Rogers' new notification system for users who have exceeded their "limit" of bandwidth is a gigantic breach of privacy.

When you reach 75% of your limit Rogers network will intercept your requests to view web pages and redirect that request to their own server. This server then returns a small HTML page with some JavaScript functionality to warn you of your impending doom.

The problem with this is fairly straight forward; their server is now playing the role of what's referred to as a man-in-the-middle. Their server is now capable of reading, storing, and even modifying your web pages.

Of course, they'll say they won't and don't - but when you pull something this sleazy, who's going to believe you?

An example of this scenario:

I go to google.ca to search for something.
I'm already logged into google services, as I usually am.
My browser assumes that I'm actually visting google.ca and sends my session id along with my request.
My request gets formally Intecepted by rogers' little notification system with my whole request for 'google.ca'
Rogers system now has my google.ca authentication cookie and could store it, or even make it available by some means of a security breach on their end to elite hackers who can then look at my exciting google mail.

That's as simple as I can put it. There are other more in depth issues with this - but that's that, and now I have to use a secured proxy from home too -- because my home is now an untrusted internet connection.

 

share: interact: click here to read comments (five)