Who needs remote control?

My ISP just did something naughty. BT, Virgin Media, and Carphone Warehouse have been caught in a scheme to sell details of all your Web activity to marketers (…and anyone else) without your knowledge or consent. And the full details are genuinely worrying. The Register has a major scoop, in that it’s got hold of the network architecture diagrams; they imply that any and all Web traffic transiting BT Retail’s core network is going to be tapped off and passed to several instances of the ad system. This will intercept your page request, place a cookie on your computer or update it if it’s already there, then (and only then) pass the request to the remote host.

(Some people are concerned that other ISPs using BT Wholesale’s IPStream service might be affected. My reading of the diagram is that the taps are within BT Retail systems, which suggests they’re OK. On the diagram, the ad system is beyond the RADIUS billing/authentication server.)

When the page comes back, the system reads the data in the cookie and decides what ads to squirt into it (or conceivably, to remove from it). Put it another way, they’re going to make their network lie to you. Here’s how to stop them, or at least mitigate the damage. (More data is here. The issue has already sprouted a website, here.)

First: go to Internet Options/Privacy in Microsoft Internet Explorer, Edit/Preferences/Privacy in Mozilla Firefox, and choose “show cookies”. You’re looking for anything from webwise.com, oix.com, or sysip.net. Delete any you see. Now choose Exceptions, enter these names, and choose Block.

Second: if you’re running linux, unix, or MacOS, log in as root and open your /etc/ directory. Look for a file called /etc/hosts; open it. Add the following line: 127.0.0.1 dns.sysip.net (there should be two tabs between them). Save the file. You’ve just told your computer that whatever the DNS server says, dns.sysip.net is located at your own machine, so any attempt to send it information will fail. If you’re running Windows, same procedure, but the file is in a different place.

Third: consider using another DNS server. OpenDNS is handy; open whatever tool your system uses to manage networks, select your home connection, and untick the option to get DNS servers from DHCP. Instead, add 208.67.222.220 and 208.67.222.222 in the boxes provided. The question is, however, whether you trust OpenDNS; if they can’t find a page they return a Google search rather than a 404 or nxdomain, which can break things.

Fourth: go right over here and submit a complaint to the Information Commissioner’s Office.

Fifth: consider getting another ISP. I’m on Virgin Media and I will be.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.