[jlivingood]

> Although I disagree with Comcast's method and categorization, it would be interesting to learn what modem the OP was using.

We start telling customers that a modem needs to be upgraded when one of two things happen: either they are about to or just had a speed upgrade that their modem cannot support or the modem has gone end-of-life (EOL) from the vendor.

In the former case, if the device is leased, you are send a new one to replace the device and just have to basically say ok. In the latter case, it is a customer-owned device so the customer is asked to go buy a new one someplace (e.g. Amazon, BestBuy).

And in the EOL case, the vendor may have gone out of business or shut their cable modem business down, or otherwise decided to no longer support the device due to its age. That of course means that if a security issue came up, as they do, that the vendor would not be able or willing to provide a software fix for the device. So it's best to get the ball rolling to get those devices replaced when that occurs. Most of our EOL devices today are DOCSIS 2.0 devices (10+ years old), which can only do a single upstream and downstream channel (no channel bonding) and 1st generation DOCSIS 3.0 devices (5 - 8 years old).

[_jal]

First, thanks for participating.

Second, I am a Comcast customer who will never see these messages precisely because you do things like MITM unprotected traffic. Because I can't trust you to leave my traffic alone, all my traffic is tunneled.

So at the very least, if you feel this is a critical service you are offering (as implied by the RFC), you need an alternative communications channel for people like me who don't permit this one. Snailmail is fine; you try to upsell me constantly through that channel already.

[pooloo1]

I second this, in addition, the injection is not only related to EOS/EOL for modems it is also for when you are approaching your data cap. Which is rather annoying because it actually can halt your gaming or netflix experience oddly. I have had both happen, one I was playing PlayerUnknown's Battlegrounds and the game crashed. Since the game itself uses web based tools, for its menu system, upon restarting the client a Comcast injected message popped up warning me I have used 90% of my data cap.

The same thing happened on Netflix ...

[tatersolid]

I think it’s funny you’re approaching your data cap and they add 400 lines to the size of each web page you visit. I hope pages they tamper with are subtracted from your cap.

This is exactly why Comcast is still the most hated company in America [1], and the only reason you have any customers is due to the monopoly deals of dubious legality you or your acquisitions bribed local officials to create back during the infancy of cable. We hate you, but we don’t have any choice.

It’s worth noting that government regulation created Comcast by allowing long-term monopoly contracts with municipalities. Remove the regulations which prevent competition in local internet and TV services; don’t add more regulations.

  [1]: http://finance.yahoo.com/news/america-most-hated-companies-110032495.html

[aaomidi]

TBH what kind of game doesn't use https...

[cookiecaper]

HTTPS is not free. Game developers are usually very performance-sensitive. If you're not transmitting any sensitive data, it may seem appealing to forgo the seemingly-needless HTTPS overhead.

[enzanki_ars]

Please cite your sources on the speed comparison. See: https://istlsfastyet.com/

Also, most games I have played seem to use HTTPS. The only time it is used is when the game does not need an instant result, in which case they use HTTP or HTTPs. Most of the times, this is in the main menu or similar. Doing this makes it even harder (assuming they use certificate pinning) for users to change the values returns to gain any advantage on their client.

Any part of the game that needs speed should be using a UDP based protocol.

[chopin]

If your game is executing js (as for the example given by the GP), you are transmitting sensitive data. In that scenario not only confidentiality but even more integrity of the data is important.

[zwily]

They do say they try to email you a bunch of times first... Email seems like a decent enough alternate channel.

[hackmiester]

They emailed my Comcast.net address, which I didn't even know I had.

[jlivingood]

> They emailed my Comcast.net address, which I didn't even know I had.

I recommend you add your primary email address. You can do this via the self-service portal.

Go to https://customer.xfinity.com/#/settings/account under Account / Settings / Contact Information. IIRC you are sent a confirmation email you have to act on before it takes effect.

[cannonedhamster]

You should mark this day. This is probably the most positive customer experience you're going to ever have with a Comcast employee. I had a choice between Verizon and Comcast. Comcast was cheaper and I still went with Verizon.

Edit: typo.

[dhimes]

OT question: Do you roll your own tunnel or use a service?

[jsmthrowaway]

> Snailmail is fine; you try to upsell me constantly through that channel already.

Implying you’d probably miss it and, if not you, the customers they’re trying to reach.

[LeifCarrotson]

Then they ought to stop abusing the communication channels they have. If they send so much email and snail mail spam that the customer automatically ignores it, that's the choice they have made.

[cookiecaper]

What happens when a customer who really does have a modem that is vulnerable or outmoded runs into related issues? Is that customer going to accept "Well, we included it with our junk mail" as an explanation? As for email, does anyone use their ISP-provided email address anymore? Everyone has a third party provider (mostly Gmail).

I don't think there's any fault in logic in presuming that the best way to make sure a customer receives a notification is to insert as near to their known-active stream as possible. I don't condone altering that stream, but I think it would be nice if they could send a page, potentially at the browser or OS level, exclusive for system control and status messages (no sales, marketing, billing, or collection messages allowed).

[rietta]

I am so sick and tired of xfinity mailings addressed to me or my wife or former residents of the home address asking us to switch to them for a two year discount that I know they won’t give us because we’re already a customer. They even just jacked my rates yet again.

[codycraven]

As a Comcast customer until ~6 months ago, I brought in a cable box they forced upon me as part of a packaged rate (cheaper than internet alone) once my contract ended.

I had tried calling customer service to see if they'd give me a new bundle but they told me they were only for new customers, so I switched ISPs.

Anyways, when I went in store to return the equipment, the guy I spoke to told me to not bother with phone support but to instead come in store or call him directly (he gave me a business card) since he can get existing customers bundled rates that the phone reps can't.

While I had the choice of ISP many don't, I'd definitely recommend going to a store location where you can talk face to face with someone in your area and see if you can't get a contract at a better rate than you pay month to month.

[rietta]

That is worth a try! Thanks. There is an XFinity Store less than 2 miles away from me. Never thought to set foot there.

[rietta]

Along the lines of this. Anyone in the industry, why do they not cross reference the street addresses of their current subscribers and reduce the promotional mailing list or mail relevant promotions? Maybe it seems cheaper to do it this way, but it's actually quite antagonistic to current customers.

Why would they not maintain a clean marketing list!?

[novaleaf]

downvoting because of snarkyness. Your suggestion of alt cmu channel is good however.

[bayonetz]

Downvoting because they weren't that snarky and because of your smugness. Your willingness to tell some one straight up why you downvoted them was good however.

[novaleaf]

why am I smug? I totally agree with the premise and personally hate comcast, but if _jal wants to be taken seriously by jlivingood, snarkyness isn't the way to go.

I don't mind the anon downvotes though, it's par for the course anywhere.

[zacwest]

The ARRIS SB6141 [1] is a DOCSIS 3.0 modem which is considered EOL by Comcast. This device is still being actively sold by the manufacturer. It handles the maximum throughput of most Comcast plans. It's not 5-8 years old.

However, the supported device list [2] shows that it's still an allowed modem to use for a e.g. 200mbit connection. A user that's looking to purchase a modem isn't discouraged from getting one from Amazon.

Since Comcast considers it EOL, any interaction with Comcast support includes the stipulation that it's likely the modem that's causing the problem, and the customer will be liable for a surcharge if a technician decides it's the modem causing a problem.

For a brand new modem, purchased from Amazon right now.

There seems to be a disconnect between EOL for the purpose of leasing a modem and EOL from the vendor.

[1] https://www.arris.com/surfboard/products/cable-modems/sb6141... [2] https://mydeviceinfo.xfinity.com/device/arris-sb6141-336

[ajmurmann]

Thank you so much for participating in this discussion! Frequently having people like you who actually involved in what's being discussed is part of what makes HN special to me and many others.

As another comment points out though, I'd also like to understand why it was decided to comminate by injecting JS into pages people are visiting rather than following a more traditional communication channel like snail mail. I assume that this solution scales better and has get immediate $ attached. However, it also seems obvious to me that it reenforces brand image and political issues people have with your company.

[dhimes]

I mean, I get calls on my cell phone from them. That would be a good thing to call about I would think.

[vvanders]

Yup, you may get a better attach rate at the cost of absolutely destroying any customer trust.

[brandonbloom]

As an (unwilling) Comcast user, I purchased my own modem because your rental rates are preposterous. However, I wish I didn't have to think about this at all. If you force me to upgrade a modem I've purchased, I'll be very annoyed by the unanticipated cost.

I get that's problematic for your modernization efforts, but in that case: eliminate modem rental fees. Bake the fees in to the standard cost of the service and don't let customers use their own equipment. I understand that non-cable competitors don't have this cost to shuffle around, and that this will mean you are forced to either A) raise prices publicly or B) have lower margins. That's your problem because of your technology legacy; don't pass the misery on to the customer.

While you're at it, offer two hardware choices: one with, and one without routing/wireless. I refuse to run a wifi network in my household for your other customers and expect complete control over my LAN configuration.

On the topic of injection: I get that you don't think it's immoral, but hey, 1) most people who understand it think it is totally unacceptable. And 2) the window for this approach is rapidly closing for you as the web moves to SSL everywhere. Give up on this approach now and save face.

[TheRealDunkirk]

> I get that's problematic for your modernization efforts, but in that case: eliminate modem rental fees. Bake the fees in to the standard cost of the service and don't let customers use their own equipment.

I love how it's in the interests of public companies to brag about how successful they are. When I see a comment like this, I like to checkout the most recent 10K. According to Comcast's stated figures, they made $8.7 BILLION last year. So, they're doing pretty well. Now, obviously, they can't just give the modems away, but if they would at least STOP BILLING THE CUSTOMER for a leased modem after their costs have been recouped, that would be a HUGE public-relations win.

If we all could buy the modem of our choice, over time, say, amortized over the length of your contract, and then RELIABLY stop getting billed for it, I'd LOVE to just buy it through them. I'd argue that the reduced support costs for NOT BEING RENT-A-CENTER JERKS about the modems would save them a lot of money in the long run.

[tootie]

As a web developer this feels like an absolutely terrible practice. I have to support contracts for website performance, quality and behavior with clients and you could be putting us in breach. If I got a bug report of unexpected ads popping up, we'd probably waste thousands trying to figure this out.

[octalmage]

Exactly. The first thing I thought about when I saw this was the implications of having JavaScript that has not been tested in the context of a website running. You have no clue how it will conflict.

As a website owner you should have the right to verify all code that will run on your website to be sure that it won’t cause issues since only you have the context needed to make that call. What if there’s a global DIV selector that hides the close button, the website visitor is screwed! And they’ll just think it’s a problem with your website.

One more note, there are way better ways to do what they’re trying to do. Even with how terrible IFrames are, they prevent CSS and JavaScript conflicts. A simple position fixed div at the bottom of the screen containing an iframe seems more appropriate. If you are going to run code on my site, make sure it’s as small as possible. This could have been accomplished in 2 lines of code (excluding iframe host).

[robin_reala]

I’ve had to patch against this in the past when it turned out my system was breaking for a set of users whose company was installing a browser extension that injected JS that broke the app. Never did find out exactly what it did, but I worked around it but fixing the progressive enhancement to work properly in the context of broken JS as well as no JS.

[aaronbrager]

You can avoid this by using HTTPS.

[sova]

So many tickets with status "unable to reproduce" ugh

[legohead]

You should not interfere with a customer's traffic they are paying for. If you need to contact them for a critical issue, then call, email, or snail mail. You risk disrupting their experience, and in some cases the customer may not even be able to receive your critical message. Does your JS injection work for customers who have JS disabled?

[Sir_Cmpwn]

You have our phone number. You have our address. Use them! Do not MITM our connections, that's a huge violation of trust. This is NOT okay. Any response other than "we're terribly sorry, our engineering team is rolling this back on Monday" is the wrong response.

[aaronbrager]

Can you discuss why DOCSIS 3.0 users get this notice? I have a 3.0 modem, and received the notice, but it looks like my modem will still support my speed tier (75mbps in Chicago)

[virtuallynathan]

A 4x4 channel 3.0 modem should really only be used for ~75-100Mbps tiers, and is capable of at best 150Mbps. The more channels you have available the more capacity you can pull from — higher peak speeds and potentially better speeds at peak time.

[jlivingood]

It usually means you are about to get a speed upgrade that will go beyond what your modem is capable of delivering. In that case it is possible you could have a 1st generation 4x4 modem (so it can bond 4 downstream and 4 upstream channels).

[notyourday]

Comcast does not provide any speed on residential lines that DOCIS 3.x cannot accommodate. It is like requiring Formula car to drive on a gravel road in Alaska.

[virtuallynathan]

Different modems can use different numbers of DOCSIS channels. A 4x4 DOCSIS 3 modem is only capable of, at most, 150Mbps and on average 75-100Mbps. A new DOCSIS 3.1 model can do >1.2Gbps.

[notyourday]

Yeah, no.

https://en.wikipedia.org/wiki/DOCSIS

3.0 spec does up to 1.2Gbit/sec, just like Comcast. You know up to 200Mbit/sec, which is more like 20 because of all the "extreme complexities of the internet service".

[virtuallynathan]

DOCSIS 3.0 supports 38Mbps per channel, which is in the table on wikipedia. Not every modem is capable of 1.2Gbps - The fanciest modem out there is 32 channels, which gets to your theoretical 1.2Gbps. If you have a 4 channel modem and expect consistent speeds of more than 100Mbps, you are SOL.

[hamiltonkibbe]

I wonder if your customers would be happy enough without the speed upgrade if they weren’t wasting bandwidth downloading code they never wanted to run in the first place

[ryanpetrich]

Does Comcast's implementation of this system respect Cache-Control: no-transform as specified in RFC 2616?

[333c]

You explain why it is important to notify about their EOL modems, but you fail to explain why this, of all options, is the appropriate communication channel.

At the very least, you have customer addresses. You should also have phone numbers and email addresses. If you have a way to bill customers, you have a way to contact them.

Injecting JS into HTTP sites is disgusting. It violates both the user's and the site's expectations and is entirely unnecessary.

[ruffrey]

All that may be true.

There is no ethical excuse to ever inject code into a webpage.

Your own argument about it being critical is false or sophistry. If there were wildfires coming to burn someone's house down..that might qualify as critical. Not this, and deep down you know it.

You should be embarrassed to attach your name to such an obviously poor decision.

[dang]

Treating anyone this rudely is a bannable offence on Hacker News. Please take the civility requirement more deeply to heart (https://news.ycombinator.com/newsguidelines.html), and please don't do this again.

If a fellow community member has a first-hand involvement with a situation under discussion, such as working for a company that some people are mad at or does some wrong thing, we're all responsible for reacting responsibly. Otherwise bad things happen, such as first-hand observers being scared to post because they'll get lashed out at, and the already-weak community bonds we have here getting weaker. We all know what the culture of online shaming has led to and it's all our job not to do it on HN.

[ruffrey]

Ok. You're right, that last line was not necessary.

[kordless]

> We all know what the culture of online shaming has led to and it's all our job not to do it on HN.

This is, in and of itself, a blaming statement. Blaming statements, such as the one contained in the comment you replied to, are a result of a) dissonance and b) inability to resolve the dissonance.

It is, in fact, unknown what the culture of online shaming has led to in our society. In fact, I'd hazard "shaming" online is actually just raw blame provided by some rationalized thought process driven by Internet interactions themselves, not the people reacting. See This Video Will Make You Angry on YouTube for context. Screwing with people's Internet in contextually what could be considered "wrong" behavior becomes highly polarizing. In as much as someone coughs because they smoke, people blaming is a result of a larger problem, perhaps related to the fitness of memes and some people's weakness in being hacked emotionally by memes with higher sophistication. Again, that problem is noted by the dissonance and inability to resolve it, but the behaviors emerging from those who are "infected" by the thoughts are not exactly theirs to bear alone. We blamed the tobacco industry for smoking. Why can we not blame the employees who are providing the rationalizations for bad behavior? One might argue that they shouldn't be blamed because they have no choice in the matter. It may be their job to argue otherwise for the company.

The irony here is that vast majority of the denizens of HN are likely responsible for creating most of the "mess" we're in today by writing software without considering the long term effects on consciousness and perception of reality. That "mess" would be defined as means, by algorithms or neural networks, to attempt to exploit weaknesses in human nature to spread other's beliefs in a unnatural way. Growth hacking. In some cases, like Comcast, those beliefs are rooted in sophisticated rationalizations which sound good when limited in scope. But! I don't care what anyone says about it, changing the content of a page which, when requested from one place returns one thing and when requested from another (which ones pay for I might add) returns another thing entirely is a violation of TRUST. At least it is to me. I like consistency in my data.

If one of the "members" of this group we call HN wants to make a blaming statement against someone who is defending this irrational logic, then I say let them blame! How else are we to uncover the dissonance and solve it? Or, perhaps, that dissonance is desired to be left in place by our complicit behaviors trying to be "nice" to each other.

I've suggested before social media sites could benefit from a "this is a blaming statement" flag on articles or comments. I stand by that assertion today. Logging back out again. Thank you for all the hard work that goes into running this place.

[justinjlynn]

Indeed. Whoever thinks this is fine would probably also be okay with the telephone company injecting jingles into your phone conversations every 30 seconds.

[lucio]

Don't give them ideas... this comment was brought to you by by Inject-o-Matic Marketing services

[justinjlynn]

Oh, how I do wish there were a WP:BEANS equivalent for reality. Thing is, you know it's already a thing somewhere.

[QAPereo]

I think the mindset is that at least he’ll be embarrassed on his yacht. Short of that thinking, you’d have to assume a few solid layers of cognitive dissonance.

[userbinator]

There is no ethical excuse to ever inject code into a webpage.

...unless it's for adblocking...

Although I do that with a MITM proxy locally (and thus filters everything on my LAN), it would certainly lead to a very interesting situation if an ISP decided to do it...

[markbnj]

I mean, the end-user who requested the page certainly has a right to voluntarily inject script into the page they requested as it is rendered in their own browser running on a machine they own connected to an upstream internet provider they pay for access? Nice try at false equivalence however.

[userbinator]

What "false equivalence"? I was just pointing out an exception to the statement "There is no ethical excuse to ever inject code into a webpage".

[markbnj]

It's false equivalence because you (and everyone else) knows that the case of an end user injecting script into a page on the receiving end of the connection is not the scenario under discussion, and is not the behavior that the rule implied by the earlier comment would be intended to prohibit. If the comment was tongue in cheek then I have misunderstood you and withdraw my objection :).

[sumeno]

If only there were some way to notify your users that wasn't so scummy... like via email or regular mail

[tzs]

Regular mail, yes. Email, though, is largely just a waste of time.

Way too much non-spam disappears down overeager spam filters, which most people only check if they are specifically expecting some particular mail and it does not show up as expected--and even then many won't check their filters.

An ISP could white list their own mail in their spam filters but that would only help with the customers who use their ISP provided email. A lot of people use third party email providers instead and never use their ISP email.

[jclulow]

I find the reverse is true. My USPS mailbox receives daily credit card application forms, electoral flyers, catalogues, etc. I also get frequent mail from Comcast but they are _all_ bullshit ads, trying to hoodwink me into cable TV. I don't open them anymore, they just go in the bin.

I will at least _glance_ at my email.

[pbhjpbhj]

They could sign their messages? Also needs users to have easy to use mua that handles signing and shows "this is genuinely from your ISP unless they/you've been hacked".

For critical service info I'd want SMS personally, from a verified number with a link on the company main domain to verify the info.

[alexpetralia]

In the spirit of efficacy, browser injection may have a better response rate than email. Taking this to its next logical step, surely showing up in-person at your door is even more effective.

Is that the idea here?

Or does this efficacy come at some cost (namely, the sentiment behind this thread)?

[epicide]

With all the junk mail I get from my cable company about "upgrading" my service to include some crap I don't want, I would think they could find a way to slip in a "hey, your modem's busted" notice.

[rietta]

So they print Important Plan Information on the envelope.

[nerdponx]

Time-Sensitive, Open Immediately

You know it's actually an important piece of mail when the envelope isn't imploring you to open it.

[beamatronic]

The most serious snail mail correspondence is utterly and completely plain.

[santoshalper]

But you probably wouldn't read it, because lots of people don't read their email (at least partially because of the junk).

[JoBrad]

Yes, but if you don’t get the speed Comcast promises you, and you paid attention to that, then you’d call them up, and find out that way.

More work, but way less scummy.

[serf]

regional monopolies have never cared about scummy behavior.

[epicide]

And I'm more likely to read a pop-up?

[sjg007]

Maybe in the bill? Or online bill notification?

[metaphor]

I don't know what's worse: the straw man attempt at arguing efficacy while focusing on the weaker of two suggested options, or the (presumably) unscalable slippery slope of dispatching personnel to a customer's front door.

In either case, the argument does not address the fact that customers recognize unsolicited packet injection as unacceptable ISP behavior. Without support metrics, we can argue all day about the efficacy of one method of delivery over another, but the fact remains that no sensible user would perceive e-mail and/or post of official notice from their ISP as overtly intrusive. With as much internal advertising as Comcast distributes amongst its existing customers, it blows my mind that official notice generated from boilerplate and delivered via snail mail would fail to achieve the intended goal.

To be sure, your pre-edited comment: > Surely showing up in-person at their door must be an even more effective "reminder" than the browser injection! Is that next?

[octalmage]

Time Warner did show up at my door when they updated their speeds. I thought it was strange,and asked him to have Time Warner call and schedule a time, but it worked. He was going door to door.

[jasonlotito]

It was noted in the thread that other attempts are made first.

[erikbye]

Stop trying to rationalize it; this is not OK, period. If you can't reach your customer via his contact information, too bad, consider him a lost cause. And if it was something critical resulting in the customer's loss of Internet access, you can bet he will contact you then, if he cares.

[gech]

Off topic to this post but can you confirm any details on your company's intentions following the dismantling of net neutrality?