1 comment

[ 2.6 ms ] story [ 14.6 ms ] thread
I was surprised to find a Spectrum notice tacked onto an unrelated HTTP site this morning. It looks like Spectrum are editing customer traffic to inject a DMCA notice page that loads their own unsecured scripts.

Other ISPs like Comcast have done this in the past[1], but this is the first time I've seen anything like it from Spectrum, who normally keeps their hijacking limited to ad-riddled search pages for failed DNS lookups.

I use HTTPS Everywhere[2] and rarely visit sites delivered over HTTP, so I can't say if this is happening only on unsecured pages or everywhere.

[1] "Comcast injects JavaScript into webpages to show copyright notices to customers" https://news.ycombinator.com/item?id=10592775

[2] "HTTPS Everywhere" https://www.eff.org/https-everywhere