Rogers takes over my browser

Rogers is one of Canada's biggest ISP's. I've pretty much been subscribed to them ever since I moved here. The last few months I've been seeing some shady behaviour, which lead to find out:

  • They have some sort of transparent proxy in place, not only intercepting tcp packages; but sometimes even change them.
  • Every DNS lookup to an unknown host will be responded to with a rogers ip.

Both of these are a little scary. The first time I noticed they were rewriting packages, was when I was just browsing around. All of a sudden rogers injected some html telling me my bills were due. This one is the most scary, who knows what else they log or modify. Wouldn't this cause some privacy concerns in most western countries?

I didn't make a screenshot at the time, but I'm not the only one.

DNS intercepting

This one has primarily been a major annoyance. I've been used to just type a word in the addressbar, and expect a search engine to bring me to the top page. Firefox does this by default when a non-existant domain is requested.

With rogers, I get this:

Rogers is watching you

Notice the first 3 items are spam.

I wonder if they put thought in the potential side-effects to applications. Some can definitely rely on negative replies from DNS servers. Firefox is a simple example, but similarly a ping to a misspelled domain will always succeed.

$ ping -c 4 thisiscreepy.rogers 
PING thisiscreepy.rogers (8.15.7.107): 56 data bytes
64 bytes from 8.15.7.107: icmp_seq=0 ttl=54 time=63.920 ms
64 bytes from 8.15.7.107: icmp_seq=1 ttl=54 time=48.662 ms
64 bytes from 8.15.7.107: icmp_seq=2 ttl=54 time=50.744 ms
64 bytes from 8.15.7.107: icmp_seq=3 ttl=54 time=84.603 ms

--- thisiscreepy.rogers ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 48.662/61.982/84.603/14.311 ms

I wouldn't be surprised if there's security related implications as well. All a bit scary to me. If you're currently a rogers customer, I would definitely recommend switching DNS providers to OpenDNS, which promises to be safe, and as a bonus; i've definitely noticed much faster DNS lookups as well.

A few tests:

RogersOpenDNS
me.evertpot.com427 msec236 msec
www.rooftopsolutions.nl381 msec33 msec
www.weddav.org4370 msec53 msec

And who could forget: net neutrality. I feel it's time to switch isp's.

Web mentions

Comments

  • pbgswd

    pbgswd

    Dude, Rogers breaks the law by packet shaping. Its as simple as that. And for their contempt for the Canadian public, with no other timely way to provide justice (never mind the courts- stop this fucking NOW), they deserve to have every bit of information about their illegal practices telegraphed to the security research community who will take on the work of probing such behaviors much like a fat kid jumping on a smarty. They deserve what they get for illegally messing with people.
  • Atarijedi

    Atarijedi

    I tried your suggestion for using OpenDNS, but I still get sent to that rogers page. I am using a Linksys router with DDWRT and set my DNS1 and DNS2 to the ones provided by OpenDNS. I am going to call Rogers tomorrow to see what is up.
  • Evert

    Evert

    Atarijedi, Your best bet is with new urls, the old ones might be still cached. Also make sure your actual computer's DNS points to the router, and not directly to rogers. Lastly use tools like 'dig' (if you're on mac or linux) to find out which dns server is responding. I'm sure there's an equivalent on windows.. nslookup? Evert
  • Giorgio Sironi

    Giorgio Sironi

    Nice idea swithing to OpenDns, it's faster than my ISP, but.. - a ping to a misspelled domain will always succeed ALSO with OpenDns - you will be pointed to a OpenDns search page instead of Rogers search page.
  • Evert

    Evert

    Giorgio, You an actually turn that off.
  • Noise98

    Noise98

    It's nothing about packet sniffing or whatever. It's only your modem cable that register with rogers and is assign a local lan ip. Everything is redirect to their server until you pay your bill.
  • Evert

    Evert

    Noise98, that's actually not how it works; They literally insert new HTML into the pages, and browsing works as usual. I also got a message when I was about to hit a bandwidth cap (at 80% or so..)
  • Tina

    Tina

    It really told you some bills were due? That does seem to be intrusive! I would switch providers!
  • greg

    greg

    I would hope governments are spend resources investigating these type of issues that effect many people. Most people wouldn't even be aware of this happening behind the scenes. I'm going to forward this page link and a letter on to the privacy commissioner of Canada. I'll post back their reply, if any.
  • Evert

    Evert

    Really curious about what you'll hear!
  • goober

    goober

    block www20.search.rogers.com http://www.gotknowhow.com/articles/how-to-block-websites-in-internet-explorer-8.aspx