Security Comcast using man-in-the-middle attack to warn subscribers of potential copyright infringement

Shawn Knight

Posts: 14,033   +150
Staff member

Comcast has resorted to using what’s essentially a man-in-the-middle attack to warn customers that they might be breaking copyright laws. The move, first brought to light by San Francisco-based developer Jarred Sumner, introduces all sorts of privacy concerns.

As Sumner explained to ZDNet, Comcast is injecting a banner warning in browser sessions in which it believes a user might be downloading copyrighted material. The developer said the ISP is probably using deep packet inspection on subscribers’ Internet and / or proxying subscriber Internet when they want to send messages.

It’s similar in practice to the warning that Comcast issues Internet users when they’re approaching – or have surpassed – their monthly bandwidth allotment. The copyright warning seems a bit more invasive, however, as it’s based on what you’re doing during a browsing session rather than how close you are to a cap.

Sumner, who uses his Comcast connection at home, said the warning started appearing on ever single non-HTTPS website on every device on his home’s network. It doesn’t appear as though the warning is effective against sites that use HTTPS.

The developer added that there are scarier scenarios where this could be used as a tool for censorship, surveillance or to sell personal information.

Comcast already has in place a controversial six strikes copyright alert system in the US.

A Comcast representative told the publication that this is “not new” and that its engineers posted an Internet Engineering Task Force (IETP) white paper on the matter in 2011.

Permalink to story.

 

Evernessince

Posts: 5,469   +6,157
So in other words, they are going to be taking a good peak at your data all because you might be viewing or downloading copyrighted material. I guess the NSA set a pretty good precedent, expect for the part where it's against the law.
 

Skidmarksdeluxe

Posts: 8,645   +3,289
Well people should't be pirating and they shouldn't be spying. Who's right or wrong? It doesn't matter, they at least have a 152K word, difficult to understand ToS to fall back on which nobody bothered reading before digitally signing.
 

Lionvibez

Posts: 2,619   +2,379
This is only going to stop casual users and kids who's parents don't know what they are doing on the computer at night.
 

yRaz

Posts: 4,330   +4,965
This is only going to stop casual users and kids who's parents don't know what they are doing on the computer at night.
yup, the major piracy culprits are paying to use VPNs or Usenet. Although this sort of thing would be most effective against people who don't know how to hide their online activity.

Either way it's BS, if stuff like this started appearing on my home network I'd switch ISPs in a heartbeat.
 

Lionvibez

Posts: 2,619   +2,379
yup, the major piracy culprits are paying to use VPNs or Usenet. Although this sort of thing would be most effective against people who don't know how to hide their online activity.

Either way it's BS, if stuff like this started appearing on my home network I'd switch ISPs in a heartbeat.

Sometimes just using a different dns from your ISP will help to not see these. Before I switched to an unlimited connection I always use open dns and I never saw any of the bandwidth caps messages when I was close.
 

SirGCal

Posts: 365   +138
This is only going to stop casual users and kids who's parents don't know what they are doing on the computer at night.
yup, the major piracy culprits are paying to use VPNs or Usenet. Although this sort of thing would be most effective against people who don't know how to hide their online activity.

Either way it's BS, if stuff like this started appearing on my home network I'd switch ISPs in a heartbeat.

You assume these people have an option of ISPs. Due to the cable laws in many places, they have but one choice. That law needs to go away and do it yesterday....
 

psycros

Posts: 4,073   +5,591
So in other words, they are going to be taking a good peak at your data all because you might be viewing or downloading copyrighted material. I guess the NSA set a pretty good precedent, expect for the part where it's against the law.

An ISP that snoops its customers packets its an ISP begging for a huge class action. A slick team of lawyers could take that purposely vague and open-ended ToS and hang Comcast with it.