Comcast Is Injecting 400+ Lines of JavaScript into Web Pages

[Megalith]

A Comcast subscriber has taken to the company’s support forum to warn others of a despicable practice: intercepting web pages and then altering them by filling them with hundreds of lines of code. More specifically, Comcast’s JavaScript is generating pop-ups that encourage members to buy a new modem even though upgrading is unnecessary.

Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code. This is not like targeted advertisements when I visit websites with ads (which is perfectly acceptable); this is a direct manipulation of the original source code of the website. This is completely unacceptable to me, and what's worse is that Comcast provides no option to opt out of this horrific practice.

 

[Briteball]

Would this Increase how much data you are using? Could this artificially bump how much data you use with comcast bandwidth limits? Are they still using caps?

 

[Mchart]

Would this Increase how much data you are using? Could this artificially bump how much data you use with comcast bandwidth limits? Are they still using caps?

Potentially - Although typically this code is injected at the point where they don't count it against you.

 

[TheHig]

More Comcastic nonsense. Any good script blockers out there that would stop this?

 

[Spidey329]

I'd suspect they're going to expand on this. Imagine going to Netflix.com and getting greeted with ads/pop-ups injected into the page advertising a Comcast competitor.

 

[travisty]

Another reason for people demand locally run fiber. It's a hard road but doable.

Example: Longmont, Co Nextlight. $50 / month for 1 gig up/down.

No money-hungry multinational monopoly controlling access.

https://www.longmontcolorado.gov/de...tlight-broadband/rates-and-services-gig-promo

 

[Tak Ne]

Its good to see that Comcast execs are not content with being voted one of the Worst Companies in America and one of America’s Most Hated Companies and are always looking new ways to screw up.

 

[OutOfPhase]

Pai will handle this. He serves the people.

 

[Chunder]

If only we had an FTC that wasn't being run by a corporate insider hellbent on loosening what weak and little regulations we do have.. This could be properly investigated and stopped. Unfortantuetly, from the FTC, CFPB, EPA, NPS, etc, they're all being dismantled to favor the 1%. Government and the size of that government has never been the problem, it's who that government works for that is, and it hasn't worked in favor of hard working Americans since Reagan last did what the Trump administration is doing again today. Though this has never been just a Republican problem, the Democrats and the neo-liberals that run the party have continued their Republican-lite policies since Carter was out of office and are only now being dragged back to being a viable 2nd party thanks to progressives.

 

[umeng2002]

Every website needs HTTPS support.

 

[Jim Kim]

Ajit Pai, you rascal.

 

[sfsuphysics]

Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code. This is not like targeted advertisements when I visit websites with ads (which is perfectly acceptable); this is a direct manipulation of the original source code of the website

If true, this could actually be a DMCA violation

 

[Sparky]

NoScript ftw!

 

[jwcalla]

I can confirm that I'm getting these.

They sent me a letter and an email... I've already gotten the message. I don't need pop-ups to remind me all the more.

What's annoying is that their text is intentionally nebulous. In one sentence it says a cable modem upgrade is required or my internet will blow up. The next sentence implies it's just optional for better speeds.

 

[Vegas P11]

NoScript ftw!

I shouldn't have to run NoScript for code injected by my ISP.

 

[Tak Ne]

Hang on... 400 lines of JavaScript for one pop-up?

 

[jwcalla]

Hang on... 400 lines of JavaScript for one pop-up?

Nobody's ever accused Comcast of being efficient. Why start now?

 

[Spidey329]

We should make a game of this and try to outdick Comcast using the same premise .. e.g. think like a Comcast exec. The rules:

0) Can be said in first person, remember, you're an exec.
1) Has to be good for the shareholders.
2) Can be borderline illegal
3) Remember the motto, "go fuck yourself."
4) Be as nefarious as possible.

I'll start. A JS injection that targets any Amazon links and mutates them into being referral links for a referral account we own. Essentially, we get Amazon to indirectly pay us for access to their site!

 

[Snowdensjacket]

Its good to see that Comcast execs are not content with being voted one of the Worst Companies in America and one of America’s Most Hated Companies and are always looking new ways to screw up.

It doesn't matter how awful they are I have to give them money if I want internet. They are my only option.

 

[captaindiptoad]

A Comcast subscriber has taken to the company’s support forum to warn others of a despicable practice: intercepting web pages and then altering them by filling them with hundreds of lines of code. More specifically, Comcast’s JavaScript is generating pop-ups that encourage members to buy a new modem even though upgrading is unnecessary.

Comcast has my phone office number, my cell for texts, my email, and my home address, yet they choose to molest my requested web pages by injecting hundreds of lines of code. This is not like targeted advertisements when I visit websites with ads (which is perfectly acceptable); this is a direct manipulation of the original source code of the website. This is completely unacceptable to me, and what's worse is that Comcast provides no option to opt out of this horrific practice.

Aaaannndd... the "employee" literally skips over the part where the guy point out that he has verified himself and talked to techs at Comcast, and hey guess what, he doesn't even need a new modem....

Potentially - Although typically this code is injected at the point where they don't count it against you.

Tell that to people who were getting data counted against them that was going from one computer to another in their own home on their LAN.....

 

[Evil Timmy]

Another reason for people demand locally run fiber. It's a hard road but doable.

Example: Longmont, Co Nextlight. $50 / month for 1 gig up/down.

The city of Tacoma, WA did a similar thing, using their utility buildouts to run fiber, which also saved the city on metering costs. Both TV and internet are available, and I'm on a 100/10 line for $90/mo.

Comcast doing this is definitely too far, the security and privacy implications here are pretty serious. Yet another reason we need strong protections for a free internet, and actual ISP competition.

 

[Vegas P11]

The city of Tacoma, WA did a similar thing, using their utility buildouts to run fiber, which also saved the city on metering costs. Both TV and internet are available, and I'm on a 100/10 line for $90/mo.

Comcast doing this is definitely too far, the security and privacy implications here are pretty serious. Yet another reason we need strong protections for a free internet, and actual ISP competition.

Don't worry Ajait Pai will take care of us.

 

[Mchart]

Aaaannndd... the "employee" literally skips over the part where the guy point out that he has verified himself and talked to techs at Comcast, and hey guess what, he doesn't even need a new modem....



Tell that to people who were getting data counted against them that was going from one computer to another in their own home on their LAN.....

I'd need to see a source on that.

I find it more likely that they had a mis-configure of what they thought was their 'local lan' and the traffic was hitting the Comcast gateway and then just being routed straight back.

 

[Dead Parrot]

Take screen shots of the code and file a computer crimes report with the FBI. Comcast is doing a man in the middle attack on customer's web usage.

 

[Deleted member 245375]

No money-hungry multinational monopoly controlling access.

Not yet, but soon enough they'll be picked up in yet another useless consolidation at some point as the ISPs and other tech companies just get larger and larger offering less and less competition.

 

[captaindiptoad]

I'd need to see a source on that.

I find it more likely that they had a mis-configure of what they thought was their 'local lan' and the traffic was hitting the Comcast gateway and then just being routed straight back.

it was literally a post on H about 1-2 years back...... people started noticing "ghost data" on their bills when Comcast implemented the caps. There was one guy who completely unplugged his modem for a month, kept a video recorder on it, and it was only then that Comcast "apologized" and said he didn't owe them anything anymore.

 

[tetris42]

If only we had an FTC that wasn't being run by a corporate insider hellbent on loosening what weak and little regulations we do have.. This could be properly investigated and stopped. Unfortantuetly, from the FTC, CFPB, EPA, NPS, etc, they're all being dismantled to favor the 1%. Government and the size of that government has never been the problem, it's who that government works for that is, and it hasn't worked in favor of hard working Americans since Reagan last did what the Trump administration is doing again today. Though this has never been just a Republican problem, the Democrats and the neo-liberals that run the party have continued their Republican-lite policies since Carter was out of office and are only now being dragged back to being a viable 2nd party thanks to progressives.

I think you have a very good perspective on the situation except for that last part.

 

[glutto]

Maybe Comcast customers can grind out bitcoins for Comcast, all for free.

That's an option now, right?

 

[SnowBeast]

They want all current internet customers to upgrade to the new $150+ docsis 3.1 modems. Something to do with line 32x4 line bonding or some shit. I called and told them I am at 90 Mbps, is this magically going to make mine faster? You know since my current modem can run up to 400+ Mbps. No real answer other than a tech upgrade for THEIR equipment or something. I was more into hearing Blah, blah, blah, talking down to people like we are all dumb assholes. I said "Listen Dan, whose real name is Sunjai and I can barely understand you, and on top of it you're feeding me bullshit, the reason I am calling is to warn you to stop the intrusion on my internet connected PC's telling me I need to upgrade, or I will go to AT&T or WoW." Haven't had the message on any pc in the last 4 days since phone call. Just keep complaining to them. Their service is the fastest in my area but sometimes you have to play the switch game.

 

[Mchart]

They want all current internet customers to upgrade to the new $150+ docsis 3.1 modems. Something to do with line 32x4 line bonding or some shit. I called and told them I am at 90 Mbps, is this magically going to make mine faster? You know since my current modem can run up to 400+ Mbps. No real answer other than a tech upgrade for THEIR equipment or something. I was more into hearing Blah, blah, blah, talking down to people like we are all dumb assholes. I said "Listen Dan, whose real name is Sunjai and I can barely understand you, and on top of it you're feeding me bullshit, the reason I am calling is to warn you to stop the intrusion on my internet connected PC's telling me I need to upgrade, or I will go to AT&T or WoW." Haven't had the message on any pc in the last 4 days since phone call. Just keep complaining to them. Their service is the fastest in my area but sometimes you have to play the switch game.

Um, yes it does make sense. They want people to upgrade because the more people that are on the older standard means that service is generally slower for everyone else even when you are on the newer modem as some of the spectrum on the coax is being wasted by the older modems.

I wish they'd generally forcibly kick any modem that isn't within 3 years or so of the most recent standard off the network as then people would generally have overall higher quality service. So your choice is either pay them the modem rental fee and they'll give you a new modem whenever they need to, or buy the latest $100 modem every three years or so to stay up to date.

 

[Deleted member 93354]

I read the post. Comcast response is, "We are only injecting pages to inform you your service is about to be affected because your cable modem is end of life and you have ignored our repeated letters"

As long as they aren't injecting tracking code, or advertisements, I'm fine with that.

 

[SnowBeast]

Um, yes it does make sense. They want people to upgrade because the more people that are on the older standard means that service is generally slower for everyone else even when you are on the newer modem as some of the spectrum on the coax is being wasted by the older modems.

I wish they'd generally forcibly kick any modem that isn't within 3 years or so of the most recent standard off the network as then people would generally have overall higher quality service. So your choice is either pay them the modem rental fee and they'll give you a new modem whenever they need to, or buy the latest $100 modem every three years or so to stay up to date.

Thank you for the information. Still, I don't buy it. Why keep squeezing every ounce out of out-of-date coax and not move to Fiber Optic? Its Comcast, they could afford it. Sell NBC UNIVERSAL, create more jobs, update old infrastructure. Yes its still copper coax, guy just had to hook me up at the pole again and I asked him.(previous tech disconnected me to hook my neighbor up, nothing for a week)

I am not buying the line it hurts you neighbors service. Also, after talking to them without service, they wanted me to get the xfinity wifi app, and told me to piggy back off a neighbor who has said modem/wifi device, told me how to login on their router, looking for Xfinity Wifi networks. So yeah, they are full of shit. Basically in nutshell, any Xfinity Customer can get on anothers network as long as it says Xfinity Wifi, which all Xfiinity modem/router combos allow. Try it, login with your Xfinity account through neighbors Xifinity modem/router. Its Comcastic!

All they are trying to do is squeeze more ppl on the same NODE through dusty copper coax. It saves them even more millions instead of running new fiber lines and clearing up their own congestion.

 

[nutzo]

They want all current internet customers to upgrade to the new $150+ docsis 3.1 modems. Something to do with line 32x4 line bonding or some shit. I called and told them I am at 90 Mbps, is this magically going to make mine faster? You know since my current modem can run up to 400+ Mbps. No real answer other than a tech upgrade for THEIR equipment or something.

Since the 400 Mbps is shared across multiple customers it can be a problem if everyone has the older modems.
They might be using 16 channels for the down link, but if everyone on your node only had modems that support 4 channels, those channels could end up very congested.

Over the many years I've had a cable modem, I've had to upgrade a couple times.
The internet gradually got slower, and kept dropping out during busy times of the day.
Upgraded to a newer modem with more channels and the problem went away. Last time I purposely bought a newer modem that had double the channels they where using at the time, so that it would be usable longer. My 8x4 modem is still working fine after almost 5 years. They support up to 100Mbps service on a 8x4 modem, so my 50Mbps service is no problem.

Their Gigablast service recommends a 32x8 modem.

 

[KazeoHin]

And people think that we need net neutrality.

Obviously corporations have our best interests in mind.

 

[viscountalpha]

Appropriate as ever.

 

[Uvaman2]

Yet another sign, the internet will become exactly like cable, but worse.
Good luck google, amazon, on and on.. you products are about to be injected with whatever the fuck ISPs want, ads, whatever so the ISP can make more money.
Encrypt the connection? that is either blocked or sent at 14.4kps, so good luck there too.
ISP are about to become, pretty much all powerful, I mean I can't think of an scenario were they either have complete control of the data, or are able to screw your connection if they cant control the you data (heavy encryption is all I can think of)
Anything else I can think of, is splitting the data in different servers and pass/fail authentication on the user-level at the browser, is the data is touched it fails..tries again? but it can still be transparent data I guess.. some shit like that.

 

[Uvaman2]

Another reason for people demand locally run fiber. It's a hard road but doable.

Example: Longmont, Co Nextlight. $50 / month for 1 gig up/down.

No money-hungry multinational monopoly controlling access.

https://www.longmontcolorado.gov/de...tlight-broadband/rates-and-services-gig-promo

What is charter member vs standard? Speed is the same price is 50 vs 100$?

 

[Jagger100]

Every website needs HTTPS support.

That's defeatable if the ISP swaps out your and the website's credentials with ISP generated credentials and some other stuff.

 

[Jagger100]

Pai will handle this. He serves the people.

If they do it to all pages equally, they are not violating Net Neutrality.

 

[Armenius]

More Comcastic nonsense. Any good script blockers out there that would stop this?

I have not seen these as of yet using μBlock Origin and NoScript.