[ This post contains an incredible link to Bell’s TOS & Service agreements ]
Last Sunday morning I had one heck of a surprise : a website didn’t work. Thus, this post. Hahaha… I know.
After a couple of page refreshes (F5) and reloads (Ctrl+F5), I noticed a script request from a strange IP address was being blocked… ’cause I browse safely and use NoScript.
I must admit my first thought was that something had somehow infected my system. So with that in mind, I temporarily allowed it.
Surprise!
Lo & behold! The page loaded. Along with a notification from my ISP that I had reached 50% of my Internet usage. That made my day. Not in the good way.
What it meant and means is that my ISP redirected my website request, INJECTED content in the request and parsed it through another server back to me. This of course raises serious privacy questions. But don’t worry! It doesn’t matter, you have no privacy anyway if you use ANY kind of Internet service provider. Take a few minutes to read your TOS… you’ll go pale.
Lifting the veil
The only reason this is even possible is with pages requested in HTTP (plain text) and not in HTTPS (encrypted). Every other website in HTTPS worked, like this very blog, Ixquick, secured websites such as banking, etc.
My next thought was calling to complain, but before going banana on da poor call center fellas, I decided instead to check if this “feature” was enabled via user settings. Fortunately, it was!
Simply log in your ISP’s account, locate the Internet services, go in the details and look for a section in relation to NOTIFICATIONS. Then uncheck everything that is “Online” or “Web” related:
Bell’s online injecting notification settings
If you ever encounter this with another Internet Service Provider, please do send over your screenshots!
BTW, this blogs fully supports HTTPS so feel free to edit your bookmark and add to it an “S”! (as in “Sirus”! :D)
Enjoy!
Sirus
References
-https://noscript.net/
-http://www.bell.ca/Legal_residential_services/Bell_Internet_and_Value_Added_Services.tab
You must be logged in to post a comment.