From time to time, greedy ISPs will use deep packet inspection to then use deep packet injection to put ads into webpages that you are viewing.
Classic man in middle hack attack.
These scummy schemes get noticed by people who know what ads are or are not on webpages.
For an example Google.com has no ads on its landing page(other than the top right and get chrome browser). If you see ads that means either an ISP is injecting them or you have an infected computer that is injecting the ads for you.
In some cases with these injections the ISP will actually strip out the websites own ads and replace them with ads from the ISP.
By the way, there are no ads on this site.
How would you like it if a banner ad was inserted on the bottom of every web page, on top of content you are trying to read and eating away at your usage allowance?
Customers of CMA Communications can tell you, because their web browsing experience now includes advertising messages injected by the cable company to earn more revenue.
CMA, which operates rural cable systems in Texas, Louisiana, Mississippi and Nevada,.....
More details in this Reddit thread...
I'm not exactly sure which subreddit this would belong in (or if it even belongs in a subreddit).
My ISP is called CMA Communications, and they operate in small towns in Nevada, Louisiana, Mississippi, and Texas.
CMA, as of March 7th (but earlier in a few select towns), has decided to inject advertisements into any and all websites (except for ones they can't, such as SSL-enabled ones) [encrypted] . They do this through a module they get from a company called r66t ("root 66").
When contacted, CMA said that this was an idea of the VP of Marketing to bring in additional revenue.
There are four major issues I have with this.
They're using the Internet they're selling (at an already high price) as a platform for advertisements to bring them in more money. This is not the way they should be doing it, especially given the intrusive nature of the advertisements.
The advertisement that scrolls in from the bottom can not be dismissed, and is rather intrusive if you're using a small screen. I've tried on OS X (chrome/safari), Windows XP (chrome), Debian wheezy (chrome/firefox), Android Jellybean on a Nexus 7 (chrome), and Chrome on iOS.
The main reason I'm posting this here, however, is that the advertisements served up by r66t cover up advertisements that websites are selling with their own. Here's an example on reddit. http://i.imgur.com/Enz20T7.png This seems like an immoral move at best, and potentially illegal to do at worst.
As mentioned before, we've contacted CMA about this, but I'm wondering if there's something more we should be doing
Note that we have taken care of this within our home network by blocking *.r66t.com through DNS.
We do not have the ability to (reasonably) switch to another ISP
We contacted Amazon, eBay, and a few others. The most prominent response we received was from Amazon, who were concerned that their advertisements were being replaced with that of r66t. Not sure this is going to go anywhere, but it was at least worth telling them about it.
For some reason they've suddenly switched from <script> injection to <iframe> injection, and I don't understand why. Perhaps someone else might?
Okay, it seems that the idea of doing this isn't so new after all. This has been done by numerous ISPs, and it's been covered by TechCrunch, discussed on Slashdot, discussed on Reddit and Hacker News in the context of Hotel Internet service, and covered by many others. In previous cases, most of the ISPs had clauses in their ToS stating that they can add advertising material to the page at whim. The issue now is that I can not find such a page on CMA detailing their ability to insert advertising material into the page. Need to sleep, but after I get up I'm going to keep searching.
To people saying we should use a VPN: we absolutely will if this doesn't get addressed (and might even if it does, given the breaking of trust that occurred). At the moment our DNS solution is fine.
I do not like Iframes(in a new window frame in the initial webpage) as they are a pain in the ass. Some sites that have links to other sites content will try and force a new 'in page window' to open up without the user actually 100% going to the linked site.
Picture it like your desktop and you open a browser window. You are still on your desktop, but you have this window to see beyond your desktop.