ISPs Hijack Users' Searches, Apparently to Monetize Them

Chris CrumSearchNewsLeave a Comment

Share this Post

Internet Service Providers are hijacking their users' search queries on major search engines like Google, Bing, and Yahoo, and directing them to third-party proxies.

This news was revealed in an article by Jim Giles at New Scientist, who explains: "The hijacking seems to target searches for certain well-known brand names only. Users entering the term "apple" into their browser's search bar, for example, would normally get a page of results from their search engine of choice. The ISPs involved in the scheme intercept such requests before they reach a search engine, however. They pass the search to an online marketing company, which directs the user straight to Apple's online retail website."

He says patents filed by Paxfire, a company involved in the hijacking, indicate the whole thing might be part of "a larger plan to allow ISPs to generate revenue by tracking the sites their customers visit," and that "it may also be illegal."

A class action suit has already been filed by New York law firms Reese Richman and Milberg.

ICSI researchers Christian Kreibich, Nicholas Weaver and Vern Paxson, with Peter Eckersley posted on the Electronic Frontier Foundation's site:

In short, the purpose appears to be monetization of users' searches. ICSI Networking's investigation has revealed that Paxfire's HTTP proxies selectively siphon search requests out of the proxied traffic flows and redirect them through one or more affiliate marketing programs, presumably resulting in commission payments to Paxfire and the ISPs involved. The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and When looking up brand names such as "apple", "dell", "groupon", and "wsj", the affiliate programs direct the queries to the corresponding brands' websites or to search assistance pages instead of providing the intended search engine results page.

The ISPs that are redirecting search queries, according to New Scientist, are: Cavalier, Cincinnati Bell, Cogent, Frontier, Hughes, IBBS, Insight Broadband, Megapath, Paetec, RCN, Wide Open West, and XO Communication. Charter and Iowa Telecom, the publication says, were also doing it, but have stopped.

On Google+, Google's Matt Cutts wrote, "More than ten U.S. Internet Service Providers (ISPs) have apparently been caught hijacking search sessions. Crazy….To protect yourself against this, you can search Google via SSL search at . It might also help to change your DNS provider. Google has a Public DNS service: and OpenDNS has one too."

Wow. 10+ ISPs have been proxying search sessions, and sometimes hijacking them, possibly for profit: 1 hour ago via Tweet Button · powered by @socialditto

SEOs sure have their work cut out for them these days.

Chris Crum
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.

Leave a Reply