Study: Some ISPs Still Hijacking Search Results (Lawsuit Follows)

Try this: open up a new tab and type “kindle” into the address bar. Chances are it will send you to a Google search results page. That is, unless the ISP is intercepting such rogue queries and doing what they will with them. A pair of computer scientists at UC Berkeley have found that at least a dozen ISPs are still doing this, the result being that, for example, when someone types “kindle” into the address bar, it doesn’t go to your preferred search results, but directly to Amazon’s Kindle page.

Harmless, in a way, but in fact deeply invasive when the conditions are examined. These ISPs are using third party contractors who monetize such erroneous or accidental queries. A broad set of search items, things like “kindle,” “apple,” and “bloomingdales” are being listened for, logged, and intercepted, and the user’s intention ignored. As if that isn’t enough, one company suspected of being behind this activity, Paxfire, has filed for a patent on ISP-level tracking of users for advertising purposes.

To tell the truth, it’s making a bit of a mountain out of a molehill, but for a good reason. There are shenanigans like this being pulled by ISPs, network operators, content providers, carriers, and all the rest every day. While large-scale stuff like proxying Google and skimming results tends to get noticed, there are tons of grey-area practices being performed, likely referred to obliquely in EULAs and such. Things like packet inspection for “quality of service” purposes, in reality data mining with little oversight. But even if the actual scale of this problem isn’t national, it’s important to keep our eyes open for these things.

The researchers, Christian Kreibich and Nicholas Weaver, analyzed traffic from the ISPs and found that 165 terms were being captured and resulting in interference, usually directing users to the relevant site through an affiliate program. It’s possible (though it seems unlikely) that the third parties are doing this independently, as Charter describes to VentureBeat; they allege (from experience) that a service hired to do one thing (provide a standard page for broken URLs, for instance) might get ambitious and decide to make a little money on the side.

Google noticed this previously and caused the ISPs to stop tampering with their results, but while it’s easy enough to tell when your queries are being touched, it’s not so easy to tell if they’ve been sniffed. The ISPs may outsource the packet analysis portion of the job to companies like Paxfire as well, routing search queries through them for recording and possible database building.

Smelling blood in the water, New York law firms Reese Richman and Milberg have filed a class action lawsuit against Paxfire and RCN, a Virginia-based ISP accused by the study of the shady practices described. As with many internet-centric lawsuits, this one will probably be passed around a few jurisdictions before being really assessed — though as Paxfire is also based in Virginia, that state provides a natural starting point for the litigation.

I’m of a similar mind with TechDirt’s Mike Masnick: amazed that companies think that they can do this stuff and get away with it. The level of scrutiny on services like ISPs is only increasing, and techniques like this have already been ruled illegal and unethical. Did they think no one would notice?

Here’s a list of the ISPs the research found :

Cavalier – Cincinnati Bell – Cogent – Frontier – Hughes – IBBS – Insight Broadband – Megapath – Paetec – RCN – Wide Open West – XO Communication

If you think you might be affected by this practice, try running Berkeley’s Netalyzr web app and see if anything suspicious pops up.