Are your search engine queries being hijacked?

Are your search engine queries being hijacked?

Summary: Recent studies show that, depending on your ISP, your search engine questions may be being deliberately collected and redirected by a third-party company.


Who doesn't trust their search engine? When we need to find something, we all turn to Google, Bing, or Yahoo. We shouldn't be so trusting through. On Bing, cyber-crooks are now placing ads to ensnare people who want to switch to the Chrome Web-browser. Now, we find that some U.S. Internet Service Providers (ISP)s are sending your search queries to a third-party proxy company instead of your search engine of choice.

According to the Electronic Frontier Foundation (EFF), several recent research studies have revealed that "some or all traffic to major search engines, including Bing, Yahoo! and (sometimes) Google, is being directed to mysterious third party proxies."

Further research by the EFF and the ICSI Networking Group, a non-profit organization that researches Internet architecture and related networking issues, has revealed that your searches are sent to a company called Paxfire.

Paxfire proudly proclaims itself to be the "proven industry leader in monetizing Address Bar Search and DNS Error traffic for Network Operators. Through our carrier-grade technology, we generate millions of dollars a month in new advertising revenue for our partners by enabling them to participate in the booming $20 billion a year search advertising market."

In other words, what Paxfire does is it intercepts your searches. Then, if their proxy servers find a match in their advertising databases, they'll send you top search results from their affiliate marketing programs rather than what your search engine would give you as the best results.

In addition, while Paxfire's privacy policy states that "Paxfire does not collect or capture any personally identifiable information. Paxfire may collect anonymous information related to use of the Internet, which may include current IP address, queries, or the IP address to which a query was directed." That strikes me as a contradiction in terms. If I have your IP address, I 'm half-way to identifying you.

You, more likely than not, won't know that your search results are being redirected or that your IP address and searches are being collected and stored. I don't like either idea one darn bit. When I go to Google, I want to go directly to Google. According to the EFF report, major ISPs that use Paxfire "include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN, and Wide Open West. Charter has also used Paxfire in the past, but appears to have discontinued this practice." As a Charter user myself I can state that Charter is no longer using PaxFire. I just checked.

To see if my Web search traffic was being redirected I used the ICSI Netalyzr test-suite. This is a general-purpose, Java-based Internet analysis tool. Among other things, it can spot when your Domain Name System (DNS) and searches are being redirected to a proxy service such as Paxfire's.

Since this news first broke, the ISPs that were using Paxfire are reported to have stopped redirecting search queries. If you're using Bing or Yahoo, though, these ISPs are continuing to intercept your queries. They seem to have stopped doing this with Google searches. The reason for this is probably that Google has been aware of this issue since March and has been pushing ISPs to stop intercepting and re-directing Google's traffic.

So, what can you do to make sure your searches are going to the right place? You have several options. One is to use a third-party DNS service like OpenDNS or Google Public DNS. Another method is to use tools such as HTTPS Everywhere or Force TLS. With these Firefox browser extensions, you force a HTTPS-encrypted connection with the real search engine.

If you're like me, and you like to go to the site you want to go to when you want to go to it, you'll check your connection and use your own DNS and a tool to force a secure connection whenever possible. If your ISP is grabbing your search traffic, I'd also let them know, in no uncertain terms, that you want control of your traffic thank you very much, or you'll find another ISP.

Related Stories:

Bing ads lead to more malware; new Mac Trojan in the wild

Bing ad serves malware to would-be Google Chrome switchers

Churchill Club: Inside Google's Search Office

Google gets into the Content Delivery Network business

We're a long, long way from securing the Web with SSL/TLS

Topics: Telcos, Browser, Google, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • How sneaky. Good story Steve.

    Dietrich T. Schmitz, Your Linux Advocate!
  • RE: Are your search engine queries being hijacked?

    A story from SJVN without Microsoft hate !! Bravo ! Keep up the good work sir !! :)
    • RE: Are your search engine queries being hijacked?

      @1773 Almost - "On Bing, cyber-crooks are now placing ads to ensnare people who want to switch to the Chrome Web-browser" - they are doing the same things with Google and probably Yahoo, that was kind of left out.
  • RE: Are your search engine queries being hijacked?

    It would be nice if I could force the google search box in Firefox to use https. Unless there is and I don't know how to set it that way. I don't really want to go to the google main page every time (where clearly I can force it to go to https...). I'll check the mozilla bugzilla to see if someone has already suggested it.
  • "address bar searches"?

    Paxfire brags about monetizing "address bar search." Does that mean that even when I type an address into the address bar, they latch onto it? That's worse than intercepting search engine traffic, by far. It's like the different between taking a bus or a taxi. If I climb onto a bus, I expect to follow a circuitous route to my destination, but if I type in a specific address, that's like giving the address to a taxi driver, and I should be able to be taken directly there without a detour to the driver's brother's business on the wrong side of town!
  • RE: Are your search engine queries being hijacked?

    It doesn't happen in my avant browser that the result of search been replaced.It is rogue behavior.They should a pologize for this to us.
  • RE: Are your search engine queries being hijacked?

    Redirecting a URL address belonging to one party to another party's servers without permission must be illegal or at least a breach of copyright?
  • RE: Are your search engine queries being hijacked?

    @NZJester I agree.
    If a search for iPhone deals sent me to a Samsung ads page or MicroSoft software search went to SUSE webpage then I think the legal excrement would hit the rotor blades in a big way. So why should any other search be redirected and be legal?
  • RE: Are your search engine queries being hijacked?

    @ MvdL
    "It would be nice if I could force the google search box in Firefox to use https..."

  • ISPs Being sued Class Action Lawsuits

    Looks like all the ISPs will be getting class action complaints in the mail: