After re-reading what I wrote here I'd like Bill, Mike, Tom and the rest of you to know it's not really addressed to the support team here. I know you guys are doing everything you can and I really appreciate your rapid responses to my posts on this continuing issue. I'd like to see the opt-out system working properly, but I'd really prefer that the opt-out system not need to exist in the first place. I've laid out the reasons below.
Is there some way we can convey any of this to whatever member(s) of Mediacom's management decided that hijacking legitimate search requests and 404 errors to redirect Mediacom customers to an unwanted, unnecessary and poorly-performing search engine was a good idea? An email (or, indeed, regular mail) address I can send it to? They are the ones that really need to see this.
Mediacom is currently using deep packet inspection to detect search requests sent from browser address bars and forcibly redirecting users away from their chosen search engine and into Mediacom's "Assist" search page. This page contains a number of paid advertisements and does not return the sort of relevant links one expects from Google or Bing. In addition, Mediacom is intercepting 404 errors sent by web sites, and again redirecting users to its own search page. This takes the user away from the site they intended to visit and, in some cases, breaks "Back" button functionality, making the search page difficult to navigate away from again.
Additionally, Mediacom was made aware over a month ago that the mechanism in place for opting out of this hijacking process was not working properly. Since then, there has been no progress made on this issue. If anything, the problem has actually gotten worse; opt-out preferences are now being ignored for search engine hijacks as well as the 404 error hijacks, display problems resulting in confusing feedback on the opt-out page are unfixed, and 404 hijacking still occurs even if opting out is otherwise working. On top of these problems, the user's "Assist page" preferences are changed back to "enable" at random intervals, thus starting the whole process over again.
It is becoming increasingly clear that one of the following is occurring:
1) Mediacom is unable to fix these problems, or
2) Mediacom is unwilling to fix these problems, or
3) Mediacom thinks that using its captive customer base to beta test features is appropriate behavior, or
4) Mediacom does not feel these problems are important.
Number 4 is, of course, the only reasonable conclusion. Number 1 implies incompetence; this is the easiest of all internal problems to remedy and a company like Mediacom would not survive long without doing so. Number 2 implies malice. Since one should never attribute to malice what may be adequately explained by incompetence, we can eliminate this possibility the same way we did number 1. Number 3 clearly conflicts with Mediacom's stated goal of "deliver[ing] the best possible broadband Internet experience to all of its customers." That leaves 4.
So far I've seen several other customers complain about the hijacks, and at least 2 web developers state that their work is being affected by the problem. Those are just the people who have reported problems on this rather hard-to-find forum, mind you. Many topics have been created about it on other forums, and of course I have no knowledge of how many people may have called in about the issue, or been affected and just worked around it somehow.
And yet we see by Mediacom's actions that this problem is not being taken seriously. Fair enough. Mediacom is entitled to its opinion. Just in case, though, I've come up with a few reasons this issue needs to be resolved. I post them here in the hope that they will be seen and perhaps convince Mediacom that these issues ARE important, and from more than just a customer service perspective.
Intercepting and rerouting HTTP requests in the way Mediacom is currently doing breaks technical standards and misleads end users. That by itself is quite bad enough. In combination with an inoperative opt-out mechanism, however, it becomes debatable whether Mediacom is even providing the service it claims to provide. Mediacom's AUP states that it will use "reasonable network management practices that are consistent with industry standards."
What industry standard supports NXDOMAIN poisoning?
What industry standard encourages hijacking legitimate search requests and redirecting users to an inferior search engine?
What industry standard offers a rationale for pushing these nonsensical things on paying customers while the only method in place for avoiding them is broken?
How can I now trust the responses I get from ANY server I access through this service? As recently as last February, Mediacom has shown it is willing to insert its own advertising on sites such as Google and Apple.com without even bothering to notify its customers. What industry standard justifies THAT? Mediacom has created a situation where the client and server can no longer be certain of what the other has received. Sure, I use HTTPS where I can, but many sites cannot afford the computational overhead it creates or the certificates required to use it effectively. More importantly, these site owners shouldn't have to encrypt all their packets just to make sure they arrive at their destination unmolested!
The internet and its various component protocols were developed to work in certain ways by some of the best and brightest engineers in the world. TCP was designed specifically to ensure that the data that is received matches the data that was sent. When a company like Mediacom, in its ignorance, decides to break these protocols for a quick buck (for why else would there be paid advertising on the Assist page?), they cease to be an internet service provider and take the first step toward becoming a walled garden like GEnie, Prodigy, Compuserve or the original America Online. I invite Mediacom to examine the recent history of these services and think long and hard about whether they want to continue moving in this direction.
So far, however, I don't expect anything I've said to persuade Mediacom's management that this is a bad idea. After all, it's "only" a technical standard; most Mediacom users don't have any idea of what's going on in the background and many probably don't notice or care when the hijacking occurs. For most users it's not worth complaining about, and who cares what a few idealistic tech junkies think?
So here's an argument for the management: continuing to perform deep packet inspection and injection risks hurting Mediacom's bottom line in the form of lawsuits from content providers, unfunded government-mandated filtering of all copyrighted material using lists purchased from content providers, or (more likely) both. I'll explain.
Right now, Mediacom is defined as a Service Provider and as such is protected from content providers by the so-called "Safe Harbor Provision" of the Digital Millennium Copyright Act (DMCA). In other words, if a Mediacom user distributes a copy of Iron Man 2 over the internet or hosts it on a Mediacom-provided IP address, Mediacom cannot be held liable for this distribution because of its status as a Service Provider, provided it takes certain steps as laid out in the DMCA.
It turns out, though, that the DMCA has quite narrow definitions of what a Service Provider is and how it qualifies for Safe Harbor protection. For the full list, see:http://www.chillingeffects.org/dmca512/faq.cgi#QID129
But to save time I'll quote the most relevant sections here.
"A service provider must satisfy the following critical elements in order to qualify for the 'safe harbor' or protection...
...The transmission, routing, provision of connections, or storage is carried out by an automatic technical process...
...The Internet user, not the service provider, must select the origination and destination points of the communication..."
By deciding via company policy which user communications go where (by, for example, deciding that certain URLs should go to Mediacom's search engine rather than Google) it could be argued that Mediacom violates the first point; someone at Mediacom made that decision, thus it is no longer entirely automated. By a similar rationale, Mediacom violates the second point as well. Now these might be arguable, but the next point is the real killer.
"The service provider must not modify the communication selected by the Internet user."
By demonstrating both the ability and the willingness to modify user communications (which the search and 404 hijack is doing -by definition-), Mediacom is placing its Safe Harbor status in serious jeopardy. This means that Mediacom may be open to lawsuits from content providers for every piece of infringing content that traverses its network. Furthermore, the current use (abuse) of deep packet inspection by a select few ISPs, Mediacom among them, is being used by content providers as evidence that internet service providers possess the ability to filter this content and are (they argue) willfully encouraging copyright infringement by NOT filtering it.
You think running an ISP is expensive NOW? Keep up the deep packet inspection and Mediacom, along with all the other ISPs in this country, will learn just how expensive it can get. Not only will the filtering hardware (and likely the lists of content to be filtered) be expensive, but it will have a tremendous impact on legitimate communications while being utterly ineffective; people who want to trade copyrighted material will simply employ encryption to continue doing so, further increasing network overhead with traffic that can no longer be effectively prioritized.
None of this is a conspiracy theory or merely academic; this is a real threat. Various content providers have been calling for this kind of law since at least 2007. Bills have been introduced to mandate this sort of filtering, and it is only the DMCA and the concept of service providers as "dumb pipes" that have prevented them from becoming law... so far. Mediacom should be fighting this, not embracing it, for its own sake and the sake of its industry if not for its customers. By using deep packet inspection and injection to hijack customer traffic today, Mediacom is stating, louder than words, "We're okay with this. We welcome additional restrictions on our operation. Bring on government-mandated restrictions on communication over the network we built. This is the future we are asking for, for ourselves and our customers."
All I am asking is that Mediacom save its own money. In the process, Mediacom can strike a blow against the encroachment of government regulation and monitoring of the internet and show itself to be a company of integrity, a company that truly -believes- in providing its customers with superior service, not just giving it lip service.
Shut this ridiculous packet injection experiment OFF. If, for some unfathomable reason Mediacom MUST do deep packet inspection, make the process opt-in, not opt-out, and make sure users who have not opted in are not routed through the DPI servers. It's the right thing to do for your customers, it's the right thing to do for your shareholders.
Make it happen.