"Web tripwires" reveal 1.3% of web pages altered in transit

Posted on by Ruiwen

When you visit a web page, you might expect that the code and images from the page will make their journey through the tubes unmolested and unaltered, but according to security researchers, you would also be wrong 1.3 percent of the time.
Quoting from a recent article on Ars.Technica, researchers have found that up to 1.3% of web pages are altered in transit between the server and the requesting client. Not all the modifications are malicious though, the article notes. Some ISPs modify the page either by removing extra white space in the page, or further compressing images, thereby reducing bandwidth used and decreasing wait times. Alternatively, some service providers take the opportunity to serve ads instead.

In 2007 (I think), some folks from the University of Washington and the International Computer Science Institute put up a page to test if pages loaded from various domains were edited while passing through through the ‘tubes. Enter the UW CSE and ICSI Web Integrity Checker.

Here’s quoting their results so far:

  • 50,171 unique IP addresses visited the page.
  • 657 IP addresses reported modified pages (1.3%).
  • 70% of the modifications where caused by client-side proxy software, such as ad blockers and popup blockers.
  • 46 IP addresses reported changes that were caused by an ISP, such as injected advertisements and modifications to reduce network traffic.
  • 125 IP addresses were using proxies that caused them to be vulnerable to cross site scripting attacks.
  • 3 IP addresses were affected by adware or worms.
I’m curious as to how this test would fare in Singapore. Are our local providers editing the pages we request on the fly? So here’s what, just for fun,
  1. Perform the test by visiting the page
  2. Then, visit this page on the linuxNUS Opensource Wiki to record your results
Let us know how it went!

comments powered by Disqus