How One Man Fought His ISP's Bad Behavior and Won

An anonymous reader writes "Eric Helgeson documents his experience with an unscrupulous ISP that was injecting affiliate IDs into the URLs for online retailers. 'It appears that the method they were using was to poison the A record of retailers and do a 301 redirect back to the www cname. This is due to the way apex, or 'naked' domain names work.' Upon contacting the ISP, they offered him access to two DNS servers that don't perform the injection, but they showed no indication that they would stop, or opt-out any other subscribers. (It was also the only wireless provider in his area, so he couldn't just switch to a competitor.) Helgeson then sent the data he gathered to the affiliate programs of major retailers on the assumption that they'd be upset by this as well. He was right, and they put a stop to it. He says, 'ISP's ask you to not do crummy things on their networks, so how about they don't do the same to their customers?'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Use public DNS

[corychristison]

Personally use 4.2.2.[1-6]
I think they are provided by Level 3. Get great response time here in the Canadian Prairies.

I've never trusted my ISP's DNS servers.

Re:

[Bert64]

Even if you don't use your ISPs DNS servers, your requests are passing in the clear over their network so they could intercept or modify them should they so wish.

Re:

[Decker-Mage]

Proper configuration is the part that kills most servers and it isn't something to take lightly. Distributed Denial of Service (DNS amplification) attacks are enabled by any idiot setting up a DNS server without knowing WTF they are doing. So yeah, go ahead and do it.

Re:

[Runaway1956]

The typical workstation DNS server doesn't serve anyone outside of the local LAN. And, if it were configured to serve requests from the WAN, it's unlikely that your personal server would attract much notice outside of your LAN.

DDOS attacks don't rely on private DNS servers. It's really that simple.

Re:

[DamonHD]

Really depends what you mean by 'private'.

I've been running my own (mine/company) Internet-facing DNS almost since there was live IP in the UK and I got caught out by this.

And I still see people regularly *trying* to use my DNS for amplification, ie probing, or at least laundering their attacks, but give up, after I made the appropriate fixes.

And I'm not alone. (See recent item on The Register for example.)

Rgds

Damon

Re:

[DamonHD]

It must be lovely to be without error like you, other than hiding behind AC to cast insults of course.

I *do* know what I'm doing, generally, and have the track record to show it, but the threat landscape has changed quite a lot recently. And because I don't assume myself to be perfect I was alive to the issue when it showed up, and responded quickly, which seems like the rational and responsible thing to do for us normal non-perfect people.

Rgds

Damon

Re:

[DamonHD]

Back to your mom's basement, please, and keep the noise down.

Re:

[wonkey_monkey]

you can just run your own server and configure it with the roots. there is absolutely no
performance reason not to

Yeah! Let's all do that!

Re:

[jones_supa]

Those work a bit slower as they are not in your network.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[adolf]

Those work a bit slower as they are not in your network.

Not necessarily.

Google's DNS, along with some/all of the L3 servers use Anycast [wikipedia.org] to automagically find the closest one (of many), network-wise.

And in any event, they work faster than my own ISP's nameservers.

Re:

[bloodhawk]

seriously you are suggesting someone concerned about abuse of information use a google DNS Server?

Re:

[Anonymous Coward]

Other dns servers as well.

Cisco
128.107.241.185
192.135.250.69

Verizon (Level3) Nameservers
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

SpeakEasy Nameservers
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
66.92.159.2
66.93.87.2

ORSC Public Access DNS Nameservers
199.166.24.253
199.166.27.253
199.166.28.10
199.166.29.3
199.166.31.3
195.117.6.25
204.57.55.100

Sprintlink General DNS
204.117.214.10
199.2.2

Re:

[AK Marc]

198.6.1.3

NS1 for the former great UUNET. No idea who runs it now after the MCI buyout and possible transfers since, but it's never let me down.

Re:

[matria]

Well that was interesting. I don't know exactly what was going on, but when I changed by router's DNS from the default (ISP-provided) to one of these, there was a startling improvement in initial page load speeds for several sites that I checked.

Re:Use public DNS

[Runaway1956]

You may use a random server supplied by any person on the internet. Results will be random, of course. Why not use a tool designed to find the best servers FOR YOU? You could see an even greater improvement.

https://code.google.com/p/namebench/ [google.com]

Default ISP servers are often the worst of the worst.

Re:

[matria]

Thank you very much! Over the years I have gotten many useful apps and utilities from posts like this.

Re:

[matria]

Rather amusing. The six top recommended servers were exactly those posted above.

Re:

[Runaway1956]

I might suspect that you are geographically close to the poster above, then. ;)

I'm glad you found it useful!

Re:

[citizenr]

Interestingly Namebench opened Internet Explorer on my win8 box.
IE is NOT set as my default browser, Opera is. Is IE hardcoded in namebench?

This made me disable IE altogether :/

Re:

[wonkey_monkey]

It opened Firefox for me. Maybe Opera is your default for HTTP, but for some reason IE is your default for local .html files.

Re:

[citizenr]

That must be it, thanks.

Re:

[Runaway1956]

I'm very sure that IE isn't coded into Namebench, in any way. You can check the source code here. https://code.google.com/p/namebench/downloads/detail?name=namebench-1.3.1-source.tgz [google.com]

Re:

[Pichu0102]

Downside of using shared DNS servers is that some servers, like those for Sony's PSN, try to get you to download from servers based on your DNS server.

Why? I have no clue. However, it kills your connection speed until you reset it to your local ISP's DNS servers. Be wary.

Re:

[Bengie]

What he's saying is that some places determine the closest server by the single registered location of the DNS server. A few days back, I was getting routed to a CDN in Europe from the USA. Changed my DNS back to my ISP, problem "fixed", now going to Chicago.

Re:Use public DNS

[Centurix]

Nope, even using Google's DNS won't save you: ISP's hijack DNS that aren't theirs [hackercodex.com]

For me I had to use DNSMASQ on my router and add: bogus-nxdomain=209.222.14.3 to stop Telstra from "helping" my DNS requests when using 8.8.8.8 and 8.8.4.4...

Re:

[karnal]

Looks like they have 3 different sets. https://dns.norton.com/dnsweb/huConfigureRouter.do [norton.com] -- link shows up after clicking on home user; configure router etc. the 3 sets differ in that they attempt to help with malware, malware+pornography, and malware+porn+non-family-friendly. .10, .20, .30 for the last octet, respectively.

Re:

[mysidia]

Google DNS is 8.8.8.8. and 8.8.4.4
Open DNS is 208.67.222.222 and 208.67.220.220

And when the ISP does this on their router facing you?

ip nat outside source static udp 8.8.8.8 53 [ISP's DNS Server IP 1] 53
ip nat outside source static udp 8.8.4.4 53 [ISP's DNS Server IP 2] 53
ip nat outside source list 140 dnspool
access-list 140 permit udp any any eq 53

Or (rough Linux equivalent)

iptables -t nat -A PREROUTING -p udp --dport 53 -d [ISP's DNS server IP 1] -j ACCEPT
iptables -t nat

Re:Use public DNS

[Nerdfest]

You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.

Re:Use public DNS

[Nerdfest]

I should add that both Google DNS and OpenDNS support DNS-SEC which is nice as well. OpenDNS also supports a form of DNS request encryption which hides even the sites you go to.

Re:

[Nerdfest]

Sorry, looks like I was incorrect. OpenDNS does not seem to support DNSSEC. It does support DNSCrypt.

Re:Use public DNS

[Jon Stone]

If a DNS reply passes DNSSEC validation, I can be confident the response is what the zone administrator wanted it to be and it hasn't been tampered with. DNSCurve provides no such assurance.

Widespread DNSSEC and client-side validation would kill OpenDNS's business model, which revolves around tampering with DNS responses. DNSCurve continues to allow them to do this.

Re:

[dj245]

If a DNS reply passes DNSSEC validation, I can be confident the response is what the zone administrator wanted it to be and it hasn't been tampered with. DNSCurve provides no such assurance.

Widespread DNSSEC and client-side validation would kill OpenDNS's business model, which revolves around tampering with DNS responses. DNSCurve continues to allow them to do this.

Their product is their business. Not everybody likes the same products. Putting cream and sugar in coffee is "tampering" to one person but value-added to another.

Re:Use public DNS

[arth1]

You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.

I think his point was that Google's DNS is very well behaved now, but that there is no guarantee that any DNS run by a major advertisement funded business won't, in the future, be tempted to put profit over principles.
Blind trust is seldom a recipe for long term success. Uncertainty and doubt might be in order.

Re:Use public DNS

[Anonymous Coward]

I think the point is that Google pwns every bit of information about you.

It's not good enough that they track you at every site that uses Analytics, every site that uses AdWords, every site you go to from their search engine, every site you visit with their Toolbar in play. (I'm forgetting a hundred other ways they suck your data.)

Nah, not good enough. Why not tell google every single DNS lookup you ever make??

Why do people mistrust the NSA so much and yet think Google is some kind of sparkly-super-shiny white hat? They work very hard to provide you with tons of free services that give them this wealth of information about you. WHY do they give you these????

Re:Use public DNS

[aevan]

Google hasn't (to my knowledge) black-bagged anyone.

On the other hand, there are powerpoints saying they'll hand off the info to the people who then will do it...

Re:

[drkim]

Google hasn't (to my knowledge) black-bagged anyone...

Even if they had, where could you look it up?

Re:

[DeVilla]

Google hasn't (to my knowledge) black-bagged anyone....

I wasn't sure if that was true, but a google search turned up nothing. I guess you are right.

Re:

[zippthorne]

If NSA would provide a DNS that was as up-to-date and so-far non-shady as google's, people would probably use that as well.

It's not so much that google is better than the NSA, but you do have the choice not to use certain services, and it is obvious that they must be monitoring them somehow.

Other services that google uses to track you that are not opt-in are less well-liked.

Re:

[Anonymous Coward]

The privacy policy for Google Public DNS is different than that for the rest of Google. It's also public. You can, you know, read it, then you can stop spreading FUD. https://developers.google.com/speed/public-dns/privacy

Re:

[JWSmythe]

Just because it's in their privacy policy doesn't mean that it's true. ... but ... their public DNS servers do have a good response time, and don't cache too long

Re:

[JWSmythe]

Ummm. That wasn't Santa. That was a fat guy in a red track suit, driving a red car. He's already reported the mugging to authorities. You may want to lay low.

Re:

[arth1]

The privacy policy for Google Public DNS is different than that for the rest of Google. It's also public. You can, you know, read it, then you can stop spreading FUD

What the current policy is does not guarantee what the future policy will be.
(Never mind that the policy is overly broad and only pertains to the original data - it gives them access to do whatever they like with copies of the data, for as long as they like.)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Therefore more Google = less tracking

[raymorris]

> It's not good enough that they track you at every site that uses Analytics,
> every site that uses AdWords, every site you go to from their search engine,
> every site you visit with their Toolbar in play. (I'm forgetting a hundred other ways they suck your data.)

Factoring in a few of the other ways you didn't list, like sites with YouTube videos, we can guess Google is aware of about 85% of consumer web traffic. Using their DNS would tell them the only the hostname of the other 15%, and only onc

Re:

[Decker-Mage]

On the other hand (I'm also an economist, sue me!), when/if Google were to try this, there would be open rebellion among the interneterati. Not that most people would even notice, but then again, they don't seem to think much, if at all, about the NSA spying scandals either. For those of us that actually might care about this, couple of clicks or one shell-script and we're invisible.

Re:Use public DNS

[gnasher719]

You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.

"I wouldn't trust Google" isn't FUD, it's common sense. Remember that you are not Google's customer. You are Google's product.

Re:

[slashdime]

"I wouldn't trust Google" isn't FUD.

But "I wouldn't trust Google not to do the same or worse with their DNS" is.

Especially when presented with the evidence in the response. Their baseless accusation to inspire fear, uncertainty, and doubt with something google has done in a correct way (so far at least) is just that, baseless.

Your post to continue with this tinfoil asshattery despite seeing the evidence is begotten fud.

Re:Use public DNS

[StripedCow]

Google's is very well behaved by the way, so please don't spread FUD.

Yeah, well we all thought the NSA was well-behaved. Look how that turned out.

Re:

[cbiltcliffe]

Google's is very well behaved by the way, so please don't spread FUD.

Yeah, well we all thought the NSA was well-behaved. Look how that turned out.

"We all"? Who's this "we all" of which you speak?
Do you mean, prior to Snowden, you thought the NSA was well behaved?
That's a little naive.

While I didn't realize the extent they've gone, I certainly never expected them to be squeaky clean, by any means.
But then again, I'm neither blind-government-trusting, nor American, either.

Anyone, anyone , who implicitly trusts their government is just begging for trouble.

Re:Use public DNS

[adolf]

A good suggestion, though I wouldn't trust Google not to do the same or worse with their DNS.

Trust? Why is trust necessary? Because it's hard to look at the address bar and see that you haven't [amazon.com] wound up at an affiliate link [amazon.com]?

Re:

[Decker-Mage]

The one day I don't have mod-points. +5 ROFLMAO.

Re:

[Runaway1956]

As Nerdfest points out, Google makes namebench available for free. It does help to locate the best DNS server available in your area. In fact, I have used namebench a number of times, and Google's servers always rank high in the results. Seldom are they "the best", but they always rank high. Depending on the criteria you use to determine "the best", there are always much worse servers than Google's. The only criteria that you might use that would ever disqualify Google's DNS servers, is if you put in "

DNSSEC

[tepples]

From the featured article: "There is currently no way to validate the DNS record you’re being served is what the person hosting the website intended." Apparently the author hasn't heard of DNSSEC.

Re:DNSSEC

[SuricouRaven]

It's scheduled for widespread deployment some time between the domestic service rollout of IPv6 and the year of linux on the desktop.

Re:

[Bengie]

IPv6 traffic has been doubling year over year for the past 3 years, but total traffic has also been growing quite rapidly, so it makes IPv6 growth seem less.

Re:

[fredan]

please do tell us where the weakest link in DNSSEC are?

Re:

[Nerdfest]

I've used DNSSEC for the last couple of years and haven't had any problems at all. It's also quite easy to set up, under Linux at least. I would assume other OS's are similar.

Not wireless

[Anonymous Coward]

(It was also the only wireless provider in his area, so he couldn't just switch to a competitor.)

No, the blog says:

You may be asking why don’t I switch ISPs? Well they are the only one besides a wireless provider in my area.

Which means there are 2 ISPs. The one he's using is not wireless, and the other one is wireless.

Re:

[FuzzNugget]

OK, so it means it was less of a pain to fight his dirt bag ISP than to switch to the one that is inherently shitty.

Yes, that's how shitty wireless ISPs are.

Re:

[tysonedwards]

In all likelihood, he probably had the choice of four Satellite internet providers, and possibly even some Cellular ones too.

That's not to say that if he caught DNS Injection that he would likely be happy with the service.

Re:

[del_diablo]

Its sort of obvious. Wireless one could be 2G with extensions. You know what? Browsing internet on that would be slow, but it works if it where not for one major problem: Packet drops. With a guaranteed 20% packet drop(if not more), its painful to use. And with such a low speed, its even worse. It would be unable to even browse slashdot properly.

Which ISP?

[jones_supa]

Name of the ISP please?

Re:

[Crudely_Indecent]

FTA: Arvig

A company with little big man syndrome

[Anonymous Coward]

Being from the part of Minnesota that Arvig is based in, I can tell ya, this behavior is very typical of them.

When I had gotten set up upon moving into the area, the install tech bragged how all the homes (over 200 of them) on this part of town were all connected on 1 cable loop. It was a heads up from the tech that I should have paid attention to. I ended up cancelling my service early due to a consistent 1mb down every Friday and Saturday when I was paying for 10mb. Customer service actually said "we guarantee up to 10mb" "10mb is the maximum you will get"

So many have switched over to 4g hotspots, they actually cut the offices hours here.

Public DNS considered harmful

[kriston]

Saw this in Reddit this morning but thanks for reposting it.

Seriously, the drawback to using public DNS like OpenDNS and Google DNS is that they present a serious performance problem.

Even though the physical DNS servers are "anycast" and geographically diverse, the IP addresses are still the same. Threrefore, the large content delivery networks (CDNs) like Akamai and LimeLight still use the IP address of the DNS server to judge your location.

Therefore, any service that uses a CDN (even Google's use them in spite of their own network) will really serve your content out of a data center that is not geographically or logically near your machine's location.

The article (if you read it) mentions that his ISP, like most that have similar revenue-extracting services, really does offer alternative DNS servers that do not pack affiliate cookies. You should use those if you want to enjoy high-performance, edge-serve content via Akamai (AKAM) and LimeLight (LLNW).

Otherwise, you'll all get your edge content served from some random data center in the central USA.

Re:

[jd2112]

>

Otherwise, you'll all get your edge content served from some random data center in the central USA.

Unless you happen to be in central USA, in which case content will be served from a server somewhere near Timbuctu.

Re:

[Bert64]

Or even from a local one which just happens to be heavily overloaded due to serving content to thousands of far away users.

Re:

[MarkRose]

In my experience, using public DNS has solved far more problems. Quite often ISP DNS servers are slower to respond, do nasty things like wildcard unresolvable addresses to some dumb search page, and, as you mention, cause CDN requests to be directed to overloaded and bandwidth starved edge servers (and the YouTube CDN in particular when the ISP has its own video service...).

Re:Public DNS considered harmful

[drmofe]

I commented on the reddit thread in the same vein as you and got downvoted. So I did some research. Several contributors to that thread suggest that Google DNS has solved the CDN problem by adding and original IP field that the CDN can use to geolocate the subscriber. This is due to Google implementing edns-client-subnet EDNS0 extensions as of late-2011.

Re:

[kriston]

Yes, that is, if the CDN has also implemented EDNS0 extensions, which some have not.

Thanks for the info!

Re:

[kriston]

For public wireless networks, there is a popular solution to extract revenue, aptly named the Revenue eXtraction Gateway, or rXg, by http://www.rgnets.com/ [rgnets.com]. It explicitly and effectively works by filtering content and inserting advertisements along with the usual wireless gateway tricks.

This is an honest revenue extraction service and, while it can be done at the ISP level, it does not pack affiliate cookies. It's probably one of the more legitimate ones available. It does require a significant back-end

Re:Public DNS considered harmful

[kasperd]

Even though the physical DNS servers are "anycast" and geographically diverse, the IP addresses are still the same. Threrefore, the large content delivery networks (CDNs) like Akamai and LimeLight still use the IP address of the DNS server to judge your location.

Let's get this misunderstanding sorted out. Because that sentence is indeed describing a non-existent problem. In reality anycast DNS is not part of the problem, it is part of the solution.

Anycast DNS works by having a large number of resolvers spread throughout the world with the same IP address on each of them. A request from a client to this IP will reach the closest of those resolvers. What happens next is that the resolver will query authoritative servers (unless it already has a cached result). If the request from the resolver to the authoritative server was send using the anycast IP as source IP, it would not work. The reason it would not work is, that the reply from the authoritative server would be sent to the closest resolver, which is not necessarily the same as the one, which is closest to the client. You'd have most replies end up at the wrong resolver, which would simply discard it, as it would look like a failed poisoning attempt.

In order to solve that problem you have to give each of those resolvers two IP addresses. It will have the anycast IP address (which is the same on all servers in the pool) and a unicast IP address, which is different on each of those resolvers. The client will still use the anycast IP in order to send a query to the resolver, but the resolver will then use its unicast IP when sending the request to the authoritative server. That way the reply from the authoritative server will make it back to the correct resolver.

Incidentally this also solves the geolocation problem mentioned. The authoritative servers will indeed see different IP addresses depending on which resolver in the pool the request came through. The content providers just have to figure out the geographic location of each of those resolvers, which is mostly the same they have to do for the resolvers for any ISP. Additionally providers of resolvers such as Google do have an incentive to make this easy to figure out, since that will make their resolvers provide a faster overall experience.

The above is of course slightly simplified, because any well operated resolver is dual stack. That means it need both IPv4 and IPv6 addresses. The anycast addresses can be separate pools such that each resolver has only one anycast address, which is either IPv4 or IPv6. Alternatively you can let one resolver be part of one IPv4 anycast pool and of one IPv6 anycast pool. However the unicast side of these resolvers need to be dual stack, so each resolver needs at least two unicast addresses, one IPv4 and one IPv6.

You could even assign multiple unicast addresses to each resolver. The extra addresses could be used to provide additional protection against poisoning. An attack would then have to not only guess a request ID and port number, but also the IP address. Alas that is really not feasible with IPv4 due to shortage of addresses, but for IPv6 you could easily affort a /64 for each resolver.

If you want to know the IPv6 unicast address of the resolver you are currently using, I have a special domain for that. If you look up the AAAA record for the domain mydnsv6.kasperd.net, it will actually respond with the IPv6 unicast address of the resolver you are using (or server error if the resolver has no IPv6 address). I could have made an identical service to find the IPv4 unicast address of the resolver, but I didn't have a spare IPv4 address to host the authoritative server on.

Re:

[tomstorey]

Except that is slightly wrong.

Sure, they all share the same anycast IP address, but they also all need to be uniquely addressable too (at the very lease for management purposes). Otherwise how does an anycast server perform any kind of look up to an external server and guarantee that it will get the response back?

If an anycast DNS resolver sent out a request to resolve an IP from an authoritative server on the other side of the country and soured it from its anycast address, how does that authoritative

Three words

[aaarrrgggh]

VPN.

Not much else you can do.

Re:

[rubycodez]

your vpn is going to have another end, which could have the same problems as your end

Re:

[Decker-Mage]

your vpn is going to have another end, which could have the same problems as your end

Really depends on if and how your VPN handles DNS leakage. As always, caveat emptor. I picked mine on the basis that I had a choice of whether and how it was handled before I paid.

Illegal behavior

[WaffleMonster]

It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.

Re:

[eladts]

It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.

This isn't just plain fraud, it's wire fraud [cornell.edu]. The penalty for it is up to 20 years in prison.

Re:Illegal behavior

[Anonymous Coward]

I think you are confused.

It was a CORPORATION that was scamming money out of affiliate links, so everything is A-OK!

Of course, we punish the little people for exactly the same thing:

http://www.justice.gov/usao/can/news/2012/2012_06_19_kennedy.sentenced.press.html

DNSJumper

[Guy From V]

Do a search for "DNSjumper". It's a great little tool that lets one well...uh...jump around various DNS servers and arrange them in any order you want, ping them much easier and more often and makes it comfortable to change one or all if you feel your current list isn't to your liking. (I'm not sure of the author's or company's official website, so I don't want to push one source over another).

P2P DNS

[staalmannen]

Is any of the P2P DNS solutions (and which one?) a viable alternative to the Google DNS or OpenDNS? Does anyone have experiences that they would like to share?

At least they can fucking run one

[gman003]

I'm in a worse situation - my apartment complex signed a deal with a certain niche ISP by the extremely vague name of "Telcom", to provide internet at a fixed rate (the base package is part of my rent, so I don't even know what they're charging). While we're officially allowed to buy our own if we so choose, a) I'd still be paying Telcom for their TV/Phone/Internet deal, and b) not a single other ISP is actually offering anything to this apartment. Every building bordering it, sure, but even in the months-l

ISP can still hijack you

[real gumby]

Your ISP can still spoof the DNS responses. That's what hotels do.

But assuming they don't, no reason not to just run your own cacheing DNS resolver on your local network. It's very easy to do and might even be faster than third parties like GOOG, OpenDNS or Nominum. Certainly faster for people who determine your location via DNS resolver address.

(That Hiroku article is bizarre. Tip: "root domain" means something different. You can put a CNAME on any name. And why would one sort require hard coding yo

Net Neutrality Legislation

[dutchwhizzman]

I don't know what the exact laws on net neutrality is where this happened. However, if an ISP were to do this in the Netherlands, they would get hit with fraud, net neutrality and "criminal organization" charges. You'd have to have some pretty good lawyers to be able to stay in business at all

Fraud

[MrL0G1C]

To be clear, the ISP has committed a criminal act (fraud), it is obtaining financial gain by deception - the concealment of the fact that no person willingly used an affiliate link.

I think that if they weren't prosecuted then they committed a crime and got away with it. The victims being the retailers and any legitimate affiliates who lost out (if that is the case).

Re:Repost!

[228e2]

I think I read 75% of the things here elsewhere around a day in advance.
Slashdot isn't (well, in its prime) where you come for breaking news, it's where you go (again, back in its prime) for great intellectual technological discussions.

Re:Repost!

[rroman]

How is it possible, that this post was modded Funny? Slashdot is exactly what this post describes. Slashdot is mainly great because of great comments and well done comment rating system.

Re:

[realityimpaired]

It's funny, because the great comment/discussion you're talking about has been going downhill for a very long time. Just look at the first post on this topic, for a case in point.

Re:

[ArchieBunker]

Most of the "news" on here is days or even weeks old by the time its posted. I remember when sites actually linked to slashdot for news.

Re:

[MrBingoBoingo]

Well, I like to use Slashdot as a filter to make sure I didn't miss anything. It may not post the fastest, but generally it covers most things.

Re:

[tysonedwards]

There are plenty of people out there (myself included) who wish they could get Comcast. Satellite sucks...

Vote with your feet

[tepples]

Anyone can get Comcast. I imagine you might be unwilling to do what it takes, namely to move into Comcast's service area. (References: move [slashdot.org]; [slashdot.org]; move [slashdot.org])

Or foreign counterparts

[tepples]

I admit that my comment was not perfectly rigorous. Category 1 can't read my assertion anyway, and category 2 can be fixed by adding "or foreign counterparts" where appropriate.

Re:

[jpatters]

I don't think the online retailers would agree. The ISP is doing nothing to promote specific items or online stores, so why should the online stores subsidize your internet connection?

Both Amazon and other affiliates

[dutchwhizzman]

First of all, Amazon doesn't get a very high percentage of affiliate tagged traffic/purchases. If every ISP would do this, it would get 100% and the whole business model wouldn't work any more. Amazon would have to pay out way too many affiliate bonuses. Second, any affiliate that the user might choose, would lose out because their tag would get replaced by that of the ISP.

Re:

[Bazman]

Nobody has answered the questions I posed. Does the user see an even slightly different page? Do they get different prices on stuff on the site? Who are these affiliates?

I could understand if amazon.com was being redirected to a rival company, or if (as some ISPs have done) typos and invalid DNS entries got redirected to a page stuffed with advertising.

Excuse me if I don't understand this aspect of Amazon's trading practice - but then you are probably sitting in your mom's basement spending her money on Ama

Re:

[NormalVisual]

Affiliate programs are a form of advertising that work by giving you an ID that you add to the URL of a link on your server to a particular seller's site (Amazon, etc.). This ID allows the seller to determine which affiliate drove that click to their site, and the affiliate (the ISP in this case) is paid a fee for sending that click to them. What's happening here is that the ISP is taking the initial DNS request and doing a redirect to a URL that includes their affiliate ID for vendor sites they participa

Re:What exactly happened?

[hey!]

Short, simplistic answer: the ISP found a way to fraudulently skim a percentage from online retailers for every purchase made by the ISP customers.

Slightly more detailed answer: the ISP directed users looking for online merchants like "amazon.com" to it's own bogus server. That bogus server then re-directs the user's browser to the merchant's server in such a way the consumer doesn't notice and the merchant thinks the customer is following a product referral from an advertising partner. Thus the ISP collects a kickback intended for people who make product recommendations and referrals, without actually having made any recommendation or referral.