This is what happens...
...when they get away scot free doing illegal interceptions. They just do what they want.
BT is annoying business broadband customers by hijacking their browsers to nag them to download a branded desktop utility. The firm has decided it simply must tell subscribers about "Desktop Help", which it says allows it to fix users' technical problems remotely. To that end, it is redirecting HTTP requests to its own …
First they try and collect on their absurd hyperlink patent. Then they introduce Phorm in secret to see if they can "monetize" their customer base (as if regular payments for services wasn't enough). Now it's man-in-the-middle spamvertising.
Thank you Thatcher and the other dimwit Britard politicians for unleashing this beast!
What's the difference between then and now? Well now there are other companies people can move their business broadband to, and BT risk losing customers by their actions. If we had the state monopoly? Well in that case you'd be screwed, because there would be the state-owned monopoly phone company and nothing else. They would have been able to do this with the impunity granted by government sanction.
And don't try the argument that a state-owned company wouldn't do things like that. Of course they would. The government would just love to have that level of "monetising", not to mention all the monitoring they could do. Witness the level of insane monitoring that the EU wants to enforce on us all, and the even more insane level of monitoring that our own government wants to add on to that.
Your knee-jerk reaction against privately owned companies is obviously born from either a lack of understanding or simple prejudice.
Apparently you've also never had to deal with state-owned BT or you'd know they were shit.
Would that work in this situation?
surely the VPN traffic (assuming it's running on Port 80 or 443) would just get redirected as well and break the connection - true it would stop BT spying on what you are doing, but it wouldn't help with the connectivity issues as shown in the article by the Backup systems failing.
"This is absolutely unacceptable behaviour BT and signals the end of our custom. My Director is making the termination call right now."
I want one of these directors. Where can I get one? I've only ever come across useless directors who are a waste of space.
Oops. Better make this anon...
It's all well and good to tell people to click a few buttons to get rid of the page but how the hell is a web server supposed to know that!
It took me over 2 hours to discover why my Web server was not responding the requests... and then I find some f*cking BT redirected spam page is causing the problem...
Do BT not realise businesses use their BUSINESS broadband connection for web servers.
Total IDIOTS! and one less customer when the contract finishes in a few months.
...and I'm never going back.
I was *almost* tempted by fast 20mb ADSL ... until I realised the local exchange wasn't upgraded and I could get the same service (i.e. not very good) from Virgin.
Surely most businesses have their own tech support anyway? Or are they trying to pimp "small business tech support"?
Really pissed me Off
DNS hijacking is what it amounts to
They used this method to inform one of our customers that their broadband service had been upgraded.
But did fail mention this broke compatability with their old router and they lost their static IP address (luckily on pop mail) and then got a call in a week later saying that 1 of their staff couldnt VPN in !!!
This is "possibly" acceptable on a home line but not business lines
Also very pissed off customer debating on wether to start suggesting other providers
I usually do a nice line in sarky comments for this kind of idiocy. But this is just beyond belief. How can they be so *stupid*? Did not one single one of the people involved stop for an instant and think about what they were doing?
"as when trialled it did allow us to successfully communicate the availability of Desktop Help to a large number of customers"
Well, yes. It could also "communicate the availability" of Viagra and penis enlargers. BT have just proudly and publicly announced that they have placed themselves in the same category as all the other spammers. But actually hijacked their paying customers to do it.
I see a need for El Reg to introduce a 'Batshit Insane' icon.
first one is
to BT , there seems to be no longer a concept of the customer paying for a service
they are now "revenue unit" where you push any old crap at like spammers do, the return of a few tenth of a percent responding positively makes "commercial sense" to them
the fact they will P!55 off more is ignored
the second one is
would you allow BT remote access to your computers rather than internal I.T?
just read the forums (if BT have not cleansed all the negative comments) about the issues with indian call centres causing more problems than they fix, due to reducing security setting, setting things back to factory defaults and removing setting where people have secured their systems
i left BT due to phorm and DPI
they just seem to love giving people a reason to leave
everyone should get LLU broadband so they do not traverse any BT network kit
and finally watch out for long term contracts designed to lock you into an ISP, as if you dislike what they do, like above it is difficult / expensive to move to a new isp
Use a proper ISP that won't force this (or any) kind of idiocy on you.
USE ZEN INTERNET!
If you want a proper, tamper free, rock solid, non-shaped internet connection with support that know what they're talking about, Go with Zen!
OK, that's three things (four if you include this), but it still stands.
Gran: "hello Lindsey, darling"
BT Goon: "shut up bitch, listen Lindsey, we need to tell you about this great new product called Viagra"
Lindsey: "hello? What?"
BT Goon: "it will only take 5 minutes of your time, listen I need you to go to your pill cabinet and tell me if you have any bottles marked 'Viagra'"
Lindsey: "who the hell is this, where is my grandmother?"
BT Goon: "look we can do this the easy way or the hard way, the longer you dick me around the longer your gran will have to wait on hold, okay?"
If I was suffering from BT I would argue that this counts as a fault with the service purchased, therefore I should stop paying for the "service" until the fault is corrected. Any day on which this fault occurs is part of the ongoing fault. This will cost them a lot more than the crapvert is worth to them.
There is a further argument that the fault is deliberately induced and malicious but that is rather harder to make stick.
Every affected business should also make a complaint to Ofcon, not that Ofcon will do any good but they will cost BT a fortune in bureaucratic bungling and paperwork which is their real regulatory weapon.
There is a reason British Telecom is slang for "out of order".
I strongly suspect that this was thought up by the same numpty who dumped those Davina messages in our answerphone mailboxes.
Their reasoning then was that it didn't matter if you were registered with the TPS to not get sales calls - as it was 'dropped into the voicemail box' so wasn't a phone call...
It strikes me that they're desperately trying to wriggle around every regulation and rule that they have.
Belkin tried the same thing with their routers many years ago, and also suffered for their mistake
The early plans were to have interstitials - but it was abandoned. Cos it might be annoying for users.
You have to wonder whether BT have adopted phorm technology after all ... or if they are just plain stupid.
I'm not sure that's an either/or.
Someone phone Kent !
A great distraction that was - spending a half-hour in BT Business Broadband forums (which are hosted in the US for some reason - don't BT have any webservers in the UK? and run at least 4 tracking scripts - obviously for statistical purposes only and not target advertising, oh no)
Some of the crap that BT foist on their customers is legendary. Everyone should look!
Now IANAL, but, from the computer misuse act 1990, as amended by Police and Justice Act 2006:
3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
(1) A person is guilty of an offence if—
(a) he does any unauthorised act in relation to a computer;
(b) at the time when he does the act he knows that it is unauthorised; and
(c) either subsection (2) or subsection (3) below applies.
(2) This subsection applies if the person intends by doing the act—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer;
(c) to impair the operation of any such program or the reliability of any such data; or
(d) to enable any of the things mentioned in paragraphs (a) to (c) above to be done.
(3) This subsection applies if the person is reckless as to whether the act will do any of the things mentioned in paragraphs (a) to (d) of subsection (2) above.
I looked at BT's terms of service, and there is nothing in them that allows for BT to modify their customer's traffic, so this is almost certainly unauthorised. Basically, if BT borks anyone's automated backups/firmware updates/HTTP pulls from web databases etc in any way shape or form with this then they are probably guilty of recklessness within the means of Section 3, subsection 3 of the computer misuse act and are therefore criminally liable.
It would also be interesting to see how this is implemented from anyone who has log files of this happening - is it a DNS forgery, or an IP spoof? I assume they run their own DNS servers, so they may get away with that. If they spoof the IP address then they are probably in even more trouble, as they would then be dishonestly representing themselves as another web site, and may be exposing themselves to liability for some kind of fraud/dishonesty/forgery offence too.
Shouldn't businesses really be using a service like open dns or even hosting their own servers rather than relying on shit from the likes of BT - it's like using a vagrant for child-minding because they're always available so must be reliable.
I'd be interested in knowing how they do this latest stunt though.
I had a hugely irritating call to a TPS registered (non BT) business line.
I insisted on being connected to a supervisor/manager in the Indian call centre. I eventually spoke with a Rajesh Sharma who is on 0870 7766775, and made my feelings very plain.
He told me that they bought-in the database! If true, so much for due diligence.
I suggest that anyone who has been buggered about by this crass stupidity / flagrant breach of UK Laws calls that number and lodges a complaint. I know it's a broadband/ISP issue, not phones, but the hassle value should really strike home.
Can somebody explain how BT have done this? We're (unfortunately) using BT Business ADSL in our office but haven't noticed any issues. I suspect they're manipulating DNS requests, and seeing as we run our own BIND server we bypass ISP fucking around like this. It's also nice to be able to flush your DNS cache when needed, instead of waiting for everything to propogate through the ISPs cache.
However it works, it's definitely a major fail.
I remember it because I had to fix my Dad's computer for him (as the tame family geek), and he'd put in the BT disk when he signed up rather than getting me to set it up manually for him. Getting rid of desktop help (which kept randomly firing itself up) was actually harder than getting rid of the damn dialler software that I was cleaning off!
Now there's a reason to be glad not to use dial-up any more, no more trojan diallers...
Anyway, as someone else said, having spoken to the numpties in their call centre in India I'd never trust them in a million years with remote access. Whereas the old UK call centre actually had some decent people, who could move off the script if required.
This really is crap, and on a business tariff they really ought to know better than to encourage random users to install crap on their machines - and that's before we even get to the stupidity of launching a man-in-the-middle attack on your own customers!
I hope Offcom come down on them like a ton of bricks, but I'm not holding my breath.
We have loads of customers whose businesses rely on the internet but it's all behind the scenes.
Their software connects to their suppliers and customers sites and they depend on it.
They never got the browser prompt because they don't use the "Internet" in the conventional sense, they just can't connect to anything because all the back room stuff was being blocked.
Took us ages to find out what was happening.
Well I'm writing this comment from behind a BT internet connection and I am absolutely DEligHTD that they are doing this. Hm they hm they can get away with intercepting HTTP requests without causing widespread INFromatIVE NewS is utterly lOVELY. They'll be aDHRering To the HTTP reqstANDRDS next!
Hi you've dailed 999, but before we put you through would you be interested in a great offer on our broadband packages? If you're interested in hearing about great broadband packages, press... 1. If you'd like us to ring you back at a more convenient time to hear about our great broadband packages, press... 2...
BT did exactly the same thing on their home network. And made exactly the same excuses. That was a few months ago. And now they try it on their business network and get hit with an understandable furious backlash. They deserve it. Check your T&Cs which probably specify how BT will contact you if they need to. Bet it doesn't say they will use a browser hijack does it? Sue them.
Oh yes - and to the guy on the lithium forum who speculated about Sky doing this sort of thing - don't worry - BTVision already did that too - ionjecting their own downloaded advert over broadcast Freeview..
Sorry I can't give you the links to the BT residential forum posts that complained about this. BT conveniently deleted them off the internet!
This is an illegal interception of communications by BT (yet again).
Anyone affected should take a screenshot and complain to the Police (s1 Regulation of Investigatory Powers Act, European Convention on Human Rights Article 8).
You could complain to the ICO about PECR regulation 6 (Confidentiality), 7 (Restrictions on the processing of certain traffic data) and 8 (Further provisions relating to the processing of traffic data under regulation 7)... but don't hold your breath. The ICO are beyond useless.
An effective solution is walking away from BT;
If ever I heard a reason for adding the following to the hosts file, this is it.
Maybe someone can come up with a complete list of bt domains used for this kind of thing.
Put it right next to all those entries for Phorm, NebuAd (or whatever they call themselves these days), Kindsight, Frontporch ....
Who needs them using up bandwidth.
Complain en mass to the Information Commisioner and Offcom; make as much noise about this as possible and just maybe BT will at least get a well deserved bitch slap.
(Also, this will not look good for the on-going Phorm investigation with the CPS debating if criminal charges should be brought...)
Who at BT came to the conclusion that is was a good idea?
Hijacking a paying customers connection so that they can display ads is completely outrageous!
Every customer affected by this should be complaining to BT and OFCOM.
I would never have BT Broadband, yes I have to pay for broadband and line rental separately but I get a much better service. Namesco all the way for me.
To be fair ,working for bt as I do the staff involved were probably horrified at this , but in today's bt it is not possible to have any opinion that does not agree with the senior management.
It almost seems if the new management motto is
don't think........... unless your thinking that I'm right.
Get into work one morning to find that one office is saying they cannot get onto the internet. Strange . . .,check all the links and they seem ok so look into get the users to explain exactly what they can see.
Well peeved, a phone call to BT and it seems that on this occasion it was a trial that made it out into the public, cannot believe that they are actually going live with it. I think I did actually say to BT when I phoned them that I deemed it to be a disruption to the service - be interesting to see if it happens again . . . .
This has to be illegal under Computer Misuse and interception of communications regulations under RIPA, surely. Even if the end user gives consent under the T&Cs with BT, the web site operator does not, and they are as much a party to the communication as the end user is.
I saw the system for this demonstrated at a ISPA meeting and the vendors were very proud of the system that had been used a lot in US and they were bringing to the UK. They were puzzled when I suggested it was illegal and had not considered for a moment the other party to the intercepted communications (the web site operator) and would go and look in to it!
AFAIK BT Retail supply both the business and home broadband. This was the division that also showed Phorm so much love.
Good news. Phorm was a *bit* tricky to explain to company directors. Hijacking what pages you are using is pretty obvious as a *bad* thing.
This fits in very well with BTs other 'innovative' marketing strategies.
You leave BT and expressly tell them you don't want any future marketing, so they start sending snail mail "to the occupier" once a month. When that produces no response for 18 months, they start mailing you by name once a month, but omitting the specific flat number and the city; just name, house number and postcode, knowing full well the PO will deliver it. I assume this bypasses the specific entry on the MPS.
Glad I left them.
They just can't provide a business ADSL without it breaking every 30 minutes or so, spent 3 months fixing it then 'upgraded' the exchange a week later and back to failure.
During an earlier problem, they were flumoxed that I wouldn't allow them to connect to my machine via remote desktop to test the system.
Very pleasant bunch to deal with, and I'm sure they've got some technical ability, but this sort of stupidity surfaces too often with their lower level tech staff.
"It was too complex to explain what they would be opting out of, so we did not bother to give them an opt out"
Home broadband ad
Its harmless enough
Business broadband ad
BT Retail just *can't* help having a fiddle with peoples connections. It seems to be almost a compulsion with them.
In a criminal context (RIPA is the one which has come up) that's recidivistic behavior. IN fact that make 3 strikes. You may *have* to pay for their line, but you don't *have* to buy their broadband.
"My suggestion would be that everyone who had to devote resources to this should send BT a bill for the time and inconvenience of having to sort out their mess."
What about the ones looking like muppets in front of potential customers?
Cost? £100k project gone to your competitors along with the chance of future projects with that customer.
Back in the day when I had a BT landline, I moved house and changed my number. Had ex-directory because I was hacked off with telemarketing calls. Yes, it was way back when. Anyhow, some numpty at BT decided to call me trying to sell stuff. Not pleased, I told 'em not to call. "But you're a BT customer" says they. "Not for much fucking longer" says I.
Believe it or not, they actually knocked 50 quid off me bill for that.
I don't post here very often although I read the register every day. This, however, has seriously pissed me off.
I'm absolutely furious about this - we run a network of LED billboards that use BT Business Broadband as the backhaul for their data as well as to send a heartbeat-style signal saying "yes, I'm still alive".
Guess what happened when http traffic was redirected to this page instead of where it should have been going? Yes, that's right, all of our communications went down and I was woken up at 0340 in the morning by my pager.
THIS SITUATION IS UTTERLY UNACCEPTABLE
If this happens again we will consider suing BT as it's against the terms of service and causes major disruption at our end - bear in mind we don't use web browsers on these ADSL lines and so the only way we know that you have messed up the service is to go into full emergency panic mode.
Congratulations BT, you've wasted 5 people's time and made them lose a night's sleep. I hope you're proud of yourselves...
Biting the hand that feeds IT © 1998–2021