As a man in the middle doing an impersonation, he won't see an acknowledgement. But because he's got a sniffer on the client, he can proxy over in JavaScript. He's doing TCP acknowledgements over an Ajax tunnel, so that even though he doesn't see the acknowledgements going to the site being tested, he can see acknowledgements as they're emitted by the client.

"And thus, I receive them," he said. "I can do what ever I want."

And thus, network quality degradation will no longer be able to be done silently, he said. "Don't think people won't notice," Kaminsky said.

Kaminsky laughed while talking about his work, but he's dead serious about stopping providers from screwing up the level playing field for business online.

"A level playing field is required for the basics of business. Problem is, it's hard to make money on a level playing field," he said. "You can be a king maker. [Providers] can choose who or what other third party is going to make money, and that third party [could] be a worst solution by far, but they paid the most."

Contrast that with a level playing field, where third parties all get access to the same level of network quality. In a level playing field, third parties duke it out until the best product wins. That model, Kaminsky said, leads to customers who are loyal, and everyone is happy. "If not, they wouldn't have used this third party," he said. "Carriers are threatening to abandon the model that's provided a steady sequence of successful, profitable, useful companies and replace them with whoever pays the highest bribe for reasonable service.

"Provider hostility makes the Internet a place where you can't invest. You can't make long-term bets on a hostile network. As soon as you start doing well you don't know what the carrier will do."

Kaminsky has come up with a goal: He wants to use the most obscure of his technical abilities to defend online advertising. "This is not something I thought I'd ever say," he said. "But I believe a huge amount of the vibrancy of the Internet comes from commercial enterprise. If we go to a kingmaker model, nobody will be able to safely invest and all existing models will die on the vine. It doesn't matter if you create the best system. It doesn't matter if users really like you. Because someone else will show up and pay more than you will."

And now, thanks to Kaminsky's work, there is at last a speedometer to clock how fast providers are moving to rough up that level playing field.

This article was originally published on eWeek.com.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.