Solved: Are you aware? Comcast is injecting 400+ lines of ...

Authored by forums.xfinity.com and submitted by wizzerking

> I just learned of this dispicable Comcast practice today and I am livid. Comcast began injecting 400+ lines of JavaScript code in to pages I requested on the internet so that when the browser renders the web page,

[JL] This is our web notification system, documented in RFC 6108 https://tools.ietf.org/html/rfc6108, which has been in place for many years now. It presents an overlay service message on non-TLS-based HTTP sessions. If you click the X box or otherwise acknowledge the notice it should immediately go away. If that is not the case let me know and we'll have a look at what may be happening.

> the JavaScript generates a pop up trying to up-sell me a new modem.

[JL] We are not trying to sell you a new one. If you own your modem we're informing you that it is either end of life (EOL) or that you are about to get a speed upgrade that the modem will be unable to deliver.

> When you call the number in the popup, they're quick to tell you that you need a new modem, which in my case is not true. I later verified with level-2 support that my modem is pefectly fine and I don't need to upgrade.

[JL] You would not get the modem if this were the case. What kind of device (make/model) do you have and what speed tier?

> As deceptive as that is however, my major complaint is that Comcast is intercepting web pages and then altering them by filling them with hundreds of lines of code. Even worse is that I've had to speak to 7 different supervisors from all areas of Comcast and they have either never heard of the process, or those who were aware of the practice don't know how to turn it off.

[JL] That is a failure on our end we'll have to take a look at. This should show up in your account when they look at it.

> Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code.

65a on December 11st, 2017 at 06:17 UTC »

I've also caught them redirecting DNS requests to their own servers which attempt to serve SSL with invalid certs.

EDIT: https://pastebin.com/4KaMYPVJ This is OpenBSD NTP trying to get to google.com to get a time hint, and getting something else instead

blue_cadet_3 on December 11st, 2017 at 05:28 UTC »

I found this when I was close to the 1Tb data cap. I thought it was a shitty phishing pop-up but when it wouldn't go away I was worried I somehow ended up with a virus. Once I dug into it more and found out it was Comcast doing a MITM attack I was pissed. I now just route non-streaming devices through a VPN.

undercoveryankee on December 11st, 2017 at 04:33 UTC »

It was nice of Comcast to publish a detailed write-up of what's supposed to be happening and how they do it. But getting it numbered as an informational RFC (https://tools.ietf.org/html/rfc6108) feels like a cheap attempt to piggyback on the good will of the IETF and RFC Editor.