Nevermind the fact that a content provider could lose ad revenue, truly the underlying evil in this is that ISPs can change your content. This is why net neutrality is important. Data needs to be untouched as it traverses the Internet.
Crazy how some ISPs would be bold enough to do this. Consider the following scenario:
You’re browsing your favorite blog site, say dForge.net. All of the sudden, an H&R Block ad creeps up from the bottom because, you know, it’s tax season. Nothing unusual, right? It’s just an ad. From a company who can do your taxes, which is actually pretty good timing. Except it is unusual. Because that ad actually isn’t endorsed by dForge.net. How?
What happens is, in fact, extremely interesting. And it can happen at any time along the way from the server (dForge.net) to the client (you). Web traffic, for the most part, is sent in clear text. ISPs know this and could, on the fly, modify content before it reaches the client. So, essentially, this is what happens:
- Client web browser makes a request to the web site.
- Request goes through client’s ISP.
- Request gets routed through the Internet.
- Request goes through server’s ISP.
- Response goes through server’s ISP.
- Response gets routed through the Internet.
- Response goes through client’s ISP.
- Client web browser receives response and displays the web page.
This is akin to someone setting up a milkshake stand in front of your general store. Your general store is at a great location, on top of a hill. You sell milkshake, too, because you’ve noticed that after climbing that hill, some customers become extremely thirsty. Unfortunately, though, some customers will buy from the milkshake stand (because, you know, it’s right there!), and some won’t, but bottom line is you’ve lost revenue.
Nevermind the fact that a content provider could lose ad revenue, truly the underlying evil in this is that ISPs can change your content. This is why net neutrality is important. Data needs to be untouched as it traverses the Internet. It most certainly should not be discriminated based on user/content/site/whatever. Any unsolicited modification of that data is wrong. ISPs do not speak for me. I don’t even use H&R Block. Maybe I think TurboTax is better. Maybe my milkshake is better!
Implementing SSL on your site is easier said than done, however. For example, if you’re a content provider that relies on ad revenue, your ad content will also need to be secured over SSL. So let’s say you use Google Adsense to provide your ads. Google would need to provide resource links that are secured over HTTPS. Unfortunately as of this writing, Google does not provide this so you’ll likely have to find an ad provider that supports SSL (Adspeed seems to support this).
So, go get that SSL certificate and start serving your pages securely over the Internet! Google did it. dForge.net did it (well, I at least somewhat have it; I use Google Adsense so it partially works!). Now, so should you.