5 Ways Internet Companies Abuse Your Privacy

Written by Dane Jasper

August 11, 2011 | 4 min read

Recently several internet service providers (ISPs) have been caught improperly redirecting end-user traffic in order to generate affiliate payments, using a system from Paxfire. A class action lawsuit has been filed against Paxfire and one of the ISPs.

This is a serious allegation, but it is (only) the tip of the iceberg. I’m not sure if everyone understands the levels of sneakiness that service providers can engage in. So, while I’m no expert (as we are an ISP who doesn’t do these things), but as a broad overview, here is my quick guide to the five levels of ISP evil, and the various “opportunities to monetize customers” that we’ve passed on:

5: Improper NXDOMAIN handling, also known as “Domain Helper” applications. When a customer attempts to visit an invalid site, instead of returning the RFC standard “no such domain” response, the servers provide a search result which includes sponsored links. Sometimes the results are not well matched to the mis-typed domain, and they promote ads instead with broad commercial appeal like insurance, which will generate a high payout if the customer clicks. Extra evil points for making it difficult to opt out of this, requiring opt-out via a cookie or browser setting rather than providing “clean” DNS servers. (Paxfire’s system is positioned as a search/helper application, but these systems can be easily converted, even without the ISP’s awareness, to an affiliate pumping system.) Evil score: 2 evil points, somewhat evil, but now every major access provider provides helpful results for address typos.

Phorm diagram

A diagram showing how Phorm’s “Webwise” system creates copies of its tracking cookie in each domain the end-user visits, based on the report published by Richard Clayton. Wikipedia.

4: Clickstream Tracking. An ISP is in the unique position as the point of traffic origination, creating the opportunity for very in-depth analysis of Internet usage behavior. Tracking the user’s Clickstream, the site to site to site movement as they browse using a set of tools like Phorm allows service providers to create cash out of information about private use of the Internet. Clickstream data buyers are generally ad targetting; if you visited Ford.com and looked at F-250 trucks, then CNN.com, it might make sense to place ads for large Chevy trucks on the CNN page rather than an ad for fabric softener. Absent this prior knowledge that you were a potential truck buyer, the ads might be for something of less interest to you, and thus less likely to be clicked, to “monetize”. Over time, analysis of the complete Clickstream can provide lots of insight to advertisers. Extra evil points for selling the Clickstream data without telling customers. Evil score: 5. What you do online is private!

3: Ad Swapping. Transparently proxy all web traffic, and when ad banners are in transit, perform real-time swaps of the ads for other ads for which the ISP is getting a cut of the revenue. Legitimate advertiser ads are sometimes fetched so that no one notices the decline in impressions. The pitch to ISPs from companies like NebuAd sometimes included claims of “partnerships” with content sites to better target ads. Extra evil points for ISPs who provide demographic data to the firm running the ad-swapping system. Evil score: 6.

PaxFire presentation capture

Our reply: “No, not interested, thanks. -Dane” Email reply to Mark Lewyn, President, Paxfire Inc., Wednesday, October 29, 2008 3:35 PM

2: Affiliate Program Pumping. As alleged in the Paxfire scheme, ISPs or their accomplices take incomplete or incorrect domain entries into the URL bar and direct them to an intermediate page, which redirects transparently to a URL which includes an affiliate tag. So, a consumer types “amazon”, and rather than returning an NXDOMAIN, or even a search result, the ISP DNS server directs them to an IP address which does a content reload toward a URL of the form amazon.com/affiliate-id=XYZ. Purchases made subsequently are compensated as if it was legitimate traffic from an affiliate. Evil score: 8, with a bonus point for poisoning the affiliate ecosystem.

1: Rolling Over. In an attempt to avoid costs or under pressure from government or content creators, ISPs have handed over customer information, and even subjected customer traffic to broad snooping. Allegations range from service providers simply quietly handing over customer info to law firms with improperly filed lawsuits and incorrectly served supoenas, to the physical wire-tapping of major fiber optic lines. We’ve got your back. Evil score: 10. Potential for human rights violation.