Slashdot Mirror
VeriSign Sued Over SiteFinder Service
dmehus writes "It was only a matter of time, the pundits said, and they were right. Popular Enterprises, LLC., an Orlando, Florida based cybersquatting so-called 'search services' company, has filed a lawsuit in Orlando federal court against VeriSign, Inc. over VeriSign's controversial SiteFinder 'service.' While PopularEnterprises has had a dodgy history of buying up thousands of expired domain names and redirecting them to its Netster.com commercial "search services" site, the lawsuit is most likely a good thing, as it provides one more avenue to pursue in getting VeriSign to terminate SiteFinder. According to the lawsuit, the company contends alleges antitrust violations, unfair competition and violations of the Deceptive and Unfair Trade Practices Act. It asks the court to order VeriSign to put a halt to the service. VeriSign spokesperson Brian O'Shaughnessy said the company has not yet seen the lawsuit and that it doesn't comment on pending litigation."
Anti-trust was one of the very few tactics I didn't hear discussed as possible ways to stop Verisign.
Arguing that they get for free what other companies must pay for is probably one of the easier arguments for win, since it proves itself nearly by definition.
I applaud the jackass who pays to abuse typos. At least they've finally proven their worth.
--
Use Vobbo for Video Blogs
Because sometimes that "land" has been previously owned, and the rights to it expired (not always intentionally).
There's nothing wrong about cybersquatting, but it's Just Not Right(TM).
Well, the term has gotten expanded to mean pretty much "owning a domain you don't use." But originally it referred to people who would, say, buy the rights to a celebrity's name .com, and then extort them into paying lots of money to get the rights to it.
This ended once the first trademark-infringement case went to court.
However, the general term stuck around and is now (IMHO) generally way over-used.
Bush: He's Liberal in all the wrong ways.
*Confirmed*: Adelphia has blocked VeriSign's new "service."
Please reply to this and list names of fellow anti-VeriSign ISPs if your ISP has blocked this new "feature" as well.
Thanks! I will enjoy analyzing this data.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
How is it different from the pioneers getting 40 acres and a mule?
First, a history lesson. '40 Acres and a Mule' wasn't a pioneer issue. What it is true that during the western rushes, various federal lands were put up for auction or claim by pioneers. The lands were not, however, specified to be 40 acres, but varied in size based on the territory and the specific land grant. For that matter, according to one of my HS Social Studies teachers (a dozen years ago), there were still federal lands for claim in parts of Alaska. That teacher was known to embellish the truth, so I won't put any varacity statement with that.
'40 acres and a mule' were reparations for slaves in the south. They were instituted by a Northern (Union) general, during the aftermath of the civil war, and were later reveresed by an presidential executive order.
So, in short, your parellel falls a little short. If the ICANN were to pass a ruling granting johnny-come-latelies names from vast corporate pools, that would be comprable.
So, what's wrong with cybersquatting: Well, with the federal land grants, if you occupied and developed the federal lands for a specified period of time, they became yours. You could sell or otherwise use them as you wished. Here, cybersqquatters either are taking a developed item (debatably property) and using its good will and value for an interest contrary to the orginal owners. Which would be a violation of the land grants, so thats one point where your analogy fails.
The other type of cybersquatter (who speculates on names or misspellings) is also abusing the good will of the originator, but may be a valid comparison. It is, however, annoying, to get redirected away from what you wanted because of a typo, and from the other side, a squatter who is taking an otherwise useful resource and making it near-useless is neither providing a valid service or generating good will.
Yes, it's semi-sleazy, but they don't cybersquat.
Timeline:
1997 or so: I registered tylereaves.com, mainly for use in e-mail
2000: I let the domain lapse, not really using it, and tired of paying $40 a year or so for it (Hey, registering was expensive in '97!)
200?: Netster becomes the owner of tylereaves.com
2003: I nicely ask for it back.
2003: I get my domain back. They didn't even charge me the trasnfer fees.
TODO: Something witty here...
This is a good time to look at Bob Frankston's dotDNS proposal for a layer of reliable but meaningless domain names. dotDNS lookups can be made self-verifiable using public-key signatures, but without the costly chain of trust required by DNSSEC methods. The validity of a dotDNS binding can be verified easily by the querier, without relying at all on the server that provided the putative binding.
dotDNS does not solve the whole problem, since any layer that translates from humanly meaningful names to dotDNS names is still vulnerable to hijacking. But the reliable and verifiable name bindings in dotDNS will make it *much* easier to switch name-resolution services when we are dissatisfied with their policies.
dotDNS is a cheap and immediately deployable positive step toward fixing the DNS mess, requiring no approval by any central agency. It's time for a visionary sponsor to step forward and just do it.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
But why? There's no real market in domain names any more. Verisign tried to make one. GreatDomains used to have thousands of listings, and you'd see things like "Asked: $25,000. Bid: $20." Now Verisign only has "premium domains" on GreatDomains, ones like "record.com". There are only 66 domains for sale, and few sales.
No, I think their complaint is that Verisign is in charge of baking the pies in the first place... it's hard to develop market share for your product, if users are diverted upstream.
don't mess with those geekgrrls
To get a domain.com.au address, the "domain" part has to have something to do with your registered company name, at least it did last time I checked. It seems to work well, IMHO.
The Internet Software Consortium (ICS), which makes the Berkeley Internet Name Domain (BIND) software (runs most domain name servers) has already released a patch to block "site finder":h tml
http://www.isc.org/products/BIND/delegation-only.
I just still can't believe Verisign thought they could get away with this.
More info can be found here:
http://www.popluarenterpirses.com/
"It makes me wonder if someone has a patent on silence yet?"
No, there's too much prior art, but John Cage has a copyright on 4'33" of it.
KFG
Full details of the lawsuit are available in this press release:p ?epi-content=GENERIC&newsId=20030918005730&newsLan g=en&beanID=478837757&viewID=news_view
home.businesswire.com/portal/site/google/index.js
Copy of lawsuit:
search.netster.com/about/lawsuit.asp
Sorry, I forgot to include these links in my submission. Post away!
Cheers,
Doug
Doug Mehus http://doug.mehus.info/
That requirement has been relaxed lately; they're pretty loose about it now, and auDA just require that it be 'related to your business operations'. Not quite the free-for-all that .com/.net/.org is...
deus does not exist but if he does
This litigation might work since Popular Enterprises still has to *buy* the expired domain first. With Verisign doing this for free they get a big leg-up on it. Either way I hope Verisign loses for this blatant RFC violation. This is fast becoming as something more than an annoyance.
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
try these links
Obligatory hello world example
Micro$oft
and a goatse.cx version
Umm ... guys ... I know it is late but you need to reparse the sentence. Mountain View is the California city in which Verisign is based. The litigant is Popular Enterprises, LLC.
--
Concerned about your network security? Try the free Nmap Security Scanner
Alexa Page Ranking, another insidious tool, lists Verisign Pagefinder as the number one Website in new Hits, up 1360 % on the week
http://www.alexa.com/site/ds/movers_shakers
If this is the way your VPN systems are set up, then they are set up wrong! The setup you have never was secure or safe because someone could've registered the domains you're hoping won't exist anyway.
The correct way to do this is to use a search order. That's why /etc/resolv.conf
has a search directive.
You put something like
and then when you look up "intranet", it will first try "intranet.internal.foo.org.", then "intranet.foo.org.", and THEN stuff that exists in the outside world.
Of course, not all operating systems have /etc/resolv.conf, but if they
don't have something equally good,
then they're broken and insecure...
Don't like it, don't agree with it, but acknowledge their right to use the service they faught for and won. If you can't take it, fight the fight to give them (better) competition, instead of filing some frivolous lawsuit.
Yes, thank you Ayn Rand. And how do you give them competition? Ask them to relinquish control of their root servers and institute yours in their place? Or maybe start a whole new internet? Yeah, that's going to work.
Let's face it. Verisign broke the rules (ie: RFCs) which were designed to govern how the internet infrastructure works. Rules which they implicitly agreed to in attaining their position of power.
However, perhaps you're right. They 'fought' for their position, so anything is within their rights. Why, if they suddenly decided to randomly redirect people's existing websites to a Verisign information page, I guess that's ok. After all, one can always fight to give them better competition by creating one's own separate internet.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Not quite. Owning a domain is a separate issue from DNS. Owning a domain means you have an entry in a domain registry. It does not mean you have a DNS entry. Owning a domain means you have paid your money and signed up and that you have the right to have your domain added to the DNS.
A lame delegation is something different. A lame delegation is when there are NS records that exist in the DNS, but they point to the address of a server that can't answer the queries for that domain. In contrast, if you have a domain that isn't in DNS, there is no NS record at all.
Hi
Whenever somebody miispells my internet address, they end up going to sitefnder.veirsign.com!
This is extremely difficult on my disabled users who frequently mispell my sight name, and rely on their browsers error message to know what happened.
They also don't appreciate that the closest match for the common mispellings are an adult site!, but that is besides the point.
As my main web site makers, what can you do? I'd hate having to go with another web design ferm, I trust that you can fix this... was it an upgrade to Windows 2003 that caused this problem? I've heard some bad things about that... but Microsoft patches their stuff pretty quickly.
Fred is out for the moment, had a horrible car accident, I'm corrisponding for him. Thanks!
-Aaron Peterson
aaron_pet@hotmail.com
509 332 7697
Please use [ informative / summarizing ] SUBJECT LINES
Flame me here
n addition to a number of already posted suggestions, I recommend that you call Verisign and file a complain:
/dev/null. But I suspect that pressure from all fronts might help. I have been told (off the record) that some people within Verisign are not happy with their wildcarding. Complaints get logged into a database that these people can review. Your complaints, in volume, might help those folks make a stronger case against top-level wildcarding.
+1 703-742-0914 (worldwide)
+1 888-642-9675 (toll free US/Canada)
When you call, select:
* 1 (purchase an product or renew an exist product)
* then 7 (all other questions)
I recommend that you be patient with the Verisign rep that answers the phone. That person may not fully understand the issue / problem, and they are unlikely to personally be responsible for the Verisign decision. Remember that you are objecting what Verisign as a company is doing. Don't yell at the rep. Be polite but firm.
Ask Verisign to stop the wildcarding now. Explain why what they are doing is wrong (such as being unable to determine of a EMail message is being sent from a bogus / non-existent domain because thisdomaindoesnotexist.com resolves to 64.94.110.11).
If you do business with Verisign now, tell them that you will switch vendors unless Verisign stops this practice in X weeks. (fill in the X)
You might want to leave your phone number and request a callback. Anonymous complaints do not go as far.
If you are in the US, you might want to contact your local member of congress and object about what Verisign is doing. Let Verisign know that you are doing this when you call.
Yes, they might flush your complaint down
chongo (was here)
you can file a complaint about Verisign to ICANN by using their:
chongo (was here)
If your on a windows machine there is an easy fix for PART of the problem. Just go into your hosts file:
I NNT\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts
or
C:\W
and add the line
0.0.0.0 sitefinder.verisign.com
Now this won't fix the DNS resolution problems but it will at least stop your browser from hitting the sitefinder page.
You got it in one.
Those domains have been set up that way for years. I wager they've been set up since those ccTLDs became popular. And they don't respond to SMTP connections.
The com and net gTLDs have *not* been set up that way for year and we really don't want them to be.
There's a 1x1 gif image in the sitefinder page, this is the URL that refers to it...
g nw ildcard/1/G.2-Verisign-S/s75019259531159?[AQB]&ndh =1&t=19/8/2003%2018%3A54%3A6%205%20-60&pageName=La nding%20Page&ch=landing&server=US%20East&c1=NOTHIN G&c2=NOTHING%20%2800/00%29&c3=NOTHING%20%28DYM%29& c12=No&c13=00&c14=No&c15=00&c16=Yes&c17=15&c22=NOT %20SET&g=http%3A//sitefinder.verisign.com/index.js p&s=1024x768&c=16&j=1.3&v=Y&k=Y&bw=1024&bh=614&p=R ealPlayer%28tm%29%20G2%20LiveConnect-Enabled%20Plu g-In%20%2832-bit%29%20%3BWindows%20Media%20Player% 20Plug-in%20Dynamic%20Link%20Library%3BShockwave%2 0Flash%3BShockwave%20for%20Director%3BMicrosoft%C2 %AE%20Windows%20Media%20Services%3BAdobe%20Acrobat %3BMozilla%20Default%20Plug-in%3BJava%20Plug-in%3B QuickTime%20Plug-in%206.0.2%3B&[AQE]
http://verisignwildcard.112.2o7.net/b/ss/verisi
Why would they want to know my plugins and screen size, amongst other things?
Oh well, not to difficult to get Mozilla to block that at the cookie it sets.
Heh, http://sitefinder.verisign.com/terms.jsp is an interesting read.
I had to modify the following a bit from the original. Slashdot wouldn't let me post it as it was (Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING.)
And just how am I supposed to stop using this? It's kinda forced upon me (besides not using the net at all...).
NeuStar, which exclusively controls the .biz and .us domains, has been using a similar service on and off since June. They have been attempting to divert the typo traffic to a paid search engine for profit, and have made money doing so. Originally, they had been collaborating with VeriSign for months behind closed doors to create a service like SiteFinder, but they were unable to agree on who got what money, and the joint deal never happened - they went their own ways.
.biz and .us DNS servers, but it has been running on and off for months.
VeriSign built their own system, which obviously works fine. NeuStar has no such resources or knowledge, and outsourced the building of their system. Unfortunately for them, it is plagued with problems and has never worked right, because they partnered with a couple of morons to build the system for them (an ex-journalist and an ex-IT manager, who thought they could build an 'Internet' company) The NeuStar system is not currently running, because it screwed up the NeuStar
Just a little FYI about other registries already using a SiteFinder-like service, from a developer at a company the morons tried to hire to help them fix the broken service they built for NeuStar. Naturally, we declined to help them try and steal web traffic for profit.
As far as ICANN goes, they knew the registries (both VeriSign and NeuStar and others) were building projects to intercept and sell mis-typed domain traffic. VeriSign and NeuStar legal teams had even met with ICANN to discuss the feasibility of the projects. ICANN agreed with the concept, and to 'see how it goes once implemented'. Their recent silence followed by the 'advisory' is simply their attempt to over themselves after the fact - they knew it was coming, and conceptually bought off on the idea.
So there you have it, from an insider. I guess next time you should have us sign NDA's, morons.