Netalyzr reveals ISPs hijacking users' web search queries
Over the past months we have conducted an investigation of unexpected DNS-based redirections of web search requests we noticed in approximately 2,000 Netalyzr sessions initiated by customers of a dozen US ISPs. We mentioned these redirections in a recent paper, but could not explain them at the time. After our requests for clarifications to the affected ISPs went unanswered, we initiated a joint effort with New Scientist and the Electronic Frontier Foundation to get to the bottom of these redirections. Today we're announcing our findings.
The affected ISPs use services provided by a company called Paxfire in order to monetize certain web search requests. Paxfire's main line of business is DNS error traffic monetization, i.e., the practice of presenting advertisements and search results to users who mistyped a website's address in their browser. In addition, some ISPs employ an optional, unadvertised Paxfire feature that redirects the entire stream of affected customers' web search requests to Bing, Google, and Yahoo via HTTP proxies operated by Paxfire. These proxies seemingly relay most searches and their corresponding results passively, in a process that remains invisible to the user. Certain keyword searches, however, trigger active interference by the HTTP proxies. We have identified a set of ~170 keywords, derived from the names of large websites, for which the Paxfire proxies actively redirect search requests through affiliate marketing programs to specific landing pages, bypassing the actual search engines. In the process, the ISPs and Paxfire presumably earn commission payments for the redirected flows.
A sincere Thank You to our users for enabling this investigation!