Rogers turns on content injection again

Any form of ad-injection, dynamic typo-squatting, or other ISP-introduced content addition or redirection is controversial at best. There are a number of vendors offering solutions, perhaps the best known (for all the wrong reasons) is Barefruit.

Rogers has apparently turned their content injection capabilities back on after a well-publicized incident a couple of years ago.

Rogers Again Injects Web Pages With Its Own Content:

This approach again raises concerns about Rogers interfering with the delivery of content without permission of the end user. When combined with its ongoing policy of redirecting web pages that do not resolve to a company-sponsored paid search page, Rogers own content seems to show up unasked on a regular basis.

For those who don't remember the Barefruit incident, here is a reminder:
ISPs’ Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses

In that case, VeriSign, which controls the sales of .com and .net top-level domains through a contract with the U.S. government, began directing users who mistyped domains names to its own servers, where it presented paid search results.

The move outraged the technical community and eventually led to an ICANN commission report (.pdf) condemning the practice and an unsuccessful VeriSign lawsuit against ICANN.

"Sitefinder showed that [Non-Existent] domain re-mapping is bad for the community," Vixie said. "This would be an example of why it is bad."

While Barefruit fixed the immediate JavaScript hole, the underlying problem — that large ISPs are ignoring a core internet practice to make money and pretending to be sites that don’t exist — means every site on the net remains vulnerable in ways they have no control over, according to Kaminsky.

Versign, of course, took a significant amount of heat over redirection non-existant domains for profit.