X

Web hijack riles Belkin router users

Belkin is trying to defuse customer complaints that its wireless routers periodically hijack users' Web connection and display an advertisement for its software.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read
Belkin is trying to defuse a potentially embarrassing situation that arose after network administrators learned the company's routers can periodically hijack users' Web connection and display an advertisement for parental control software.

Every eight hours, a random computer that's hooked up to a local area network may receive an unsolicited advertisement for a trial version of parental control software, instead of the Web page the person had hoped to visit. The behavior can be permanently disabled, but it is turned on by default in new Belkin routers when they are shipped.

"We are crafting a statement apologizing and accepting responsibility," a Belkin representative said on Monday. The company said a firmware update, which customers would have the choice of installing, would be available in a week.

Kannyn MacRae, a business unit manager at Belkin, said the advertisements only appear when a customer closes a window in the installation process instead of selecting either the "yes" or "no" options for the 6-month trial.

"If the customer closes the window without giving an answer, then eight hours later they'll be asked again if they want to turn it on or turn it off," MacRae said.

The controversy began on Nov. 4, when a post on the Usenet newsgroup news.admin.net-abuse.email said the unwanted behavior appeared in a router software revision dated Sept. 15, and concluded: "One thing's for sure, I'm never going to buy another Belkin product!"

Scores of network administrators responded in hundreds of follow-up messages over the next several days, with many likening Belkin's decision to VeriSign's move in September to take control of all unassigned .com and .net domain names. The posts, which were primarily angry, warned that Belkin's hijacking could have unintended consequences, such as randomly breaking Web sites' JavaScript files, style sheets, internal frame pages, and Extensible Markup Language data.

Eric Deming, a Belkin product manager, defended the behavior in a follow-up post Friday that defended the practice, saying: "We did this not to be evil, we did this to make sure that any nontechy person (part of our target audience) would have ample opportunity to opt in or out of the free six-month trial of the parental control feature." Deming said the behavior was added in response to "popular demand" and was easy to turn off.

By Monday, however, Deming's post had been deleted from Google Groups, a popular Web front end to Usenet.

Belkin sells networking products, surge protectors, cables, in addition to Universal Serial Bus, FireWire and mobile device accessories. The Compton, Calif.-based company's products with the redirection feature include the 802.11b, 802.11g, and wired routers. Belkin is privately held and reported worldwide sales of over $460 million in 2002.