
Can an ISP do this? I'm no security expert, but this looks like a MITM attack - ugpub
https://imgur.com/a/cX9Dj
======
ugpub
OP here. This ISP is pretty famous in several areas in my city (Bangalore,
India). Can they legally do this? Isn't my browser sending each visited-
domain's cookies to my ISP now? For example, one of the screenshot-ed sites is
a very famous e-commerce site here. Doesn't this pose a security risk? I have
no idea whom to complain to.

~~~
selectnull
> Can they legally do this?

You should ask lawyers in your country about that.

> Isn't my browser sending each visited-domain's cookies to my ISP now?

Yes, but that's not different even if they didn't hijack your sessions.
Everything goes thru your ISP, so in any case, they see everything (not just
cookies) that goes thru http.

> Doesn't this pose a security risk?

Yes.

> I have no idea whom to complain to.

As first measure, complain with those sites and ask them to implement and
enforce TLS and move all traffic to https. That way your ISP doesn't see your
traffic and can not MITM you. Then, complain to your ISP or even better find
new one (after you complained to them, vote with your money).

Btw, TLS is really first solution (but not the only and last) to this (and
many other) problems on the web.

------
i0nutzb
Not really MITM; this looks more like a DNS hijacking.

Some providers put this kind of stuff in one of the following cases:

\- you didn't paid your bills;

\- they have new offers to show you;

\- they are just jerks.

~~~
chatmasta
It could be MITM. Note the lack of HTTPS on any of the affected websites.

@ OP, what happens when you browse to
[https://www.stackoverflow.com](https://www.stackoverflow.com) ?

~~~
ugpub
I get a certificate error.

~~~
chatmasta
What sort of error?

Regardless of whether it's MITM or DNS hijacking causing the issue, it's
clearly your ISP doing it.

