Research finds some Internet Service Providers hijack searches

Some Internet Service Providers  who work with third-party proxy servers may be redirecting and possibly hijacking their users’ search queries, according to a blog posted last Thursday by the Electronic Frontier Foundation, which worked in collaboration with UC Berkeley-affiliated researchers.

Researchers at the International Computer Science Institute, a campus-affiliated institute, began their work over two years ago and discovered that some service providers routed brand-related term searches in the search engines Yahoo!, Bing and Google to brand websites instead of the intended search engine results.

More than 160 search terms such as “dell,” “apple,” “safeway” and “wsj” were found to direct users to the respective retail websites instead of the actual search engine results, according to the blog post.

The institute went on to collaboratively investigate with the EFF and identified Paxfire Inc. as one of the main actors in this proxy server misdirection, according to the blog post.

A proxy server acts as an intermediary between a Web browser and a Web server. Service providers use proxy servers to store frequently requested pages.

The study found that service providers use these proxy servers to collect users’ Web searches and the corresponding search results, forwarding them to and from the intended search engine — a practice which is already controversial, the blog post said.

About 10 service providers — including Cavalier, Frontier and Hughes — use the Paxfire program to also selectively filter search requests and direct them through one or more affiliate marketing programs, according to the blog post.

An affiliate marketing program called Commission Junction used to partner with Paxfire Inc. but with news of this activity broke its ties with the company, according to an email statement from Commission Junction to ClickZ News Tuesday.

“We had no knowledge of this reported activity until last week,” the statement reads. “We have taken immediate action — Paxfire has been deactivated pending further investigation, and we are continuing our investigation of this matter.”

Paxfire Inc. could not be reached for comment as of press time.

UC Berkeley professor Vern Paxson, an author of the blog post, explained that typically when an individual searches the term “apple” in the Google search engine, the individual should receive varying results that refer to the company Apple Inc., the fruit or other things relating to the word.

In comparison, Paxson said that when individuals with service providers that work with products based on Paxfire search the term “apple,” the Paxfire-based product could route the user directly to the Apple Inc. company website or a related advertisement instead of displaying the intended search engine results.

Paxson said the group’s research indicates that companies are unaware of this misdirection and view a misdirected visit as a user-initiated visit.

According to the blog post, the best way to discover if a network is currently subject to this query misdirection is to run a Netalyzr test — a program suggested by the institute.

The blog post added that a method to combat hijacking and redirection is to use EFF’s Firefox browser security add-on called “HTTPS Everywhere.”

According to Paxson, Google figured out a workaround to stop this redirection a few months ago, while Yahoo! and Bing have only recently appeared to stop the redirections.

Please keep our community civil. Comments should remain on topic and be respectful.
Read our full comment policy
  • Well, there must be more powerful tools that prevents the users data from hacking and hijacking.

  • Well, I have search many information about the Netalyzr test and I think it is the only way to stop the hijacking.

  • Guest

    Presumably Paxson and Paxfire have no business affiliation.