Hacker News new | comments | show | ask | jobs | submit login

> * This URL is relative, which means it will never actually reach its intended target (instead filling your web logs with this request)

It likely doesn't matter that the URL is relative. It contains a GUID to be unlikely to resemble any real URL, and it's clear enough that they are capable of deep-packet-inspecting all of your web traffic from the way this is already used, so they likely hijack any request to this URL path within their network to capture its contents, and return a 200.

I don't have Comcast so I can't verify, but it would be interesting for somebody to check whether that URL is masked for all Comcast users.

> That's right, this code causes every page served on your system to pop an AJAX request to the wrong URL every 5 seconds, as long as the tabs are open.

I can only hope that they infinitely hang requests to their special URL in the case that user is under the quota so that this is not true. But if it is true, and they are not perfect about masking the URL (edit: it seems like people below on this thread have seen requests to this URL in their server logs), this could be construed as a DDOS attack by Comcast on every owner of an HTTP server via their own customers.

brokentone comments below that they've seen the urls in their production logs. I don't see it in any of mine but I'd be willing to bet that a company writing JS that bad would probably screw up the rest of the process too.

Surely a class action against Comcast is in order here? They're charging everyone for bandwidth they're not using.

That's likely to happen even if Comcast are using DPI to intercept the requests due to users moving between Comcast and other internet connections.

I can confirm that I saw a large number of these urls show up in my logs as well.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact