Slashdot Mirror
3rd Lawsuit Against VeriSign Seeks Class Action
dmehus writes "A third lawsuit has been filed late Friday in a federal district court in California against VeriSign, Inc. over its controversial DNS wildcard redirection service known as SiteFinder. According to the article, it was filed by longtime Internet litigator Ira Rothken. In addition, while two other lawsuits have been filed by Go Daddy Software, Inc. and Popular Enterprises, LLC. in Arizona and Florida, this is the first lawsuit to seek class-action status."
Verisign truly has no shame, but the reason they can get away with this is simple: most people on the net now are new to it, and have not the faintest idea about how the net used to be a cooperative medium, where bullshit like this was not tolerated. Today? No such luck, users expect to be scammed and abused with every click, they will accept this, and they are the majority.
will be happy to see VeriSign blasted on this one. This is one of the stupidest ideas I've ever seen, and is a pain in the ass. I also wouldn't mind seeing someone else have control over the TLDs VeriSign currently controls.
Recently, the .museum TLD went live. It's just like any other TLD except that domains that don't exist diect you to a page saying the domain doesn't exist and with a couple of links. Many other countries also do this sort of thing with their domains. They're not very different than Verisign's SIteFinder, but there's little to no outcry over this. I'm curious because a lot of the objections about SiteFinder should also be true about the .museum TLD and all the others. What's different here?
And don't tell me because nobody uses those domains, that it's okay. That's just an elitist view and also blatant hypocrisy.
Can one get in trouble for launching a DOS attack on an unassigned web address? Do they all by default belong to Veri$ign (OK, I couldn't resist porting the obligitory $, generally reserved for M$), or are they fair game to hit with reckless abandon?
CowboyNeal is the "I don't know what to choose" option of he old polls, when he world was flat, the air was clean and dogs were still barking out of their arses.
instead of the verisign sitelooker page, I suggest that BIND (the software that runs 60% of the DNS) should be enhanced in several ways: The most important one, IMHO, is to compute a list of close matches and present these choices to the user. They may use the Soundex algorithm or some other tricks to see if characters are transposed, if one characters is wrong, if one is missing, etc.
;-)
If well implemented, this would solve 60% of the problem. The remaining 40% is due to the fact that people sometimes doesn't actually mistype a known address... they type a dead wrong address, such as "amazonbookstore.com" instead of "amazon.com". In this case, BIND should split up the phrase into separate word (in this case "amazon book store" and redirect to a search engine with those words as parameters. The big question in this case is: which search engine?
I think that one should be able to choose, in one way or another. If not, Google would be my choice
He's an editor
Reposting old trolls now, are we?
How small a thought it takes to fill a whole life
Whereas Linux is still not out of alpha...
1. The distributed network in its infancy is lovingly brought to life by researchers: arpanet is born.
...man in his time plays many parts, His acts being seven ages. At first the infant, Mewling and puking in the nurse's arms. And then the whining school-boy, with his satchel And shining morning face, creeping like snail Unwillingly to school. And then the lover, Sighing like furnace, with a woeful ballad Made to his mistress' eyebrow. Then a soldier, Full of strange oaths and bearded like the pard, Jealous in honour, sudden and quick in quarrel, Seeking the bubble reputation Even in the cannon's mouth. And then the justice, In fair round belly with good capon lined, With eyes severe and beard of formal cut, Full of wise saws and modern instances; And so he plays his part. The sixth age shifts Into the lean and slipper'd pantaloon, With spectacles on nose and pouch on side, His youthful hose, well saved, a world too wide For his shrunk shank; and his big manly voice, Turning again toward childish treble, pipes And whistles in his sound. Last scene of all, That ends this strange eventful history, Is second childishness and mere oblivion, Sans teeth, sans eyes, sans taste, sans everything.
2. Rapid protocol development as the network begins to start walking: from gopher to httpd to mosaic. Email and usenet populate most universities.
3. Private enterprise realize the potential and small companies start forming around services and products aimed at network usage. Network usage is a daily exercise for academics and early adopters. Linux arrives and Slashdot's squeaky pubescent voice first heard.
4. The internet meets the economy and Wall Street goes apeshit. Billion dollar companies are started, sustained, and identified by their position on the network and mindshare of net users. The network is the computer.
5. Infrastructure buildout is complete, and educated people worldwide use it as a communication medium. Initial high-growth opportunities are gone so Wall Street sours on the newness, returning its attention to fundamentals of profit-grubbing.
6. Annoying spammers take over, search engines are all manipulated, pop-ups for porn and travel are everywhere, Microsoft mass-marketed virus hysteria takes place, simple hosting efforts become a bitch.
7. Lawyers and short-sighted opportunists inexorably and slowly strip everything likeable from the network by lawmaking and lawsuits until there is nothing left but death and taxes.
Shakespeare's As You Like It (Act 2:7)
http://tinyurl.com/4ny52
Exactly how the hell is this any different from Register.com's redirected stuff? Or any other webhosts for that matter? Is it ONLY because VeriSign runs the domain names for .net and .com? I really don't understand why this is a problem, and I can guarantee you the overwhelming majority of people seriously don't give a s**t. Can anyone explain it without bringing down showers of FUD?
'Standards' in computing only impress those who are impressed by things like 'standards'.
Register.com might be the next one to file suit, given their strongly-worded letter which was sent to VeriSign and ICANN.
The Stop Verisign DNS Abuse Petition is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).
I'm not happy with sitefinder, but I have seen some referrals from misspelled names to our main site. Not a lot, but enough to get noticed. What I also notice is that several domain names that I previously owned, but not owned by anyone at the moment, are all coming up as a sitefinder page. I just wonder if they are doing this to all expired, previously registered domain names. And for the record, the domain names were originally registered on Network Solutions/Verisign.
Pete Carr Owner Chatmag.com
Let me guess... it'll be settled out of court, Verisign will admit no wrongdoing, the lawyers will get a few million dollars, and we'll all the $5 off the next domain we register with Verisign.
I can hardly contain my enthusiasm.
I am NOT a man!
I am a free number!
I see big problems arising from this. One, if it looks like VeriSign will lose, they will more than likely settle out of court and make sure an issue like this stay untested as to be lawful or not. Just like the DMCA mess and the mass suing from the RIAA.
.com/.net domain on good faith really. No one has the power to remove them from handling these domains. There is no true law up to this point on who owns them and what guidelines they HAVE to follow. Even the RFC's don't contain any insight on how something like this should be handeled.
Second, VeriSign is handling the
Do we really want the gov (at any level) to start getting their hands in this? Do we want another self appointed body saying what can and cannot go? Both of which, to me, are scary but it seems that the "self healing" that the internet was built apon is failing at this point. Even if another RFC is written, who's to say that VeriSign will follow it?
I see no good comming from this really. The only good ending would be that VeriSign halts its practice on its own and an RFC is drafted to prevent this in the future and people follow it. The only issue I see there is it's still done on faith and it looks like faith has gone the way of the dot.coms.
Hm. I seems every domain owner who has disabled his DNS entry could go into such a lawsuit, couldn't he?
VeriSign does redirect the domain he buyed for the use permission just because no DNS entry is present.
At least already registered domains with just no DNS delegation should be excluded.
Same is the case with every TLD which does make use of the same feature so I agree on this point really. Making not-registered domains valid does break services so it's generally a No-No. IMO ICANN should give any resolution out on this matter.
IANAL of course and most of you probably aren't either, but if you really detest VeriSign then don't just rant about it on Slashdot, join the lawsuit. It doesn't take much of your time, is a learning experience, will make a real difference by strengthening the case against VeriSign, and there's a slight cance it will actually net you some cash.
The catch, of course, is that you have to fit the description of the proposed class, and this story is short on details regarding what that proposed class is. I can only speculate that it would be anyone who has typed a URL lately and ended up at SiteFinder when they expected to find something else.
Well, blast away . . .
ICANN is accepting comments on Sitefinder. This page also has links to various official letters they've received.
Also, Lauren Weinstein 's People for Internet Responsibility is looking for data on the effects of sitefinder<sig>Guvf vf abg n frperg zrffntr
I don't care where it's settled.
I don't care who makes or pays money.
I don't care if I get a discount on domains.
I just want that fucking Sitefinder disabled.
How 'bout you?
What is this now? You bit and now you're feeling stupid for responding to such an obvious troll?
Shit, it only took 3 reposts for you to get it (and who knows how many times before by the guy who originally wrote it) !
A thought is resounding in my mind right now... YOU ARE A DUMBASS. But hey, you can always claim vlad-style retroactive trolling!
Does Verisign (and others) keep 100% of the fees they charge for registering a domain?
If not, perhaps Verisign should pay for all those domains they now host! A penny per domain name would be fine...
he's a gross, fat, ugly, dirty, dick-licker!
Compu$erve got this LONG before Micro$oft was anything evil.
Back in the day Compu$erve was basicly a large mainframe (Compusere had been in business for a VERY long time) and at the time BBSes were everywhere.
The problem was that Compuserve had become very expensive for the time due to charging an hourly rate and most of Compuserves services were available for free from BBSes.
People had gotten tired of it and started calling it Compu$erve.
Now a days Microsoft basicly overcharges for Windows for what they get for free with Linux.
I don't actually exist.
Verisign now has not only ICANN telling them to stop, but three suits against them for doing this crap. They won't get the message, but perhaps they will stop this and remove the wildcard from their root if the suit is found not in their favor.
This sig no verb.
when you mistype that domain name, you get a few suggestions. You also get a list at the bottom of the box for "popular searches". Click on them and you get "sponsored results for:" listings. Sponsored results means they are making money off of this via their "monopoly" on the fact that they run the DNS.
Of course, it's a messy fight, because VeriSign wants to make money off people clicking on the links that display because of their position of power, while the companies suing like Netster want to make money by buying mistyped domain names, then inflicting 18 popups, a homepage redirect, and a copy of Gator on you. So no matter who wins, we lose
I have blog like everyone else
How many lawsuits will it take Verisign to get the hint that they can't do this? I'm just waiting for the trademark lawyers to start filing lawsuits next. Verisign balance Sheet: Income 1,000,000 Expenses 2,000,000 (1.5 million went to lawyer and settlement fees.)
Interesting how the only gendre founded in genuine scientific origins (sci-fi channels) have the most obnoxious, sterotypical, aggressive propaganda (commercials) which have nothing to do with the viewer other then to piss him/her off. Coupled with a less then average social life. You either end up with a criminalized profile (with irrational tendencies towards a decided scapegoat).
Coercion???, who/why/when.
Do the users get to decide that the internet will be full of scamming and abuse? I think not. It is up to the courts to decide this. Companies must obey the law, and people who use the internet will get along with whatever happens, because people are very adaptive. However, the legalities of the system must be observed. If they are not, what good is a judicial system?
Fundamentally, I think some of the complainers here are just bitching because Verisign grabbed for itself the ability to scam via redirection that these folks previously were independently making money off of.
This sort of bogus redirecting is rampant. Not just with people who hoard typo domains, but with more "reputable" companies such as major ISPs.
I still haven't gotten to the bottom of this one, but when my machines were set up to get their DNS settings via DHCP, I would find weird "search" directives inserted into my resolv.conf files, to some name server within my ISPs address space, I believe (this is with TWC-Roadrunner), with the result that my browser would get redirected whenever I picked a page (even a properly spelled one) from my recent history list. This was happening on every machine on my LAN when they were running Mozilla-Firebird. Every frigging time you tried to go to a page via the history drop-down list, you'd end up at Web100.com or worse. I never completely figured out what was going on, but when I switched everything to static addressing on the workstations (that is, behind my NAT box) and hard-coded resolv.conf to delete any "search" directive and simply point to known, non-bullshit name servers, the problem went away.
Commercial companies abuse their superior position on the network all the time to take advantage of those below them on the food chain.
Verisign isn't the only one or the main one, just the one in the best position to trump everybody else. Perhaps letting them do it and control it is better than the alternative, which is a free for all. The way the current system is set up there must be a root server, and someone has to control it. Do you really think the GOVERNMENT would do a better job?
As Paul Vixie said, the major problem here is one of broken expectations. The .com and .net domains have behaved in the non-wildcard manner since day dot. There is a reasonable expectation that a DNS query on a non-existent .com or .net domain will return a "no such domain" response. VeriSign unilaterally broke this without warning. I believe that ".museum" has implemented the wildcard since day dot, so there are no broken expectations there. As the IAB said, it's reasonable to implement wildcards with the informed consent of everyone who is delegated a name in that zone (but it's still a bad idea, technically, for various reasons).
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
The email that Go Daddy sent its customers can be found here and their complaint against Verisign can be found here.
So basically, they've hijacked my browser to take them to their site, and then claim that my use of their "service" contractually binds me to their terms of use. Nice. Make sure you type your urls very carefully lest you become contractually obligated to Verisign!
Lawyers who bring these actions truly have no shame, but the reason they can get away with this is simple: most people on the net now are new to it, and have not the faintest idea about how the net used to be a cooperative medium, where bullshit like this was not tolerated. Today? No such luck, users expect to be scammed and abused with every click, they will accept this, and they are the majority.
Here's the real shame: The 5 step program for building wealth in your lifetime:
1) Goto School - Get your JD
2) Pass the bar
3) Join ABA
4) File class actions
5) $Profit!
Nobody involved in this class action appears to want to see YOU get the money. This is for the lawyers and the lawyers only... get that through your thick heads and you won't keep cheering this litigation crap on.
Look at the other two parties who are suing Verisign and you might just see a pattern.
Figure it out now and your life will be happier: Lawyers who enter into class actions are generally never heroes of the little guy. Though they now seem to work on increasing their PR and public appeal on "news" networks, hosted by a lot of... lawyers (well, at least those anchors are off the streets and out of the court rooms)!
Law license in the hands of the people doing the suing generally = License to harass, license to scam. Check it?
Prospect: Verisign
Large company - Check
Deep pockets - Check
Cash flow solid - Check
Has adequate incentive money : settle ratio to make an action profitable - Check
Can be vilified by gullible nerds so as to deflect the real reason for the action - Check
Conclusion: Excellent Target
Likely outcome for council: $Profit$
The lawyers sue, gain wealth and you will pay for it, not benefit from it. Going to court is not a damn lottery (unless you have that JD, that is)!
Is anyone having difficulty resolving domains and hosts registered through GoDaddy?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
But yes, spammers can do this with those ccTLDs, and the fact that it's an obvious problem when .com and .net do it doesn't mean we shouldn't have realized it was a problem when .museum and those ccTLDs did it. (oops...)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Verisign is responsible for the Registry, which is the official database of .com and .net domain names, IP addresses, and whois information, but the Root Servers actually implement the DNS. Aren't they also responsible for making sure their config files are correct (and *.com is obviously an error)? Some of them are run by Verisign, but some aren't, including some outside the US, and even some by Paul Vixie, the author of BIND who did the recent patch that made it not accept Verisign's bogus data. This may change the _operational_ issues, but they still should be doign the Right Thing.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
That doesn't mean that you can't argue that Verisign doesn't owe somebody (themselves?) $6/name for the previously-unregistered names they're now using, or that they don't owe ICANN whatever cut ICANN gets of those names....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
No, a DOS on Sitefinder's IP address, which is what a DOS on bogus .com domain names would accomplish, wouldn't affect the root name servers. It would interfere with reaching their web search pages and email trap pages, taking longer for bouncegrams to get back, which is still bad, but it wouldn't bother DNS at all. And of course, it would still be Wrong and probably illegal.
Now, if you want to have fun with SiteFinder's email system, you can start leaving a bunch of bogus-domain email addresses around for spammers' harvesters to pick up. That would mean they'd be more likely to send their spams for random users or dictionary-attack to SiteFinder instead of real machines, but presumably Verisign sized their systems to account for this.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Who set up the contract with Verisign? The "gov" did. Who kept the contract with Verisign? ICANN, but who set up ICANN? The Department of Commerce -- the "gov".
Do I want to see the government directly administrate this? No. Do I want a for profit company to be granted the monopoly that Verisign has? HELL, no. I think the second option is actually worse in the long run.
Personally I think that a non-profit organization should be doing what Verisign has been doing. It's a monopoly position and as such can't be trusted to a "for profit" entity (IMHO for whatever it's worth). There's no danger of them being beaten by "competition" so there's no incentive for them to do a good job and follow the rules. If they screw everyone else over, "so what? It's our playground."
But to question whether we want the government "involved" seems a little naive. The government has always been involved, is still involved, and frankly will probably always need to be involved.
The government was heavily involved up until well after the Internet went into wide use. The the Clinton folks decided to try to turn it into just a cash cow. Unlike some people, I tend to like a great deal of what the two Clinton administrations accomplished... but this whole business of trying to turn the Internet into nothing but a commercial space was foolish. The Internet isn't a street market.
Then again, I suppose the government had a lot of help from all the profiteers until the bust.
The Internet is a community. Every community has a place and need for businesses. Every community also has a place and need for government.
Business' interest is in making profit. It isn't interested in handling bad actors. The market will to some extent correct for bad actors but will also encourage bad actors to some extent. Just look at the business headlines of the past couple of years.
And in some cases bad actors pop up who the market could care less about because their actions don't involve money. Government is the third party that has the job of stepping in and controlling the bad actors (in or out of business) and imposing ethics on business.
This particular situation with Verisign involves a monopoly. Sometimes a monopoly is unavoidable. Like with power companies, this is one of those situations. Also, like with power companies, there's a necessity for a governing body that is NOT (at least not entirely) made up of commercial interests.
ICANN should be filling that role but it's track record is abysmal and it's causing all of us to reap what they've sown.
When you've got a monopoly resource you can either have government manage it, a business handle it, or a non-governmental non-profit organization handle it. It can certainly be argued that government isn't always the best way to go. Alternately, giving a business a monopoly removes the only check on bad behavior -- competition. If there's no competition, sooner or later government will have to step in and either reign in the business or take over because the business will abuse the privilege of it's position.
How soon it happens depends on the ethics of those initially in charge, but sooner or later there'll either be overt abuse of power or simply really shitty customer service and bad management of the resource. There's no incentive to avoid it.
Unfortunately, to some extent, no matter who "manages" the monopoly community resource, there's going to have to be a level of governmental oversight, or there will be Verisigns all over the place saying, "You don't like it? Then don't use our service. Oh, you can't avoid our service if you use the Internet? Well, there's your answer, bub."
Quoth he
"It's all academic anyway..."