In recent years, ISPs have taken an increased interest in faking packets, and for some mysterious reason, they don't always like to make this fact perfectly clear to customers. Hoping to bring power to the people, the Electronic Frontier Foundation (EFF) yesterday released a tool called "Switzerland" that can help users find out if an ISP is modifying packets or injecting packets of its own into any protocol. The tool is open source and available now for download, but there's a reason that EFF refers to the current release as "Version Zero."
The software, designed to see if an ISP is delivering packets "neutrally" (hence the Switzerland reference), has undergone in-house development for some time. EFF Staff Technologist Peter Eckersley coded the initial version, which has now been opened up and made available on SourceForge. Enterprising network hackers (and GUI experts) are needed to continue development of version 0.0.4.
The app, coded in Python, runs on Linux, OS X, and Windows, but currently operates only in a command-line version that can take a fair bit of technical skill to install (the backup installation instructions involve a compiler). Once running, the software uses a "semi-P2P, server-and-many-clients architecture" to monitor all packets sent from the clients to the server; if any are altered in transit or appear at the server without being sent from the client, the software alerts the user that packets are being modified or injected somewhere between the two machines.
The software is protocol agnostic, which means that it can be used to find both the TCP reset packets that Comcast has used to limit BitTorrent uploading and the code injected by NebuAd's ISP-based ad-serving system. Development was inspired by the Comcast case, and the software was fittingly announced the day before the FCC vote that brought the matter to a close.
"Until now, there hasn't been a reliable way to tell if somebody—a hacker, an ISP, corporate firewall, or the Great Firewall of China—is modifying your Internet traffic en route," said Eckersley in a statement. "The few tests available have been for narrow and specific kinds of interference, or have required tremendous amounts of advanced forensic labor. Switzerland is designed to make general-purpose ISP testing faster and easier."
It's not there yet, but the EFF hopes that one day, Switzerland will pump copious amounts of data into its "Test Your ISP Project." The project gathers white papers, test results, and network testing software into a single repository so that users can find out exactly what ISPs are doing with their packets. While companies like Comcast have already pledged to be better about disclosure, the EFF is fan of the "trust… but verify" approach.
"At a minimum, consumers deserve a complete description of what they are getting when they buy 'unlimited Internet access' from an ISP," says the Test Your ISP project page. "Only if they know what is going on and who is to blame for deliberate interference can consumers make informed choices about which ISP to prefer (to the extent they have choices among residential broadband providers) or what counter-measures they might employ."
If the FCC lacks the resources to proactively examine ISP network management, and ISPs themselves aren't always up for full disclosure, tools like Switzerland should let consumers know what to expect from an ISP. Finding a better one, though, may be more difficult.