I posted about this on reddit a few weeks ago[0]. Someone in the thread said they had contacted the Better Business Bureau, but I'm not sure what their process is or how far it's gotten.<p>There has also been a short email thread in which their official response is this:<p>> Mr. [redacted],<p>> CMA is in the process of trying to find ways to drive income from our internet service in new ways. These new ways would allow us to expand our service offering and maintain the cost of the current residential and business internet services.<p>> We’ve been testing a new service which allows us to overlay / insert some local advertisement on certain web pages. A company called Route 66 is our partner. Right now, you’re barraged with a lot of internet advertising, popups, etc… This has become part of the internet experience. At the core, we’re simply trying to better customize some of this experience. And possibly give you access to highly relevant local advertising.<p>> Having said that, I’ve recently become a little more familiar with what some of these ads look like and how they operate. I will concede that I’m not sure they strike the perfect balance between being information and non-invasive. Like I mentioned, we’re involved in a test and the feedback we’re getting from the test is helping us to refine and improve how (or if) we’ll continue here.
So I’m stopping short of saying that we’ll be ceasing this type of internet advertising experiment. But I do want you to know that your feedback has resulted in the beginning of a pretty intense internal dialogue.<p>> Thanks for your feedback.<p>> [redacted]<p>> CMA Communications<p>It's absolute insanity and a major breach of trust that they'd inject their own content into webpages I visit. I'm permanently using a remote VPN for all outgoing traffic through CMA.<p>[0]: Didn't know exactly where the post belonged, so I put it in /r/self: <a href="http://www.reddit.com/r/self/comments/19zhl6/my_isp_is_injecting_advertisements_into_my/" rel="nofollow">http://www.reddit.com/r/self/comments/19zhl6/my_isp_is_injec...</a>
Immediately cancel your account and switch. If you are forced to use them as an ISP due to municipal/geographical regions complain to your city manager.<p>The only way to slap these companies back into line is with your wallet. If you can't do that then a couple complaints to the city manager can go a lot farther than you think, especially in smaller areas where there isn't a lot of support staff in city hall.
"knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period"<p>Injecting or replacing ads in other people's content on the wire: 'knowingly and with intent to defraud', 'exceeds authorized access', 'furthers the intended fraud'<p>Ad revenue from doing so: 'obtains anything of value'<p>Forget copyright infringement: a case could be made that CFAA applies here.
They go as far as even replacing existing ads with their own, this seems criminal, especially when they are directly impacting google/microsoft/apple by removing their ads and replacing them with their own.
A picture speaks a thousand words here; the author did a great job supplying plentiful screenshots to emphasize how <i>wrong</i> this practice is. I read about this in the past but wasn't too moved until I scrolled through all those screenshots and thought, wow, this is not good for ad publishers OR brands OR anybody. This is only good for the greedy ISP.
This is an interesting problem. On a broadcast channel, when a local station attempts to replace the ads the network has put in their shows, with their own ads, the network has some leverage to shut down that process. But on the Internet there are a bunch of web sites and they don't have any leverage at all. They could do an IP filter, which is to say put up a page "This site unavailable on this ISP's network" when a request came in from a CMA communications IP block. That would cause a support headache for CMA with all their customers calling into complain. The other defense would be to create a web page that doesn't cache (it pulls the actual page content through AJAX calls gets around any local script injection). Lastly there seems to be "product" here where you bundle up an EC2 instance and some friendly software on the PC that spins up a VPN tunnel for all of your traffic.
HTTPS everywhere would solve this, and the Comcast Javascript injection - I wonder how many more people will deploy things like this before that happens?
Technically, isn't this copyright violation? People who inject ads into a page are creating a derived work without permission of the rights holders. I'm sure Apple didn't okay that addition to their HTML.<p>It would be interesting to see a lawsuit along those lines.
It's been long enough for me to state, but I used to work for a contractor hired by CMA Communications.<p>ISPs of this size try and maximise as much profit out of their customers and being that a lot of CMA's sites were over provisioned and are barely able to provide telephony service without incompetence-y along the way, it is not shocking that ads being injected into pages is a new thing for them.<p>To see these bullshit ads showing up on random pages is far from surprising.
The first screenshot has the Google squiggle. Am I right there? That somehow Google ads are being injected?<p>Because that seems like something that Google would not tolerate.
This was inevitable.<p>That's why I bought Google stock after they got into Android, as Android makes it possible for Google to now step in & protect against the MITTM attacks by ISP's blocking their ads. The OS gets the final word before it displays content to the user & it can detect & block these.<p>Now, they just have to deploy the fix to Android...
The sad thing about this is in many places (at least in the US) there are few if any alternatives. In my city, I can either get Time Warner Cable or AT&T DSL. I'm 20 miles from Verizon's office but FIOS is illegal in my city. So if the ISP starts screwing with the content then you have virtually no alternative.
Sprint is another (lesser?) offender -- their mobile broadband injects a script in every page that loads compressed versions of images until told otherwise. (Annoying, but at least it's well-intentioned.) I've long since blocked the IP, but it gave me a bit of a scare to see unfamiliar code in my own websites.
My parents use CMA Communications. I can confirm that they receive injected ads as well.<p>I looked into switching then to another ISP, but the only one available is 1.5Mbps DSL vs their 15Mbps connection now.