Researchers Find ISPs Inject Ads Into Web Pages

People expect Internet Service Providers (ISPs) to be transparent and hands-off in their delivery of Web pages, but a recent study showed some are covertly replacing publisher content with advertising.

The finding was revealed in a paper by researchers at the University of Washington and the International Computer Science Institute. In the paper, “Detecting In-Flight Page Changes with Web Tripwires,” the researchers used a program that revealed whether HTML was being altered in transit from publisher’s server to viewer’s monitor.

“While web pages sent over HTTP have no integrity guarantees, it is commonly assumed that such pages are not modified in transit,” begins the report. “In this paper, we provide evidence of surprisingly widespread and diverse changes made to web pages between the server and client.”

The reports authors observed changes including pop-up blocking scripts inserted by client software, advertisements placed on the pages by ISPs and malicious code that was probably caused by malware. Researchers found that 16 out of 700 page modifications studied, or two percent, involved the injection of ads. They uncovered instances of ad injection by a number of ISPs, including RedMoon, Mesa Networks, MetroFi and XO Communications.

Client-side pop-up blockers accounted for fully 70 percent of the page modifications. Other alterations included problems in transit resulting in blank or incomplete pages, security or privacy-related changes undertaken by the network, and removed or reformatted meta-tags. The test results were taken from approximately 50,000 unique IP addresses. There was a heavy bias toward people with an interest in technology; 9,507 were referred by Slashdot and 21,333 by Digg.

Few will be shocked to learn pop-up blockers play a large role in altering Web content. Harvard Business School Assistant Professor Ben Edelman, an Internet security advocate, noted pop-up blockers are designed to strip code that spawns new windows.

While Edelman praised the researchers and said their work is important, he suggested ISP meddling with content appears to occur on a much smaller scale than does unwanted advertising launched by his pet peeve: spyware.

“Spyware seems like a more urgent problem to me,” said Edelman. “But they are both serious questions deserving study and consideration� Publishers think that the page they send is the same page users will receive. These intermediaries threaten that understanding.”

The finding that ISPs are messing around with content, presumably to secure revenue from advertisers that might not even know about the nefarious practice, confirms suspicions aired last year. The researchers wrote that they were “guided by initial reports of ISPs that injected advertisements into their clients� web traffic.”

Related reading