Home & Office

Are your search engine queries being hijacked?

Recent studies show that, depending on your ISP, your search engine questions may be being deliberately collected and redirected by a third-party company.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Who doesn't trust their search engine? When we need to find something, we all turn to Google, Bing, or Yahoo. We shouldn't be so trusting through. On Bing, cyber-crooks are now placing ads to ensnare people who want to switch to the Chrome Web-browser. Now, we find that some U.S. Internet Service Providers (ISP)s are sending your search queries to a third-party proxy company instead of your search engine of choice.

According to the Electronic Frontier Foundation (EFF), several recent research studies have revealed that "some or all traffic to major search engines, including Bing, Yahoo! and (sometimes) Google, is being directed to mysterious third party proxies."

Further research by the EFF and the ICSI Networking Group, a non-profit organization that researches Internet architecture and related networking issues, has revealed that your searches are sent to a company called Paxfire.

Paxfire proudly proclaims itself to be the "proven industry leader in monetizing Address Bar Search and DNS Error traffic for Network Operators. Through our carrier-grade technology, we generate millions of dollars a month in new advertising revenue for our partners by enabling them to participate in the booming $20 billion a year search advertising market."

In other words, what Paxfire does is it intercepts your searches. Then, if their proxy servers find a match in their advertising databases, they'll send you top search results from their affiliate marketing programs rather than what your search engine would give you as the best results.

In addition, while Paxfire's privacy policy states that "Paxfire does not collect or capture any personally identifiable information. Paxfire may collect anonymous information related to use of the Internet, which may include current IP address, queries, or the IP address to which a query was directed." That strikes me as a contradiction in terms. If I have your IP address, I 'm half-way to identifying you.

You, more likely than not, won't know that your search results are being redirected or that your IP address and searches are being collected and stored. I don't like either idea one darn bit. When I go to Google, I want to go directly to Google. According to the EFF report, major ISPs that use Paxfire "include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN, and Wide Open West. Charter has also used Paxfire in the past, but appears to have discontinued this practice." As a Charter user myself I can state that Charter is no longer using PaxFire. I just checked.

To see if my Web search traffic was being redirected I used the ICSI Netalyzr test-suite. This is a general-purpose, Java-based Internet analysis tool. Among other things, it can spot when your Domain Name System (DNS) and searches are being redirected to a proxy service such as Paxfire's.

Since this news first broke, the ISPs that were using Paxfire are reported to have stopped redirecting search queries. If you're using Bing or Yahoo, though, these ISPs are continuing to intercept your queries. They seem to have stopped doing this with Google searches. The reason for this is probably that Google has been aware of this issue since March and has been pushing ISPs to stop intercepting and re-directing Google's traffic.

So, what can you do to make sure your searches are going to the right place? You have several options. One is to use a third-party DNS service like OpenDNS or Google Public DNS. Another method is to use tools such as HTTPS Everywhere or Force TLS. With these Firefox browser extensions, you force a HTTPS-encrypted connection with the real search engine.

If you're like me, and you like to go to the site you want to go to when you want to go to it, you'll check your connection and use your own DNS and a tool to force a secure connection whenever possible. If your ISP is grabbing your search traffic, I'd also let them know, in no uncertain terms, that you want control of your traffic thank you very much, or you'll find another ISP.

Related Stories:

Bing ads lead to more malware; new Mac Trojan in the wild

Bing ad serves malware to would-be Google Chrome switchers

Churchill Club: Inside Google's Search Office

Google gets into the Content Delivery Network business

We're a long, long way from securing the Web with SSL/TLS

Editorial standards