If I go to their supported modem page, I literally get a page where my current modem is shown as not supported, and the exact same modem is shown next to it as "supported."
I'm calling Comcast, and if this isn't immediately resolved I'm filing a fraud claim with the Illinois attorney general. This is the third or fourth time I've had a supported modem that Comcast has claimed isn't supported, and I'm sick of jumping through hoops getting this resolved.
Every time this happens their customer service reps tell me that the only way to avoid this is to use one of their modems. I'm sick of this. What a terrible company. Fix your shit before you start injecting garbage into the websites I visit.
edit: Proof https://imgur.com/lzKBkMs
I will admit that it is clever, but this should be transparent and customers should not be subsidizing the cost.
There is not a reason to access and modify your private data. This is not some kind of out of band multiplexed signal, they are reaching into your applications and changing their behavior.
There are other ways to communicate with people you have a billing relationship with already in place.
I've used my own DNS servers before. I have no problem making DNS queries to 22.214.171.124, and in fact I switched my PC to use it one time when Comcast DNS was down.
Overall, I’m rather happy with my current setup. I bought the most recent SB modem available at he time, got an Edgerouter and a Unifi AP. Took a few minutes longer to set up than a netgear or whatnot, but was able to use POE to put the AP in a far better location (it’s actually under my sofa instead of the closet where all my wiring goes) and have had a far more reliable and customizable experience.
It took a moment to realise you didn't terminate and stay resident.
Source: Tried to get away from VZW for a decade now - international roaming always being the ultimate decider.
Curious who you've found to be better.
Verizon has always been that shit-tier company ran by borderline criminals which happens to have the far superior network and hard product.
At home (Boston Ma) sprint is good enough to online game and stream at the same time. I lost my comcast connection for several hours recently, and tethering to my phone resulted in less latency...
Edit: This is on Sprint's unlimited plan (around $50 a month for 1 line, $25 per line for 4 lines)
Can you please explain to me how you think this is a thing? Are you really that concerned about the extra watt or so of power usage a virtual SSID uses?
Or are you operating under the misconception that this somehow impacts your bandwidth allocation?
It's by far the most innovative and awesome thing Comcast has ever done. And they get ultra-hate from people who should absolutely know better.
The single and sole complaint you could have here is spectrum utilization.
I don't use comcast so I do not personally know if they charge for excessive data usage, but I know cox does.
Besides the point of potential cost, why should a user who is paying for the service subsidize comcast. They are not getting a discount for offering the wifi to customers.
Why should a customer pay to add value to comcast? They aren't getting a discount if they enable the service.
Last I played with it, I could get an additional 35-40mbps or so out of a typical 100/25 comcast connection in my area.
For you. Not the public wifi network that is served before it hits your LAN. This is what I meant by my original post - there are tons of misconceptions on this.
Your ratelimit is not effected either, at least not any more than your neighbors do who exist on the same headend as you.
> why should a user who is paying for the service subsidize comcast.
How is it subsidizing Comcast again? I just don't see this point - the only possible way you are subsidizing it is with increased spectrum usage (which is a valid point) and perhaps additional power usage - but we're talking pennies per year if it's even measureable.
Tower space? This sort of product wouldn't exist without it.
I think it's confusion on where customers think or feel the demarc is. The ethernet port on the modem is your demarc, not the cable entering your house. If Comcast did something to alter and/or impact traffic after
> They are not getting a discount for offering the wifi to customers.
Of course they are? You get access to everyone else running the same AP in their homes, so when I travel I don't have to worry much about broadband access. It's especially great at airbnbs with broken internet - I can simply use the neighbors xfinity AP. It's actually an incredibly consumer-friendly thing we used to speculate on in the late 90's and early 00's when wifi was just starting to become a thing.
I do agree it should be something you can toggle in a user interface, but turning it off should remove your access from the xfinity wifi pool. I also completely understand why it's not optional - due to the ignorance shown in the thread. Most consumers think that me torrenting on the Xfinititywifi AP is somehow impacting their data cap and/or throughput. It's not, and even highly technical people continue to perpetuate this myth.
I'm about as anti comcast as they come - but this is one of the better more consumer friendly things any ISP has done, much less Comcast.
The extra access point doesn't count towards your data cap.
I don't care if the issue is bureaucracy, incompetence, or greed, but I know filing lots of complaints with regulatory bodies generally solves the first and the third issue well, and motivates companies to fix the second issue too.
Getting support after a while wasn't working (to be polite he was getting the runaround), but the FCC complaint got their attention and got the issue resolved. This was with the previous administration, which was was more sympathetic, but still worth a try.
You should talk less and file more.
Philadelphia, one of the most corrupt cities in the United States, had a very interesting character - at the time he was the Inspector General. Looked like Robbie Lewis from Inspector Morse. Quiet. Really nice guy. Bar none, he was the most feared person the city. His motto was "It is never an overkill to use a nuclear weapon to kill a mosquito - it is an insurance policy. Mosquito dies"
Comcast makes it very difficult to get support if you don't lease one of their modems. Literally every time I call they insist that the problem is my modem, and of course it never is. All of my issues have been either outages or congestion-related, but Comcast reps can't fix the former and will never admit to the latter. So instead they blame your modem and ask for 10 bucks a month to lease a modem from them.
If you look at the far right device you see a non-EOL SB6121. The one on the left that is EOL is the leased one, and the retail one is still allowed. I'm not sure if you have a leased device or retail device.
> [JL] We are not trying to sell you a new one. If you own your modem we're informing you that it is either end of life (EOL) or that you are about to get a speed upgrade that the modem will be unable to deliver.
Incidentally, Livingood is a co-author of IETF RFC 6108, which he has conveniently linked. From the RFC's general requirements numero uno:
> R3.1.1. Must Only Be Used for Critical Service Notifications. Additional Background: The system must only provide critical notifications, rather than trivial notifications. An example of a critical, non-trivial notification, which is also the primary motivation of this system, is to advise the user that their computer is infected with malware, that their security is at severe risk and/or has already been compromised, and that it is recommended that they take immediate, corrective action NOW.
As composed as Livingood's response was, a modem at EOL and/or incapable of supporting an incremental speed upgrade doesn't strike me as critical. To be sure, Comcast is scheduled to increase speeds by 12/19 (at least in my region): 10Mb->25M, 25M->60M, 75M->100M. Although I disagree with Comcast's method and categorization, it would be interesting to learn what modem the OP was using.
It would also be interesting to learn if the OP received this message on multiple instances. If yes, it would be in violation of its own requirement--in particular, R3.1.8. User Notification Acknowledgement Must Stop Further Immediate Notifications, which itself is contradictory in its use of must and should:
> Additional Background: Once a user acknowledges a critical notification, the notification should immediately stop.
EDIT: Apparently, Livingood is an executive.
We start telling customers that a modem needs to be upgraded when one of two things happen: either they are about to or just had a speed upgrade that their modem cannot support or the modem has gone end-of-life (EOL) from the vendor.
In the former case, if the device is leased, you are send a new one to replace the device and just have to basically say ok. In the latter case, it is a customer-owned device so the customer is asked to go buy a new one someplace (e.g. Amazon, BestBuy).
And in the EOL case, the vendor may have gone out of business or shut their cable modem business down, or otherwise decided to no longer support the device due to its age. That of course means that if a security issue came up, as they do, that the vendor would not be able or willing to provide a software fix for the device. So it's best to get the ball rolling to get those devices replaced when that occurs. Most of our EOL devices today are DOCSIS 2.0 devices (10+ years old), which can only do a single upstream and downstream channel (no channel bonding) and 1st generation DOCSIS 3.0 devices (5 - 8 years old).
Second, I am a Comcast customer who will never see these messages precisely because you do things like MITM unprotected traffic. Because I can't trust you to leave my traffic alone, all my traffic is tunneled.
So at the very least, if you feel this is a critical service you are offering (as implied by the RFC), you need an alternative communications channel for people like me who don't permit this one. Snailmail is fine; you try to upsell me constantly through that channel already.
The same thing happened on Netflix ...
This is exactly why Comcast is still the most hated company in America , and the only reason you have any customers is due to the monopoly deals of dubious legality you or your acquisitions bribed local officials to create back during the infancy of cable. We hate you, but we don’t have any choice.
It’s worth noting that government regulation created Comcast by allowing long-term monopoly contracts with municipalities. Remove the regulations which prevent competition in local internet and TV services; don’t add more regulations.
Also, most games I have played seem to use HTTPS. The only time it is used is when the game does not need an instant result, in which case they use HTTP or HTTPs. Most of the times, this is in the main menu or similar. Doing this makes it even harder (assuming they use certificate pinning) for users to change the values returns to gain any advantage on their client.
Any part of the game that needs speed should be using a UDP based protocol.
I recommend you add your primary email address. You can do this via the self-service portal.
Go to https://customer.xfinity.com/#/settings/account under Account / Settings / Contact Information. IIRC you are sent a confirmation email you have to act on before it takes effect.
Implying you’d probably miss it and, if not you, the customers they’re trying to reach.
I don't think there's any fault in logic in presuming that the best way to make sure a customer receives a notification is to insert as near to their known-active stream as possible. I don't condone altering that stream, but I think it would be nice if they could send a page, potentially at the browser or OS level, exclusive for system control and status messages (no sales, marketing, billing, or collection messages allowed).
I had tried calling customer service to see if they'd give me a new bundle but they told me they were only for new customers, so I switched ISPs.
Anyways, when I went in store to return the equipment, the guy I spoke to told me to not bother with phone support but to instead come in store or call him directly (he gave me a business card) since he can get existing customers bundled rates that the phone reps can't.
While I had the choice of ISP many don't, I'd definitely recommend going to a store location where you can talk face to face with someone in your area and see if you can't get a contract at a better rate than you pay month to month.
Why would they not maintain a clean marketing list!?
I don't mind the anon downvotes though, it's par for the course anywhere.
However, the supported device list  shows that it's still an allowed modem to use for a e.g. 200mbit connection. A user that's looking to purchase a modem isn't discouraged from getting one from Amazon.
Since Comcast considers it EOL, any interaction with Comcast support includes the stipulation that it's likely the modem that's causing the problem, and the customer will be liable for a surcharge if a technician decides it's the modem causing a problem.
For a brand new modem, purchased from Amazon right now.
There seems to be a disconnect between EOL for the purpose of leasing a modem and EOL from the vendor.
As another comment points out though, I'd also like to understand why it was decided to comminate by injecting JS into pages people are visiting rather than following a more traditional communication channel like snail mail. I assume that this solution scales better and has get immediate $ attached. However, it also seems obvious to me that it reenforces brand image and political issues people have with your company.
I get that's problematic for your modernization efforts, but in that case: eliminate modem rental fees. Bake the fees in to the standard cost of the service and don't let customers use their own equipment. I understand that non-cable competitors don't have this cost to shuffle around, and that this will mean you are forced to either A) raise prices publicly or B) have lower margins. That's your problem because of your technology legacy; don't pass the misery on to the customer.
While you're at it, offer two hardware choices: one with, and one without routing/wireless. I refuse to run a wifi network in my household for your other customers and expect complete control over my LAN configuration.
On the topic of injection: I get that you don't think it's immoral, but hey, 1) most people who understand it think it is totally unacceptable. And 2) the window for this approach is rapidly closing for you as the web moves to SSL everywhere. Give up on this approach now and save face.
I love how it's in the interests of public companies to brag about how successful they are. When I see a comment like this, I like to checkout the most recent 10K. According to Comcast's stated figures, they made $8.7 BILLION last year. So, they're doing pretty well. Now, obviously, they can't just give the modems away, but if they would at least STOP BILLING THE CUSTOMER for a leased modem after their costs have been recouped, that would be a HUGE public-relations win.
If we all could buy the modem of our choice, over time, say, amortized over the length of your contract, and then RELIABLY stop getting billed for it, I'd LOVE to just buy it through them. I'd argue that the reduced support costs for NOT BEING RENT-A-CENTER JERKS about the modems would save them a lot of money in the long run.
As a website owner you should have the right to verify all code that will run on your website to be sure that it won’t cause issues since only you have the context needed to make that call. What if there’s a global DIV selector that hides the close button, the website visitor is screwed! And they’ll just think it’s a problem with your website.
3.0 spec does up to 1.2Gbit/sec, just like Comcast. You know up to 200Mbit/sec, which is more like 20 because of all the "extreme complexities of the internet service".
At the very least, you have customer addresses. You should also have phone numbers and email addresses. If you have a way to bill customers, you have a way to contact them.
Injecting JS into HTTP sites is disgusting. It violates both the user's and the site's expectations and is entirely unnecessary.
There is no ethical excuse to ever inject code into a webpage.
Your own argument about it being critical is false or sophistry. If there were wildfires coming to burn someone's house down..that might qualify as critical. Not this, and deep down you know it.
You should be embarrassed to attach your name to such an obviously poor decision.
If a fellow community member has a first-hand involvement with a situation under discussion, such as working for a company that some people are mad at or does some wrong thing, we're all responsible for reacting responsibly. Otherwise bad things happen, such as first-hand observers being scared to post because they'll get lashed out at, and the already-weak community bonds we have here getting weaker. We all know what the culture of online shaming has led to and it's all our job not to do it on HN.
This is, in and of itself, a blaming statement. Blaming statements, such as the one contained in the comment you replied to, are a result of a) dissonance and b) inability to resolve the dissonance.
It is, in fact, unknown what the culture of online shaming has led to in our society. In fact, I'd hazard "shaming" online is actually just raw blame provided by some rationalized thought process driven by Internet interactions themselves, not the people reacting. See This Video Will Make You Angry on YouTube for context. Screwing with people's Internet in contextually what could be considered "wrong" behavior becomes highly polarizing. In as much as someone coughs because they smoke, people blaming is a result of a larger problem, perhaps related to the fitness of memes and some people's weakness in being hacked emotionally by memes with higher sophistication. Again, that problem is noted by the dissonance and inability to resolve it, but the behaviors emerging from those who are "infected" by the thoughts are not exactly theirs to bear alone. We blamed the tobacco industry for smoking. Why can we not blame the employees who are providing the rationalizations for bad behavior? One might argue that they shouldn't be blamed because they have no choice in the matter. It may be their job to argue otherwise for the company.
The irony here is that vast majority of the denizens of HN are likely responsible for creating most of the "mess" we're in today by writing software without considering the long term effects on consciousness and perception of reality. That "mess" would be defined as means, by algorithms or neural networks, to attempt to exploit weaknesses in human nature to spread other's beliefs in a unnatural way. Growth hacking. In some cases, like Comcast, those beliefs are rooted in sophisticated rationalizations which sound good when limited in scope. But! I don't care what anyone says about it, changing the content of a page which, when requested from one place returns one thing and when requested from another (which ones pay for I might add) returns another thing entirely is a violation of TRUST. At least it is to me. I like consistency in my data.
If one of the "members" of this group we call HN wants to make a blaming statement against someone who is defending this irrational logic, then I say let them blame! How else are we to uncover the dissonance and solve it? Or, perhaps, that dissonance is desired to be left in place by our complicit behaviors trying to be "nice" to each other.
I've suggested before social media sites could benefit from a "this is a blaming statement" flag on articles or comments. I stand by that assertion today. Logging back out again. Thank you for all the hard work that goes into running this place.
...unless it's for adblocking...
Although I do that with a MITM proxy locally (and thus filters everything on my LAN), it would certainly lead to a very interesting situation if an ISP decided to do it...
Way too much non-spam disappears down overeager spam filters, which most people only check if they are specifically expecting some particular mail and it does not show up as expected--and even then many won't check their filters.
An ISP could white list their own mail in their spam filters but that would only help with the customers who use their ISP provided email. A lot of people use third party email providers instead and never use their ISP email.
I will at least _glance_ at my email.
For critical service info I'd want SMS personally, from a verified number with a link on the company main domain to verify the info.
Is that the idea here?
Or does this efficacy come at some cost (namely, the sentiment behind this thread)?
You know it's actually an important piece of mail when the envelope isn't imploring you to open it.
More work, but way less scummy.
In either case, the argument does not address the fact that customers recognize unsolicited packet injection as unacceptable ISP behavior. Without support metrics, we can argue all day about the efficacy of one method of delivery over another, but the fact remains that no sensible user would perceive e-mail and/or post of official notice from their ISP as overtly intrusive. With as much internal advertising as Comcast distributes amongst its existing customers, it blows my mind that official notice generated from boilerplate and delivered via snail mail would fail to achieve the intended goal.
To be sure, your pre-edited comment:
> Surely showing up in-person at their door must be an even more effective "reminder" than the browser injection! Is that next?
This standard seems like a terrible mistake. Isn't this exactly what malware creators want? To condition users to click the browser pop up that says "YOUR COMPUTER IS INFECTED WITH MALWARE, CALL THIS NUMBER/INSTALL THIS HORRIBLE THING TO FIX IT?"
Why on Earth would anyone issue a standard that says that ISPs should deliver that kind of notification, thus training consumers to believe them?
When used by practicing engineers as a low-overhead way to document interoperability requirements for working software, it's been fantastically successful. But it also lends itself to this kind of pseudo-fraud "standardization" by less ethical players.
Bottom line: an "RFC" means nothing per se. What matters is whether the community wants to support it. So RFC7540 is an important standard everyone agrees to support. RFC6108 is garbage.
This should be ILLEGAL, I don't give a crap about "getting the government out of our lives", well guess what, they need to step in and prevent these slimy "business" practices from happening or punish the corporations trying to exploit their captive audience.
Exactly. And the response, "we're not trying to sell you a modem, we're just encouraging you to strongly consider buying a new one" is such a hair-splittingly asinine response considering the rather serious breach of trust posed by the notification system.
Making up quotes like this is against HN guidelines (and common decency).
Moreover there's nothing in the guidelines about "making up quotes" (which again isn't a reasonable interpretation of what that is), whereas there are actual, explicit guidelines against addressing yourself to unreasonably interpreted versions of other people's comments.
You're right that it isn't explicitly mentioned in the site guidelines, but those aren't a list of proscribed behaviors but a set of values to internalize. I'd say "Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize" covers this case pretty squarely.
And virtually anyone in any argument could insist, tediously, that those disagreeing with them have failed to interpret with sufficient charity.
But it's one thing to note that as a hypothetical possibility, and another entirely to point to something that's actually a clear cut offense. I don't think I twisted or misrepresented anything, and no one seems to be suggesting the anything was actually misrepresented or misinterpreted so much as they're using this occasion as a jumping off point to litigate the abstract principle. Which I don't think is a constructive use of anybody's time, which is why this is a bad norm that shouldn't be observed.
No, that is what I'm suggesting. Your comment reads as a quote. After reading it, I went to the linked page and looked around for the context. Turns out, there was no context for that quote, because it's not a quote, because those words aren't actually in the original text.
I'm asking whether, even a person who wasn't making a reasonable interpretation of what I was saying, would have been misled by the way I characterized Comcast's position. Is there a significant difference between the way I phrased Comcast's position on whether or not they were exhorting their customers to purchase a new modem, and the way they actually phrased it? Because I don't think there is.
You're spending a lot of time prosecuting this point, and requiring time to be spent by others who care about HN being better than other online communities.
Whether or not some hypothetical person not making a "reasonable interpretation" would have been misled, or whether it's reasonable that a reader had to spend time searching for the quote to verify it to realize that it was not actually a quote (and how many others would have bothered to do that), are matters that we could spend many more hours debating.
Or, you could just accept that it's better to refrain from misquoting people in future and we could all get on with our lives.
All it would have taken you was to preface the "quote" with something like "the response, which effectively amounts to saying...", and it would have saved everyone the bother.
C'mon, is this really a hill you want to die on? Maybe let it go :)
I got bit by this a bunch when I first got on HN; it was surprising to me how seriously it was taken. But it is, and it's not hard to work around.
> The gist of the HN community's opinion is, "don't use quotation marks when paraphrasing."
> Lately the Democrats approach has been, "oppose Trump at every turn."
However, when paraphrasing a specific individual, it is frowned upon at best, and considered intentionally misleading at worst, to put paraphrases in quotes.
> pvg said, "I don't care what HN thinks, I'll do what I want."
> pvg continued with, "no one else cares what HN thinks either."
Contrast that with,
> pvg said that "only harcore lispers" care about how paraphrasing works.
In the last example, you can clearly tell the direct quote from the paraphrase. This is very important when communicating someone else's ideas.
Regardless of hard and fast "rules" of punctuation and grammar, you have a large number of people calling your writing misleading, confusing, and inaccurate. Clear communications should be the goal of any writing; wouldn't you be best served by hearing and incorporating this feedback?
 MLA: "Paraphrases and summaries do not use quotation marks" - http://www.lmu.edu/Assets/Academic+Affairs+Division/Academic...
 Purdue: "Indirect quotations are not exact wordings but rather rephrasings or summaries of another person's words. In this case, it is not necessary to use quotation marks" (note that no example of indirect quotations include quotation marks) - https://owl.english.purdue.edu/owl/resource/577/01/
 "But then there's a long slide through confusion and bias into intentionally misleading quote-mangling and outright fabrication" - http://www.slate.com/blogs/lexicon_valley/2013/10/17/gay_tal...
A lot of zeros and ones are being spilled on behalf of the abstract principle how quotes can be hypothetically used abused and interpreted, but none of the 40+ comments beneath my now-flagged paraphrase of Comcast's statement is actually arguing that my paraphrase was in any way distorting or misleading.
So I question the value of this norm, if the practical way it tangibly cashes out is in the form of extremely long derailments substantively unrelated to the the comment that caused the rule to be invoked.
It's just a dumb, arbitrary rule. It serves no purpose beyond facilitating righteous rebuke. You can make a better rule dealing with the underlying behaviour while oxygen deprived from screaming at dang about HN's political bias.
> not how writing or paraphrasing works anywhere else
That's simply false.
If you want to use Reddit et al as your standard reference on the use of language and punctuation, have at it. But you can't reasonably expect every other forum to use that lowest common denominator. Railing against simple, longstanding house rules like this is just pointless contrarianism.
In terms of what contexts one should keep in mind when interpreting comments with good faith to come to a most reasonable interpretation of what they are saying, the way language is used on reddit is probably a much more reasonable benchmark than MLA style guides.
No, it isn't. I'm saying what somebody else is saying, in their voice. This goes in quotes, because it's someone else's speech, even if it's my version of their speech. The fact that they didn't actually say it comes from context. Punctuation is not semantic markup.
This doesn't come from reddit, it comes from, you know, the way people actually write. The fact that it requires repeated and lengthy explanations is a pretty decent indication it's not how anyone else writes.
Now, I think that it’s a fair argument that a web forum needn’t have the same formality as other written word, but your assertion that “it’s not how anyone writes” is clearly untrue.
And just as a single data point, I expect when someone uses quotes even on the web that they are asserting a verbatim quote.
I certainly default to assuming it does and in many contexts it is an explicit rule.
I don't understand how you've refuted that while also saying they sometimes don't. Are we arguing about contexts here? My claim is almost trivial - nobody reasonably familiar with English thinks quotes imply a verbatim quote. That's just not what quotes are for.
Getting back to the actual point, in formal writing, quotation marks are definitely considered to delimit actual quotes. That's where their name comes from and that's their purpose. If you want to paraphrase or otherwise interpret what was said you just work it in without quotes.
Personally, I relax my expectations in informal contexts if I don't know the person or their writing habits, but I'm just being pragmatic. In other words, the rule doesn't change, it's just not always followed.
That your position is that I’m in the minority on this is doubly surprising to me given that’s what all the style guides and my high school English teachers taught me.
"In English writing, quotation marks are placed in pairs around a word or phrase to indicate:
Quotation or direct speech: Carol said "Go ahead" when I asked her if the launcher was ready.
Mention in another work of a title of a short or subsidiary work, like a chapter or episode: "Encounter at Farpoint" was the pilot episode of Star Trek: The Next Generation.
Scare quotes used to mean "so-called" or to express irony: The "fresh" apples were full of worms."
Even 'direct speech' is at odds with 'verbatim quote' and that's the first thing there. Direct speech can be completely made up.
"AP, MLA & CMS" are an absurd counterpoint that falls well within 'that's not how anyone writes'. They are, if anything, lengthy exceptions to how anyone writes.
It's a deeply silly argument and my point is 'an internet messageboard should not be regulating punctuation'. It should, as this one usually does, try to regulate behaviour.
(For what it's worth: this little subthread is about 10x more interesting than the story and the rest of the thread it's attached to).
Don't be an ass.
Don't call other people asses.
Don't complain about votes.
Some weird thing about quotes we can't even sort out as well-intentioned nerds who love to talk about rules.
I don't think that's a good rule. I think what it's trying to address is probably a good rule. But it's addressing it in the dumbest possible way.
That's fine, when you're writing fiction. But in most online forums, fiction is frowned upon.
Still, it would have been clearer to say something like "Exactly. And the response, which amounts to 'we're not trying to sell you a modem, we're just encouraging you to strongly consider buying a new one', is such a hair-splittingly asinine response considering the rather serious breach of trust posed by the notification system."
Also, for what it's worth, I do agree 100% with your argument there :)
However, I think (1) few are as lucid as you on that particular point and (2) whatever the merits of this as a general debate, and I think there is some merit, I think the question is whether this norm improves conversation in a thread like this. I think it was invoked frivolously, spawned a long, 50+ comment chain, and it didn't clear up any of the confusion that it seems like the norm is supposed to be designed for.
As more Comcast customers receive JS-based notices like these injected into their normal web traffic, any enterprising jerk can clone the message, change the links to point to their own phishing site, change or omit the phone number, and snag a whole bunch of unsuspecting Comcast customers.
To be a devil's advocate, Comcast customers have been phished before via email too:
...and then there's the various phone and even door-to-door scams, but I'd consider the latter to be much harder to do.
Well, what I meant (within the response length constraints of Twitter) was that we're not saying you can only buy it from us. Just that the customer needs to buy it someplace. That way a customer can do as the wish - ranging from buying a used one on eBay to getting a new one from Amazon or Best Buy.
Ultimately the objective is to ensure a customer is on a device that can (1) deliver the performance for which they pay and (2) is up to date technically (i.e. supports IPv6 and channel bonding) and is supported by the vendor (i.e. software updates & bug fixes).
One of the big risks we have to help mitigate is when a device goes EOL, which means no more software updates, and a security or significant performance issue arises in the future. By proactively beginning the replacement process this helps minimize any future impact when it is a major issue like that. So taking action gradually on a proactive basis prevents a more severe impact later on. In many cases, these are DOCSIS 2.0 devices and that technology and often the software is from 2001, the same year as the 1st gen iPod and when Windows XP was released.
Eventually a modem will go into End-of-Service (EOS) status. At that point there is a definite date/time limit for the device, after which it is de-provisioned from the network and the customer must replace it to continue service. This has been the case in the past with DOCSIS 1.0 and 1.1 devices for example, after years of work to encourage customers to replace them.
See also https://www.xfinity.com/support/articles/end-of-life-devices
and the start of the EOL/EOS process for DOCSIS 1.1 devices https://www.dslreports.com/forum/r27473499-Speed-Heads-Up-Ti... and https://www.dslreports.com/forum/r28497383-Speed-Upgrade-You... and https://www.dslreports.com/forum/r30524429-Equip-Reminder-Pl... and https://www.dslreports.com/forum/r30450278-Speed-Heads-Up-Ti...
Unless I’m misunderstanding, this was not causing such a problem. Casting it as a customer good is rhetorically amusing, and probably holds water with people who are predisposed to agree with you, but I can make any number of morally bankrupt decisions using exactly the same logic. You have simpler ways to deliver this message, that do not cause nearly as much harm to your customer and do not require you to intercept and modify their traffic.
And mail pieces don't produce the potentially rather widespread indignation that traffic injection does. Granted, I don't see the harm in it that a lot of people here do. Unencrypted traffic is unencrypted traffic - open to tampering by anyone, not just Comcast, and for many less innocuous reasons than the one for which you've chosen to do so. But with Let's Encrypt, browser manufacturers, and friends leading the charge toward TLS everywhere or as nearly so as is practical, and with most sites that most people use already employing TLS, the attack surface is closing for even an other-than-innocuous variant of your notification methodology. Of course, that also means that that methodology itself is reaching a natural end-of-life, as it cannot work anywhere that TLS exists, and the majority of the web where it does exist continues to grow. If this low-latency notification scheme is of unique value to your business, then now is the time to consider replacing the outdated technology that underpins it with something which will continue to work reliably over the next decade or two.
All that said, I appreciate your decision to engage in this forum. That's unprecedented in my experience from someone in a position like yours, and I wouldn't mind seeing more of it.
Lots of reasons, including years of experience with response rates for particular types of messages / calls to action. Clearly one particular communications channel won't work for everyone - each person has their own preferences. One of the things we're working on is to better enable you to control just that - basically one person may ask for SMS messages, another alerts via their mobile app, another via email, another via phone call, etc. You can see the beginnings of that in MyAccount / Settings / Communication & Ad Preferences.
> But with Let's Encrypt, browser manufacturers, and friends leading the charge toward TLS everywhere or as nearly so as is practical, and with most sites that most people use already employing TLS, the attack surface is closing for even an other-than-innocuous variant of your notification methodology.
Agree. And more TLS is better IMHO. I also like the work that Let's Encrypt has been doing - they've had a really big impact on the adoption of TLS. (See also http://labs.comcast.com/innovation-fund-spotlight-lets-encry...)
> Of course, that also means that that methodology itself is reaching a natural end-of-life, as it cannot work anywhere that TLS exists, and the majority of the web where it does exist continues to grow. If this low-latency notification scheme is of unique value to your business, then now is the time to consider replacing the outdated technology that underpins it with something which will continue to work reliably over the next decade or two.
You bet - totally agree! One of the places we're engaging to try to do that is in the IETF's CAPPORT working group and I think the charter describes reiterates all the points you made: https://datatracker.ietf.org/wg/capport/about/
> All that said, I appreciate your decision to engage in this forum. That's unprecedented in my experience from someone in a position like yours, and I wouldn't mind seeing more of it.
My pleasure & thanks for being a customer that's willing to offer constructive criticism. :-)
The fact that Comcast has and abuses its monopoly is bad enough. That you would try to standardize your abusive behavior is appaling.
This reminds me of the part in Romeo & Juliet where Sampson says "I do not bite my thumb at thee, but I do bite my thumb."
Here's what a customer should do:
Just file a complain. Via snail mail. To the FCC. Include screenshots of VP explaining how this is all ok.
After that the customer should enjoy the show. I'm sure at least the customer is going to be provided a top tier service for the rest of his life in any comcast service region. Most likely for free.
This is how one teaches companies to behave. He or she finds a pressure point and exploits it. It does not matter that the opponent is 350lb gorilla. Small joint manipulation by a 95lb girl puts that gorilla on its back. For Comcast, VZ, etc that pressure point is a snail mail complain to the FCC. For national banks, it is the OCC. It works every time it is tried. What does not work is bitching about it on HN.
I live in France and use Orange as my fibre provider. 1 Gbps/250 Mbps without constraints. I used to have Free which was great but did not offer fibre when fiber was installed. I switched to Orange in 5 min via a web page. I have another possibility (SFR) but they are despicable liars and for this reason alone I scraped them.
This is France, where competition is not a national sport so I was expecting the US to have 5 other companies banging on the door.
The BBC had an article about this a few years ago . Basically the highly regulated countries had cheaper and faster internet.
> Rick Karr, who made a PBS documentary in which he travelled to the UK to find out why prices were lower, says that the critical moment came when the British regulator Ofcom forced British Telecom to allow other companies to use its copper telephone wires going to and from homes.
> But US regulators took a different approach. Rather than encouraging competition between operators using the same network, the US encouraged competition between different infrastructure owners - big companies that could afford to build their own networks.
> Some believe that UK-style regulation is bad for competition and innovation, however, and suggest that the US is already one of the world leaders in broadband.
I’m prone to suspicion of their business practices too, but every one of the Comcast technical staff I’ve met, from Jason down, has been an excellent person deeply committed to the best mission of a telecoms company, enabling human communication. Is that a marketing campaign? Yes, but as far as I can tell it’s an honest campaign of showing the world who they are and what they care about.
The US model is closer to US railroads model, although not entirely accurate, analogy; largely privately owned with some govt owned, funded by large infrastructure companies that charge customers for usage and also due to infrastructure costs are rarely duplicated in close proximity. It's had issues with off and on regulation, profitability, localised monopolies that have a tendency to over charge when they can get away with it.
Suppose you were a major company with big dollars to spend on offering internet service... someone like Google, for example. Then suppose you wanted to provide service in Louisville, Kentucky. How many years do you think it would take to get permission to attach your lines to the existing telephone poles (owned by the city) if the local telephone and cable providers try to tie you up in lawsuits? What if the city's mayor was enthusiastically supportive, and willing to pass new laws and spend hundreds of thousands of dollars of the city's money going to court to permit Google to start offering service. It would still take years to get permission. Fortunately, this isn't one of the many cases where state or local laws prohibit other companies from competing with the one local cable company, or it couldn't happen at all.
Now imagine it is anyone OTHER than Google with their huge warchest, legal department, public support, and local government support. It wouldn't get anywhere at all. If it did, the cable company would drop rates for a few years until the competitor went out of business, then raise them afterward.
The United States pays lip service to the idea of competition, but most of our politicians have gotten "competition" confused with "supporting big corporations". This is why internet service providing is a monopoly or oligopoly in nearly all US locations.
Example: the online marketplace for social, search, and email is stagnant for obscure legal reasons. We should identify these (copyright and the CFAA) and remove the barriers.
Megacorps have exploited core conservative values to guilt people into believing that they're commies if they refuse to write a blank check for any big company that wants one. We can make real progress, and it's important progress, by highlighting to Republican/conservative-leaning voters that selling their country to corporate raiders is not a pre-requisite for being pro-business or pro-small-government.
By no means do I believe that Democrats or liberals have clean hands on this. All sides deliberately ignore and subvert intellectual property matters because it is so dang profitable, and this affects "liberal" industries much more deeply than "conservative" ones. Copyright is fundamentally "big government", which more conservatives would recognize if the narrative around this issue wasn't so tightly controlled. And that's not to say that copyright doesn't serve a useful purpose at all, just that we should be cautious and wary about it.
Since bad political actors and profiteers actively and successfully cultivate tribal dynamics for their benefit, the tribal context and instinct can't be ignored. It must be worked within. Approaching a tribe as an outsider just causes them to raise their shields and ignore anything you say.
Good principles and values drive most actors on both sides of the aisle. Political alignment basically seems to just come down to which principles we prefer to favor/bias. Under that context, the need for balanced, inclusive dialogue is clear, and we should all be grateful for the diversity of opinion that keeps everything in balance.
Maintaining that diversity means working within the structures of human association to create authentic, grateful alliances built on that recognized need, instead of allowing others to abuse those same structures to provoke destructive animosities.
Some cities only have one existing fiber line even coming into them, usually owned by one of the local duopolies (typically phone, since they originally were required to offer phone service to everybody).
This gives incumbents an immediate advantage in terms of reaching customers with physical infrastructure, before counting any of the (admittedly fucked) politics involved.
I live in Washington DC, in the city, and I only really have one choice where I live, Comcast.
In NYC, in one apartment I had 3 or 4 differennt ISPs to choose from, RCN included. In my current place, I only have one.
The idea is to make it better for people, not corporations (which are not starving either)
I thought that AT&T was split once in the past to differentiate backbone and service providers - why not in the case of fiber?
So called unbundling was done, but in exchange, the backbone provider got a legal monopoly. Almost everywhere AT&T or Verizon lies fiber has competition, usually with a local cable company.
For an example, here's the page for Portland's agreements:
A former coworker was telling me the difficulty of getting a DSLAM installed in a high-rental area, like a Seattle neighborhood. The DSLAM install requires approval from 40% of the property owners, so you might write each landlord a letter, but the landlords aren't opening letters unless there is rent money inside. So installing a DSLAM becomes a political game of convincing the several hundred "rental-transient" people in the neighborhood to talk to their landlord. One of the reasons behind the "Ask your Landlord about Wave Internet" signs you see around.
 Renters often only plan to stay in a location through their current lease, and thus have less long-term concern over the area. In this way, transience destroys community.
"Those who comment" are far from a random sampling of the user base. It's entirely possible that 95% of users are satisfied "enough" with the service and yet nearly 100% of comments to be strongly negative.
I think sometime around 2008 I first saw them do it (I noticed NoScript blocking a script on a page that it wouldn't normally). If I remember correctly, following it to its source hinted that it was a test for some alert system.
In 2012 I saw them injecting a script to notify people that their email servers were down ( https://www.dslreports.com/forum/remark,27826161 ) though the paranoid in me thinks that was an innocuous way to test how acceptable altering traffic would be.
The escalation I've seen in the last couple of years is the ability being used for Cox customer surveys.
As far as I know they haven't injected anything into my SSL/TLS traffic... yet.
You say that as if it were even possible. Or are you referring to the use of SSL stripping?
HSTS preloading (or visiting a site with HSTS headers that you've previously visit) will protect you from even that.
The later specs allowed for floating channels based on channel maps, which allowed Comcast to bypass those degraded channels.
Note: I'm not an apologist, but I worked for Comcast and for a subcontractor. Comcast treated (at least in my opinion) their customers like wallets that called and complained, but under the subcontractor I saw that since they didn't rewire 100% of all networks purchased, it was common that the older lines were causing the degradation and also reflection on other RF channels sometimes on the other side of an area even.
Now if Comcast invested in their network as opposed to buying other companies and calling it investment, this might have been fixed, but that would be decades vs. having every modem that wasn't compliant to the new spec swapped.
The newer modems support more channels and newer modulation/technology. This isn't just about supporting newer speeds. In order for them to support those newer speeds for other customers they have to upgrade their equipment to support more channels and newer modulation/technologies.
At some point these older technologies are not just wasting resources by being less efficient, but are preventing the company from upgrading their equipment.
The reason I don't understand, is because it's common to see people complaining about the state of broadband in America compared to other countries. Yet Comcast is probably the most progressive as far as pushing the technology goes. Don't misunderstand me, I believe Comcast holds a near/total monopoly in many locations around America but at least they're progressive with their network and technology despite the lack of meaningful competition.
it's as easy as walking into a Comcast store and swapping it
I live about 6 minutes from one, and it can still be a multi-hour adventure.
or am I misunderstanding?
Do we, as a community, have any mechanism to detect if these sorts of attacks are occurring?
What will happen is someone at Comcast will notice that their injections aren't happening often enough anymore due to HTTPS adoption. Someone at Comcast will suggest implementing a MITM TLS proxy service to get things working again. Someone else at Comcast will note that wouldn't actually work because they can't install fake root certs on every client device...
Then Comcast will basically switch to a model where the HTTPS interception is "optional" (requiring the client-side use the proxy explicitly), but they'll start shipping some kind of "Comcast Setup" executable (or mobile app) users are supposed to run on their client laptops/phones so that they can get these important service notices, which turns on the client-side use of the proxy and installs the fake root certs. Geeks may not install it, but the bulk of their customers will, and everyone loses. I don't think broadband consumers are aware of the fact that they shouldn't trust software provided by their ISP...
That's my fear too. This has to be handled by other means and has to stop. If everything is HTTPS you can be sure it gets very unsecure by design, as everyone will upgrade its capabilities and inject you certs, than we would need a new more secure protocol.
Why is email still unsecure and sent in plain text? Why is there hype for HTTPS but everyone is fine with sending mail in plain text yet we have SMIME, etc and no one is using or supporting it.
> Do we, as a community, have any mechanism to detect if these sorts of attacks are occurring?
Yes, Caddy can detect whether a connection is being MITM'ed: https://caddyserver.com/docs/mitm-detection
It's the fact that the ISP is modifying traffic in-route, to inject something that was never intended to be part of the page, that is the problem.
I expect my ISP to be a neutral carrier of messages, not meddling and altering my mail to add whatever they happen to feel like adding today.
HTTPs is good, got it.