Slashdot Mirror
VeriSign Sued Over SiteFinder Service
dmehus writes "It was only a matter of time, the pundits said, and they were right. Popular Enterprises, LLC., an Orlando, Florida based cybersquatting so-called 'search services' company, has filed a lawsuit in Orlando federal court against VeriSign, Inc. over VeriSign's controversial SiteFinder 'service.' While PopularEnterprises has had a dodgy history of buying up thousands of expired domain names and redirecting them to its Netster.com commercial "search services" site, the lawsuit is most likely a good thing, as it provides one more avenue to pursue in getting VeriSign to terminate SiteFinder. According to the lawsuit, the company contends alleges antitrust violations, unfair competition and violations of the Deceptive and Unfair Trade Practices Act. It asks the court to order VeriSign to put a halt to the service. VeriSign spokesperson Brian O'Shaughnessy said the company has not yet seen the lawsuit and that it doesn't comment on pending litigation."
- buying up random names, and hoping someone would buy it from you (aka. domain speculation)
- buying up specific company names, and charging them obnoxious amounts if they want it (which would end up in court, etc)
In this case, Verisign didn't pay for anything-- they're claiming everything that hasn't been bought. Not only that, but if someone had a domain, but didn't have a host in the domain, they're claiming that as theirs, too.[Not that I'm surprised...the first sign that things like this were going to happen was when IE started replacing webserver error messages with their own if they decided your error message wasn't big enough, and replacing 'server not found' with links to their search engine]
So well, your 40 acres comparison falls through as it's more the equivalent of someone saying 'all this is mine until someone else buys it' and then, after you buy your plot, they still claim the area that you haven't built on yet, even though you have the deed to it.
Build it, and they will come^Hplain.
At what cost? Routers are working harder, code has been introduced into core servers that has no technical reason to exist, and an IP address, or possibly a sizeable range of IP addresses are now blacklisted worldwide. Those IPs won't be usable for anything anymore, or at least until we see widespread adoption of IPv6. *cough*
What the Internet doesn't need is to become even less of an end-to-end transport, less reliable. And we did it to ourselves.
Feh.
This is a classic example of hypocrisy, but maybe this'll pay off.
This sig no verb.
The enemy of your enemy is not necessarily your friend. Domain and typosquatters are the near bottom of the barrel, just a rung above spammers. Just because they are attacking another bottom-feeder does not make them heros.
But at the same time, if you take a step back, the rapid mobillization of the response to this is VERY impressive, and the rate at which the Internet is reconfiguring itself to get rid of the trouble is quite amazing.
Remember, three days ago, people were moaning about how this would be a disaster, DNS would be broken, spam filters would be rendered impotent, etc etc.
I'm just saying that, objectively, if you look at this sort of like a body repelling a bacterial attack, the rate at which it's been countered is quite amazing, and shows how well the Internet is fundamentally put together.
Bush: He's Liberal in all the wrong ways.
Homesteading required that the homesteader develop and improve the property in order to receive title. You had to actually live on the land, and farm it, and build a house with a door and window, and after you had proved the land, you would receive title.
Cybersquatters do no such thing. There's a difference between registering coffee.com to build a coffee site and registering www.coffee.com to resell it later. Cybersquatters are more akin to ticket scalpers than to homesteaders.
Where have you been? Have you noticed the fact that it's important to be able to tell when a site doesn't exist? That this crap means typos can cripple most e-mail servers? That it invalidates a good section of the RFCs the Internet itself was based on???
Wake up. If you want to find a site, you use Google. If you want to go to a non-existant one, you should damn well be told there's nothing there.
Verisign has just acquired more domain names than there are atoms in the universe. If Mountain View wanted them they'd have to pay more money than exists, whereas it only cost versign a line in their DNS records.
This is clearly abuse of monopoly.
First off, the idea that Verisign can appropriate unregistered domains represents a huge conflict of interest with its management of the TLDs. Nobody should be able to reassign IPs for non-registered domains. This undermines the whole system, which has facilities to address this situation.
The fact that ICANN didn't block this move is further evidence than this organization is totally useless and political.
Along the same vein, I disagree with MS's misleading implementation of the IP-not-found error page to redirect users to their proprietary search engine.
The Internet community should rally against any entity that seeks to appropriate undefined address space for their own gain.
If Verisign is allowed to do this, what we're likely to see is each major ISP and browser manufacturer follow suit and hijack undefined space to promote their own systems.
Imagine if you dialed a wrong number on the telephone and you got an advertisement for the phone company. What if local broadcasters bombarded all the unused frequency spectrum with their own promotions.
This has less to do with Verisign than it does to protect the sanctity of null space.
It makes me wonder if someone has a patent on silence yet?
Wow, that document was published 10 days ago. That's best practices for you.
Notice that they only address HTTP and SMTP in the guidelines. I guess there really aren't any other protocols worth speaking of.
(https maybe? Hmm - I wonder what happens there)
They get it for free, but they also lose it any time someone wants to take it away, for any specific domain. I personally don't like it, but I don't know if this particular avenue of attack will succeed.
You know, I wouldn't really have THAT much of a problem if verisign at least served up the page with a 404 status error in the header. However, their sitefinder gives out the normal "200: ok" status on bad domains, which seems to me like a serious problem - I can see this breaking existing apps.
find / -name "*.sig" | xargs rm
As far as the RFCs go, maybe the internet architects never thought of this abuse.
Or, put another way, Mountain View would be perfectly satisfied if the result of the lawsuit was that Verisign allowed other cybersquatters to grab mistyped domains for free also, creating a huge happy cybersquatting family. Somehow I don't think the rest of us would be quite as delighted though.
The bold print giveth, and the fine print taketh away
Nice injection attack. Hmm, I wonder if feeding such a URL to a censorware site could get all of verisign.com in some blacklists?
When Verisign was given the authority to manage DNS for these TLDs, they were given this responsibility with the public trust.. The public trusted them NOT to do things exactly like this. You should do DNS, and that's it - nothing more, nothing less. In return, Verisign was given a source of income. I think that if Verisign continues in this way, it may be time to take back this thing entrusted to them. This has become yet another disaster in "privatization", and we should maybe consider moving this service back to the "public" sector (as much as it can be...).
You are missing the whole reason everyone is so upset. Verisign DOESN'T HAVE the rights. They DO NOT OWN the .com or .net
domains. They have entered an agreement
with ICANN where they are the designated
people who ADMINISTER the domains.
They are being financially compensated to
provide a service related to .com and .net;
this does not mean they own them!!
Think about this distinction. If you'd like an analogy, think of mutual funds. Mutual funds are owned by shareholders; however, they pay a fund administrator to manage them. The administrator has the power to make all kinds of changes, but this does NOT mean he owns the mutual fund! If the administrator decided he was going to manipulate the direction of the mutual fund to maximize his own personal income instead of the fund's income, he'd be taken down faster than you can say "Martha Stewart".
The .uk the TLDs are run by Nominet, a not-for-profit organisation that allows anyone to register as a registrar. They manage the .uk namespace but have no commerical interest in it. Given that VeriSign have now demonstrated that they can't be trusted not to take advantage of their position for commerical gain a similar organisation to Nominet should be setup to manage the .com and ..net domains.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.