Running the Netalyzr tool mentioned in the article on a residential BT Broadband ADSL connection in the UK gives several warnings about unexpected DNS lookups. Checking manually, there is, indeed, some evidence that BT are running a man-in-the-middle attack on DNS requests. Has anyone else noticed this?
$ dig www.google.com 8.8.8.8
[snip]
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 2 IN A 31.55.163.185
www.google.com. 2 IN A 31.55.163.184
[snip]
;; Query time: 47 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 23 14:31:49 2013
;; MSG SIZE rcvd: 160
However the IP range 31.55.162.0 - 31.55.163.255 is owned by "BT Public Internet Service". This strikes me as odd.
8.8.8.8 is Google's public DNS server. Either their servers are resolving www.google.com to a BT owned IP address (perhaps for requests coming from the BT network - which does seem unlikely), or somewhere in between my machine and 8.8.8.8 there's something intercepting the DNS request and spoofing the reply.
If so, I wonder what they're trying to achieve. HTTP traffic to Google redirects to HTTPS by default, and Chrome has HTTPS pinning for the site. If the reports in the newspapers that David Cameron is trying to involve himself in pornographic Google search terms are true then he's not going about it particularly effectively.
8.8.8.8 is Google's public DNS server. Either their servers are resolving www.google.com to a BT owned IP address (perhaps for requests coming from the BT network - which does seem unlikely), or somewhere in between my machine and 8.8.8.8 there's something intercepting the DNS request and spoofing the reply.
If so, I wonder what they're trying to achieve. HTTP traffic to Google redirects to HTTPS by default, and Chrome has HTTPS pinning for the site. If the reports in the newspapers that David Cameron is trying to involve himself in pornographic Google search terms are true then he's not going about it particularly effectively.