Is Comcast modifying your packets?
February 11, 2002 9:49 AM   Subscribe

Is Comcast modifying your packets? With the transition from @home to Comcast it seems that Comcast is considering the possibility of intercepting your port 80 web traffic and inserting ads or selling your browsing history to marketers. According to Federal law isn't monitoring and altering your traffic illegal or does that not apply to large corporations? With a possible AT&T/Comcast merger this is a little scary.
posted by suprfli (17 comments total)
actually, the post doesn't say that comcast is considering doing that; it says that comcast is intercepting data, and then it goes on to speculate on a few reasons they might be doing that.
posted by rebeccablood at 9:59 AM on February 11, 2002

This mind-bogglingly illegal, but of course someone has to sue them first, or file the appropriate protest with the FCC, or both. But the atrocious PR alone that's going to result from this is going to force them to shut this down pretty quickly ... assuming "Mr. Hoover's" allegations are in fact correct.
posted by aaron at 10:01 AM on February 11, 2002

To clarify - The reason I said Comcast is considering is b/c they may only be doing this in one area as a testbed and not in all gateway locations. Deploying Inktomi Traffic Servers throughout their entire network would take some time and isn't cheap.
posted by suprfli at 10:09 AM on February 11, 2002

it says that comcast is intercepting data

Insofar as I understand it, this alone would be illegal under European privacy laws, without unambiguous consent. I'm not sure what the case is in the states?
posted by walrus at 11:18 AM on February 11, 2002

Anybody have any idea how to detect whether or not this is actually going on? I'm no network expert, but I can run a traceroute command, and it appears that my ISP (AT&T) routes the packets differently depending on whether or not they're going to port 80. I don't know how to figure out whether or not the machines the http requests are going through are intercepting data, though.... Any ideas?
posted by mr_roboto at 11:59 AM on February 11, 2002

If I understand the issue, it's a non-issue. Regardless of whether or not it's illegal, it's corporate suicide. Anyone being subjected to that would change providers right quick sending comcast into a financial tailspin...

Perhaps they'd be eligible for a Darwin Award??
posted by fooljay at 1:57 PM on February 11, 2002

mr_roboto, there's no way to know if it's being intercepted, just like there's no way to know if someone is eavesdropping on your face-to-face conversation with your friend. Listening can be completely passive. Of course, the fact that packets to port 80 are routed differently says that they're doing *something*. There's no reason to route packets based on port unless you are doing something different with those packets. That said, it could be as harmless as packet-filtering to block Code Red or Nimda...
posted by whatnotever at 2:04 PM on February 11, 2002

Or caching. In fact, I would not be at all surprised if that's what they're doing.
posted by kindall at 2:55 PM on February 11, 2002

I have Comcast cable-modem service, and a web server hosted elsewhere.

When I hit my website from my home computer, the address that the web server sees the request coming from is not the address of my computer. My current address is (some stuff) My web server sees hits coming from, in another network subnet.

SSL requests do not go through the transparent proxy; they appear to come directly from my home machine.

Comcast is clearly running a transparent proxy on ordinary port-80 HTTP traffic.

Any network provider can sniff the traffic going over its network; this is a fairly trivial exercise, and there's no way you'd ever be able to detect it on either end. If this were part of Comcast's Secret Plan To Take Over The World, that's what they'd be doing. Instead, Comcast is proxying web requests through machines with names beginning with 'cas'. It doesn't take Sherlock Holmes arrive at a possibility.

It looks like Comcast is running a caching proxy server, but that they don't actually have it caching much of anything yet. AOL has run caching proxies in this manner for years. Whenever you're dialed up through AOL, all your HTTP requests first hit the AOL proxy servers; they serve something like 12 billion requests day through those things, and nobody seems to think it's sinister.

Comcast does have the capability to snoop though or manipulate this traffic in a number of ways, of course. Some of that manipulation might even be legal. As someone pointed out, though, it'd be corporate suicide.
posted by tino at 3:00 PM on February 11, 2002

A caching proxy is actually becoming rather common. About a year ago I worked for a company that had DSL through a local affiliate of, um, now I forget, but they'd been bought up just that year. The ISP implemented a caching proxy on our DSL without telling us. I started noticing a few oddnesses when surfing, but I thought it was because I'd screwed up the firewall myself. Since nobody else was complaining, I crossed my fingers and continued to watch for a pattern. Then our webmaster called and said she couldn't see the updates on our site -- she was ftp'ing like crazy and still getting the same thing. We brought it to the COO (mutual boss) and he authorized us to whallop the ISP. It took a few phone calls (particularly since the right person was on vacation), but we got them to put us on a do-not-cache list.

(I'm not sure they were super happy with us before this because the SDSL was thoroughly saturated a lot of the time with Napster use, which I wasn't authorized to police. I could keep the MP3s off my servers, but the music-sharing itself was sort of a job benefit.)

Anyway, the key point here is that by late 2000, there were commercial caching proxy packages out there that were pretty much turnkey systems for even smaller ISPs. I'm completely unsurprised to see this. And having been through numerous online-privacy scares, starting with Prodigy's STAGE.DAT, I'm much more ready to see stupidity before malice.
posted by dhartung at 10:09 PM on February 11, 2002

There's nothing odd or illegal about this, as tino says. In fact, the majority of ISPs (in the UK at least) transparently proxy web traffic.

It makes business sense. Why bother providing the bandwidth so umpteen people can all go to here, when they can cache it and serve it from that?

I'm with a CM provider called blueyonder, who do exactly this. It's also reliatively easy to find out if you're being transproxied... simply telnet to a IP address that you know doesn't exist (such as on port 80. If you're being transproxied then you'll get a connection. If not, then you won't.

Being transproxied doesn't mean your traffic is any less secure... believe you me, if an ISP wants to watch your traffic, it can, and very easily.

posted by robzster1977 at 4:27 AM on February 12, 2002

AP has picked up the story, and Comcast admits that it is monitoring Web traffic of its users.
Comcast spokesman Tim Fitzpatrick said Web browsing was already being recorded for its subscribers in Detroit and in parts of Delaware and Virginia, and would be extended across the nation by the end of this week. He acknowledged customers weren't notified.
posted by rebeccablood at 5:05 PM on February 12, 2002

1. "The company that sold Comcast the technology acknowledged the cable company is collecting more information about the online activities of customers than is necessary for the technology enhancements."

2. "Once you're sitting on [all that information], you're really inviting all kinds of requests," said David Sobel of the Washington-based Electronic Privacy Information Center. "If they can't identify a need to be collecting it, they should take the necessary steps to eliminate it."

3. Recording all of that information has some (not insignificant) costs.

Thus, one has to ask, what business interest is served by this activity? In other words, what will Comcast's payoff be? [If they don't expect a payoff, they wouldn't do it. Otherwise the activity amounts to a big waste of resources (i.e., money).]

The only payoff I can think of is in either selling marketing information to their advertisers, or the creation of some kind of targeted marketing infrastructure for their advertisers.

Both of which are contrary to Comcast's claims.
posted by yesster at 8:02 AM on February 13, 2002

"The company said it believes the recording was permitted by language in their service agreement with subscribers." (in the Yahoo News story)

Judge for yourself.

"Comcast may collect information in accordance with applicable law concerning Customer's use of the Service and customer preferences which are reflected in the choices that a customer makes among the range of services offered as part of the Service, the time that the customer actually uses the Service, the menus and features used most often by the Customer, and other information about a customer's 'electronic browsing.'"
"Comcast will disclose to third parties personal information that Comcast maintains related to Customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need,..."

All emphasis mine.
posted by nickmark at 8:03 AM on February 13, 2002

Don't all ISPs do this? When you make a phone call, it's logged and kept in databases that are accessible for a long time, in case any authorities ever need them, same with your credit card purchases, etc. This is crappy, but not surprising.
posted by panopticon at 8:04 AM on February 13, 2002

Comcast appears to be running transparent caching proxy servers. Other ISPs, notably AOL, have done this for years. The payoff is that, ostensibly, the ISP winds up responding to some proportion of requests with cached data; the customers get faster responses, and the ISP saves money by generating less external traffic.

That may or may not work. Proxy servers introduce a big single point of failure into the system, and it's difficult to determine at the outset whether you'll actually be able to reduce traffic with caches. A lot depends on what kind of traffic your users generate.

The big problem with the whole mess is that Comcast is doing this caching in an incredibly inept manner. The proxies seem to ignore Expires: headers, and they seem incapable of detecting when a page has changed.

For what it's worth, it looks like they've turned off the proxy servers at the moment, probably because of the publicity.
posted by tino at 8:27 AM on February 13, 2002

For what it's worth, it looks like they've turned off the proxy servers at the moment, probably because of the publicity

Zigackly right.
posted by walrus at 3:17 AM on February 14, 2002

« Older The America-Hating British?   |   Iraq Calls Bush's Bluff on Weapons Scrutiny. Newer »

This thread has been archived and is closed to new comments