On Mon, 14 Jul 2014 05:00:04 +0000 (UTC) Jim Henderson <hendersj@gmail.com> wrote:
On Sun, 13 Jul 2014 17:09:16 -0700, jdebert wrote:
Is it possible to avoid this stuff?
Well, perhaps the obvious solution is to stop using Sprint.
What I would do is call their customer support and say "I noticed something weird...." and get them to admit what they're doing - and then tell them that that's not what you signed up for when you agreed to service with them (assuming that there's nothing in the contract that permits them to modify traffic like that).
Nothing in the terms prohibit it. Seems to come under the catch-all of their right to make improvements, etc. Censorship also comes under that umbrella, apparently. Support is so obstinately clueless that getting bumped to second level has been so far impossible. It's all my fault that their DNS is a problem, apparently. They like to call it "transparent DNS proxy" but it's clearly hijacking DNS and providing sometimes bogus responses, or fails to allow valid responses through. Also never allows DNSSEC validation. That's not very transparent.
IMHO, providers need to be called out on this - rather than customers just trying to find ways to quietly circumvent it. The reason providers get away with stuff like this is because nobody speaks up about it.
Turns out there have been quite a few speaking out and complaining. Apparently sprint has been doing this a long time but somehow it didn't catch up to me til recently. They are also injecting javascript into http traffic using their "transparent http proxy" and cutting quite a few http and ftp file transfers short. The recent session where all SSL/TLS and ssh failed authentication wasn't the first time, either. Because it persisted all session, in every session it occurred for different hosts around the world, and the fact that ping and traceroute failed to reach any designated hosts, or even outside sprint's network, it is too unlikely that it was a random hostile actor setting up an MITM. So, yes, obviously, sprint has to be chucked. I'll have to do that when I'm wealthy enough to switch, unfortunately. Meantime, sprint is to be considered high-risk, insecure and possibly hostile. THanks for the info. It was useful. jd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org