How One Man Fought His ISP's Bad Behavior and Won

An anonymous reader writes "Eric Helgeson documents his experience with an unscrupulous ISP that was injecting affiliate IDs into the URLs for online retailers. 'It appears that the method they were using was to poison the A record of retailers and do a 301 redirect back to the www cname. This is due to the way apex, or 'naked' domain names work.' Upon contacting the ISP, they offered him access to two DNS servers that don't perform the injection, but they showed no indication that they would stop, or opt-out any other subscribers. (It was also the only wireless provider in his area, so he couldn't just switch to a competitor.) Helgeson then sent the data he gathered to the affiliate programs of major retailers on the assumption that they'd be upset by this as well. He was right, and they put a stop to it. He says, 'ISP's ask you to not do crummy things on their networks, so how about they don't do the same to their customers?'"

DNSSEC

[tepples]

From the featured article: "There is currently no way to validate the DNS record you’re being served is what the person hosting the website intended." Apparently the author hasn't heard of DNSSEC.

Illegal behavior

[WaffleMonster]

It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.

Re:Use public DNS

[Anonymous Coward]

I think the point is that Google pwns every bit of information about you.

It's not good enough that they track you at every site that uses Analytics, every site that uses AdWords, every site you go to from their search engine, every site you visit with their Toolbar in play. (I'm forgetting a hundred other ways they suck your data.)

Nah, not good enough. Why not tell google every single DNS lookup you ever make??

Why do people mistrust the NSA so much and yet think Google is some kind of sparkly-super-shiny white hat? They work very hard to provide you with tons of free services that give them this wealth of information about you. WHY do they give you these????

Re:Use public DNS

[aevan]

Google hasn't (to my knowledge) black-bagged anyone.

On the other hand, there are powerpoints saying they'll hand off the info to the people who then will do it...

Fraud

[MrL0G1C]

To be clear, the ISP has committed a criminal act (fraud), it is obtaining financial gain by deception - the concealment of the fact that no person willingly used an affiliate link.

I think that if they weren't prosecuted then they committed a crime and got away with it. The victims being the retailers and any legitimate affiliates who lost out (if that is the case).

Re:Use public DNS

[gnasher719]

You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.

"I wouldn't trust Google" isn't FUD, it's common sense. Remember that you are not Google's customer. You are Google's product.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Use public DNS

[slashdime]

"I wouldn't trust Google" isn't FUD.

But "I wouldn't trust Google not to do the same or worse with their DNS" is.

Especially when presented with the evidence in the response. Their baseless accusation to inspire fear, uncertainty, and doubt with something google has done in a correct way (so far at least) is just that, baseless.

Your post to continue with this tinfoil asshattery despite seeing the evidence is begotten fud.