Comcast begins man-in-the-middle attacks to showcase copyright notices

HBAndrei

Active Member
Verified Provider
I'm no US citizen but as far as I've read about Comcast, these guys have no boundaries and no shame in regards to the lengths they'll go to in order to piss off their clients... quite sad and pathetic.
 

Licensecart

Active Member
There's no reason why anyone should have http on their website at all when there's LetsEncrypt which is offering free SSLs, and you can get them for $5-$9 for basic SSLs.
 

drmike

100% Tier-1 Gogent
There's no reason why anyone should have http on their website at all when there's LetsEncrypt which is offering free SSLs, and you can get them for $5-$9 for basic SSLs.
Maybe if the whole SSL world was literally simple for mere humans and servers made it mega simple, then maybe traction would happen.  Fact is, I don't even care to fart around with SSLs.  It's up there with other time wasters like running your own mail server.  Both are as fun as a trip to doctor.
 

drmike

100% Tier-1 Gogent
Yeah, super obnoxious.
It's not just Comcast.  Most cable companies in the United States are about equally as retarded.


The one I use went bananas a few months ago when I finally yanked the last bit of their direct plaintext snooping away and put DNS lookups out via crypto and in tunnels.


Next day, BOOM suspicious activity on connection.  Said malware, must be hacked or someone using wifi that is open.  Zero explanation.   But literally < 48 hours after the changes were final that.   It was a PITA getting stuff to stop it with their forced DNS.  No control over the cable modem, although I own it.  They force feed things from there and it's aggressive.  Literally had to segment the network and setup a second access point / router to work around the matter cleanly and safely.
 

HN-Matt

New Member
Verified Provider
Shitty cable and no choice where I live too. It's either Shaw or Shaw here, both are awful.

It can be fun leaving certain spaces 'unguarded' in plaintext. Thrilling, even! I bet it might feel like streaking to some. :)


There is also the art of brewing your own fermented plain text. If it doesn't turn out to be palatable, just cover some glasses in saran wrap and poke little holes in the top.


 
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
The one I use went bananas a few months ago when I finally yanked the last bit of their direct plaintext snooping away and put DNS lookups out via crypto and in tunnels.


Next day, BOOM suspicious activity on connection.  Said malware, must be hacked or someone using wifi that is open.  Zero explanation.   But literally < 48 hours after the changes were final that.   It was a PITA getting stuff to stop it with their forced DNS.  No control over the cable modem, although I own it.  They force feed things from there and it's aggressive.  Literally had to segment the network and setup a second access point / router to work around the matter cleanly and safely.
At least in those situations it's easy (& often amusing) to know who is doing it. Or sad and pathetic. I think it can almost be more fun to let them carry on with the talentless eavesdropping in a sense. An ongoing affirmation of certain true colours, hopelessly cathected. I mean, if the context of the snooping had reached peak asininity long ago, why bother stopping it now? It might even be possible to reverse engineer the lemonaid into lemons.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
At least in those situations it's easy (& often amusing) to know who is doing it. Or sad and pathetic. I think it can almost be more fun to let them carry on with the talentless eavesdropping in a sense. An ongoing affirmation of certain true colours, hopelessly cathected. I mean, if the context of the snooping had reached peak asininity long ago, why bother stopping it now? It might even be possible to reverse engineer the lemonaid into lemons.
Oh no doubt,  perhaps one of these days I'll run their logs up doing namelookups on every domain that exists :)


I don't care what their intents are, I never wanted their DNS crap, often not reliable and slow.  More hoisted upon crap.     Duopoly ISP options just suck.   Competition in the marketplace has ahhh failed due to franchising and exclusive deals.
 

InertiaNetworks-John

Inertia Networks, LLC
Verified Provider
Pretty sure that they have been doing this for quite a few years. No sources, but I remember an old friend had this happen to them about 2-3 years ago.
 

MikeA

New Member
Verified Provider
I don't use Comcast, but my cable company has been nothing but great with me so far letting me torrent all of my favorite shows and movies. :) Hey, the free static IP was a nice bonus.
 

drmike

100% Tier-1 Gogent
I don't use Comcast, but my cable company has been nothing but great with me so far letting me torrent all of my favorite shows and movies. :) Hey, the free static IP was a nice bonus.
Darn lucky you are, whichever cable company that is.  I take it this is a regional cable company and not one of the national giants?


I laugh at static IP pricing with cable companies.  Biggies want $20-30 per month per IP.
 

MikeA

New Member
Verified Provider
Darn lucky you are, whichever cable company that is.  I take it this is a regional cable company and not one of the national giants?


I laugh at static IP pricing with cable companies.  Biggies want $20-30 per month per IP.


It is a big one, but they aren't in the news about enforcing pirated downloads. They require business class for static IPs, I'm on a DHCP range but I've had a fixed IP for years since I originally asked about it (even with long 12+ hour power outages and dozens of modem resets/changes.)


I'd never touch Comcast though.
 
Last edited by a moderator:

HN-Matt

New Member
Verified Provider
The one I use went bananas a few months ago when I finally yanked the last bit of their direct plaintext snooping away and put DNS lookups out via crypto and in tunnels.
I was researching this today and found that Opera (browser I haven't really started using until recently) is really leak happy with DNS. Apparently older versions used to have a 'Use Remote SOCKS DNS Lookups' option in opera:config, but that isn't there now. I'm either blind or the feature has been removed entirely. It's easy enough to proxy DNS in Firefox, I don't see why any contemporary browser would come without the ability to do so... especially if the option was there in previous versions!


What's next, the deprecation of BBCode?
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
I was researching this today and found that Opera (browser I haven't really started using until recently) is really leak happy with DNS. Apparently older versions used to have a 'Use Remote SOCKS DNS Lookups' option in opera:config, but that isn't there now. I'm either blind or the feature has been removed entirely. It's easy enough to proxy DNS in Firefox, I don't see why any contemporary browser would come without the ability to do so... especially if the option was there in previous versions!


What's next, the deprecation of BBCode?
Time for DNSCRYPT:


https://dnscrypt.org/


I utilize that inside of a VPN.
 

HN-Matt

New Member
Verified Provider
VPN everything to a DC that you trust. Residential ISPs have been collecting/selling browsing data etc for decades.
"From residential ISP to black market identity broker in less than 10ms or your money back!"

Time for DNSCRYPT:


https://dnscrypt.org/


I utilize that inside of a VPN.
Seems astonishing to think of how long the internet has been around for and yet one still has to install and configure heaps of extra software for even the most basic protection.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
"From residential ISP to black market identity broker in less than 10ms or your money back!"


Seems astonishing to think of how long the internet has been around for and yet one still has to install and configure heaps of extra software for even the most basic protection.
Bahaha!  VPN is a necessity, for safety, sanity, for mixing data brokers up, for shunning pimple faced Lowenders with nothing better to do than DDoS.


We still make glass windows that are insecure as can be.  We still have minor protection even in the real world. Protection is a chore, an ongoing set of best practices and it comes with cost, effort, etc. 


DNSCRYPT is simple, but like most projects the DOCumentation leaves too much to be desired for commoners. (every time I figure on of these 'open' or 'free' solutions out I feel like I've attended a 2 month education course. One of these days I'll do a write up on DNSCRYPT along with with some other stuff I use in a stack on an ARM device.
 
Top