|
In a follow up to Microsoft’s Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft’s free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article:
“In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google’s AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program.
With ad syndication, context-sensitive ads are displayed that are based on the overall content of the target web site. When a URL is typed into the address bar or clicked on, the Web browser is instructed to retrieve data from a third-party URL. The third-party URL, using information it knows about the target URL, and possibly combined with details about the user, then serves contextual ads that are relevant to the site or user.
In theory, there is nothing wrong with this practice. If I am visiting a site about golfing, it makes sense that I would want to see advertising that has to do with golfing as well, as opposed to ads about the latest cholesterol drug or mail-order DVD service.
Some domain owners abuse the ad syndication system, however, by simply parking the domains so that the only content on the site to begin with is from the syndicated ads. These sites provide no real value and serve no better purpose than to generate ad revenue for the domain owner. With domain registrations as low as $7, the domain could pay for itself with as little as one unique visitor every 2 days.
...
To try to identify and combat this type of systematic typo-squatting and abuse of the syndicated advertising system, Microsoft’s Cybersecurity and Systems Management research group developed the Strider Typo-Patrol tool.”
Microsoft Research maintaining a website on the project defines Strider URL Tracer with Typo-Patrol as follows:
“When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children’s Web sites.”
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byVerisign
Sponsored byWhoisXML API
While it might seem admirable that Microsoft wants to “help” the Internet’s users find the things they are looking for, I do not sleep better knowing that Microsoft gets to be the final arbiter of what a Typo is.
Poignant and meaningful domain-names in the coveted dot-com space are few in 2007, so creativity is the order of the day. Against that backdrop: is Orbitz.com a Typo of Orbits.com? It certainly looks like a Typo. ‘Orbitz’ is a made up word after-all and the “s” is immediately adjacent to the “z” on my QWERTY keyboard. If Orbitz.com the travel site started challenging a Microsoft travel business would Microsoft’s browser updates tell me to avoid the Orbitz.com travel site and offer me the Microsoft alternative? What if the “Strider tool” took any parked “Strider Typo” domain-name featuring Google AdSense advertising or Google Search and pointed it to Microsoft’s MSN search results? Where exactly is “the line” and should Microsoft (of all companies) be allowed to call it?
Type any random: jksajsahfkjsha768.com name in your address bar and watch what comes up. If you’re using Internet Explorer you will see Microsoft’s MSN gateway page where Microsoft gets to serve you a search box and some links in a valiant effort to make money by selling your eyeballs to somebody. This example works on ‘Strider’ Typo style names too.
Nobody wants a company with the ulterior-motive of selling browser error-traffic to their paid-search advertising network to be the judge, jury and executioner of the content (or lack of content) they see on the net. This is such an obviously self-serving piece of Microsoft Software.
Although I’m a Microsoft-hater myself, I don’t see anything inherently “evil” about what they did here. As far as I can see, this tool is something you need to specifically download from their site, and is not pushed on you in a system update or a default installation; thus, it’s not much different from the many tools that can be obtained for browsers such as Firefox that do various things that alter your browsing experience (such as GreaseMonkey, a Firefox plugin that lets you automatically rewrite site content). Now, if M$ starts forcing or sneaking such “utilities” on people, that would be cause for concern, but for their research department to simply make it available as an experimental add-on isn’t really a problem.
I’m not a Microsoft hater, in fact I use many of their products. I just don’t like the double standard here. Microsoft makes money from selling advertising on browser typos by sending non-resolving domain names (in their browser) to its MSN gateway page. Then it invents a piece of software to combat ‘these typo bad guys’ who are building a dam up the river, taking their typo traffic stream away. Again, what if MSFT decided to take competing website traffic because it controls the browser?! That strider thing worked great and nobody complained, so let’s kick it up a notch: Website ‘X’ wasn’t “useful” enough so we took you directly to a “better page” on the MSN network. Microsoft is in a position of great power by virtue of their browser and with great power comes great responsibility to allow all kinds of business to flourish. If Microsoft wants to stop typos of ‘Bank of America’ or ‘Nintendo’ with some software I’m all for it, but don’t let me see that unregistered typo domain name ultimately resolve through their browser to an MSN gateway page where Microsoft makes money by selling advertising (as happens now). It would be very simple for Microsoft to insert ‘content judging’ software such as this strider tool into subsequent versions of their browser. The more they probe and push in that direction without anybody saying anything, the more the free Internet becomes some Microsoft intranet. I’m sure Bill would like nothing more than if we all just watched Channel-One and didn’t venture out much ... R-o-s-e-b-u-d. :)
Then use Mozilla… I do!
Whether this is a Citizen Gates move by Microsoft or not .. as long as they make typosquatting unpopular, that’s quite fine
This is going to turn into a very interesting way to ruin the domain monetization racket, I see ..
What is a typo Suresh? Is Flickr.com a typo of Flicker.com? .. If Flickr.com (the website) were a startup competing with Flicker.com the established Microsoft URL would strider flag it? Is it fair that Microsoft gets to decide?
Let us examine intent here. Is MS’ intent
1. Getting into the typo monetization racket themselves and using their near monopoly on the browser market to crowd others out?
or
2. Participate in what they see as brand / trademark protection and anti phishing initiatives? (they are quite active in several organizations that do one or both of these - the Anti Phishing Working Group for example)
2 is what Strider is billed as so far. Have you seen it doing 1, or have you seen that documented anywhere on microsoft’s site, or is this the standard slippery slope “they COULD easily do this” argument?
Neither. This is the: “What flavor do you want you Typosquatting” speech Suresh.
Do you want:
A) the little guy who runs out and registers bankofamericanewyork.com and puts up paid listings for “bank of america” making money every time somebody clicks?
or do you want:
B) Microsoft error traffic MSN gateway where Microsoft puts up paid listings for “bank of america” making money every time somebody clicks?
The fact that Microsoft is a multibillion dollar corporation not intending to engage in Typosaquatting is a moot point as that is exactly what they are doing in 93% of the World’s browsers.
I would prefer neither and if their Strider Tool held their own browser to the same high standard as it holds these neer do well typosquatters then I would not be writing this post.
Actually, a growing number of people are using better browsers than the crappy one from Microsoft. One of my sites, Dan’s Mail Format Site, had 45% of its traffic from users of Gecko-based (Mozilla) browsers (mostly Firefox), and only 43% from MSIE, over the last 9 days or so. Granted, that’s a “techie” site, but even non-techie sites are getting double-digit percentages for Gecko/Mozilla/Firefox; the sites where I work are presently running around 15% Gecko and 78% MSIE (with various others including Opera and Safari making up the balance).