Slashdot Mirror
VeriSign Looks At Earning Money on Domain Typos
Harald Paulsen writes "In a recent article Computer Business Review uncovers how VeriSign Inc is testing a service that would return a webpage if a user mistypes an URL. Basically all nonexistant domain queries could return an IP address and if the user was trying to access a page with a webbrowser they could get redirected to a search-engine, or worse: a page asking them to buy a domain. This is most certainly breaking the DNS standard and could be compared to cybersquatting (Hey Ford, want to have a banner ad whenever someone mistypes Toyota?). This is interesting in relation to an earlier story about register.com and holding-pages."
So not only do they spam us, reserve weird rights to our domain names, and cybersquat, but now they are doing this. It is really too bad there is not some kind of ICANN policy against this type of thing... Then again, ICANN is made up of a bunch of organizations like them anyway, so the whole thing is corrupt.
Code and Other Laws of Cyberspace
VeriSign is evil... Microsoft is evil... AOL is evil... WHO DO I ROOT FOR? I don't know what to say... Um... um... Uh, San Dimas Open Source ROCKS!
Bush: He's Liberal in all the wrong ways.
http://slsahdot.org
of a position of trust.
They should maintain the registry from a technical perspective, period.
The issue is that all unused domains to come to a versign ad basically. What about the other registrars that you could register through. This seems like a mis-use of power.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
"Paxfire's Sullivan said his company's service is set up so that only web traffic returns an IP address. Domain queries for non-web applications such as email or FTP are dropped or return error messages, he said."
Bullshit. He's lying or clueless, or both. It's not like DNS requests have a flag saying "I'm sending this query for a web page!" My take? They're lying to hide the side-effects of this blatant violation of internet standards from the general public.
I've always hated that, especially because it lets MS log every single incorrect URL typed.
If precedent is already set as per online advertising through a competitor (think Gator, where it was deemed legal to show pop-ups of a competing company when visiting certain sites, or sites with certain keywords), how would something like this hold up, where it is the user's fault for mis-spelling the intended domain?
If it's legal to pop up competing websites without consent, then surely it's legal to redirect to a competing website when there is indirect consent (e.g. the user types in the erronous address).
Not that it's a desireable thing, just based on past precedent it seems the direction the legal system is heading.
I just thank my lucky stars I don't get redirected to some obscure/spyware infested search engine when I misspell slashdot- just a simple page informing me I've misspelled it, with a convenient number of how many others are afflicted with the same travesty.
At least it's better than that frightening site that was/is (I'm not looking) at anazon.com. They had bestiality pictures on the main page!
What I'm listening to now on Pandora...
From the same company that not all to long ago tried a scam to steal away domain names from their initial registrars, and is now being sued class-action style and being investigated by the FTC?
Request: ECM unit, 1000 km fullerene cable, 1 tactical nuclear weapon. Reason: Birthday party for foreign dignitary.
With IPv6 on the verge of being implemented, how will this affect domain names? There will be a plethora of IPs but less and less usable domain names to bind to. Unless of course people want to start using stuff like y4h00.com! or 47t4v15t4.com; registering unused domains for comerical purposes is a detriment to the world wide web, and also, forces developing groups to use awkward domain names.
-illumina+us "I put on my robe and wizard hat..."
And the funny thing is, they could probably even make some money off of that. Large companies like Toyota and Merill Lynch probably could afford it and would pay for the right to have users taken directly to them. Additionally, Verisign could have a service that guesses close domains built in, giving suggestions to a misguided user while serving a banner ad or two -- or heck, just says "Another service of Verisign".
But that's the problem with modern business thinkers. It's not about providing a service and seeing if you can get paid for it. It's about controlling channels and leveraging that control.
Seriously, I don't even suggest for a moment to anyone I know that they consider using Verisign for anything. They're the antitheses of trust.
Tweet, tweet.
Oh, I already DID configure it to do that. So I don't need this alleged 'service', thankyouverymuch.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
I can't think of a better way to exponentially increase the number of domains registered. Currently, FooBar company knows that nobody has registered any typo names, and that if anybody does, they can probably get rid of the type names through a lawsuit. Therefore, FooBar registers only foobar.com.
If this takes effect, the story changes. FooBar knows that if any customer makes a typo, Verisign will get to show an ad for Widget.com. The only way to make this go away is to register all of the possible typo names. So FooBar registers every single possible domain name that could possibly be considered close to FooBar. Bad for FooBar. Bad for anybody who wants a domain name (now they will ALL be taken), but good for Verisign.
Time flies like an arrow. Fruit flies like a banana.
You know, this is just going to place a good bit more load on everyone's nameserver, not just the roots. Every request that used to be discarded from NS caches because it didn't exist will now be cached normally as a "good" request. 10-12% more data load might not be much for small DNS uses, but for companies like AOHell and other large ISPs, VeriSign is just screwing them over.
On another note, this would have to be some form of nameserver hack, not a root file hack(correct me if I'm wrong). But not all of the root servers are controlled by Verisign. Are those independant roots going to go along with this? Why should they?
On one hand, Verisign wants us to believe they are sufficiently trustworthy to extort as much as USD1595.00 from us for a handful of 1's and 0's (SSL Certificates), and on the other they expect to be able to get away with the dispicable, annoying business practice of hijacking users' web requests? This is annoying enough as it is with opportunistic larrikins buying up misspelt domains, without the custodian of the database abusing its' position by returning effectively forged replies to queries for domains which do not exist. Reminds me of their recent foray into the domain 'Back-Order Domain Acquisition Service business.
I guess with competitors closing the gap by offering virtually the same thing for a fraction of the price, they must be getting desparate.
hmmmmm...
salsadot.org
Now, I just need to invent a few recipes for hot sauce with caffeine.
134340: I am not a number. I am a free planet!
This is most certainly breaking the DNS standard
No, it's most certainly not.
It uses DNS as the means to some questionable ends, but it doesn't break anything.
As a matter of fact, the master file format (which is not the DNS standard as we care about it in this context anyway) explicitly provides for wildcard records.
Watch your location (URL, address, URI, whatever) bar:
See?
Again?
One more time?
Now, what standards have we broken? What's to prevent the web server from deciding what content to give us based on the Host header field we send?
Mark
I wrote the following letter to ICANN when it first cropped up:
Hello,
We already have the example of WLS in Verisign abusing its monopoly (and ICANN not stopping this abuse -- see www.stopwls.com).
Planning to monetize all typos by rewriting DNS error codes to instead point to itself (i.e. instead of returning error codes, it will no longer return errors, but instead bring the surfer to Verisign money-making pages) is yet another example of an abusive monopolist. See here:
Given the huge technical standards that Verisign would be violating, as well as the Intellectual Property and economic issues (e.g. a typo of one letter of your domain name could send a client to a search engine listing your competitor as #1, or worse; John Zuccarini is in JAIL for his typo-squatting!), can someone in the Names Council, or the ICANN Board that has a spinal column please pre-empt this Verisign move by forbidding unilateral action of such a nature by means of a vote of some kind, through the introduction of a motion?
From the comments at ICANNWatch when this abuse last came up, perhaps the way to frame the motion is "gTLD Registry operators WILL return NXDOMAIN for ALL DNS queries for which where there is not a REGISTERED domain name." Period.
Once you start tampering with things at the DNS level, as Verisign is intending to do, you threaten the security and stability of the internet, as I think Vint Cerf properly recognizes (being right at least half of the time; bad call on WLS, but the courts and the US governmet will take care of that one eventually). For a company whose slogan is "The Value of Trust", Verisign makes a mockery of the caretaker role it has been given as guardian of the com/net registries. I trust them as much as I trust John Zuccarini.
If the US government had a problem with Microsoft embedding the Internet Explorer browser into its operating system, what will they think given Verisign has an even greater monopoly when it comes to DNS resolution? The power should belong to the users, who should have the choice (through their own software) how to resolve errors. That's why we have technical standards. Making that decision for them, by BREAKING technical standards and the applications that rely on those standards, as Verisign plans to do, and making loads of $$$$ while doing it, smacks of an abusive father-knows-best monopolist. Verisign is the father you wish you never had! Calling it a "service" adds insult to injury, as they did with WLS, especially when it's a MONOPOLY service, for which one has no choice. When you make a typo for a telephone call, does the 1-800 operator (AT&T, MCI, Neustar?) start playing paid jingles for your competitors, instead of telling you that you misdialled via a message?
Ultimately, folks know Verisign wants to milk every last penny out of its monopolies, and doesn't care who they have to step on to do so. Take a look at Games.TV which shows:
to understand what Verisign's goals are (Verisign runs .tv). Do you think you really own your .com domains? What price would Verisign like to charge you for your domains?? Once they wipe out some registrars through WLS, and other monopoly abuses, who will be left to stop them?
If Verisign is permitted to g
From the client side, Microsoft is already collecting every mistyped URL and substituting their own search engine!
In MSIE, a hostname that is not found will be sent to Microsoft. A page will be auto-generated, containing links to similar hostnames, and the Microsoft MSN search engine.
Microsoft is already receiving this information. I'm sure that there is a high commercial value in knowing the exact data on which domains are mistyped the most often! I would be surprised if Microsoft doesn't use this information internally, or resell it to the highest bidder.
Since MSIE is 90% of the installed browser base, I would be very surprised if server-side information on mistyped domains (as Verisign is logging) is very different from client-side information. The client-side information might even be more accurate, due to intermediary DNS servers doing caching of negative results!
Does anybody know for sure what Microsoft is doing with their large database of mistyped domains?
Dr. Demento On The 'Net!
From the perspective of a DNS server or client, what's the difference between a subdomain and a domain? Isn't "slashdot.org" a subdomain of "org"?
These are subdomains: sub 1 sub 2 sub 3
Will I retire or break 10K?