
Ask HN: My ISP is injecting code to pages. What measures can I take? - bbayer
Today I saw a strange pop up entitled with logo of my ISP while I was browsing a random page. First I thought it was an ad added by site owner but when I check closely it was even on an another pop up. I checked the source and saw that it was clearly coming from somewhere else. An iframe added to page by using a JS script that sourced from direct IP address. No domain, just an IP and path. I am sure it wasn&#x27;t part of site because iframe was just a static page. It doesn&#x27;t contain any tracker links that can be seen every ad today. When I refreshed the page, pop up disappeared.<p>This page could be my mail or bank account or anything that might contain private information. Is there any practical way to prevent something like this?
======
richinfante
> An iframe added to page by using a JS script that sourced from direct IP
> address

This can kind of page tampering happen if your connection to the website is
not encrypted ([http://](http://) instead of [https://](https://))

For practical defense against this, you can install the HTTPS Everywhere
browser extension: [https://www.eff.org/https-
everywhere](https://www.eff.org/https-everywhere) which attempts to redirect
you to secure versions of websites.

If there's no secure version of the site available, there's not much you can
do to prevent this besides changing your ISP or using a VPN, however this just
moves the trust issue to a different entity.

------
noonespecial
>This page could be my mail or bank account or anything that might contain
private information.

They should not be able to read or inject into any URL that starts with
[https://](https://) so your mail, bank, paypal etc should be OK.

That said, any tampering at all is a really sucky thing to do. If you can't
switch ISP's I'd get a VPN subscription somewhere and send all of your traffic
through it.

~~~
rbanffy
Also, add a plugin that forces https everywhere.

------
uberman
It might help to ensure your DNS is not provided by your ISP. You might also
want to look into a "VPN".

