RE: (ot) JavaScript detecting foreign scripts
Thanks Dave I do appreciate the information. > First, my understanding is that this only happens for users of Comcast public > access hotspots, not for subscribed users: > > http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad- > injections-threaten-security-net-neutrality/ In my research I did see that article but alas they are indeed rolling it out to actual subscribers. > Second, if you use TLS (SSL) exclusively, you should be able to prevent this. I tested for this and yes it does prevent it. However that is not actually the point. The point is much bigger than the pennies they sole from my websites ad revenue. Maybe I am the only one but to me this practice, replacing the content of a webpage with their own content, is a heinous affront to the idea of an open Internet. Maybe I am going off the rails here but isn't this exactly what the Net Neutrality fight was all about? Not fast lanes and slow lanes but data integrity! Thanks for the pointer on the JS code I will look into it and take a step down off my soapbox. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360183 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) JavaScript detecting foreign scripts
> It appears as if in some locations Comcast's proxies are intercepting > advertising scripts (google/doubleclick) and replacing them with their own > JS that substitutes their own contracted ads. I am looking for a way to > detect this on a test page to determine how wide spread the practice is. > > I would be greatly appreciative if that person would contact me directly > either by email or phone. I'm not that person, but I have some suggestions. First, my understanding is that this only happens for users of Comcast public access hotspots, not for subscribed users: http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/ Second, if you use TLS (SSL) exclusively, you should be able to prevent this. Google/Doubleclick support this, and I really think it's the way of the future. We recommend exclusive TLS use for all of our customers. Not specifically just for this problem, but because it limits exposure generally and because it may positively affect SEO in the near future: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html Third, there's an IEEE paper that provides some sample code for handling this problem. I haven't read it myself, and it's not a free paper, but it may be worth the money to you: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6032221&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6032221 Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360182 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: (ot) JavaScript detecting foreign scripts
> I developped a client side javascript error trackink tool and it helped me a lot > to debug my scripts, but I get many errors happening in foreign JS scripts. > I fixed my program to detect 5 or 6 of them and now the system is almost > perfect. Should have known it was you . What is happening is that Comcast has engaged the company MyTurfads.com that on the fly replaces Google and other ads with their own. They intercept the call to the script and return JS of their own that inserts a script from their domain (adx.myturfads.com) into the DOM. That script then calls others to handle the ads. I have proven this using a test page http://www.uxb.net/adtest/ that only has a single Google ad and no other scripts. The content of the single script on that page gets replaced at my sisters in NY (Comcast) but not in CT (Comcast) . I want to find out how wide spread this is because 3 data points do not make an argument. I only found out about it because my sister complained about getting pop-up and self-running modal video ads on one of my websites and that should not occur. What I want to do is write a script that can detect if the domain myturfads.com is located anywhere in the DOM. I intend to place it on the simple test page so that once detected I can initiate an Ajax call and record the user IP on my server. I can hack at JS code with enough examples but sadly need a little help on this one. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360181 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CF Builder 3
Good Afternoon, I have been playing with the mobile abilities of CF11 recently and just noticed that my trial copy of the CFB is coming to an end soon. Does anyone have an extra license for CFB 3 that they would be willing to part with? I don't want to pay the full retail price for something I am just 'playing with' yet. Thanks, William -- William Seiter ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360180 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) JavaScript detecting foreign scripts
>>I am looking to consult with that person off-list Please don't do it off-list, several of us could be interrested. I developped a client side javascript error trackink tool and it helped me a lot to debug my scripts, but I get many errors happening in foreign JS scripts. I fixed my program to detect 5 or 6 of them and now the system is almost perfect. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360179 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
(ot) JavaScript detecting foreign scripts
I apologize for this off topic post. A while back someone posted a thread where they were working on a script that would enumerate the DOM and detect foreign JS scripts running or loaded. I am looking to consult with that person off-list because I have a case where I need to do the same. It appears as if in some locations Comcast's proxies are intercepting advertising scripts (google/doubleclick) and replacing them with their own JS that substitutes their own contracted ads. I am looking for a way to detect this on a test page to determine how wide spread the practice is. I would be greatly appreciative if that person would contact me directly either by email or phone. Dennis Powers UXB Internet - A website Design and Hosting Company P.O. Box 6028, Wolcott, CT 06716 - T:203-879-2844 W: http://www.uxbinternet.com W: http://www.ctbusinesslist.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360178 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
