Comcast has resorted to using what’s essentially a man-in-the-middle attack to warn customers that they might be breaking copyright laws. The move, first brought to light by San Francisco-based developer Jarred Sumner, introduces all sorts of privacy concerns.
As Sumner explained to ZDNet, Comcast is injecting a banner warning in browser sessions in which it believes a user might be downloading copyrighted material. The developer said the ISP is probably using deep packet inspection on subscribers’ Internet and / or proxying subscriber Internet when they want to send messages.
It’s similar in practice to the warning that Comcast issues Internet users when they’re approaching – or have surpassed – their monthly bandwidth allotment. The copyright warning seems a bit more invasive, however, as it’s based on what you’re doing during a browsing session rather than how close you are to a cap.
Sumner, who uses his Comcast connection at home, said the warning started appearing on ever single non-HTTPS website on every device on his home’s network. It doesn’t appear as though the warning is effective against sites that use HTTPS.
The developer added that there are scarier scenarios where this could be used as a tool for censorship, surveillance or to sell personal information.
Comcast already has in place a controversial six strikes copyright alert system in the US.
A Comcast representative told the publication that this is “not new” and that its engineers posted an Internet Engineering Task Force (IETP) white paper on the matter in 2011.
https://www.techspot.com/news/62887-comcast-using-man-middle-attack-warn-subscribers-potential.html
