tl;dr CenturyLink is blocking its customer's internet until they confirm they've seen notification for paid security offeringNotification is injected into customer's browsing sessions using ethically…
Article word count: 1022
HN Discussion: https://news.ycombinator.com/item?id=18682580
Posted by snapwich
(karma: 72)Post stats: Points: 137 - Comments: 31 - 2018-12-14T17:25:23Z
\* CenturyLink is blocking its customerʼs internet until they confirm theyʼve seen notification for paid security offering
\* Notification is injected into customerʼs browsing sessions using ethically questionable DNS Hijacking
\* CenturyLink claims this is required due to Utah S.B. 134 but bill sponsor says "not like this"
\* Those using streaming devices (FireTV, Chromecast, etc) or their own DNS offering (OpenDNS/GoogleDNS) donʼt receive notification to unblock their internet and are effectively SOL
Weʼve all experienced frustration with the internet going down. Now imagine how frustrated youʼd be if you found out that your ISP intentionally blocked your internet access for the purpose of advertising their software; and better yet, your ISP claimed that state legislators required them to do it! Well thatʼs exactly what is happening to CenturyLink customers in Utah right now.
Just had @CenturyLink block my internet and then inject this page into my browser (dns spoofing I think) to advertise their paid filtering software to me. Clicking OK on the notice then restored my internet... this is NOT okay! pic.twitter.com/NtCZUeJF8I
— Rich Snapp (@Snapwich) December 9, 2018
A few days ago while watching TV through my FireTV the stream unexpectedly went black. After trying to debug the issue for a bit with no success I went to my computer, which was still connected to my ISP, but was also experiencing a strange lack of internet. Eventually I turned to a Google search on my phone only to be immediately greeted with an official looking notice.
At first glance I was worried that I had somehow been redirected to a malicious website and that this was some kind of phishing attempt... After all, I didnʼt navigate here. I attempted to do another search but still ended up at this same notice. I considered the idea that maybe my ISP had detected some kind of threat coming from my network and thatʼs why I was seeing this official looking page. Eventually, after reading over the page several times, I clicked "OK" and my internet was back.Your Internet service has been fully restored ... Thanks for your business. CenturyLink High-Speed Internet
What...? I went to the page CenturyLink referred to in the notice so I could see what was so important that it necessitated blocking me from the internet.
Centurylink @Ease puts the best names in computer security to work for you – industry leaders like Norton for AntiVirus protection and Identity Guard to help protect your identity.
$5 off per month for the first two months!
It was an advertisement for security products! ...and not very good ones...
I went to Twitter to see if I was the only one having this very bizarre experience and it turns out I was not alone. Fellow Utahns were also expressing their discontent with CenturyLinkʼs behavior.
It’s always a fun day when @centurylink blocks your internet access until you go to troubleshoot the problem and are forced to read a letter about filtering services they offer before they will restore your internet. Wow what a cool way to hold us hostage! Total bullshit.
— Chryshele Cottle (@Maccagirl1) December 9, 2018
@CenturyLink dont disable my damn internet to send me a message about software to block my kid from harmful sites. You know what blocks my kid from harmful sites? Me! Not some bloatware.
— 🎃XxCrispxX🎃 (@XxCrispXzero5xX) December 9, 2018
Eventually I stumbled upon a reddit thread, "Any century link customers lose internet until you read the filter message?", and discovered this behavior has been going on for quite some time with users mentioning it had also happened to them in the previous weeks. One of the reddit users specifically pointed out that this was most likely a "ham-fisted" approach by CenturyLink to comply with the provisions in S.B. 134.
(b) (i) A service provider shall, before December 30, 2018, notify in a conspicuous manner all of the service providerʼs consumers with a Utah residential address that the consumer may request material harmful to minors be blocked under Subsection (1)(a).
(ii) A service provider may provide the notice described in Subsection (2)(b)(i): (A) by electronic communication; (B) with a consumerʼs bill; or (C) in another conspicuous manner.
Relevant excerpt from Utah S.B. 134
Now I finally realized what was going on. CenturyLink was using the unethical practice of DNS Hijacking to push notifications (or in this case, advertisements) of products to customers and using Utah law as justification. For the lucky customers, theyʼll only have their internet browsing session interrupted for no reason, acknowledge they saw the ad, and move on. If theyʼre using a streaming device, such as a FireTV or Chromecast, theyʼll have their video stop and receive no notification. If youʼre browsing the internet on a device not using CenturyLinkʼs DNS (maybe using GoogleDNS or OpenDNS), your internet will stop working, youʼll see no notice, and youʼll either waste time debugging the issue (like me) or give up and waste hours talking to CenturyLink support.
Curious if this is really what Utah legislators were intending, I reached out to the listed sponsor of the bill on twitter.
I have yet to see an internet response that appreciates them doing this, but I see a lot of angry and upset people on twitter and reddit. This is such a terribly dumb idea, was this the intent of your bill?
— Rich Snapp (@Snapwich) December 10, 2018
I’m sorry you are having problems. SB134 did not require that — and no other ISP has done that to comply with the law. They were only required to notify customers of options via email or with an invoice.
— Todd Weiler (@gopTODD) December 10, 2018
CenturyLink is much less helpful on twitter, replying to any comments on this shady behavior with what is most likely their contextually unaware automated customer service bots.
Where I go from here, Iʼm not sure. I would switch ISPs but I have no other options where I live. Hopefully making this issue more public will help CenturyLink make better decisions, but when you consider our administrationʼs recent successful repeal of net neutrality earlier this year, weʼll probably just need to start accepting this kind of behavior as the new norm.
HackerNewsBot debug: Calculated post rank: 101 - Loop: 43 - Rank min: 100 - Author rank: 360
We've all experienced frustration with the internet going down. Now imagine how frustrated you'd be if you found out that your ISP intentionally blocked your internet access for the purpose of advertising their software; and better yet, your ISP claimed that state legislators required them to do it!...www.richsnapp.com