Comcast Is Pretending to be You

This AP story makes clear that Comcast is pretending to be part of online conversations in order to frustrate users who want to use particular online applications. This happens all the time in the name of “traffic shaping” — it’s the kind of thing that China does to interfere with internet use. What’s different and important about today’s story is that people have carefully experimented. We can now understand exactly what Comcast is doing.

When you go online and click a link, what you’re doing is sending packets (think individual pages taken from a long, handwritten letter) to a machine connected to the internet. What we call “the internet” is a very simple agreement: machines agree to chunk things into packets and label those packets with unique numbers (think return address and sender’s address). Then those packets travel the best available route to the machine they’re addressed to, and that machine reassembles them.

This agreement to chunk things into packets that self-describe their destination (at a unique global address) is known as TCP/IP. IP, or Internet Protocol, is the addressing scheme — the numbers.

IP doesn’t do anything about accuracy – it doesn’t provide any way to check that all the packets have gotten where they’re supposed to go or that they’re in the right order. That job (roughly speaking) is carried out by the TCP part of this — the Transmission Control Protocol. TCP receives a stream of information from an application (say, your web browser) and divides it into packets. It gives each packet a sequence number. TCP then hands packets to the Internet Protocol for delivery through the network. TCP also opens a “window” for the number of packets that will be sent out – you wouldn’t want to send a zillion packets without acknowledgement that they had been received.

The TCP module at the receiving end of the communication does this acknowledgement job, noting that a particular number of packets have been successfully received. All of this is done very politely, quickly, and electronically — the conversation between the home TCP and the remote TCP is established, an acknowledgement is received, the conversation begins, and sequences of packets are sent. If packets are lost along the way, they’re retransmitted. When an endpoint wants to stop, it lets the other endpoint know that it’s done.

Each header in a TCP-labeled packet (think front of an envelope) has a number of fields. One of these fields includes “flags” that are applied to the packet. One of these flags is called RST, for “reset the connection.”

The Comcast system (probably provided by Sandvine, according to the Times) was setting the RST flag for both sides of any communication that it believed (probably through traffic analysis) was using Bittorrent.

So when “you” the Comcast subscriber were clicking links that were part of a Bittorrent transaction, Comcast was slapping an RST flag on your packets. And any packets crossing the Comcast network that were coming from the “outside” but were part of this conversation were also having the RST flag slapped on them as they crossed into Comcast territory. Neither user had any idea this was happening. They could just tell that things were moving really slowly and then stopping, as both machines politely agreed to reset themselves – thus cutting the conversation off.

It’s as if as soon as you entered a room an enormous “Loser” tag was stuck on your forehead unbeknownst to you. Sure, you could continue to circulate, but no one would talk to you. Or, if that’s too awkward, try this: it’s as if someone else that sounded like you got on the phone as you were talking to your mother and said “We need to hang up right now.”

Like the Verizon/NARAL flap and the Pearl Jam escapade, here’s another story about currently-legal action, permitted under someone’s elaborately-walled Terms of Service, that interferes with basic communications. Comcast will say “we’re not blocking.” But they’re degrading, prioritizing, and filtering, without telling users. And they’re planning to do much more of this.

What’s the solution? Structural separation. You’re either a plain-vanilla transport company serving all comers, or you’re something else competing for our attention. But this mixture, this hybrid of apparent-communication plus editorial control, is unacceptable.


  1. Bruce Regal says:

    Is Comcast in this scenario slowing or blocking bittorrent downloads for content-related reasons or for “plain-vanilla transport” reasons? I gather that each ISP allocates, sells and prices capacity on its system based on certain assumptions about how much capacity users will generally consume. If the growth of bittorrent downloading by some significant percentage of subscribers throws those capacity assumptions out of whack, then the ISP presumably has to do something, increase capacity (which increases costs, resulting in either increased rates for some or all subscribers or reduced profit) or restrict the use of bittorrent. One can criticize Comcast about not being up-front about the way they are handling this issue, and argue that there are more approporiate ways to handle it, but I’m not sure this particular activity is a function of the transmission/content problem so much as it is simply a problem in implementation of the transmission function. Or to put it anther way, wouldn’t this issue remain exactly the same even if there was total separation of transmission and content? Comcast, or other ISPs may well have other dubious practices that do suggest the need for some content/transmission separation, but I’m not sure this bittorrent thing is necessarily one of them.

    Indeed, the Comcast vs. bittorrent issue sounds more like the problem of a restaurant that serves an all-you-can-eat-for-a-single-price buffet and then finds that a pro football training camp sets up next door. The restaurant may need to find ways to limit the all-you-can-eat or the single price aspect of its service, either surreptitiously (say, managing the buffet’s opening hours so it is only available when the football players are on the field and not eating out) or through a straightforward change in pricing (e.g., pay by the pound instead of unlimited food for one price).

  2. I’m with you on the straightforward change in pricing, and on disclosure generally. No one on the pro-net-neutrality would object if ISPs charged consumers differently depending on how much bandwidth they actually used. The vice here is both pretending to be a flat-rate service to consumers who don’t read the TOS (and who does?) and pretending to provide “internet” access when this is quite different.


  3. Susan, We could go to the Bob Frankston model where he proposes basic access provided by government (municipalities) with large open pipes fiber or wireless in the same way roads are provided to the citizens at “no cost.” Cities and towns are beginning to understand the benefits of a super “FTTH” highway for businesses and citizens. This would in effect create micro LoopCo’s – something the 96 Act should have done but did not.

    I think this kind of competition would keep the other dominate carriers in check.

  4. Bittorrent is a very fast way of sharing files. Many groups use it to share non-copyrighted materials more quickly and easily. So this is much more than copyright enforcement. It is an enfringement on first amendment rights.

  5. Your comparing a company managing their network, to China who decides what news their people can see?

    Quite a stretch.

  6. Unfortunately, regardless of what Comcast’s target has been, some unintended consequences have been seen. Lotus Notes uses a well-known port above 1024 (1352, to be exact) to communicate from client to server. Lotus Notes customers have been reporting this same issue affecting large e-mail transfers (2 MB or greater). This is different than Google mail, Hotmail, Yahoo mail, and even Outlook user scenarios, and isn’t true if the Notes user uses a VPN. So it seems like e-mail users are not meant to be affected, but they are, and haven’t (at least thus far) been able to do anything about it.
    More at my blog

  7. Well, its pretty much common knowledge that companies tend to “rent” much less bandwidth than would be needed for all their customers to all be accessing full speed simultaneously. Its like this in the long distance phone company market as well.

    The actual portion of your monthly payment that goes to pay for your bandwidth is actually pretty small. The rest of your money goes to pay off huge corporate infrastructure-building loans, and into the company pockets.

    They could effectually double the amount of system-wide bandwidth without charging more than $5 per account more per month.

    But obviously, they’d rather cheapen themselves, cheat their customers, and throw their corporate image in the toilet by doing what they’re doing now.

    I’m ashamed to say I used to work for them.

    The ISP I am with now is really no better, but there’s not much choice in the town I live in.

    If you’re in an area with choice, vote with your feet. In other words, move to a different company. Its the only way companies like that will wise up, when they see their subscriber numbers plummeting.

  8. it does strike me that essentially what comcast is doing is saying that I myself, said something to the person that receives my “words” when the something that they “hear” is not the same as what i said.
    while i do not have a problem with this in situations where the just of the message remains intact, i most certainly do not approve of comcast telling the person im talking to that i dont want to talk to them any more, when i still have another sentence or two left (at the least)
    i cannot remember if this is slander, or libel, but i believe that it is one of them.
    when i use an internet application, when i tell firefox to go to say, (does not exist, i believe), firefox should be telling the server that has the info for that domain that i want the webpage. it should not be telling the server that i want only half of the webpage, because i told firefox that i want all of the web page.
    so, there are some legal matters that i believe have not been defined as of yet, in regard to this situation. perhaps it may be reasonable to see if there is a chance that a class action libel (slander?) suit will have any success against traffic modification.

  9. Alaska Communications Service in Alaska doing the same thing

  10. I’m a Comcast customer but when I contacted them with my concerns on this topic they said it is all just a”web rumor”. The Comcast response is below…

    Thank you for your message concerning the Comcast High-Speed Internet

    I understand you have some concerns over recent web gossip that has
    suggested Comcast is blocking or hindering customer access to
    BitTorrent. We do not block access to any P2P (Peer To Peer)
    applications, including BitTorrent. We respect our customers’ privacy
    and don’t monitor specific customer activities on the Internet, or track
    individual online behavior, such as which websites are visited.
    Therefore, we do not know whether any individual user is visiting
    BitTorrent or any other site.

    Additionally, Comcast does not “throttle” bandwidth (limit throughput on
    the network). Comcast also is not traffic shaping or packet shaping.
    We have a responsibility to manage our network to ensure that our
    customers have the best broadband experience possible. That means we
    use the latest technologies to manage our network to provide a quality
    experience for all Comcast subscribers. This is standard practice for
    network operators around the world. I do not have specific information
    to provide to you regarding the details of how we manage our network, or
    vendors that may be used.

    If you have any further questions or concerns, please feel free to
    contact us again

  11. Well, both of these things could be true and my post is still right.

    1. they’re not blocking BitTorrent, they’re degrading its use.

    2. they’re not throttling bandwidth as a whole, they’re delaying particular packets associated with BitTorrent.

    I’m not quite sure how they could say they’re not traffic shaping, but I guess it depends how you define that.


  12. It’s a curious aspect of our culture that we have elevated one crime above all others: hypocrisy. It doesn’t matter what you do, it only matters what you say about it. You can be a murderer and a thief but as long as you are relatively open about it, you can be considered a charming rogue. Try to cover it up and deny it and we consider you the blackest villain.

    In my opinion, this is a philosophical and moral error. Actions are what count, far more than words. People should be judged by what they do more than by what they say. Indeed, hypocrisy is so common, so nearly universal, that choosing to focus on it and play it up as some horrible crime, pretending to be shocked – shocked! – that someone would be less than open about their practices, is an absurd and almost comical error. Yet we see it time and time again.

    Susan falls into this very trap above in her reply when she writes, ‘The vice here is both pretending to be a flat-rate service to consumers who don’t read the TOS (and who does?) and pretending to provide “internet” access when this is quite different.’ The vice here, according to her, is all in Comcast’s pretence and none in their behavior. She sees the problem as being that Comcast is pretending to provide even-handed, flat-rate service even when that is plainly impossible to someone who understands the economics of ISPs.

    I suppose Susan would consider the problem fixed if Comcast, and all other ISPs which do similar things, would simply say that users who consume excessive bandwidth get throttled; or that connections whose pattern makes them appear to be part of the bittorrent protocol will be cut; or whatever other detailed policies Comcast may adopt. If they were open about it, apparently everything would be OK as far as Susan is concerned. By the same reasoning, the murders that mob bosses commit are pretty much OK as long as everyone understands who did it.

    I hope that by calling attention to this nearly ubiquitous moral blindness that I will encourage readers to think more deeply about the underlying issues. It’s not enough to succeed in this game of “gotcha” where you catch your opponent/victim out in a lie. Everyone lies. The real question is whether they are doing something wrong. Based on the constraints that Comcast works under, it sounds pretty questionable whether there is much they can do differently.

  13. This is a pretty ignorant piece. Traffic shaping isn’t about the ISP “pretending” to be the user. It’s just the best we can do with TCP/IP in the presence of “greedy” applications like BitTorrent and in the absence of genuine quality-of-service protocols.

    Specifically, this has nothing to do with the kind of filtering China uses, and it has nothing to do with resetting the link when the user clicks on something.

    Righteous indignation just looks stupid when you’re not actually right.

    . png

  14. The only problem I see here is that for years ISPs having been reaping the benefits of the supposed Unlimited Internet while all the while limiting the maximum download/upload speeds this also accounts for how slow dial-up is and the fact its locked at 53k. On top of that you have people with 100Mbps+ connections selling fractions of the bandwidth and charging insane prices. The same goes for DSL and Cable. 52mbps and 30mbps respectively that you will never EVER reach even if they do offer to sell you HIGHER speed packages. Sending RST packets is like offering an unlimited answering service thats 24hrs and then limiting the messages to 4 per hour and telling everybody else the system is busy so you can sell to more people. its rediculous.

  15. Robert Sugg says:

    _ I’m a computer engineer with a database / network background. This interference by Comcast seems to be a violation of federal law in two ways :
    1) Interference in interstate communications by a common carrier;
    2) An illegal wiretap (they read the packet and act on its content – the header is content just as the body is – other than to forward it to its destination).
    _ I am submitting the above for your review. Even though Comcast may not yet be a common carrier de jure they certainly meet the requirements for a de facto one (their network is handling e-mails and telephone calls). Some might also add a charge of fraud due to their failure to notify their customers of the denial of service.
    R. Sugg

  16. We heard from an engineer, now how about from a lawyer… Do I smell a CLASS ACTION LAWSUIT?!

  17. Bruce Regal says:

    Responding to Mr. Sugg:
    Keep in mind that the FCC concluded (and was upheld by the US Supreme Court in the Brand X case) that internet service provision by a cable TV company such as Comcast is an “information service” not a “telecommunications service” and thus not subject to the Communications Act common carrier requirements imposed on provision of “telecommunciations services”. It is that conclusion, along with similar FCC activity with respect to ISP service offered by other types of providers (such as DSL providers and wireless providers), that has created a new legal/regulatory vacuum, which in turn has given rise to the net neutrality movement.

  18. Robert Sugg says:

    Response to Bruce Regal’s post :
    _ That’s why I referred to Comcast as a de facto common carrier. When they opened their network to phone calls that originate/terminate outside of their network they became a common carrier. Yes, VOIP is still considered a data service more than a telephone service. But the day is coming when VOIP is going to get regulated to parallel POTS. The problem will be to avoid OVER regulation (e.g. CALEA, 911, etc.).
    _ The bigger problem is the illegal wire-tapping aspect. I was taught that (A) you don’t listen in on telephone calls that you are not a party to and (B) that if you do overhear someone else’s call that you do NOT act upon the content. (This is similar to hardcopy mail – if you get someone else’s letter you either give it to them (e.g. a neighbor) or return it to the postal service for delivery to the correct address.) If Comcast were authorized to intercept and interfere then they should publicize the details of said authorization. Otherwise, they may be facing a monster federal lawsuit in early 2009.

  19. Couldn’t this, the ISP pretending to be my computer, roughly be considered a form of fraud or identity theft by purposefully representing itself as myself and therefore be flat out illegal?

    I don’t see any reason why the law should or would allow any service to pretend it was myself without my express permission, and even if it had my general permission as per the contract, that such an act could be construed the breaking of a fiduciary duty.

  20. It wouldn’t surprise me if more and more ISPs and carriers did this.

  21. An excellent layman’s description of TCP/IP !

  22. Here’s a list of ISPs around the world that interfere with BT or P2P generally:


  23. Bruce Regal says:

    I’m no expert on wiretapping laws — I’m not even knowlegable about them, so take this as a question rather than a comment. Isn’t a significant portion of current Web commerce today based on activities such as advertisers using various forms of tracking cookies or other software to collect info about users’ internet activity and acting on that information by offering tailored offers, ads, information? And if so, is this also illegal wiretapping?

  24. Dan Shockley says:

    Re: Hal’s comment on hypocrisy.

    Hal, I agree with your comments about the folly of making hypocrisy the worst bad behavior. Neal Stephenson’s description in The Diamond Age was very convincing, and you’ve made a similar argument for that idea here.

    However, you’re applying to to what Susan said in an inaccurate way. Susan was not decrying hypocrisy, she was pointing out that Comcast is doing false marketing. Hypocrisy is saying you think some behavior is wrong, even though you secretly do it. Tell a potential customer that they are buying something other than what you are actually selling them is not hypocrisy, it is false marketing and perhaps even fraud.

    Don’t confuse hypocrisy with fraud. Hypocrisy is staking out a moral position you don’t follow yourself. False marketing is cheating someone financially.

  25. Christine Metzner says:

    Comcast has a new (sort of) called “The Excessive Usage Dept” you get 1 phone call as a warning for using too much bandwidth. After that call if you continue to use too much bandwidth they disconnect you for a minimum of 1 year without notice. I am going through this with them right now. I talked the Manager of this dept (after appearing on the local evening news) into giving me a report of my past few months usage (something i was told they didnt have by the first person that called me) He is going to call me back when they run the next audit during the first week of November. He has put a halt to my disconnection until the first week of December unless I drastically reduce my bandwidth consumption. I have the comcast home networking package for up to 5 computers… I only use 2 computers. When I signed the contract with comcast no one told me that my unlimited package was limited? Comcast has a monopoly in our area and i have limited choices (embarq dsl or comcast) I asked what i needed to reduce my bandwidth usage to and he said there is no set number? how can i reduce to a number if i dont know what that number is? I am so confused and upset by this. By the way I was given his personal cell phone number to contact him with after the news story by the VP of our local Comcast office after the news story aired.

  26. Robert Sugg says:

    Reply to B.Regal (re: Cookies)
    _ Cookies come in two varieties – site and third party. Whenever you visit a site with third party ads that are cookie capable you are engaging in at least two conversations – one with the host site and one (or more) with the third-party ad(s)[there is the option of not accepting cookies - see below]. Later, if you hit a matching ad that can read that earlier cookie then it can be decoded and the contents reported to the originator. It’s kind of like resuming an interupted phone call. Thus there isn’t any interception – simply parallel conversations and thereby no wiretap.
    _ Privacy concerns are why several browsers offer a third-party-cookie blocker – so that these conversations do not even begin. Most browsers also have walls around their cookies so that an “” cookie can’t be read by the “” server. Of course, that presupposes that you are using an up to date browser.
    _ One other thing – you don’t even need a cookie to track someone’s web activity. All you need is a large bundle of uniquely named images (one for each placement URL) on your server that are referred to by your ad copy. Then when someone hits a page with image “XYZ123″ you can log that their computer has requested that image. Later you can look up which ad had that image and build a picture of that computer’s activity (or gauge the effectiveness of that ad). That’s why some e-mail systems have image blockers – so that spammers don’t get confirmation that they sent e-mail to a live address.

  27. Time Warner cable took over (literally) Comcast in parts -most of Dallas, TX annd now internet svc is even worse if that is possible. I wonder if they are doing same —??

  28. wonderful explanation. my only quibble is that what comcast did seems like it might not be legal, as they were fraudulently pretending to be someone they were not. if the phone company paid people to tell your mother in your voice that you need to hang up, that seems like it would be a crime. there are lawsuits under way, and i hope plaintiffs’ lawyers have good minds for analogy.


  1. [...] unfortunate advocate of Internet regulation, Susan Crawford, jumps aboard the Demagogue Train as well; that’s certainly no [...]

  2. Comcast Is Pretending to be You…

    This story has been submitted to Stirrdup. Your support can help it become hot….

  3. [...] pretending to be one or the other end requesting that the transmission be reset. Susan Crawford has a technical explanation on her [...]

  4. Blogspotting says:

    Looking for a “plain vanilla” network…

    Susan Crawford discusses Comcast’s reported efforts to block certain Internet traffic. “What’s the solution? Structural separation. You’re either a plain-vanilla transport company serving all comers, or you’re something else competing for our at…

  5. [...] we all knew, that Comcast has been blocking people from seeding torrent files. How do they do it? By illegally impersonating your computer to reset the connection, that's how. It's the same method used in China to block websites [...]

  6. [...] Comcast Is Pretending to be You | Susan Crawford blog “It’s as if you entered a room with an enormous “Loser” tag on your forehead, unbeknownst to you. You could circulate, but no one would talk to you. Or someone who sounded like you jumped on tyour phone call and said “We need to hang up now.” (tags: blogs news security sharing spoof traffic net+neutrality business access nefarious problems) [...]

  7. [...] blogosphere is abuzz over an Associated Press investigative article this past Friday on the subject of Comcast’s [...]

  8. [...] blogosphere is abuzz over an Associated Press investigative article this past Friday on the subject of Comcast’s [...]

  9. [...] when you forget WHY you're in business!  In Comcast's case, their latest sin (throttling the bandwidth of high bandwidth consumers while advertising unlimited bandwidth) is just another chapter in an ongoing feud with [...]

  10. [...] Comcast has been interfering with BitTorrent. They get away with this because… well, they get away with it because they are a monopoly, [...]

  11. [...] Susan Crawford notes that Comcast is already traffic shaping bits, by flagging packets by people using BitTorrent. (She also has a nice description of TCP in this post.) Meeting this growing need, the network can improve performance in various ways including: upgrading the infrastructure, such as laying fiber optic cable; improving data compression algorithms, and improving the protocols that control data traffic. In all these areas, the ownership and regulations of these technologies have huge implications on accessibility and adoption of the Internet. Although the Discover article’s title “this man wants to control the Internet” is a play on Doyle’s field of study, it raises an important point. Having public and private protocols may not only make parts of the inaccessible to each other, but further increase bandwidth as another form of economic inequality. [...]

  12. [...] injection of “reset” packets into online communications. (I wrote briefly about this here.) EFF is also letting us know how we can see packet spoofing for ourselves – here. There are three [...]

  13. [...] Comcast Is Pretending to be You | Susan Crawford blog [...]

  14. [...] Comcast Is Pretending to be You | Susan Crawford blog [...]

  15. [...] blogosphere is abuzz over an Associated Press investigative article this past Friday on the subject of Comcast’s [...]

  16. [...] shaping.” (for a technical, but readable, explanation of exactly what Comcast has been doing, see Susan Crawford’s [...]

  17. [...] DOCSIS network for technical reasons, so they’re going to stop doing it. This should make the “Comcast is Impersonating You and Stealing Your Credit Card Numbers!!!” crowd [...]

  18. [...] digital freedom, and data neutrality as opposed to the half-baked alternatives being peddled (and silently implemented!) by the [...]

  19. [...] the problem was that TCP kept opening the window to allow more packets to flow out, and was insensitive to actual conditions [...]

  20. [...] the FCC is condemning Comcast’s practices with respect to P2P transmissions.:  (See Comcast Is Pretending To Be You, explaining what the company did, and Comcast and Network Management, explaining EFF’s [...]