
Spectrum injects JavaScript into unsecured webpages to show copyright notices - jzebedee
https://gist.github.com/jzebedee/7c5000779cd131df2498a3e6d041991c
======
jzebedee
I was surprised to find a Spectrum notice tacked onto an unrelated HTTP site
this morning. It looks like Spectrum are editing customer traffic to inject a
DMCA notice page that loads their own unsecured scripts.

Other ISPs like Comcast have done this in the past[1], but this is the first
time I've seen anything like it from Spectrum, who normally keeps their
hijacking limited to ad-riddled search pages for failed DNS lookups.

I use HTTPS Everywhere[2] and rarely visit sites delivered over HTTP, so I
can't say if this is happening only on unsecured pages or everywhere.

[1] "Comcast injects JavaScript into webpages to show copyright notices to
customers"
[https://news.ycombinator.com/item?id=10592775](https://news.ycombinator.com/item?id=10592775)

[2] "HTTPS Everywhere" [https://www.eff.org/https-
everywhere](https://www.eff.org/https-everywhere)

