US internet providers hijacking users' search queries
Brielle Bruns
bruns at 2mbit.com
Sat Aug 6 18:48:12 UTC 2011
On 8/6/11 11:08 AM, Joe Provo wrote:
> Belief has nothing to do with it. The article is vaguely referring
> to 'search' and incorrectly jumps to https. Disappointing that
> nanog readers can't readhttp://www.paxfire.com/faqs.php and get
> a clue, instead all the mouth-flapping about MItM and https. While
> collectively encouraging more https is a*good* thing, it is utterly
> tangential and misses the meat of this matter.
Disappointing that certain nanog readers depend on information put out
by the vendor to be 100% honest and forthcoming in what their product does.
There's more to hijacking queries/dns/etc then just ISPs mucking with
queries. MitM attacks, SSL hijacking, etc is all a valid concern, and
completely within the realm of the discussion here and this topic.
As pointed out, there are ISPs and whole countries who have no qualms
with doing this type of thing. Further, who cares if the company says
their product isn't made or won't do what it may be doing? We all know
full well that people use products in ways they aren't meant or intended
to be used.
When companies realize that they can't just transparently muck with
traffic anymore because 90% of customer traffic is encrypted, do you
really think, in all honesty, that companies won't find a way to regain
this revenue stream, even if it runs afoul of laws/ethics/etc?
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
More information about the NANOG
mailing list