Searches made by millions of internet users are being hijacked and redirected by some internet service providers in the US. Patents filed by Paxfire, the company involved in the hijacking, suggest that it may be part of a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit. It may also be illegal.
Reese Richman, a New York law firm that specialises in consumer protection lawsuits, today filed a class action against one of the ISPs and Paxfire, which researchers believe provided the equipment used to hijack and redirect the searches. The suit, filed together with Milberg, another New York firm, alleges that the process violated numerous statutes, including wiretapping laws.
The hijacking seems to target searches for certain well-known brand names only. Users entering the term "apple" into their browser's search bar, for example, would normally get a page of results from their search engine of choice. The ISPs involved in the scheme intercept such requests before they reach a search engine, however. They pass the search to an online marketing company, which directs the user straight to Apple's online retail website.
More than 10 ISPs in the US, which together have several million subscribers, are redirecting queries in this way (see below for a complete list). None of the companies would comment on the redirection scheme, but evidence collected by Christian Kreibich and Nicholas Weaver at the International Computer Science Institute in Berkeley, California, who discovered the redirection and have been monitoring it for several months, suggest that the process generates revenue for the ISPs.
The Berkeley team has identified 165 search terms, from "apple" and "dell" to "safeway" and "bloomingdales", that are passed to marketing companies and then redirected to the appropriate retail website. The marketing companies include organisations like Commission Junction, a Santa Barbara, California, a firm that retailers pay to supply traffic to their websites.
Organisations that provide Commission Junction with traffic, which may include Paxfire and the ISPs the Berkeley team monitored, receive a cut of any purchase their users make. The cut is typically around 3 per cent. Commission Junction said that it was investigating the behaviour identified by the Berkeley researchers.
