WARNING: This page may be altered in transit!
April 16, 2008 1:44 PM   Subscribe

(Tag suggestions welcomed.)
posted by loquacious at 1:45 PM on April 16, 2008

But such interventions, though worrisome, are rare. Only 1.3 percent of pages tested were modified in any way, and 70 percent of those modifications were caused by client proxies installed to deal with pop-ups or to block advertising.

so only 30% of 1.7% could be something to worry about? math... hurts.

.51%? did I use my calculator correctly?

The researchers also note that not every alteration is problematic; some cellular operators, for example, will strip extra whitespace from pages or will provide extra compression for images to keep bandwidth usage low and browsing quick.

ok, so then what was that remaining extra tiny percentage of the alterations? was there, in fact, some nefarious alteration made? I understand that some folks wouldn't want their pages messed with no matter what the reason, but I'm just curious what these rare isps are doing.
posted by shmegegge at 2:12 PM on April 16, 2008

"You're safe! If you are seeing this text, then this page has arrived at your browser without modification."

Hooray!
posted by soundofsuburbia at 2:13 PM on April 16, 2008

This comment was very witty. Unfortunately it was edited by my ISP.
posted by jlowen at 2:14 PM on April 16, 2008

CHANGE FOUND: we have detected that this comment has been modified between leaving our server and arriving in your browser. To see the exact changes to this comment, click here.
posted by davejay at 2:14 PM on April 16, 2008

was there, in fact, some nefarious alteration made?

In some cases advertising was being inserted, so yes, very nefarious.
posted by TheOnlyCoolTim at 2:16 PM on April 16, 2008

Great. Apparently my ISP is looking out for my best interests as a consumer and is a good value. Thanks, MetaFilter, for bringing this to my attention.
posted by infinitewindow at 2:27 PM on April 16, 2008 [10 favorites has favorites]

Well, that's it. SSL everything from now on.
posted by mkb at 2:31 PM on April 16, 2008

Sounds like most of the pages changes were caused by ad blockers.
posted by delmoi at 2:42 PM on April 16, 2008

"Our experiment assumes that you are using a modern web browser with JavaScript enabled. We have tested our experiment with Firefox 2, Internet Explorer 6 and 7"

Well, clearly you can't trust this. IE6, "modern"?

/pre-emptive
posted by mr_crash_davis at 3:03 PM on April 16, 2008

that is just freaky.. ISP's shouldn't been screwing with your internets anyway.
posted by majikstreet at 3:24 PM on April 16, 2008

Interesting article, but I'm not sure the tags fit - "freeV!@GR@" and "hotbabes"? A little much, no?
posted by backseatpilot at 3:36 PM on April 16, 2008

I did a similar series of experiments a few years ago and I was able to detect that my ISP was taking all my data, both incoming and outgoing, and converting it to electromagnetic radiation and then beaming it around the world.

I dropped them toot sweet!
posted by DU at 5:02 PM on April 16, 2008

SSL is very processor intensive. Servers would need massive upgrading.
It'd be good for the economy.

In other news: Go UW. I love it when my alma mater does cool stuff.
posted by jeffamaphone at 7:16 PM on April 16, 2008

Does this mean that only 1.3% of people are using ad blockers?

I find that surprisingly low.
posted by Kadin2048 at 9:34 PM on April 16, 2008

I used to work for an ISP that did this. One day, my boss complained that the product managers wanted to modify the content on SSL pages, but that it was (obviously) impossible. I jokingly said that, "hey, we install the browser on customers' machines...why not throw in a root CA cert of our own? Then we can run a man-in-the-middle attack on every request and do whatever we want." Someone took the joke seriously, and I spent the next week trying to disabuse people of this insane and immoral idea.
posted by jewzilla at 9:49 PM on April 16, 2008

It only detects adblockers that function as a proxy.
posted by TheOnlyCoolTim at 9:54 PM on April 16, 2008 [1 favorite has favorites]

I jokingly said that, "hey, we install the browser on customers' machines...why not throw in a root CA cert of our own? Then we can run a man-in-the-middle attack on every request and do whatever we want." Someone took the joke seriously, and I spent the next week trying to disabuse people of this insane and immoral idea.

You joke? Think again! Sprint is about to start doing that on their mobile network.
posted by mkb at 5:05 AM on April 17, 2008