Several US ISPs have been rerouting product searches via a third-party proxy to sell the data, researchers claim.
Researchers first noticed the odd redirections at the DNS level earlier this year, but have now uncovered exactly what is happening to the traffic.
According to a report from the Electronic Freedom Foundation (EFF) and research company ICSI Networking, a firm called Paxfire uses proxies to "selectively siphon search requests", redirecting them via third-party affiliate marketing programmes.
"When the user initiates searches for specific keywords from the browser's URL bar or search bar, the proxy no longer relays the query to the intended search engine, but instead redirects the browser's request through affiliate networks, as the equivalent of a click on advertisements," the EFF explained in a blog post co-authored with ICSI.
"Using the names of popular websites, we have so far identified 170 brand-related keywords that trigger redirections via affiliate programs and result either on the brands' sites or on search assistance pages unrelated to the intended search engine results page."
Some of the brand names include Apple, Dell, Groupon, and the Wall Street Journal, the EFF said, adding "the purpose appears to be monetisation of users' searches".
Paxfire
We couldn't reach Paxfire at the time of publishing, but the company's website said it offers "look-up services", in software, hardware and hosted variations.
Essentially, it's an error rerouting service, so if users type in an incorrect URL it redirects them to a search page. "More specifically, when an end-user types an invalid URL in the address bar of his browser — either a keyword such as 'books' or a mistype such as 'www.amazoooo,cm' — Paxfire can return a standard search results page that will generate revenue for the network operator when an end-user clicks on a paid link," it says on its website.
"Some of our customers literally generate millions of dollars a year using the Paxfire Look-up Service," the company claims.
However, the EFF report said Paxfire has added to that service. "Paxfire's product also includes an optional, unadvertised, and more alarming feature that drastically expands Paxfire's window into users' traffic," the EFF said. "Instead of activating only upon error, this product redirects the customers' entire web search traffic destined for Yahoo, Bing, and sometimes Google, to a small number of separate web traffic proxies."
We're still waiting to hear back from Microsoft and Google, and couldn't reach Yahoo. Virgin Media said it doesn't use Paxfire, and we're still waiting to hear back from BT.
This article originally appeared at pcpro.co.uk
