (which, by the way, could have been presented via a “splash” page without actually altering other sites’ appearances — even though that approach would also be problematic). All it takes is a glance at PerfTech’s home page ( http://www.perftech.com ) to see that the big ticket application for the associated equipment is the insertion of promotions, ads, and other ISP-generated revenue-enhancing (for the ISP) materials into the communications of unaffiliated Web services and those services’ users.

    It’s useful to imagine how people would react if the USPS pulled a stunt like this. What if your personal mail showed up with the envelope having been steamed open, various postal service promotional and third-party ads stuffed in, the envelope resealed, and then delivered. I’d wager most folks would be quite unhappy at that sort of intrusion.

    Various ISPs now feel empowered to create new revenue streams by slicing and dicing their subscribers’ Internet communications, the negative impact on the user experience that had been carefully crafted by Web services be damned.

    In the absence of policy or legislative remedies — or a move to pervasive encryption as I have proposed — we can be sure that we won’t be dealing just with the ISPs’ noses under the tent, but with their entire bodies crowding in before we know it.

    –Lauren–
    Lauren Weinstein

  62. Matt,

    I like reading your articles, but this one makes me scratch my head. #1, they aren’t altering the web page, as that notification isn’t in the webpage, it’s in a frame above the web page. #2 I could see if there were promos in it for products, but all it is, is a bandwidth usage warning. I think this is fine as it has an option not to see the warning again. I think it is a lot better that they show a warning instead of nothing and then bill you for the overage without knowing you went over, now that would be a sneaky tactic. Too much is being read into this.

    This is not something that they picked on Google’s site for. It is a random notification of someone’s bandwidth usage coming close to going over the limit, period.

  63. Matt – After becoming ‘visible’ again in the search world these past few months, I simply amazes me, not only how many people consider themselves SEO’s but that there are numerous SEO organizations. The bottom line here gang is that Matt and others promote this dialog, They attend the conferences, and travel to meet with webmasters AND SEO’s. This outreach is the only way we’ll maintain any kind of order in the search world (especially for blogs!). The dialog is VERY important. Search effects everyone and anyone on the Internet. Whether we all agree or not doesn’t matter at this stage. What matters is that the dialog (in a whole bunch of languages worldwide) continues. Imagine the POSITIVE possibilities, for health, education, and yes for business, whether it’s from Google or a potential competitor.

  64. Matt, following on the heels of this post, have you heard anything about wibiki dot com? It appears that by signing up with them, and adding their DNS server address as your primary DNS server, they are able to display pages with Adsense ads replaced by wibiki content, eventually I fear will be ads as their TOS states. When I look at the source code, the adsense code is still there, so what will happen when a user clicks the wibiki content? Will the adsense publisher get a click credit and maybe even a ban if its on their own domain? What do you think about that?

  65. P.S.
    I do understand that it is an Opt-in service, and can be turned off at anytime.

  66. OT:
    I have seen over 100,000 links in Google where a site uses proxys to hi-jack (???) sites. Some of the sites that have been hi-jacked have been de-indexed. I am not sure there is a connection, but I would appreciate if MC would look into the matter.
    The site I am talking about is surffreedomDOTcom and if you do a search for example for: surffreedom insurance you’ll see what I am talking about. That site should be Ceased ad Desisted ASAP.

    Sorry about the OT

  67. I was working for an ISP/software developer in 1995-1997 and I remember my boss telling a few of us about inserting our own ads on web sites our customers visited or replacing other people’s ads with our own ads. Or both — it’s been at least 10 years and I’m not sure of the exact scenario.

    As a natural skeptic, I wondered how we could get away with it. He said he checked it out with “The Lawyers” and they said that as an ISP we had the legal right to insert/replace ads. Although I left the company in April 1997 the conversation might have happened later (1998/1999) since I dropped in now and then.

    I wish I had taken notes and also asked him for more specifics about what the lawyers said, but it didn’t seem like a big deal. I know we never carried out his idea.

  68. OpenDNS are being damn cheeky by resolving http://www.google.com to their servers + I guess from there transparently intercepting google searches

    http://security.has.no.com/2007/11/28/opendns-intercepting-google-search/

  69. this won’t last

  70. What you see is not what you get.
    In fact, what you think you get is not what you get.
    Even worst, what you don’t want, you get.

    What if we could get only what we wanted.
    Or what if an entity could guess what we wanted and gave it to us.
    And what if that entity could also zap out things it guessed we didn’t want and replaced it with those that we wanted.

    May be one day, we can get it …

  71. Roger ISP have just also harvested a lot of attention in Russia due to completely separated issue.

    They blocked (via their dns caching servers) access to a huge part of .ru sites. Been precise – to all sites having their DNS servers on RU-CENTER (registrar company very popular in Russia). According to RU-CENTER: after blaming in spam (by general phrases) them Rogers had refused to provide any additional details to resolve the issues.

  72. Sergey: the word “Viagra” comes to mind.

  73. calling Rogers an ISP doesn’t really grasp it .. good luck fighting it. Roger’s owns Canada. They have more money than Google .. gasp.

  74. When one signs up for Rogers, they are given an installation CD. In the CD is the installer which will add some extensions to your browser (read hijacks browser).. The browser’s header after the installation reads – “Microsoft Internet Explorer provided by Rogers”, they also have a little Rogers icon in the browser, change ur home page to Rogers and all.. I don’t think they are doing any DPI, though. It’s an overlay notification message which appears on any website, not necessarily Google. But if you don’t install Rogers setup and other “utilities” from that CD, I’m sure you wouldn’t be seeing that message..
    Just my $.02.

  75. That’s a scummy thing for an ISP, or anyone, to do.

    But I’m wondering how much more scummy it is than some other practises on the web – like a search engine altering other people’s webpages at the request of the viewer, but without the permission of the pages’ owners. I’m talking about Google, of course, and their Autolink bit of the Toolbar. That’s almost as scummy.

    And what about showing other people’s work in you own websiite – e.g. all the images that Google shows people, and the caches of pages that they show in their own site.

    For some of those things, there’s an opt-out for webmasters, but not for the scummy Autolink, which is the closest that Google gets to that ISP’s scummy efforts.

    The words “pot”, “kettle”, and “black” spring readily to mind.

  76. Matt,

    This whole thing you bring up made me think of advertising on tv and using tivo to filter out the commercials. What that ISP does can also be done by software on your pc. How much of a worry does Google have in relation to “Tivo-ing” PPC ads out of the web pages?

  77. That’s messed up Matt. I understand the bandwidth message idea but they should at least be sensitive enough to remove the Yahoo branding because then it becomes more than a system message, it’s a marketing vehicle. If they have the right to do that, what’s to stop ISPs from super imposing their own navigation menus connection? Or toolbar? And you can see where that would make a lot of money and at the same time be a terrible user experience..lol. Roger’s should ditch any and all marketing on a system message outside their own logo.

  78. Ewwww… That junk is ruining the clean design of Google’s homepage.

  79. How long before the “message to client” is replaced by ads or other content chosen by ISP. This, or any other interference of my communication by my ISP, is not tolerable. If I want to see my bandwidth usage I log into customer panel. Also, illegal tapping comes to mind, though they probably safeguarded themselves with in their COU. I would find a new ISP sooner than inserted content can display on my monitor.

  80. That’s a scummy thing for an ISP, or anyone, to do.

    But I’m wondering how much more scummy it is than some other practises on the web – like a search engine altering other people’s webpages at the request of the viewer, but without the permission of the pages’ owners. I’m talking about Google, of course, and their Autolink bit of the Toolbar. That’s almost as scummy.

    I hope you are sitting down PhilC, as I agree! 🙂

  81. I think Lauren has just proven that Canadians are not only the nicest people on the planet, we are the smartest people too 😉

    Great job on capturing the screen shots Lauren!

    Canadians Rock!

    Ahhhh darn, I gotta go catch the highlights of the Vancouver Canucks beating the Ducks now….

  82. I don’t think the issue is necessarily about what the message displayed in the screenshot actually says, or the fact that it happens to be on Google. Its the implications that this company is doing this sort of thing and the lengths that they could take it to if they’re not stopped.
    I personally DO think this is worrysome.

  83. Greetings. Some of the reactions I’ve seen to this story have brought up the issue of ad bocking, seeming to suggest that if users blocked most or all ads via browser add-ons or other means, questions of tampering like the Rogers insertions into the service-user communications channels wouldn’t matter as much.

    My view is that we need to establish the principle immediately that ISPs, without explicit authorization, should not tamper with the content of subscriber communications. And that doesn’t mean legalize buried down deep in the TOS that most people don’t have the requisite law degree to understand, either. Users — and the Web sites that they frequent — need to know that their communications are not being adulterated. There’s a basic principle at work here — if ISPs feel empowered to modify unencrypted communications in any manner that they see fit, the implications are staggering for the Internet and its users.

    Now back to ad blocking. In response to ad blocking software, some observers have maintained that such activities should actually be illegal — yes, they’re serious. Their theory is that users who block ads are violating an implicit contract with the ad serving entity.

    I find the concept of the ad police banging down doors (figuratively speaking of course) completely unrealistic. But I do think that people should consider long and hard before going gung-ho for ad blocking systems.

    Regardless of any implied contracts, it’s important to remember that most of the key Internet services we depend on today are ad sponsored. If ad blocking became the rule rather than the exception, the entire structure of the Internet could change in significant ways, with “pay as you go” for each service becoming the standard model. I personally prefer the existing ad-sponsored form, and don’t want to have to insert a quarter each time I visit a Web site (so to speak).

    So while some persons promote widespread ad blocking, I suggest considering that getting what you wish for in such a situation may be something of a nasty surprise — with unintended negative consequences of a very significant sort indeed. I blogged on this issue in more detail fairly recently: “Blocking Web Ads — And Paying the Piper” ( http://lauren.vortex.com/archive/000281.html ) and I invite all input on this issue of course. Thanks.

    –Lauren–
    lauren@vortex.com

  84. I don’t have a problem with the cable company displaying content to their users but I do have a problem with them tampering with and breaking other people’s web pages, violating copyrights, etc.

    I’ll bet Google is a target page just because it’s so plain and less like to break, or have the message lost in a wacky color scheme on some site.

    The proper way for the cable company to do this would be an interstitial that displays a page of it’s own, then redirects to where you wanted to go in the first place after you click CONTINUE or something.

  85. The issues at stake here may not be immediately obvious to those who don’t know how the Internet works “under the hood”. But suffice it to say that Rogers’ has crossed a very bright and extremely important line. They are taking data packets that were sent to you — not them — by remote sites and opening and modifying them.

    This is exactly as Lauren said; it’s as if the post office opened your letters from Grandma, removed anything “offensive” (say, any mention of UPS or FedEx), inserted their own flyers, and resealed the envelope. And when you ask why, they say they’re really and truly concerned that you might run out of postage stamps, and while they do send their own flyers they’re afraid you might miss them in the general torrent of junk mail.

    Again, this is EXACTLY what they are doing to Internet traffic. Why? Because they can.

    Fortunately, we don’t have to just take it. We can and should lobby for network neutrality laws or rules, and they just became a little more likely thanks to this stunt.

    But our strongest card is encryption. The technology already exists to completely block ISPs (or anyone else but the intended receiver) from looking inside your packets (i.e., doing “deep packet inspection”). The same encryption technology also keeps them from injecting their own traffic, e.g., Comcast’s inserting connection abort messages into Bit Torrent.

    This technology is called IPSEC — IP security — and it has been around for nearly 10 years. It is the basis of Virtual Private Networks (VPNs) that have become very popular for remote access to corporate networks. In effect, IPSEC seals your “envelopes” so tightly that not even the “post office” can see what’s inside, much less change it.

    Just as all the information that the Post Office needs to deliver a letter is written on the outside of the envelope, all of the information that an ISP needs to deliver a packet is in the Internet Protocol (IP) header. There are no legitimate reasons for ISPs doing “deep packet inspection” — a euphemism for opening and reading your mail — and certainly no legitimate reasons to modify it.

    IPSEC and other encryption methods like SSL/TLS represent a very strong defense against this sort of nonsense that we can start using RIGHT NOW.

  86. Very uncool and a very unethical business practice.

  87. Very very cheesy. They need to rethink what they are trying to achieve.

  88. not really sure of what is right or wrong anymore… ethically it’s all grey areas… so who determines what is right or wrong? hmmm….

  89. Lauren, thanks for stopping by. I appreciate it.

  90. I wouldn’t call it spam. This is a typical warning that some ISPs might need to give their customers based on the terms of service. I’m sure it would apply to any web page, and not just Google. The Yahoo thing is quite ironic.

  91. Well, I still use Rogers being a Toronto, Canada resident and yes I hear all the negative talk about their service levels and such. Perhaps my laziness has prevented me from switching but this is pretty bad and definitely ‘uncool’ as Matt said so I hope they clean up their act and maybe even send a formal apology to Google for their actions.

  92. Matt,

    Long time no post. Have you started another logistical project 🙂

  93. Network neutrality means not using one’s control of the pipe to disadvantage competitive content or service providers. For example, if you’re a cable company that offers VoIP, network neutrality means not blocking customers’ use of other VoIP providers.

    Network neutrality does NOT mean that a provider can’t “frame” pages (as do many providers — especially those like Juno which provide inexpensive or free service) or send them informative messages via their browser.

    Let’s step back and take a dispassionate look at what Rogers is really doing here. They need to get a message to a customer. Like any experienced ISP, they know that there’s a good chance that e-mail won’t be read in a timely way, if at all. (We, as an ISP, find that our customers constantly change their addresses — often after revealing them online and exposing them to spammers — without any notice, and often let the mailboxes that we give them fill up, unread, until they exceed their quotas and no more can be received.) The Windows Message Service once worked to send users messages, but only ran on Windows and is now routinely blocked because it’s become an avenue for pop-up spam. Snail mail? Expensive and slow… and the whole point of the Internet is to do things faster and more efficiently than that. Display a different page than the user requested? Perhaps, but that certainly comes much closer to “hijacking” than what Rogers is doing. Display a message in the user’s browser window (where we know he or she is looking) along with the Web page, and let the user “dismiss” it as soon as it’s noticed? Excellent idea. A wonderful, simple, unobtrusive, and (IMHO) elegant solution to the problem.

    Now comes Lauren Weinstein — known for drawing attention to himself by sensationalizing tempests in a teapot — who has never run an ISP but seems to like to dictate what they do. Lauren claims that the sky will fall if ISPs use this nearly ideal way of communicating with their customers.

    Contrary to the claims of Mr. Weinstein’s “network neutrality squad” (who have expanded the definition of “network neutrality” to mean “ISPs not doing anything which we, as unappointed regulators, do not approve”), this means of communication does not violate copyrights. Why? First of all, the message from the ISP appears entirely above, and separate from, the content of the page in the browser window. It’s not much different that displaying it in a different pane (which, by the way, the browser might also be able to do — but this is better because it’s less obtrusive and unlikely to fail for the lack of Javascript or distort the page below). The display can’t be considered a derivative work, because no human is adding his own creative expression to someone else’s creation. A machine — which can’t create copyrighted works or derivative ones — is simply putting a message above the page in the same browser window.

    It isn’t defacement, because the original page appears exactly as it was intended — just farther down in the window. And it isn’t “hijacking,” because the user is still getting the page he or she requested.

    What’s more, there’s no way that it can be said to be “non-neutral.” The proxy which inserts the message into the window doesn’t know or care what content lies below. The screen capture in Weinstein’s blog showed Google, but it just as easily could have been Yahoo!, or Myspace, or Slashdot.

    In short, to complain that this practice is somehow injurious to the author of the original page is akin to an author complaining that his book has been injured by being displayed in a store window along with another book by someone he didn’t like. (Sorry, sir, but the merchant is allowed to do that.)

    Nor is what Rogers is doing a violation of an ISP’s “common carrier” obligations (even if they were considered to be common carriers, which under US law, at any rate, they are not). Common carriers have been injecting notices into communications streams since time immemorial (“Please deposit 50 cents for the next 3 minutes”). And television stations have been superimposing images on program content at least since the early 1960s, when (I’m dating myself here) Sonny Fox’s “Max the burglar” dashed across the screen during kids’ cartoon shows and the first caller to report his presence won a prize. (The game was called “Catch Max.”) And in the US, Federal law — in particular, Section 230 of the Communications Decency Act — protects ISPs from liability for content they retransmit whether or not they are considered to be common carriers.

    There are sure to be some folks — perhaps people who are frustrated with their ISPs for other reasons — who will take this as an opportunity to lash out at ISPs. But most customers, I think, will recognize this as a good and sensible way for a company to contact its customers. Our small ISP is looking into it. In fact, because the issue is being raised, we’re adding authorization to do it to our Terms of Service, so that users will be put on notice that they might receive a message through their browsers one day. I suppose it’s possible that a customer might dislike this mode of communication and go elsewhere, but I suspect that most of them will appreciate it.

  94. Lauren has some great ideas. I think brilliant monds think more alike than people like to admit 🙂

  95. I am super curious as to what the repercussions of this act are going to be. I live and run my business in Toronto, Canada and Rogers pretty much dominates up here with offerings of Cell, Home Phones, Internet, And Cable. They even make deals with new home developers to exclusively supply these services to certain projects without giving a customer a choice, but hi-jacking web pages without consent of any kind seems very, very unwise.

  96. Too Lauren thanks for your comment but whats your the benefit?

    Too Matt thanks for bringing the topic in,

    it’s uncool and unethicall

    Frank

  97. One small error above. “Catch Max” was done by Sandy Becker, the talented mime and comedian, not Sonny Fox (whom Becker broght in to take over as host of the children’s television show “Wonderama”).

  98. Brett Glass, I’ve never heard of you before, but that was freakin’ BRILLIANT and probably the best take any of us have had on it.

    It really isn’t that big a deal other than to the tinfoil hat squad, and they’re not spamming…they’re issuing a warning. Not only that, this is a warning that isn’t being issued to the majority, and may well (as both another commenter and I have pointed out earlier) be the indirect result of customers installing thoroughly unnecessary software (i.e. Rogers Self Healing Software). To be fair, this is something Rogers supplies and “recommends”, but it’s not necessary software and people do need to take some responsibility for what they do/do not install.

    Nicely done.

  99. Brett, I disagree with everything you said about it being OK for the ISP to modify my data.

    But rather than bother trying to change your mind, which I know I can’t do anyway, I’ll simply encrypt all my traffic.

    You complain that my encryption will keep you from caching web pages?

    Too bad. You should have thought about that before you started mucking with data streams that weren’t addressed to you. If you’ll agree not to do this, then maybe we can talk about my voluntarily configuring my browser to use your squid proxy cache. But when it comes to modifying or even “inspecting” the packets I send and receive through you to the external Internet, I’m sorry but that is completely non-negotiable.

    If you want your own ISP all to yourself, then don’t expect your users to pay for it. You can be just like Eric Cartman buying his own amusement park.

  100. Phil, your problem is that you’re making a tremendous fuss over something that isn’t happening. The ISP isn’t “modifying” “your” data. It’s displaying a useful message in the browser window above a Web page. The Web page is not altered in any way, and a single click gets rid of the message.

    As for encrypting all of your Web traffic: go ahead and do it. Without caching, your access will be much slower and you will soon be coming to your ISP with dollars in hand asking for more bandwidth. In other words, those who are paranoid (there’s nothing harmful about what Rogers is doing) or wasteful (circumventing caching slows EVERYONE down — you and also others who might benefit from cached copies of the pages you fetch) will have to pay for their wastefulness. Which is fine by me, I suppose. As an ISP, I can use the money. But frankly, I’d rather have customers who appreciate my service and are glad to get informative reminders rather than ones who will attack me for it… or lobby to impose costly regulations upon me and upon the Internet.

  101. The ISP isn’t “modifying” “your” data. It’s displaying a useful message in the browser window above a Web page. The Web page is not altered in any way, and a single click gets rid of the message.

    IF “The ISP isn’t “modifying” “your” data” why do you users need to click anything?

    You are playing sematics as this practice is using a web page, which you have no rights to, for self promotion. It is tacky and very uncool.

  102. No he’s not, Dave. He’s actually bang on, and the only one making any damned sense here. It also appears that he’s with an ISP not named Rogers, so he should be one of the first people running to the scene with pitchfork and lynch rope in hand.

    Again, the piece of information that is conveniently missing from this equation is whether or not the user installed optional software which Rogers provides and may well be the reason the user sees the message in the first place. People really need to pay attention to what they do or don’t install.

    Think about this for a second: if you install Google toolbar, it pushes information down on the screen, but does it modify the web page? No.

    If you install most other toolbars, they push information down on the screen, but do they modify web pages? Not unless the user is consciously aware of it (e.g. what StumbleUpon does to Google SERPs. Why aren’t we talking about THAT? That’s a blatant modification. Because it’s pretty damned silly, that’s why.)

    Rogers didn’t do anything wrong other than to get caught in the crosshairs of the eternally paranoid. They didn’t sell anything. They didn’t actually alter the page (they just moved it down…everything’s still exactly the way it normally would be.)

    They just issued a warning that the customer could easily get rid of, and something that could potentially save the customer some money due to bandwidth overage charges. Big deal. If Rogers were truly trying to market anything, they’d be anything but shy about it (anyone who’s been to the Skydome since Ted bought it knows exactly what I’m talking about.)

  103. Like I said: “semantics”. Toolbars etc are installed by CHOICE and do NOT splice into the Web pages.

    The line must be drawn somewhere, not anywhere. Your personal “OK” with this is a very slippery slope and could be the thin edge of the wedge.

    I also think it is uncool and tacky for pages to be shown in the frame of another site. Which happens a lot more.

    If they wish to show a message, email the person and/or allow the customer to CHOOSE a method.

  104. I understand the point regarding a slippery slope – if ISPs started to inject content, alter advertisements and reroute links then this would clearly be, to use the parlance of the post, ‘uncool’.

    What has happened here is not that, it is a simple reminder to a client, in much the same way that AOL would do things, which is informative, useful, targeted and easily removed.

    Most importantly, whilst the thumbnail and the post suggest otherwise, it appears to have nothing to do with Google at all, the Google page is merely being used as an example.

    Another example of tin-foil hats?

  105. Like I said: “semantics”. Toolbars etc are installed by CHOICE and do NOT splice into the Web pages

    So is Self Healing Software, Dave. This is why I keep mentioning it…of everyone I’ve talked to that’s on Rogers (and that’s quite a few people), none of them have seen the message in question and none of them have that software installed.

    The other thing that isn’t being acknowledged here from anyone (including those of us in the Rogers market) is their aggressive marketing nature in general. If Rogers were going to market products/services using the browser window, we’d all know about it in a big hurry. They’re not exactly known for being shy about upselling/combining/packaging their own stuff. They’re very aggressive from a marketing standpoint, and always have been.

    Granted, it’s also a possiblity that none of us are in the test areas (although it’s spread over a large portion of Southern Ontario). But so is the possibility that the user installed something to trigger the message.

    Not only that, but it’s a screen capture. Who’s to say the thing wasn’t faked in the first place? Granted, this is a bit unlikely that someone would go to that extent, but stupider things have happened.

    There is insufficient information to draw any negative conclusion, other than “tinfoil hat”.

  106. Brett, do you really run an ISP? When you say things like “the ISP isn’t modifying my data”, I find it hard to believe that you have even a rudimentary understanding of the core Internet protocols (IP, TCP, ICMP, HTTP, DNS, etc) and how they fit together.

    There’s this concept called “layering” — one protocol sits on top of another, with each protocol carrying everything above it as its payload. Ethernet carries IP, IP carries TCP, and TCP carries HTTP or whatever application you like. Each layer carries all the layers above it as its payload. They do not NOT, repeat NOT, modify their payloads.

    This is fundamental to the “end-to-end principle” that made the Internet so successful. There has been incredible innovation at the application layer in the Internet precisely because the network is intentionally dumb and stupid — it just carries packets from source to destination as quickly and reliably as possible. As soon as it stops doing this, the Internet begins to die. It’s as simple as that.

    Those who don’t understand how the Internet works “under the hood”, suffice it to say that to those of us who designed and built the Internet (I am one of the cast of thousands who’ve done that for over 20 years) this is an extraordinarily offensive move on the part of Rogers and Perftech. We know the architectural features that made the Internet such a success, and we know that what they are doing will destroy it if it is not stopped in its tracks now.

  107. To those here who don’t know and probably don’t care much about how the Internet works “under the hood”, I should explain that there is a right way and a wrong way to do just about anything on the net.

    Even if you consider Rogers’ messages useful, it’s being done in entirely the wrong way. They are ripping the Internet architecture down the middle to do it. It may look like a minor change to non-technical users, but this *will* lead to very serious trouble in the future. Again, I speak as someone who’s been working on this stuff for over 20 years. My colleagues will say the same thing, though the ones I’ve talked to recently have trouble using printable language to describe what they think of Rogers’ actions.

    There’s a perfectly acceptable way that Rogers can send its own content or even modify external content that wouldn’t get all us Internet techies so upset. They just set up their own website and users voluntarily point their browsers to it. Rogers’ servers could “frame” external content, add advertising, do content filtering, whatever else they want. And that would be perfectly fine; lots of ISPs run their own websites and many do content filtering.

    What’s the difference? The IP addresses in the packets. When I talk to an ISP’s own website, I put its IP addresses in my packets. I’m addressing my communications to them. They respond with their own addresses and everything is cool. But when I put a remote IP address into an IP packet and hand it to my ISP, I fully expect — and demand — that my ISP will do its best to deliver those packets to my intended destination. And I expect and demand that it will pass any response packets from the remote server back to me COMPLETELY UNCHANGED.

    In one case I’m talking to the ISP’s servers. In the other case I’m talking to some other site on the Internet. Isn’t it just basic manners not to interfere with someone else’s private conversation?

    This is exactly the difference between the US Postal Service dropping stamp adverts in my mailbox (which is fine, even if mildly annoying) and opening up my personal mail, rummaging through it, putting their flyers inside and sealing the envelopes back up. Even though you may think these approaches accomplish the same thing — delivering flyers — one way is acceptable and the other is not.

  108. Like I say, the line must be drawn somewhere, not anywhere.

    MWA, at *excatly* what point would you say it’s too much? 20% of screen space, 100%?

  109. Great post Phil Karn and oozing with common sense & logic. I like it 🙂

  110. Mr. Karn:

    One thing I know for sure is that you do NOT run an ISP. And I have built far more of the Internet, with my own hands, than you. Our ISP works very hard to satisfy our customers and to ensure that they have a positive, trouble-free, and exploitation-free experience when using the Internet. It’s not easy, but we try.

    Your claim that I lack technical knowledge is clearly due to your ignorance of my background. I was not only one of the designers of the first chipset (and the underlying protocol) for the IEEE 802.5 Token ring, but was quite involved with the implementation of TCP/IP, when it first became the protocol of use on the ARPANet, as a graduate student at Stanford 24 years ago. Yes, this was before the Internet was even CALLED the Internet. I’ve written software that’s still ticking away inside every Cisco router. I know precisely how the protocols work, and have in fact implemented them in software and hardware.

    Your hysterics claiming that what “they” are doing will “destroy [the Internet] if it is not stopped in its tracks now” are, thankfully, pure fearmongering and utter nonsense.

    There is a small group of people whom I call “orthodox end-to-endians” who believe that “every bit is sacred” (to paraphrase the song from Monty Python’s film “The Meaning of Life”). These people believe that even placing an important message in the same window as a Web page is somehow defiling the pristine nature of the Internet (as if it really were pristine to begin with). This group would defend to the death the right of someone who sent a page with pop-ups, pop-unders, malicious scripts, or similar nasties to have it delivered — every malevolent bit — to any user who was unfortunate enough to follow a link to it. I hate to say it, Phil, but you seem to have crossed over into this “tin foil hat” crowd.

    What Rogers is doing is very similar to what happens when our ISP’s advertising-blocking proxy removes ads from Web pages for our users, or when our mail server gives e-mail messages a “spam score” to help users in filtering spam, or when a Web accelerator speeds up users’ browsing by caching or compressing images. In fact, Rogers’ insertion of an ad at the top of the window is not even sensitive to the content below, whereas all of the examples I’ve mentioned above are. So, it might well be said to be even more “neutral” than these other popular services.

    Phil, please do not try to regulate the Internet or to harm Internet service providers like ours (which, as a small, independent provider, faces enough challenges in the form of anti-competitive activities on the part of the cable and telephone companies already). Look at the FCC’s recent suspension of ownership rules — a move which his highly anti-consumer. If you opt for government regulation of the Internet, it is unlikely that the rules that will be imposed will be to your liking or to the liking of ANY consumer.

  111. Brett, perhaps you will answer my question?

    At *excatly* what point would you say it’s too much? 20% of screen space, 100%?

  112. Dave asks (insistently): “IF “The ISP isn’t “modifying” “your” data” why do you users need to click anything?”

    Answer: To acknowledge that you seen the message — which is the ISP’s, not “your” data or the data of the provider of the Web page below. Also, to dismiss it, so that you don’t see it in the window with successive pages.

    You seem to be really hung up on the notion that there’s something horrible about displaying a message in the user’s browser window. It’s actually a great thing to do. And it’s something that only the ISP can do, so you don’t have to worry about some random spammer exploiting it to send you worthless messages (as was possible with the Windows Message Service). Whenever you get a message via this technique, it will be worth getting.

  113. Stop cherry picking, Brett. The ONLY question I’m asking “insistently” is;

    At *exactly* what point would you say it’s too much? 20% of screen space, 100%?

  114. Dave, your question cannot be answered, since the possibility exists that the bulletin in question is an externally framed bulletin and since screen sizes vary.

    If that’s the case, then there’s no possible way to accurately set a percentage of the screen or viewing area (without a confusing scrollbar) since it would depend on the size of the user’s text.

  115. Dave, your question cannot be answered, since the possibility exists that the bulletin in question is an externally framed bulletin and since screen sizes vary.Of course it can be answered, you are simply choosing to dodge it.

    BTW. Percentages apply to ANY screen size.

    I would guess in the picture Matt shows, it is taking up 20% of the screen space. So, where would YOU draw the line?

  116. Dave, your question cannot be answered, since the possibility exists that the bulletin in question is an externally framed bulletin and since screen sizes vary.

    Of course it can be answered, you are simply choosing to dodge it.

    BTW. Percentages apply to ANY screen size.

    I would guess in the picture Matt shows, it is taking up 20% of the screen space. So, where would YOU draw the line?

  117. I would argue that it is not the percentage of the screen size that matters; the window can scroll almost indefinitely. It’s the importance of the message. That being said, it’s unlikely that it would be very big. Rogers’ message was pretty compact.

  118. LOL! I guess all those in favor of this sort of thing simply wont answer the question as asked.

    That’s ok as ducking & weaving answers my question……………….just like I thought 🙂

    So, all those in favor of this practice believe any size is just fine.

  119. Of course it can be answered, you are simply choosing to dodge it.

    No it can’t, and no I’m not. You know me well enough to know I don’t dodge a question. Don’t accuse me of things that you know I don’t do, and don’t distort what I say to fit your opinion.

    Let’s say the user elects to resize his/her text to the point where it’s 20-30% larger than the screen capture indicates. Does that shift the box downward, thus taking up more real estate? Does that mean a vertical scrollbar exists? Neither is an especially great alternative.

    Screen resolution also plays a factor, whether you acknowledge it or not. 20% of the screen at 800×600 will be radically different than 20%of the screen at 1440×900. And 280 pixels high (20% of the height at 1440 x 900) would take up nearly half the screen at 800 x 600.

    So…where would I draw the line? What specific point would I pick, personally? It would depend on what my customers had for screen resolution and browser/font settings (as much as I could reasonably determine). I wouldn’t pick a one-size-fits-all arbitrary figure and stick with it, because in all likelihood it wouldn’t work.

    So…somewhere between 0 and 100. It would depend on what my customers said. You’d do the exact same thing, Dave, and you know it.

  120. So…somewhere between 0 and 100. It would depend on what my customers said. You’d do the exact same thing, Dave, and you know it.

    Err, rather arrogant. I wouldn’t “do the exact same thing” and that is for sure. So, just as I said;

    So, all those in favor of this practice believe any size is just fine

    .What a great place the web *would* be if that became the norm.

    Slippery slope, MWA and you *should* know that.

  121. “Dave (original)” opines above that “Toolbars etc are installed by CHOICE.”

    Unfortunately, as an ISP, I can tell you as authority that this is definitely not the case. Toolbars often come pre-installed on users’ machines. And many toolbars are “drive-by installs.” The user doesn’t realize what is happening and doesn’t know how to get to what he wants without accepting the installation — if he or she is offered a choice! (The MyWay toolbar is particularly insidious, which is not surprising because it’s spyware.) When we install Internet for new customers, we often ask them, “How did you happen to get all of these toolbars installed?” Almost without exception, they say, “I have no idea.”

    We, as ISPs, have a responsibility to be “good guys.” We help users to de-install crapware and spyware, and certainly would rather not add any software of our own to users’ machines. That’s why displaying messages in the user’s browser window is such a good idea.

  122. Unfortunately, as an ISP, I can tell you as authority that this is definitely not the case. Toolbars often come pre-installed on users’ machines. And many toolbars are “drive-by installs.” 2 wrongs will never make a right in my eyes.

  123. Unfortunately, as an ISP, I can tell you as authority that this is definitely not the case. Toolbars often come pre-installed on users’ machines. And many toolbars are “drive-by installs.”

    2 wrongs will never make a right in my eyes.

  124. Brett, if you want to trade credentials, I implemented from scratch what was as far as I know the second complete TCP/IP stack for the PC and the first to support multiple TCP connections and both client and server applications. (MIT’s PC/IP package only supported a single Telnet client connection.) My KA9Q NOS is of course long obsolete now, like just about all the software and hardware from two decades ago (but not the ideas they contain). According to a lot of emails I’ve gotten over the years I helped give many people their first exposure to the Internet, something I’m very proud of. I also helped establish and run TCP/IP over amateur packet radio networks, and I established the Internet at Bellcore, my employer at the time. So I know my stuff on both the architectural and operational side.

    You seem to feel that your users are all stupid, dishonest and greedy. Perhaps this is merely psychological projection on your part, but I still have a lot of faith in the average person. They certainly lack the technical understanding of those who do this stuff for a living. I can’t fault them for that. But you’ll find that the vast majority of people are still intelligent and willing to learn what they need to know and cooperate with you *IFF* you go about it the right way. If, for example, you explain that configuring a proxy into their browser can speed their web surfing and save you money that can keep their bills low, and if you make it really easy and straightforward for them to do so, you may be surprised at how many will oblige you. But if you treat them like children who have to be forced to do things “for their own good”, don’t be surprised if they detest you and your company and try to find ways around the obstacles you put in their path.

    Yes, I am aghast at seeing the technological base I helped build corrupted in ways that you seem to actually welcome. Perhaps you once knew this stuff and how it worked, but you seem to have forgotten it now. Maybe the pressure of running a retail ISP has had an effect on your brain; I simply don’t know. All I can do now is to demolish your arguments.

    As I said, I don’t expect to change your mind. So rather than get mad I will simply get even with encryption and I’ll help as many others as I can to do so as well. You sputter about all the nasty effects this will have on your network, but if you actually know the Internet protocols and architecture as well as you claim to, you must know deep down that none of your objections are valid if you simply stick to an ISPs proper role instead of trying to corrupt it for your own ends (or for what you cynically claim, and not very convincingly, is your users’ own best interests). And you know very well what that proper role is: moving packets, providing customer support, and perhaps optional services like mail, news, and web caching.

    Try working with your users instead of treating them like adversaries. Otherwise, don’t be at all surprised when they treat *you* as an adversary.

  125. Brett, if you want to trade credentials, I implemented from scratch what was as far as I know the second complete TCP/IP stack for the PC and the first to support multiple TCP connections and both client and server applications. (MIT’s PC/IP package only supported a single Telnet client connection.) My KA9Q NOS is of course long obsolete now, like just about all the software and hardware from two decades ago (but not the ideas they contain). According to a lot of emails I’ve gotten over the years I helped give many people their first exposure to the Internet, something I’m very proud of. I also helped establish and run TCP/IP over amateur packet radio networks, and I established the Internet at Bellcore, my employer at the time. So I know my stuff on both the architectural and operational side.

    You seem to feel that your users are all stupid, dishonest and greedy. Perhaps this is merely psychological projection on your part, but I still have a lot of faith in the average person. They certainly lack the technical understanding of those who do this stuff for a living. I can’t fault them for that. But you’ll find that the vast majority of people are still intelligent and willing to learn what they need to know and cooperate with you *IFF* you go about it the right way. If, for example, you explain that configuring a proxy into their browser can speed their web surfing and save you money that can keep their bills low, and if you make it really easy and straightforward for them to do so, you may be surprised at how many will oblige you. But if you treat them like children who have to be forced to do things “for their own good”, don’t be surprised if they detest you and your company and try to find ways around the obstacles you put in their path.

    Yes, I am aghast at seeing the technological base I helped build corrupted in ways that you seem to actually welcome. Perhaps you once knew this stuff and how it worked, but you seem to have forgotten it now. Maybe the pressure of running a retail ISP has had an effect on your brain; I simply don’t know. All I can do now is to demolish your arguments.

    As I said, I don’t expect to change your mind. So rather than get mad I will simply get even with encryption and I’ll help as many others as I can to do so as well. You sputter about all the nasty effects this will have on your network, but if you actually know the Internet protocols and architecture as well as you claim to, you must know deep down that none of your objections are valid if you simply stick to an ISPs proper role instead of trying to corrupt it for your own ends (or for what you cynically claim, and not very convincingly, is your users’ own best interests). And you know very well what that proper role is: moving packets, providing customer support, and perhaps optional services like mail, news, and web caching.

    Try working with your users instead of treating them like adversaries. Otherwise, don’t be at all surprised when they treat *you* as an adversary.

  126. Nice article Matt.

    Funny to see the word “Yahoo” on Google. 😀

  127. My wife was thinking about switching over to Rogers but I guess we will stay with our actual ISP. Who would like to have their own messages displayed in the sites we visit. I know some people using their service but never heared about that. If this is new I am quite sure many customers will leave this Internet provider

  128. I am defiantly sure that google will sue them 🙂

    What you say? But really want to know how they did it? Anyone has the clue?

  129. My hope is that the ISP will just stop on their own.

  130. Unfortunately, it appears that Rogers and other ISPs plan to proceed with their schemes in this regard, and are hard at work on rather sneaky ways to convince the public that anyone opposed is either a fool or a pervert (or both).

    I’ve just updated my blog with:

    Harbinger of 2008: ISPs Plow Forward with Internet Intrusion Plans

    Have a Good New Year, everyone!

    –Lauren–
    lauren@vortex.com

  131. Looks like Rogers is going to Roger themselves with their arrogance. Either that, or they are desperately seeking publicity.

  132. yes, i have the same experience. My ISP use a frame to display some ads in IE. but it not happen always, just 1-2 times a day. no problem for the firefox.
    they do not add html code to the original web page, just use the frame.
    i hate that!
    John

  133. That is really an abuse. Manipulation like that makes me angry, and when i get angry.. that means it was a bad public relations move on the part of the ISP
    Nothing worse than bad PR it can really sting

  134. Is google more worried about trademark infrigment or Copyright?

  135. It looks to me like Matt is just practicing link baiting.

  136. This is funny but IMO there is nothing to be overwhelmed about since this is not an ad or promotion. It’s just a framed message to the users.

  137. Sorry, but I disagree with the “cool” position.

    http://www.traffick.com/2007/12/did-rogers-hijack-google-home-page.asp

  138. Gotta completely agree with Phil Karn (and disagree with Brett) on this one:

    What if the end-user had been running some research application that was analyzing the web, and all of a sudden their data is biased by having Rogers code injected in it?

    What if the Rogers code exposes the end-user to an XSS attack of other browser flaw, that the user would not normally expect to be vulnerable to? There are a number of security and compatability issues that come up with the Javascript they are using. Maybe these issues will not bother 99% of the users, but is it fair to the 1% who are?

    The bottom line is that this is an abuse of technology, plain and simple.

    It is an abuse of technology in the same way that Sony using a rootkit to implement DRM was a severe abuse of technology. In both cases, you have a creative way of solving a problem. With Sony, it was enforcing copyright protection on digital media without having an encrypted format. With Rogers, it’s notifying customers in a short timeframe before their service gets suspended.

    What Brett doesn’t understand is that in neither case does the ends justify the means!!!

    I’m pretty sure that Rogers knows they’re in the wrong here. Of course, since this is Canada we’re talking about, I doubt that anyone is going to scream loud enough to get them to change their ways.

    All I can say is that the people using Rogers HighSpeed Internet now might as well be the same as the people who were using AOL in the 90’s. Both companies think their users are dumb and have a tendancy to subvert established Internet standards.

  139. Isn’t it just a warning that the user is or is about to go over their bandwidth limit for the month?

  140. Wow, I never thought this was possible. I’m sure google would penalise companies in their rankings for this type of behavior.

  141. The line must be drawn somewhere, not anywhere. Your personal “OK” with this is a very slippery slope and could be the thin edge of the wedge.

    I also think it is uncool and tacky for pages to be shown in the frame of another site. Which happens a lot more.

    If they wish to show a message, email the person and/or allow the customer to CHOOSE a method.

css.php