Comcast believes it’s acceptable to inject hundreds of lines of code into any web page you visit if it thinks you’re in need of a hardware upgrade. And even if you don’t need an upgrade, you’re wrong.
A user recently took to the company’s forums to complain of its practice of running its own code on webpages customers visit in order to prompt them with special Comcast messages.
Posting under the name “bham3dman” on the company’s official forum, the user stated:
The customer goes on to state they took the time to speak with seven different company supervisors, none of which could “turn it off.”
Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code. This is not like targeted advertisements when I visit websites with ads (which is perfectly acceptable), this instead is a direct manipulation of the original source code of the website.This is completely unacceptable to me and what’s worse is that Comcast provides no option to opt out of this horrific practice.
ISP’s injecting code into websites is nothing new, it’s been going on for years. In fact earlier this year Comcast was maligned for using the practice to warn users against piracy. And as far back as 2012, experts have warned about the implications.
Intercepting a customer’s unencrypted internet traffic and injecting code into it is essentially a “man in the middle” attack, according to Jarred Sumner, an expert who told ZDNet:
This probably means that Comcast is using [deep packet inspection] on subscriber’s internet and/or proxying subscriber internet when they want to send messages to subscribers.That would let Comcast modify unencrypted traffic in both directions. There are scarier scenarios where this could be used as a tool for censorship, surveillance, [or] selling personal information.
The company’s code informing customers they need a new modem is a little different, but the concept remains the same: Comcast can (and does) alter webpages whenever necessary by exploiting its position as a customer’s ISP.
Interestingly, when called out on its own forums for the practice earlier this month, a Comcast employee responded to contradict the poster.
There isn’t a week that goes by where my ISP (not Comcast, but no better) doesn’t send me at least five pieces of junk mail, practically begging me to sign up for other services. And if I’m fifteen seconds late on my bill I get a text message, an email to two different accounts, and a series of phone calls which continue daily until I’ve made the payment.
But please Comcast, tell us all more about your company’s need for a system to add your own code to webpages which erroneously tells people they need a new modem.