Why ISPs are hijacking your search traffic & how they profit from it
A handful of Internet service providers (ISPs) in the U.S. are redirecting search traffic around specific keywords to brands’ websites, presumably for affiliate marketing revenue.A study released today by a UC Berkeley research group revealed that for some Internet users on some ISPs, using a search engine and typing in a word such as “apple” or “bloomingdales” would redirect the user to websites for Apple or Bloomingdale’s rather than to a page or search results about the keyword in question. The Berkeley project, called Netalyzr, was created to measure DNS behavior. However, over the past few months, the Netalyzr team noticed some unexplained and unexpected redirections across at least 12 ISPs in the United States. The affected ISPs use services provided by a company called Paxfire to monetize certain web search requests. Paxfire’s main line of business is DNS-error traffic monetization, i.e., the practice of presenting advertisements and search results to users who mistyped a website’s address in their browser. “In addition, some ISPs employ an optional, unadvertised Paxfire feature that redirects the entire stream of affected customers’ web search requests to Bing, Google and Yahoo via HTTP proxies operated by Paxfire.” Following the money The Electronic Frontier Foundation helped the Netalyzr team investigate the matter. As EFF senior staff technologist Peter Eckersley told VentureBeat, “They knew the general category of false DNS responses might be possible and worth checking for, while the details that emerged about Paxfire and what it was actually up to were a bit more surprising.” The research team found that around 170 specific, brand-related keywords would trigger interference by the HTTP proxies, causing users to be redirected to affiliate marketing landing pages. “In the process, the ISPs and Paxfire presumably earn commission payments for the redirected flows,” the researchers wrote. Some of the ISPs involved are, according to data presented by multiple organizations involved in the investigation, Cavalier, Cincinnati Bell, Cogent, DirecPC, Frontier, Fuse, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West and XO Communication. Charter and Iowa Telecom claim to have recently stopped doing DNS redirects. While it’s likely that ISPs had at least some knowledge of at least some of the DNS redirection, if not search traffic redirection, it’s less likely that the brands themselves were involved in the scheme. “There is probably a chain of several intermediaries in these affiliate marketing programs between the brand itself and Paxfire,” said Eckersley. The problem with Paxfire “I’m not an expert on affiliate marketing programs, so I can’t comment on whether anything that Paxfire is doing might be a violation of the rules or norms of that business sector,” said Eckersley. But he did say that the marketing company “has no business” granting itself access to the keywords people are using to navigate the Internet. “If my search engine is untrustworthy or not returning the results I was actually looking for, I can go and pick a different search engine. But if Paxfire has snuck out onto the network and secretly replaced all my choices of search engine with itself, I no longer get to go elsewhere for my searches.” And when Paxfire’s proxies malfunction, any search attempts return an error message. “Users will often blame the search engine for that, when in fact it’s the fault of the company that’s secretly hijacking them,” said Eckersley. According to the EFF, Google has repeatedly put pressure on ISPs to stop DNS-based redirects and has been at least somewhat successful. However, the EFF notes that Yahoo and Bing search engines are still particularly susceptible to redirects. “This is why the ISPs that were proxying Google stopped in the past couple of months,” wrote Berkeley researcher Nicholas Weaver in a Slashdot thread today. “Google’s abuse-detection threw up a CAPTCHA on the queries, and then Google posted about it.” Evidently, the combined noise from the web and pressure from the search engine were enough to put a stop to search redirection in some cases. A Google spokesperson confirmed, “We aren’t aware of any DNS providers that are currently doing this hijacking for searches intended for Google.” Hopefully, continued pressure and the watchful eyes of the media, Berkeley researchers and advocacy groups like the EFF will help to end the practice of search redirects. by Jolie O’Dell Image courtesy of Magic Glasses.