Are your searches going where you think they are?

Dirty pool in the search business

According to a couple of recent studies and unreasonably understated warnings from public-interest groups, when you type a search into Bing or Yahoo! and hit Enter, your search may not go straight to the search provider, which will misinterpret it (Bing) or amateurishly answer it (Yahoo!).

Nor will it always to go Google, if you prefer a search provider that can satisfy your curiosity and invade your privacy at the same time.

Instead it will go to a third-party marketing firm called Paxfire (or a competitor), which tries to match your query with ads already in their databases and send you back results for which the companies you locate have paid, according to reports from the EFF and others.

The result is not only usually useless, it's offensive, more invasive of your privacy than you've already acknowledged by searching for your heart's deepest desire on an unencrypted Internet connection in the first place, and deceptive.

It's deceptive because everyone I know uses search or other services on the Internet according to their experience with how well that service works for their needs particularly and none appreciates having a one of "sponsored" query responses at the top of a page, popups that keep them from seeing any of the results in the first place or so many ads on the resulting page that you can't tell whether your PC was hijacked by viruses, rather than your search being hijacked by marketing weasels.

I have to admit having seen some stories about this bit of appalling abuse of customers – usually by ISPs (which you already pay for both the Internet access and DNS connection), rather than the search providers.

Past-and-future colleague Steven J. Vaughan-Nichols, on the other hand, picked tip about Paxfire and ran with it, going into more detail about how the hijacking works and how to avoid it using either DNS services different from those provided by your ISP, or secure, encrypted connections to search engines that don't let ISPs recognize a query and redirect it.

He offers links to the reports, open DNS providers, Firefox add-ons to help avoid the hijacks and a pointer to the ICSI Netalyzr test-suite you can use to figure out if you're being hijacked as well.

This issue doesn't carry the same weight as the national-security-threatening five-year cyberwar McAfee reported last week, but it directly affects a lot more people, most of them several times per day.

That scope, the level of annoyance at having your time wasted without your consent by a company you're paying for the privilege, and the inherent betrayal of having a service provider you trust sell you to someone else without your knowledge make this more than just a pointless marketing stunt.

It's an example of how far the principles of malicious hacking and malware have penetrated the culture and extremely thin ethical considerations of those who claim to be reinventing the Internet by getting it to pay for itself by robbing your of time, attention or honest information every time they get the chance.

If you're involved with Paxfire, considering using it or a similar service, just remember how ticked off you were the first time you heard about or were subjected to it.

Then tell them to cut it the hell out.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon