What was so bad with VeriSign's Site Finder service?

Miscellaneous and Personal Stuff I Must Share
1

I personally didn’t mind it. It’s nicer to at least get something rather than the damn page cannot be found error.

Besides, VeriSign has a contract through ICANN for all .net and .com dns queries, so if you ask them for a webpage don’t they have the right to tell you if they don’t have it? It’s not like they were flashing advertisements at you. It was a nice clean simple page that even suggested some possible domains you were trying to access.

Here is a good relatively unbiased article on the topic.

2

Whoops I thought I was somewhere else :smack:

3

DNS is a low-level protocol. It’s job is to offer a specific service to higher-level applications – and that service includes generating a specific error code for unknown domains, which the application can then handle as appropriate. The application is the proper place to include cute hacks like redirecting the user to a search page when he makes a typo.

And in fact, Microsoft Internet Explorer has done exactly that for years, except that because it’s implemented at the application level, you can turn it off if you don’t like it (personally, I prefer a simple error message – if I want a search engine, I know where to find it). Or you can choose to use another browser alltogether, whereas Verisign’s one-size-fits-all hack offers no such alternatives.

So, for the 97% of the world who uses IE, the “problem” has already been solved and Verisign was simply stealing Microsoft’s typo-squatting traffic. By the way, have I mentioned privacy concerns yet?

But most importantly, the Web is just one of many Internet protocols. For e-mail, they at least took the trouble to put up a little bouncer daemon to reject your mail, but it was horribly broken in a way that could lead to mail being silently dropped without the sending user being any the wiser. All other applications would simply have their errorhandling routines broken, leading to time-outs and misleading error messages at best. And of course, for network administrators, the fact that non-existing domains could suddenly be pinged and everything didn’t exactly aid troubleshooting.

Basically, the fact that Verisign would be willing to mess with one of the most basic and important protocols underlying the internet for the sake of making a few dollars on banner ads, strongly casts doubt on their being the right party to administer the .com and .net domains.

Can you tell I’m still seething about this, even though the Sitefinder hack has been temporarily suspended? Lord knows what they’ll think up next…

4

Think of the nearly infinite domains that were redirected to Verisign’s site. If someone wanted to go out and register all those sites, it would take a nearly infinite amount of money. But Verisign gets it for free. That is a tremendous economic advantage it has over everybody else. One that it wasn’t supposed to have.

It also became the world’s biggest typo-squatter and then some. A practice I find despicable.

It’s Net sleaziness of the first order. Not in the least harmless or helpful. 40x is useful information to a lot of people and programs.

5

OK, I just read the article you linked to. It doesn’t look unbiased to me – it’s an uncritical presentation of Verisign’s spin on the issue.

The article does not mention any Internet applications other than mail and the Web. They dismiss claims about “the stability of the Internet” by pointing out that their own DNS servers are still running, while they know damn well that that’s not what people were worried about. What people were worried about is the fact that they broke proper error handling for every other service and application on the Net, other than (arguably) Web and (more-or-less) e-mail.

Sure, wildcard records are perfectly legitimate – for subdomains! If you own the example.net domain, you know exactly what services you are running so if you feel like making all *.example.net names resolve to a single IP, go right ahead. But doing the same thing at the TLD level, so that all *.com and *.net addresses are affected, is just a wee bit different.

Oh, and they most definitely were planning to offer banner ads through Sitefinder; they made that very clear in the Terms of Service for the site (which also included the brilliant gem “by using our service you are agreeing to our Terms of Service – if you don’t agree with them, your only remedy is to stop using this site” – what am I supposed to do, never mistype an URL again?). If they had not gotten around to plastering the site full of ads yet, it’s not because of any admirable restraint.

6

Imagine that your local postal service decided to do this (to cover just 1 of the internet uses affected by this).

Every piece of mail that wasn’t addressed EXACTLY correctly, became theirs. That letter from your 6 yr old niece, that put an extra letter in your last name? Theirs. House number listed as 3512 instead of 3521, theirs. Your Christmas present from Grandma with the incorrect postal code? And neither you nor the sender will ever know what happened to it.

This isn’t about the quality of their search engine. It’s about the largest land grab in the history of the internet. EVERY unregistered domain name, in effect, becomes their. All for the low low price of a couple of lines of programming code.

7

Martin what privacy concerns are you talking about? VeriSign provides you a service. You are requesting something from them and they are giving it to you.

And yes, the article is uncritical. If it was critical that would mean it is biased against them. I said it was unbiased!

If they really were going to offer banner advertising I would concede, but when I was pointed to the site there was none.

8

Normally, when my computer looks up the address of a site, I never contact to either Verisign or the site’s nameserver directly, but only to my own ISP’s DNS cache server. Verisign only knows about the domains my ISP visits in the aggregate, they don’t know about me personally. But with Sitefinder, if I were to mistype a site I intended to visit, or mistype an address while sending e-mail, I am connected to their server against my will (unless you count making a typo as “requesting their service”).

Some people might be concerned about letting others know that not only do they visit websites about nymphomania three times a day, but it usually takes them several attempts to spell it correctly. :stuck_out_tongue:

Interestingly, the mail-bouncer they installed did not start sending out error codes as soon as you connected to it – instead, it would appear to be a real mailserver, accept the “From” and “To” address of the message, and only reject the mail after those had already been transmitted. I can’t think of any technical reason for that.

Admittedly, this is not a very big deal as Internet privacy threats go, but it has been named as yet another argument against Sitefinder so I thought I’d throw it in there. To me personally, it’s not the issue.

The article gives Verisign very generous room to present it’s side of the issue, while mentioning the “con” arguments only in the context of Verisign debunking them. I don’t feel that it gives both sides equal weight. Basically, it’s a report about a Verisign press release.

It seems biased in favour of Verisign to me, but as you’ve probably guessed, I’ll happily admit to having a few biases of my own on this issue. :slight_smile:

Yes, it seems they removed the entire site rather than just the wildcard DNS entry. So I’m afraid you will have to take my word for it that they made no bones about the fact that they were soliciting advertisers for the site.