[nSLUG] [NSLUG] Re: Annoying Eastlink Notices

Mike Spencer mspencer at tallships.ca
Sun Feb 28 04:48:08 AST 2016


Daniel wrote:

> If I understand this correctly (and I'm not an expert), they load
> the abovereferenced javascript which changes the URL displayed in
> the browser to the URL of the original webpage, creates an iFrame,
> and finally adds HTML-code to the original HTML-page. This puts the
> text and link into the iFrame.

http://www.eastlink.ca/billc11.aspx says:

    How will the customer be informed on the notice from the copyright
    owner?

    If and when Eastlink receives a request to forward notice from the
    copyright owner to the offending IP address, Eastlink will
    initiate a pop up message on one or more active browsers connected
    to the modem with the IP address.

So if you disable js you'll never see the pop-up. (No mention of IFRAME)

> http://24.222.0.93/dyn/bg/Movable_Copyright_Eastlink_v2/index.js?

If I try to access that URL, the connection, it fails with mssg:

        HTTP request sent, awaiting response... 
        Read error (Connection reset by peer) in headers.

> This is nasty.

Twenty-five years ago, Nicholas Negroponte, co-founder of the MIT
Media Lab, was effervescing about software "agents" that we'll be able
to send out on the net to do useful and exciting tasks for us.  I
thought at the time, "Who's going to allow somebody else's 'agents' to
execute on their machine?"  Well, that has come to pass, but only
unilaterally, embodied in javascript that many sites now require for
functionality, even when it's just chrome, kitsch and eye candy.

Web sites, ISPs and any MITM can insert js into web "pages" (whatever
a "page" means now), live code that executes on *your* machine and can
do anything it wants.  Oh, wait, we have "sand-box" protection so it
can only do good stuff that you approve of, right?  Right?
............ Uh-huh.

Don't get me started.  HTTPS generally requires "certificates" from an
"authority" but (a) that's all hidden inside a browser and (b) it
locks you in to upgrading your browser to support newly added
authorities -- you just have to eat whatever is on the end of that
newly updated fork in the form of limited configurability, nasty (see
supra) features etc.  The security geeks, geniuses and wizards that
many are, are beavering away, trying to create a secure net. Industry
and government are beavering away trying to create a profitable,
surveillable net.  I suspect that these two endeavors are orthogonal.

Yeah, it's nasty and it isn't IMHO going to get better. The ISPs,
for-profit businesses offering the media industries gunslinger
quasi-legal services, government TLAs and, I surmise, any large
corporate entity can have Negroponte's "agents".

Ours, if we have them, are called worms, viruses, intrusion malware
and the like.

Yeah, nasty.


- Mike

-- 
Michael Spencer                  Nova Scotia, Canada       .~. 
                                                           /V\ 
mspencer at tallships.ca                                     /( )\
http://home.tallships.ca/mspencer/                        ^^-^^


More information about the nSLUG mailing list