Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    This discussion has been archived. No new comments can be posted.
    Verisign typo-squats | Log in/Create an Account | Top | 54 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    by cambler (chris@ambler.net) on Monday September 15 2003, @09:49AM (#12194)
    User #36 Info | http://onthenet.ambler.net/
    This is an interesting case.

    One the one hand, Verisign is going against the de-facto use of the protocol in denying rejections being sent. They'll break a lot of software that relies on this.

    On the other hand, serving up a search page is, by a very strict reading, within the protocol. You do not receive a rejection, but an actual response, even if it's not the response you expected. It wasn't the protocol that hijacked the response, it was you, who typed in the wrong URL (and hence the wrong domain name).

    Were Verisign to return a "fuzzy" response, you can be assured that most browsers would use it to display their own search page, and monitize that traffic themselves. Obviously, Verisign is doing this for the revenue - and one can't fault them for that.

    At the end of the day, the question, I think, will be: are there enough people upset at this to do something about it? Can anything be done directly? Probably not - Verisign owns the resolvers, and short of ICANN making them stop, they'll most likely go ahead.

    However... what Verisign serves up should be deterministic in nature. As such, browsers could recognize that and interpret it however they want. If they see a Verisign-generated search page, they can ignore it and show their own. Verisign couldn't complain about this, because it is, for all intents and purposes, exactly what they're proposing to do, themselves.

    Interesting times we live in.

    Ambler On The Net [ambler.net]

    [ Reply to This | Parent ]
    • Re:Choices? by dmehus Monday September 15 2003, @12:46PM
      • Re:Choices? by cambler Monday September 15 2003, @01:01PM
        • Re:Choices? by tlr Monday September 15 2003, @01:41PM
          • Re:Choices? by cambler Monday September 15 2003, @01:50PM
            • Re:Choices? by tlr Monday September 15 2003, @02:26PM
              • Re:Choices? by fnord Tuesday September 16 2003, @01:20PM
            • Re:Choices? by dmehus Monday September 15 2003, @02:34PM
        • Re:Choices? by jimrutt Tuesday September 16 2003, @08:52AM
          • Re:Choices? by cambler Tuesday September 16 2003, @09:05AM
            • Re:Choices? by jimrutt Tuesday September 16 2003, @10:46AM
            • Re:Choices? by cambler Friday September 19 2003, @08:55PM
              • Re:Choices? by jimrutt Monday September 22 2003, @09:23AM
            • 1 reply beneath your current threshold.
    Class action here?
    by finee on Monday September 15 2003, @05:49PM (#12204)
    User #2781 Info | http://www.FineE.com
    Is there not a potential for a class action lwasuit against Verisign here on behalf of all the holders of registered and common law trademarks and service marks for trademark / servicemark infringement?

    From an IP prespective what is the difference if this is done by registering many domain names or by trapping the traffic at the registry level. The result is that same. The traffic intended to the trademark / servicemark holder is redirected to a pay per click serach engine for the benefit of the typosquatter of cybersquatter.

    With a deep pocketed target such as Verisign how long is there before some enterpreneurial law firm or group of law firms launches the largest class action lawsuit ever, with members of the class ranging from mom and pop start ups to multinational corporations.
    [ Reply to This | Parent ]
    What about telephone numbers
    by rhill on Tuesday September 16 2003, @12:47AM (#12207)
    User #3320 Info | http://www.itu.int/ITU-T/
    How would people feel if, when you dial a telephone number that is incorrect only because 2 digits are transposed, you got a directory service instead of a "wrong number" message?

    I don't know, and have no personal opinion, I'm just curious as to what people think.

    Thanks and best,
    [ Reply to This | Parent ]
    This is so Wrong!
    by Dangerman on Tuesday September 16 2003, @11:25AM (#12219)
    User #3841 Info
    I don't like this at all.
    They are supposed to manage the dns, not turn it into a moneymaking machine for theirself. It wouldn't be so bad if they made millions without hurting anyone, but they will be making money at the expense of many other people who depend on the internet for their income. They will be filtering money out of many people's pockets, and funneling it into their own pockets.

    Also, what changes will they make to their pages in the future? Who's going to complain when they make small changes in their favor?

    They have been trusted to manage the DNS, ...to be in charge of using it in a manner fair to everyone. Now they have given one company the ability to profit from all unregistered domains. ...that company being theirself. How is that fair? How is it fair to profit from the traffic from a domain without paying for it? Now if that domain brings them in 10 cents during a year, it's profitable for them, because they pay 0 cents for it. With no registration costs, they can offer services from domain traffic, cheaper than anyone else can. How can anyone else compete with that? Where's the level playing field? It costs me about $10 a year to use the traffic from a domain, and I have to pay for it before I can find out if it's profitable. It costs them $0 a year, and they will know in advance which domains will be profitable, before they buy it. Plus they can sell their traffic for much less and drive me and many other people out of business. I may be forced to give up my domain, because it won't be profitable for me to renew it. If I don't renew it, and it expires, it will automatically be a profit maker for Verisign. This reminds me of Enron.
    This is also unfair in another way. What if Verisign did this from the beginning? Can you imagine all the high traffic domains they or their friends would own by now? With the information they will have, on which domains get the most traffic, who do you think will register them? Who do you think will be buying the best traffic domains from now on? Do you think when they see a domain making them $1,000 a year, they will let it sit there, unregistered, taking the chance that someone else might register it? Many people work full time looking for good domains to buy. They do their research, pay the registration fee, and hope the domain has typein traffic. Now verisign, with their inside information, can easily put them out of business.

    They are using the position they have been entrusted with to gain a huge unfair advantage over many businesses and people working from home. They have shown that they are not capable of managing the DNS fairly and should have that responsibility taken away, immediately!

    This is big business taking over the internet at the expense of smaller players, not a responsible company managing the DNS.
    [ Reply to This | Parent ]
    Online Petition
    by GeorgeK on Tuesday September 16 2003, @03:46PM (#12223)
    User #3191 Info | http://www.kirikos.com/
    Sign the petition [petitiononline.com] to help stop this abuse.
    [ Reply to This | Parent ]
    It's easy to blame Verisign
    by RFassett on Tuesday September 16 2003, @08:20PM (#12224)
    User #3226 Info | http://www.enum.info
    A core action item of the white paper was to reduce market place dominance of the .com TLD.

    So, five years later, DNS is broken because .com has millions of typo-squats per day. Show me the parties that have squelched the evolution of market place competition at the registry level and I will show the parties that have broken DNS. What we have is simply a consequence of past decisions. If .com had the unit volume of .museum, few would even give this a yawn. Might be an extreme example, but I think makes the point. If .com did not have the market place dominance it currently enjoys, typo-squat redirects would not be a multi million dollar enterprise. Likely the same for WLS. Either might not even be something Verisign would choose to launch for reasons of market demand, ROI, or practical functionality. So when we talk about "who broke DNS", I think the waters run a little deeper. The white paper was written for a reason. It has been strayed from. DNS broken. Go figure.

    [ Reply to This | Parent ]
    It Is Not Just Unregistered Names
    by jberryhill on Wednesday September 17 2003, @05:13AM (#12230)
    User #3013 Info
    The Sitefinder page is also generated for (a) domain names with no nameservers, (b) domain names in the redemption grace period (RGP) and (c) domain names on registrar hold. The names may indeed to be registered to someone, and that someone might very well object to the use of their name by Verisign, along the same lines as the register.com parking page claim.

    The fact that RGP names are included provides extremely valuable intelligence to a few insiders at Verisign. They are in a position to know, with certainty, the traffic levels on domain names which are soon to be released. In conjunction with the wait-list service, this information is a gold mine.

    The fact that Verisign is resolving on-hold names also frustrates reliance on the way things have historically worked. Take UDRP-cancelled domain names, for example. Bodacious-tatas.com was cancelled in a UDRP proceeding. To prevent resolution of that domain name, the complainant filed a lawsuit in India, where lawsuits move slowly enough to permanently keep a domain name on ice. Despite these efforts, Verisign is now earning pay-per-click revenue on the domain, and Verisign will be the only party to be able to earn revenue from this domain name for the foreseeable future.

    Verisign will, of course, obtain John Zuccarini's revenue stream in the event that the court handling the Zuccarini case orders his domain names to be pulled out of the root. Again, nice timing.
    [ Reply to This | Parent ]
    ISC says they'll release a patch... and other fun
    by fnord (reversethis-{moc.oohay} {ta} {k2yorg}) on Wednesday September 17 2003, @09:20AM (#12236)
    User #2810 Info
    Paul Vixie of the Internet Software Consortium [isc.org], creators of BIND, says [yahoo.com] they're releasing a patch. The Register covers it here [theregister.co.uk].

    Circle ID has an article [circleid.com] pointing out that this is the equivalent of spyware.

    The Register has some mail [theregister.co.uk] regarding this, including why it will increase SPAM (also see ZDNet [zdnet.co.uk]), and how it broke a printer.

    Here's the latest google news [google.ca] on Verisign, the link is dynamic so will change with time, but at the moment they're getting universally hammered. And here [cctec.com] is NANOG.

    And after getting nothing using IE on a non-existent .com yesterday, today I get the MSN search page. Given that this will take time to propagate, perhaps tomorrow I'll get Veri$ign, or perhaps the BIND patch will save me, or... Ah, remember the good old days when M. Stuart Lynn said in ICP-3 [icann.org] that everyone should get to the same website when using the same URL. -g

    [ Reply to This | Parent ]
    dotDNS is a partial solution to hijacking
    by odonnell (michael_odonnell@acm.org) on Thursday September 18 2003, @10:30AM (#12246)
    User #3447 Info | http://people.cs.uchicago.edu/~odonnell/

    This is a good time to look at Bob Frankston's dotDNS proposal [circleid.com] for a layer of reliable but meaningless domain names. dotDNS lookups can be made self-verifiable using public-key signatures, but without the costly chain of trust required by DNSSEC methods. The validity of a dotDNS binding can be verified easily by the querier, without relying at all on the server that provided the putative binding.

    dotDNS does not solve the whole problem, since any layer that translates from humanly meaningful names to dotDNS names is still vulnerable to hijacking. But the reliable and verifiable name bindings in dotDNS will make it much easier to switch name-resolution services when we are dissatisfied with their policies. dotDNS is a cheap and immediately deployable positive step toward fixing the DNS mess, requiring no approval by any central agency. It's time for a visionary sponsor to step forward and just do it.

    There is also an old ICANN Watch discussion of the dotDNS idea [icannwatch.org], under a different name.

    [ Reply to This | Parent ]
    Re:First pass at it...
    by dmehus on Tuesday September 16 2003, @06:45AM (#12211)
    User #3626 Info | http://doug.mehus.info/
    These Site Finder results are useless too. It's just a bunch of paid links from Overture. It is not helpful.

    If you mistype URLs a lot, get the Google Toolbar [google.com]. :)

    DougDoug Mehus http://doug.mehus.info/ [mehus.info]
    [ Reply to This | Parent ]
  • 6 replies beneath your current threshold.

  • Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com