> I just learned of this dispicable Comcast practice today and I am livid. Comcast began injecting 400+ lines of JavaScript code in to pages I requested on the internet so that when the browser renders the web page,
[JL] This is our web notification system, documented in RFC 6108 https://tools.ietf.org/html/rfc6108, which has been in place for many years now. It presents an overlay service message on non-TLS-based HTTP sessions. If you click the X box or otherwise acknowledge the notice it should immediately go away. If that is not the case let me know and we'll have a look at what may be happening.
> the JavaScript generates a pop up trying to up-sell me a new modem.
[JL] We are not trying to sell you a new one. If you own your modem we're informing you that it is either end of life (EOL) or that you are about to get a speed upgrade that the modem will be unable to deliver.
> When you call the number in the popup, they're quick to tell you that you need a new modem, which in my case is not true. I later verified with level-2 support that my modem is pefectly fine and I don't need to upgrade.
[JL] You would not get the modem if this were the case. What kind of device (make/model) do you have and what speed tier?
> As deceptive as that is however, my major complaint is that Comcast is intercepting web pages and then altering them by filling them with hundreds of lines of code. Even worse is that I've had to speak to 7 different supervisors from all areas of Comcast and they have either never heard of the process, or those who were aware of the practice don't know how to turn it off.
[JL] That is a failure on our end we'll have to take a look at. This should show up in your account when they look at it.
> Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code.
[JL] The notice is typically sent after a customer ignores several emails. Perhaps some of those ended up in your spam folder?
UltraMegaMegaMan on December 11st, 2017 at 06:05 UTC »
Of course they are. They've been doing this and things like it for years. Comcast injects ads into web pages. Comcast injects ads into the Steam client.
Comcast does whatever the fuck they want to do. Who's going to stop them? The FCC? The President? Congress? Of course they aren't. So Comcast does whatever they feel like. It's going to get worse, too, so get ready for it.
Edit: since I've had multiple people insist that it's my responsibility to provide proof of ISPs injecting ads into browsers or "it doesn't exist" or "it's hyperbole" because "I don't think it works that way" here you go.
https://www.infoworld.com/article/2925839/net-neutrality/code-injection-new-low-isps.html
https://arstechnica.com/tech-policy/2013/04/how-a-banner-ad-for-hs-ok/
https://www.privateinternetaccess.com/blog/2016/12/comcast-still-uses-mitm-javascript-injection-serve-unwanted-ads-messages/
https://www.google.com/search?q=isps+inject+ads&oq=isps+inject+ads&aqs=chrome..69i57j0.4701j0j7&sourceid=chrome&ie=UTF-8
I'd also like to point out that this is happening in a thread about this very eventuality, and that taking one minute to search this on google (which is what I did) reveals multiple examples of this stretching back over a period of years.
As far ISPs injecting ads into the steam client there's this
https://np.reddit.com/r/Steam/comments/7ivmwl/this_is_why_steam_needs_to_use_https_exclusively/
and, as an additional source I can offer myself, because this has happened to me. Multiple times. When I contacted Comcast support about it, because I was fucking livid, I was told my options were to turn this "feature" off in the account settings of my Comcast account.
Which looks like this by the way.
Notice that there is NO option to disable this function. At 100% of your data usage Comcast will inject a notification into your browser, the steam client, or whatever else it can get it's grubby fingers into that isn't sufficiently protected.
For the subsection of folks who want to quibble and equivocate over what qualifies as an "ad", I will refer you to the articles linked above AND point out that the screenshot I posted above is from the "Communications & Ad Preferences" page of my account on the Comcast website.
So hopefully that is enough to put some of this senselessness to rest.
undercoveryankee on December 11st, 2017 at 04:33 UTC »
It was nice of Comcast to publish a detailed write-up of what's supposed to be happening and how they do it. But getting it numbered as an informational RFC (https://tools.ietf.org/html/rfc6108) feels like a cheap attempt to piggyback on the good will of the IETF and RFC Editor.
synodone on December 11st, 2017 at 04:31 UTC »
going to non HTTPS sites is dicey.