How a South African ISP Hacks Its Subscribers Each Month(defplex.wordpress.com)
defplex.wordpress.com
How a South African ISP Hacks Its Subscribers Each Month
https://defplex.wordpress.com/2017/08/15/how-a-south-african-isp-hacks-it-subscribers-each-month/
51 comments
> I should be able to send whatever bytes I want through the network, and have them arrive at their destination verbatim.
It's copyright violation to modify copyrighted content before delivery without permission, especially when it's commercial content (ads) that is being injected. Maybe lawsuits could stop it.
Other examples from the US:
https://www.infoworld.com/article/2925839/net-neutrality/cod...
https://techcrunch.com/2012/04/06/now-you-know-hotels-inject...
It's copyright violation to modify copyrighted content before delivery without permission, especially when it's commercial content (ads) that is being injected. Maybe lawsuits could stop it.
Other examples from the US:
https://www.infoworld.com/article/2925839/net-neutrality/cod...
https://techcrunch.com/2012/04/06/now-you-know-hotels-inject...
It's copyright violation to modify copyrighted content before delivery without permission, especially when it's commercial content (ads) that is being injected.
Ironically, a similar argument is being used against adblockers, the other "benevolent MITM" application for modifying content: https://news.ycombinator.com/item?id=14978228 https://news.ycombinator.com/item?id=14990137
In other words, if those lawsuits succeed, they could set an unfortunate precedent against even personal "modification of content".
Ironically, a similar argument is being used against adblockers, the other "benevolent MITM" application for modifying content: https://news.ycombinator.com/item?id=14978228 https://news.ycombinator.com/item?id=14990137
In other words, if those lawsuits succeed, they could set an unfortunate precedent against even personal "modification of content".
An ad blocker does not modify copyrighted content before delivery. The legal precedent set by when Nintendo tried to sue Game Genie made it pretty clear that you can use tools to modify content you already have in your possession, particularly if those modifications are in memory only and never create a modified copy on disk. Meanwhile, those two links are to something entirely unrelated: an attempt to use the DMCA to remove someone's domain name from a file (which isn't even a copyright issue, and so I have not heard anyone think that was remotely legitimate).
An adblocker is more like taking a marker and crossing out the ads in your own personal copy of a magazine with the marker. Modification for personal use is not copyright violation.
If I publish a website -- telling the users that we do not bother them with ads -- and another company then injects ads into that page, it not only violates the copyright, but it causes damage to my website's reputation, because most users aren't knowledgeable enough about the Web to understand that the ads are not put there by the publisher. It's probably even worse for websites that allow members to pay to have ads removed.
If I publish a website -- telling the users that we do not bother them with ads -- and another company then injects ads into that page, it not only violates the copyright, but it causes damage to my website's reputation, because most users aren't knowledgeable enough about the Web to understand that the ads are not put there by the publisher. It's probably even worse for websites that allow members to pay to have ads removed.
Can't "user-consent" be a simple solution for this? I give consent to a HTTP-adblock-proxy to modify HTTP in transit.
Don’t trust the network. Don’t trust the network.
There are no guarantees on the internet that your packets will arrive intact and in order. That’s why we have tcp. What the ISP is doing may be sleazy, but it’s not violating some principle of computing.
There are no guarantees on the internet that your packets will arrive intact and in order. That’s why we have tcp. What the ISP is doing may be sleazy, but it’s not violating some principle of computing.
There's a difference between accidental reordering/dropping/corruption of packets, and malicious interference by middleboxes. The TCP mechanisms can deal with the former, but the latter can fake all the necessary sequence numbers and checksums.
I’ve thought about it and I think encryption/https is the best solution. When you send your data off, you unfortunately don’t know or control who is going to look at it. Encryption works though, no matter if you don’t even trust your ISP/government/whoever
Telkom has been injecting kak [0] into pages for _years_ [1], [2]. A former employee of theirs told me that at one stage they were replacing ad content with their own adverts - I would dismiss this as hearsay had I not seen it myself.
[0] South Africanism for 'shit'
[1] https://mybroadband.co.za/vb/showthread.php/704472-Telkom-In...
[2] https://www.sadev.co.za/content/telkom-using-man-middle-atta...
[0] South Africanism for 'shit'
[1] https://mybroadband.co.za/vb/showthread.php/704472-Telkom-In...
[2] https://www.sadev.co.za/content/telkom-using-man-middle-atta...
Off topic re: kak. I don't know where exactly it came from, but it's also a word in New Zealand English (and possibly other dialects). If I told someone I kacked my pants, they'd understand that I shat myself. It's not super common, but it's understood.
I wonder if maybe it's because there's a lot of South African expats in New Zealand.
I wonder if maybe it's because there's a lot of South African expats in New Zealand.
It had a brief moment in the limelight of UK student lexicon during the 1990s due to the TV sketch series "The Mary Whitehouse Experience".
20 years later when studying South African history I was able to subconsciously translate that one word. Die Mann praat kakk!
20 years later when studying South African history I was able to subconsciously translate that one word. Die Mann praat kakk!
'kak' means 'shit' in Dutch as well. South African is quite similar to Dutch for colonial reasons.
Probably related to "caca" which usually means something related to fecal matter in Romance languages.
Latin: cacare (to shit)
German: Kacke (the ck as usual indicates that this word may only be used with the voice raised beyond 85 dB and with at least 5 % spit by volume mixed into the air-stream).
German: Kacke (the ck as usual indicates that this word may only be used with the voice raised beyond 85 dB and with at least 5 % spit by volume mixed into the air-stream).
And Tamil which is not a Romance language.
Since Tamil has borrowed more Dutch words (and uses at least one from Tamil, being katamaran), I expect your kak to come from the dutch kak, as kak always rolls down hill.
It has Indo-European roots https://lrc.la.utexas.edu/lex/master/0821. Although Tamil is Dravidian, probably a loan word.
In greek as well.
[deleted]
Telkom (and also Eskom) are beyond kak. We desperately need telecoms/electricity to be privatised.
A privatized monopoly, will try to extract profit, as we saw with the SBC management of Telkom from 1997-2007 when there was very little innovation and high prices here.
I meant privatised in order to remove the state ownership and encourage competition in the sector.
> A former employee of theirs told me that at one stage they were replacing ad content with their own adverts
This was afaik the main reason, why YouTube went HTTPS-only very early compared to the rest of the internet. Some ISPs exchanged the video ads of YouTube with their own and lowered the resolution of videos to save bandwidth. YouTube's customers were very dissatisfied because it constantly broke and the video quality was very bad and thus HTTPS came to the rescue.
This was afaik the main reason, why YouTube went HTTPS-only very early compared to the rest of the internet. Some ISPs exchanged the video ads of YouTube with their own and lowered the resolution of videos to save bandwidth. YouTube's customers were very dissatisfied because it constantly broke and the video quality was very bad and thus HTTPS came to the rescue.
Didn't Comcast publish a standard for injecting HTML into unencrypted traffic?
https://tools.ietf.org/html/rfc6108
https://tools.ietf.org/html/rfc6108
Telkom is not just "an ISP", it's formerly The Telephone Company, the state-owned monopoly.
So more like "British Telecom" or "AT&T"
So more like "British Telecom" or "AT&T"
Yes they are, but they are also an ISP here in SA, among many.
BT is also "an ISP among many" now.
It's been know for years that they run transparent proxies.
And while this isn't great this is a bit overplayed. They're more the kind of company that does something incompetently than one that does stuff maliciously.
And while this isn't great this is a bit overplayed. They're more the kind of company that does something incompetently than one that does stuff maliciously.
When you're dealing with a person, you can apply the saying "never ascribe to malice that which can be explained by incompetence". However, when you're dealing with a large organization or other group of people, it doesn't matter whether the act was originally driven by malice or incompetence, someone in the organization is going to exploit it with malicious intent.
How did this get on the home page?
Bigger companies also do that, Vodafone was compressing all images that went through their 3G service, and a ton of ISP inject / redirect HTTP traffic to tell you to pay the bills
Bigger companies also do that, Vodafone was compressing all images that went through their 3G service, and a ton of ISP inject / redirect HTTP traffic to tell you to pay the bills
This is also the case in Namibia. Telecom Namibia is also running a transparent proxy. If you ever make an HTTP request followed by an invalid HTTP request over an un-encrypted connection the invalid request (Say GET / HTTP/NKD instead of GET / HTTP/1.1) will get filtered before reaching my server.
I have however as of yet not seen them injecting JS or other content into HTTP pages.
I have however as of yet not seen them injecting JS or other content into HTTP pages.
It's worth mentioning that MTC Namibia (A mobile provider) does not do this.
Comcast does this too for letting you know you’re connected to Comcast’s network and if you go over your data limit. Pretty terrible.
Wow that’s a great discovery. Telkom is a major service provider, and I use them! Any other way to prevent this?
Says right at the bottom
Pro-Tip: their injection can only work on HTTP and not HTTPS so there is some relief from this inconvenient and dangerous code injection. Installing the HTTPS Everywhere plugin will help mitigate the injection and is a recommended plugin to run regardless. Alternatively install the Tor browser.
Pro-Tip: their injection can only work on HTTP and not HTTPS so there is some relief from this inconvenient and dangerous code injection. Installing the HTTPS Everywhere plugin will help mitigate the injection and is a recommended plugin to run regardless. Alternatively install the Tor browser.
Yes I saw that, I meant to say no way to block it other than browsing through TOR? Luckily many websites use HTTPS these days.
TL;DR Telkom does HTML injection on all unencrypted traffic of its customers, whereas the author of the linked blog uses #444444 text color on #000000 background (which gives contrast ratio 2.2 on http://leaverou.github.io/contrast-ratio/). I call it almost a draw ;)
Sorry I had to be that guy. Please improve contrast on your blog.
Sorry I had to be that guy. Please improve contrast on your blog.
Don't be sorry - you're right.
If you want people to read your stuff make it readable.
I got more from your TL;DR than the horrible blog design which I didn't last more than a second on.
I had to go back and look at it with reader mode turned off. Since iOS 11, I’ve had reader mode turned on by default on my iPhone and iPad.
workaround: press contrl+a
Or in the console: document.querySelectorAll('p').forEach(p => p.style.color = '#eee');
And those horizontal scanlines on all images really bother my eyes.
At least make it an option.
(I don't know if it's just me, but I found the tone of the article a little alarmist, starting with "hacks" in the title. Then again, a lot of security researchers seem to write like that.)