Slashdot Mirror
3rd Lawsuit Against VeriSign Seeks Class Action
dmehus writes "A third lawsuit has been filed late Friday in a federal district court in California against VeriSign, Inc. over its controversial DNS wildcard redirection service known as SiteFinder. According to the article, it was filed by longtime Internet litigator Ira Rothken. In addition, while two other lawsuits have been filed by Go Daddy Software, Inc. and Popular Enterprises, LLC. in Arizona and Florida, this is the first lawsuit to seek class-action status."
Verisign truly has no shame, but the reason they can get away with this is simple: most people on the net now are new to it, and have not the faintest idea about how the net used to be a cooperative medium, where bullshit like this was not tolerated. Today? No such luck, users expect to be scammed and abused with every click, they will accept this, and they are the majority.
will be happy to see VeriSign blasted on this one. This is one of the stupidest ideas I've ever seen, and is a pain in the ass. I also wouldn't mind seeing someone else have control over the TLDs VeriSign currently controls.
Recently, the .museum TLD went live. It's just like any other TLD except that domains that don't exist diect you to a page saying the domain doesn't exist and with a couple of links. Many other countries also do this sort of thing with their domains. They're not very different than Verisign's SIteFinder, but there's little to no outcry over this. I'm curious because a lot of the objections about SiteFinder should also be true about the .museum TLD and all the others. What's different here?
And don't tell me because nobody uses those domains, that it's okay. That's just an elitist view and also blatant hypocrisy.
Can one get in trouble for launching a DOS attack on an unassigned web address? Do they all by default belong to Veri$ign (OK, I couldn't resist porting the obligitory $, generally reserved for M$), or are they fair game to hit with reckless abandon?
What about Email, IRC, USENET etc etc... How would that be forwarded to a search engine? HOw do I prompt a user in IRC to choose which is the mistyped addresses they really meant? Do you expect half the software for internet communication to be re-written?
The Internet is not just the web!
And this is a very stupid, ill-thought out idea!!
D.
1. The distributed network in its infancy is lovingly brought to life by researchers: arpanet is born.
...man in his time plays many parts, His acts being seven ages. At first the infant, Mewling and puking in the nurse's arms. And then the whining school-boy, with his satchel And shining morning face, creeping like snail Unwillingly to school. And then the lover, Sighing like furnace, with a woeful ballad Made to his mistress' eyebrow. Then a soldier, Full of strange oaths and bearded like the pard, Jealous in honour, sudden and quick in quarrel, Seeking the bubble reputation Even in the cannon's mouth. And then the justice, In fair round belly with good capon lined, With eyes severe and beard of formal cut, Full of wise saws and modern instances; And so he plays his part. The sixth age shifts Into the lean and slipper'd pantaloon, With spectacles on nose and pouch on side, His youthful hose, well saved, a world too wide For his shrunk shank; and his big manly voice, Turning again toward childish treble, pipes And whistles in his sound. Last scene of all, That ends this strange eventful history, Is second childishness and mere oblivion, Sans teeth, sans eyes, sans taste, sans everything.
2. Rapid protocol development as the network begins to start walking: from gopher to httpd to mosaic. Email and usenet populate most universities.
3. Private enterprise realize the potential and small companies start forming around services and products aimed at network usage. Network usage is a daily exercise for academics and early adopters. Linux arrives and Slashdot's squeaky pubescent voice first heard.
4. The internet meets the economy and Wall Street goes apeshit. Billion dollar companies are started, sustained, and identified by their position on the network and mindshare of net users. The network is the computer.
5. Infrastructure buildout is complete, and educated people worldwide use it as a communication medium. Initial high-growth opportunities are gone so Wall Street sours on the newness, returning its attention to fundamentals of profit-grubbing.
6. Annoying spammers take over, search engines are all manipulated, pop-ups for porn and travel are everywhere, Microsoft mass-marketed virus hysteria takes place, simple hosting efforts become a bitch.
7. Lawyers and short-sighted opportunists inexorably and slowly strip everything likeable from the network by lawmaking and lawsuits until there is nothing left but death and taxes.
Shakespeare's As You Like It (Act 2:7)
http://tinyurl.com/4ny52
Register.com might be the next one to file suit, given their strongly-worded letter which was sent to VeriSign and ICANN.
The Stop Verisign DNS Abuse Petition is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).
and how often will bind work? DNS servers cache site, so there is moon.com and noon.com, noon.com falls off for a day or something and now all noon.com requests go to moon.com, noon.com comes back online, how long will the noon.com requests keep going to moon.com? HRM, cnn.com is popular, some crazy haxors get cnnn.com, and DDOS cnn.com and everything on its network out of this world, requests for cnn.com now start going to cnnn.com.
I don't think the solution should be in bind. If I do a telnet host123 to see if it exists, I don't want to connect to host231 cuz bind thought that's what i wanted.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
I'm not happy with sitefinder, but I have seen some referrals from misspelled names to our main site. Not a lot, but enough to get noticed. What I also notice is that several domain names that I previously owned, but not owned by anyone at the moment, are all coming up as a sitefinder page. I just wonder if they are doing this to all expired, previously registered domain names. And for the record, the domain names were originally registered on Network Solutions/Verisign.
Pete Carr Owner Chatmag.com
Data mining! They set up a fake SMTP server that dosn't drop the connection until AFTER they have the 'FROM' address. There partners in this sitefinder are overture, how is this FUD?
Let me guess... it'll be settled out of court, Verisign will admit no wrongdoing, the lawyers will get a few million dollars, and we'll all the $5 off the next domain we register with Verisign.
I can hardly contain my enthusiasm.
I am NOT a man!
I am a free number!
Second, and far more important, you forget that DNS is used for more than just web browsing. As someone pointed out above, what about protocols that do not support that search page? How do you present a search page to IRC users? Sure, you could just redirect them, but then you'd have all sorts of mistaken redirections. It would suck.
Far better to leave it to the surfer's choice. As is, many browsers redirect to a search page if the host-name lookup fails. Thats the best method; it avoids issues with other protocols, with DNS caching of false replacements, or any of the other issues, while giving the surfer's browser full control over how to implement it, what search engine to use, etc. There is no real loss by leaving it to the browser, but many gains. Think. Then speak.
Mensa member, eh? Beware of arrogance and stupidity.
This would ruin the authoritative nature of DNS. It's not supposed to be an "approximation" system. Doing the above would cause more problems than it would solve, as it would leave to misdirected emails, misdirected websurfers, and big privacy and security issues.
Failed lookups are a good thing. It empowers the end-user to decide how to best handle those errors. Shifting that power to the registry (in the case of Verisign's Sitefinder), or to BIND (hosted by the ISP) would remove power from end-users.
I see big problems arising from this. One, if it looks like VeriSign will lose, they will more than likely settle out of court and make sure an issue like this stay untested as to be lawful or not. Just like the DMCA mess and the mass suing from the RIAA.
.com/.net domain on good faith really. No one has the power to remove them from handling these domains. There is no true law up to this point on who owns them and what guidelines they HAVE to follow. Even the RFC's don't contain any insight on how something like this should be handeled.
Second, VeriSign is handling the
Do we really want the gov (at any level) to start getting their hands in this? Do we want another self appointed body saying what can and cannot go? Both of which, to me, are scary but it seems that the "self healing" that the internet was built apon is failing at this point. Even if another RFC is written, who's to say that VeriSign will follow it?
I see no good comming from this really. The only good ending would be that VeriSign halts its practice on its own and an RFC is drafted to prevent this in the future and people follow it. The only issue I see there is it's still done on faith and it looks like faith has gone the way of the dot.coms.
IANAL of course and most of you probably aren't either, but if you really detest VeriSign then don't just rant about it on Slashdot, join the lawsuit. It doesn't take much of your time, is a learning experience, will make a real difference by strengthening the case against VeriSign, and there's a slight cance it will actually net you some cash.
The catch, of course, is that you have to fit the description of the proposed class, and this story is short on details regarding what that proposed class is. I can only speculate that it would be anyone who has typed a URL lately and ended up at SiteFinder when they expected to find something else.
Well, blast away . . .
ICANN is accepting comments on Sitefinder. This page also has links to various official letters they've received.
Also, Lauren Weinstein 's People for Internet Responsibility is looking for data on the effects of sitefinder<sig>Guvf vf abg n frperg zrffntr
Register.com simply put up a test patern page by default when somebody registered a domain but failed to come up with with valid nameservers. That was annoying to those who paid for domains they weren't using, but then again its also their fault for not having one of the reqirements it takes to operate a domain.
.net and .com that hasn't been registered, which is something only VeriSign could possibly do.
.com or .net query is supposed to return "NXDOMAIN", an indication that the domain doesn't exist and therefore the request is no good. That was an error that used to be handled by the user's software, now Verisign has overtaken that.
This is different because Verisign isn't limiting their actions to domains registered through them. In fact, SiteFinder replaces every domain in
Basically, SiteFinder's IP address is being returned any time a
This breaks any application that depended on "NXDOMAIN" accurately being reported. One key application was an important spam defense... if the domain in the from field returns an "NXDOMAIN" when somebody tries to look it up, trash the message because the from line must be bogus. Now, nothing returns "NXDOMAIN" when queried, so that test always returns a negative.
ICANN hired VeriSign to run the DNS system according to the protocols. This is something that's not in the protocols, and VeriSign is just doing with a "You can't stop us!" attitude. ICANN nicely asked VeriSign to suspend the service, and got a defensive reply. It's time for either ICANN to fire VeriSign, or for the US Dept. of Commerce to fire ICANN...
As Paul Vixie said, the major problem here is one of broken expectations. The .com and .net domains have behaved in the non-wildcard manner since day dot. There is a reasonable expectation that a DNS query on a non-existent .com or .net domain will return a "no such domain" response. VeriSign unilaterally broke this without warning. I believe that ".museum" has implemented the wildcard since day dot, so there are no broken expectations there. As the IAB said, it's reasonable to implement wildcards with the informed consent of everyone who is delegated a name in that zone (but it's still a bad idea, technically, for various reasons).
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
Who set up the contract with Verisign? The "gov" did. Who kept the contract with Verisign? ICANN, but who set up ICANN? The Department of Commerce -- the "gov".
Do I want to see the government directly administrate this? No. Do I want a for profit company to be granted the monopoly that Verisign has? HELL, no. I think the second option is actually worse in the long run.
Personally I think that a non-profit organization should be doing what Verisign has been doing. It's a monopoly position and as such can't be trusted to a "for profit" entity (IMHO for whatever it's worth). There's no danger of them being beaten by "competition" so there's no incentive for them to do a good job and follow the rules. If they screw everyone else over, "so what? It's our playground."
But to question whether we want the government "involved" seems a little naive. The government has always been involved, is still involved, and frankly will probably always need to be involved.
The government was heavily involved up until well after the Internet went into wide use. The the Clinton folks decided to try to turn it into just a cash cow. Unlike some people, I tend to like a great deal of what the two Clinton administrations accomplished... but this whole business of trying to turn the Internet into nothing but a commercial space was foolish. The Internet isn't a street market.
Then again, I suppose the government had a lot of help from all the profiteers until the bust.
The Internet is a community. Every community has a place and need for businesses. Every community also has a place and need for government.
Business' interest is in making profit. It isn't interested in handling bad actors. The market will to some extent correct for bad actors but will also encourage bad actors to some extent. Just look at the business headlines of the past couple of years.
And in some cases bad actors pop up who the market could care less about because their actions don't involve money. Government is the third party that has the job of stepping in and controlling the bad actors (in or out of business) and imposing ethics on business.
This particular situation with Verisign involves a monopoly. Sometimes a monopoly is unavoidable. Like with power companies, this is one of those situations. Also, like with power companies, there's a necessity for a governing body that is NOT (at least not entirely) made up of commercial interests.
ICANN should be filling that role but it's track record is abysmal and it's causing all of us to reap what they've sown.
When you've got a monopoly resource you can either have government manage it, a business handle it, or a non-governmental non-profit organization handle it. It can certainly be argued that government isn't always the best way to go. Alternately, giving a business a monopoly removes the only check on bad behavior -- competition. If there's no competition, sooner or later government will have to step in and either reign in the business or take over because the business will abuse the privilege of it's position.
How soon it happens depends on the ethics of those initially in charge, but sooner or later there'll either be overt abuse of power or simply really shitty customer service and bad management of the resource. There's no incentive to avoid it.
Unfortunately, to some extent, no matter who "manages" the monopoly community resource, there's going to have to be a level of governmental oversight, or there will be Verisigns all over the place saying, "You don't like it? Then don't use our service. Oh, you can't avoid our service if you use the Internet? Well, there's your answer, bub."
Quoth he
"It's all academic anyway..."