[ale] Charter Communications intercepting HTTP requests

Fletch fletch at phydeaux.org
Sat Dec 9 18:36:27 EST 2000


>>>>> "Stephan" == Stephan Uphoff <ups at tree.com> writes:

    Stephan> Charter Communications seems to intercept all of my HTTP
    Stephan> requests and redirects them to their HTTP proxy cache.

    Stephan> This is done transparently using NAT so the user is not
    Stephan> aware that all the requests are proxied.  ( tcpdump on
    Stephan> the client shows the destination address of web server,
    Stephan> tcpdump on web server shows the source address of the
    Stephan> proxy )

    Stephan> Since I have yet to see a proxy without logging features
    Stephan> I find this very troublesome.

        It would be troublesome if the converse proposition (that just
because you don't go through a proxy means you aren't being logged)
was certain.  Your ISP, not to mention any intermediary hops along the 
way, sees any and all traffic sent passing through their network.
There are numerous reasons why they may be doing transparent http
proxying (it lowers the bandwidth they have to use (80% of their
customers hit a certain group of sites that the proxy manages to keep
locally), it improves the percieved performace of their service, they
might use it for future capacity planning (i.e. pulling an extra link
straight to the backbone where m of those n popular sites sit)).

        If you don't want the ISP to know that traffic from your IP
address is going to port 80 of www.hotlawnfurnitureaxxtion.se, then
don't send IP traffic through them.  There are services that will
provide anonymous proxying using cryptographically secure means.  One
of the older commercial offereings in this area:

http://www.anonymizer.com/privacy_store.shtml


    Stephan> Is this interception / faking of IP source addresses
    Stephan> legal ?  If it is not legal can anyone recommend a
    Stephan> "Digital Privacy" group?

        Seeing as how the internet is a public network that by its
very nature allows traffic to be observed at any intermediary point, I 
doubt you'd get any bites as far as it being `illegal'.  There are
possible privacy concerns if they were, for example, reselling your
browsing patterns and demographics.  But then again if your contract / 
terms of service with them allows this then they can do what they want 
with it.

        Having said that in devil's advocate mode, probably the best
course of action would be to contact the ISP with a nicely worded
letter listing your (valid, IMHO) concerns and asking what their
policies are and how they are handling privacy issues (for example
they may sell the info, but only after removing all identifying
information that ties things back to a particular end user).  And if
you really don't want them finding out you're looking for pictures of
shaved midgets dressed in leather riding atop three legged albino
donkeys, look into somewhere like anonymizer.com.

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
770 933-0600 x211(w)  |  scary questions." -- Jules                =(___)=
                      |                                               U
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list