Comcast defends its prepare of hijacking pages and adding its non-public code

1
17

Comcast believes it’s acceptable to inject 1000’s of lines of code into any web narrate you seek the recommendation of with if it thinks you’re wanting a hardware upgrade. And even must you don’t need an upgrade, you’re nasty.

A user objective lately took to the company’s forums to complain of its prepare of working its non-public code on webpages customers seek the recommendation of with in direct to immediate them with particular Comcast messages.

Posting below the name “bham3dman” on the company’s legit discussion board, the user acknowledged:

Comcast started injecting four hundred+ lines of JavaScript code in to pages I requested on the receive so as that once the browser renders the web narrate, the JavaScript generates a pop up looking out to up-sell me a brand unique modem. Whilst you name the quantity in the popup, they’re quick to sigh you that you just will have a brand unique modem, which in my case is now not only. I later verified with degree-2 strengthen that my modem is completely comely and I don’t must upgrade.

The customer goes on to remark they took the time to keep in touch with seven diversified company supervisors, none of which could well “flip it off.”

Comcast has my cell phone put of business quantity, my cell for texts, my electronic mail, and my house address, yet they retract to molest my requested online pages by injecting 1000’s of lines of code. This is now not take care of focused adverts after I seek the recommendation of with web sites with commercials (which is completely acceptable), this as an different is an instantaneous manipulation of the fashioned offer code of the receive put.This is completely unacceptable to me and what’s worse is that Comcast offers no system to determine out of this horrific prepare.

ISP’s injecting code into web sites is nothing unique, it’s been going on for years. Finally earlier this year Comcast used to be maligned for the usage of the prepare to warn users in opposition to piracy. And as a long way back as 2012, consultants hold warned regarding the implications.

Intercepting a buyer’s unencrypted web page visitors and injecting code into it is a long way truly a “man in the guts” attack, per Jarred Sumner, an skilled who told ZDNet:

This presumably technique that Comcast is the usage of [deep packet inspection] on subscriber’s web and/or proxying subscriber web after they are looking out to send messages to subscribers.That can let Comcast adjust unencrypted web narrate visitors in each and every directions. There are scarier instances where this is able to well be previous as a machine for censorship, surveillance, [or] selling non-public info.

The corporate’s code informing customers they want a brand unique modem is a dinky diversified, however the principle that remains the identical: Comcast can (and does) alter webpages at any time when mandatory by exploiting its situation as a buyer’s ISP.

Interestingly, when called out on its non-public forums for the prepare earlier this month, a Comcast worker spoke back to contradict the poster.

There isn’t a week that goes by where my ISP (now not Comcast, but no better) doesn’t send me as a minimum five pieces of unsolicited mail, nearly begging me to enroll in other providers and products. And if I’m fifteen seconds unhurried on my bill I gain a text message, an electronic mail to 2 diversified accounts, and a series of cell phone calls which proceed each day till I’ve made the associated rate.

But please Comcast, sigh us all extra about your company’s need for a machine to add your individual code to webpages which erroneously tells of us they want a brand unique modem.

Comments are closed.