Slashdot Mirror
OpenDNS Says Google-Dell Browser Tool is Spyware
PetManimal writes "David Ulevitch, the founder of OpenDNS, claims that Google and Dell have placed 'spyware' on Dell computers. Ulevitch made the claim based on his observation of the behavior of the Google Toolbar and homepage that comes preinstalled on IE in new Dell machines. He says that a browser redirector sends users who enter nonexistent URLs to a Dell-branded page loaded with Google ads. Another observer, Danny Sullivan, says that this is a different result than what happens on PCs without the redirector. However, the original article notes that Ulevitch has a vested interest in the results of mistyped URLs."
Now I work for a fortune 500 company and guess what we do with every box we get from Dell? Re-image it.
Now, for the 99% other Dell customers, this is just purely unfortunate because I'm not so naive to expect everyone to know how or why they should take the above actions. I hope that all the virus scanning apps (HiJackThis, Lavasoft's Adaware, etc) get this thing because Adaware is about the most useful thing I can show my family how to use frequently enough to keep the computer protected.
This sounds a lot like something the old Gateways would do. Huh, I never would have thought Dell would reach that level but, well, here we are. The important thing is to factor this in when you're thinking about a new computer. Hopefully some competition will spring up for Dell and, you know, quality of the software (not just the hardware) will start to matter for Dell.
My work here is dung.
This seems like junk that Dell have installed to make some cash one the side. If firefox bundled the same dns hijacker then who would you blame? Firefox or google?
Just because google make the tool doesn't mean its their fault that it is installed by default in a spywareish fashion.
Google is a publicly traded company and as such here's what's important to them.....
Making money for their stockholders.
That means doing things like creating spyware if it helps their bottom line. The mantra of "Do no evil" becomes null and void once you become a publicly traded company. They should change their motto to "We do less evil than everyone else".
Google is going to do what is best in their corporate interest. Surprised? Don't be. It's business
The issue here is that Google / Dell beat OpenDNS to the punch. Both accomplish the same purpose: when a user types a malformed URL into the address bar, they get an "enhanced" experience.
OpenDNS is bummed that Google figured out a way to make money off the proposition. OpenDNS should have thought of that first.
To Copy from One is Plagiarism; To Copy from Many is Research.
Dell is "monetizing" mistyped URL traffic, like OpenDNS. The customer has a choice which DNS server he uses and which preinstalled software he gets with a new computer (by choosing different vendors). Both do the same, for the same purpose. If I had to choose between the two, I'd choose Dell. At least they don't fly under a false flag, like OpenDNS, which only claims to be Open for marketing purposes.
http://www.iwebtool.com/domain_lookup?domain=www.g oogle.com
Age of domain 9 year(s), 9 month(s) and 9 day(s) - Online since: 15-Sep-1997
P.S. Roll your monitor 180 degrees.
... Or at least _not only_ The same behaviour happens on my company issued Dell D820. It comes loaded with IE6 and NO Google toolbar and yet when I mistype a URL I do not end up at the MSN search page like on any other IE installation! Instead IE redirects me to a Dell branded Google search page full of Google commercials.
I'm sure slashdot denizens will have a good time discussing how useless the bundled software and trialware that comes with Dell computers is, and how the sensible thing to do is reinstall from scratch, but that's been the case for a while. There is zero story here.
The fact that it sends you to a custom page if you make a URL typo does not mean it is spyware. That's a visible change, and you would be hard-pressed not to notice the effects of the software, or the fact that it sends you to a Dell branded page.
Since Dell ships it to you that way, you have no meaningful opportunity to establish an expectation that the Dell system behave differently. I.E. Since the software "comes that way" for you, it's not as if the software made a change to your computer without your permission.
So not only is it not spyware, it's not malware, or software that secretly modified your system without authorization (because, you see, your system came that way in the first place).
When I got broadband from Charter they changed my 404 settings to go to some Charter-specific search page and I had to go through some hyperlinked hoops to change it back to just plain old 404. I didn't look to see if they were earning from the pages.
Lifehacker recently had an article on a piece of software called the PC Decrapifier. I haven't tried it, but it seems relevant to this thread.
This claim may very well be FUD but there is a way for people to test. Just download a network packet capture program and look at the traffic being sent. I did this myself and didn't see anything untoward being sent nor did I see any gibberish traffic to indicate encryption. But, that isn't to say that I didn't miss anything when scanning the log of the output. Basically, anything offered by a for profit company for free, really is not. If the service were entirely gifted, the company would rapidly drift into the red. Also, read the EULA. I get scared by long convoluted statements which can be subjected to interpretation. I do like Dell hardware but the first thing I do when I get my dell is to delete the partitions, re-partition, and format the HDD. I recommend everyone doing the same.
If you don't want to reinstal: http://www.pcdecrapifier.com/ My mother in law bought one. Now I am used to your anti-virus no longer getting updated if you don't pay. But when her spamkiller expired, her email stopped working . And I can assure you there is NO WAY she would have been able to fix that herself without paying.
10 ?"Hello World" life was simple then
Using OpenDNS redirects mistyped URLs to their own site.
_ money
http://www.opendns.com/faq/#how_does_opendns_make
How does OpenDNS make money?
OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free.
Now, to be fair I use OpenDNS at home, but I find it hard to take this kind of warning from a person who makes money the same way.
AFAICT Google is just used by Dell on the Dell search page, thats all.
This wouldn't have anything to do with opendns being powered by Yahoo, right?
I'm wondering who actually developed the software. Was it Google who developed it for Dell, or was it Dell who developed it internally and called it the "Google URL Assistant" because it redirects traffic to serve up Google ads which I presume it gets a cut off of. It's not clear if the name of the app means it was written by Google or if it just refers to what service Dell is redirecting to.
Idiot, n. A member of a large and powerful tribe whose influence in human affairs has always been dominant
Yesterday I got a lot of feedback from people who just assumed I was biased and an underdog out to complain about Google. This is not what it's about!
Here's what I mean:
Use the smell test. Does what Google is doing smell bad? Is it giving users a good experience?
Compare:
with
(and if you want to see ours)
If you just compare what google is doing to their own users you'll see that they are showing a terrible experience to the users who are Locked-In versus the users who have the choice to use any search service.
Thanks,
davidu
# Hack the planet, it's important.
Internet Explorer has always redirected you to Microsofts homepage in some way, why shouldn't Dell/Google be allowed to do the same?
Setting aside the fact that using IE at all is the best way to get infected with spyware in general[1], the alternative to Dell's site is NOT Google's normal page.
The only way to get to Google's page from Internet Explorer in its default configuration is to explicitly go to google.com, and with the redirector in place you still get to the regular google home page if you do that.
If you open up Internet Explorer without the redirector and type a "keyword" into it, you normally end up on Microsoft's search engine.
Given the alternative of going to MSN.com or a Dell-branded google.com, I know which one I prefer.
[1] If you care you should be using Firefox which (for all its flaws) has a design that's many times more secure than IE...
It appears to me by using your dns service instead of the one provided by an isp, I forfeit the ability to have my dns lookups remain anonymous. That seems to fall closer to the definition of spyware in my book.
Your DNS requests are not anonymous right now. Don't mislead yourself into believing they are. Even if you run your own resolver that talks to the roots. DNS is one of the most tapped, mined and inspected pieces of the infrastructure I can think of. People do it for profit (domainers) and for research (security folks).
We're clear on how we use it (which is to say, we don't use it for anything personally identifiable or to target ads to you).
-david
# Hack the planet, it's important.
This Google+Dell spyware comes preinstalled and is purposely more difficult to uninstall than it should be.
OpenDNS provides DNS service (duh!) which is often much better than users' default DNS service. OpenDNS doesn't come preinstalled. Users have to willing chose to set it up and can just as easily disable it. The pages it shows for malformed URLs can even be turned off if you have a static IP address.
It makes absolutely no sense for you to say "bravo to Dell" for "using the leader in search relevance to give users something relevant", yet describe OpenDNS as a "cyber-squatter of typo-domains".
Way too many people are into typosquatting now. From OpenDNS to the "toolbar" guys to the guy who paid off the government of Cameroon (try anything in ".cm"), there can now be several layers of typosquatting between the user and the actual domain. At least we got Network Solutions to back off from their attempt.
Search may be coming apart. There are too many people trying to "game" the search systems now. "Search engine optimization" used to be viewed as evil and was done by low-rent operations. Now we have publicly held companies (Marchex, ticker symbol MCHX) formed just to create dummy domains. Collactive, the Digg spammer, just got venture capital from Sequoia Ventures. Computer vendors load up their preinstalled machines with unwanted "toolbars", which, as this article mentions, produce mostly user-hostile information. All the sources of information which drive search engines, from inbound links to user ratings, are now being spammed by sizable companies. It's a big change from the situation two years ago, when the troublemakers were all little guys with limited resources.
It's going to get worse before it gets better.
... not all users know how or what to uninstall - and some of it is virtually uninstallable.
By way of example; my Grandmother got a Dell. She's 80 odd, but can use a browser, email, etc. Her Dell was great - but she couldn't wo rk out why she wasn't able to receive emails. Time and again, she, or her friends would, with or without telephone support - would configure Outlook Express correctly - only to find that that it kept changing the POP3 server URL. I gave her remote assistance - and could swear it was working; but every time she told me it wasn't owrking, sure enough - the POP3 details had changed. Eventually, I tracked it down to McAfee which had a year's subscription to anti-virus; but 30 days' subscription to an entirely unnecessary spam blocker. A bug in their spam blocker meant that it correctly diverted all attempted POP3 connections to itself; but then screwed up the address of the actual POP3 box and couldn't actually connect. Of course, it only inserted itself at boot time - so every time I'd fixed it by remote desktop it looked great; till Gran rebooted...
I disabled this - but only after Gran had basically been emailless for 3 weeks. Lo and behold! On day 30 - it suddenly prevented here using email again - this time because its license had expired - so it refused to allow her to use her email app - even without it! Cue - Add/Remove Programs. Only it wouldn't allow itself to be removed because its AntiVirus companion was running... it took me hours to clear out this crap. And yet - without me doing it; Gran couldn't get her email, first because of their sloppy coding - and then because of their "license expiry" hijack.
That's why crapware preinstall should be banned. By all means - include a CD or a link to a website where I can choose to download trials - but preinstalling them is outrageous. Imagine if a car came with a pre-installed alarm system which wouldn't let you drive the car without getting out your credit card or a screwdriver?