Applications and devices like cell phones, email, search engines, and automated programs handle the error messages differently; it would be naive for VeriSign to think only humans with browsers rely on DNS. When a user enters a non-exist domain name on their cell phone the DNS error message would prevent downloading. Now cell phones download VeriSign's SiteFinder webpage and Service Providers bill the cell phone user for that extra usage. SPAM prevention programs also rely on this error message to check to see if the domain is real.
In the year 2000, Mike wanted "d.com" for his company website. After all, if you sneaked around these so called "reserved domains" long enough, you might be puzzled to see...say this at "x.com" or this at "z.com" or perhaps this at "q.com". As mysterious as this is, you can imagine Mike's disappointment after receiving the following email...
I have been thinking a lot about stewardship lately in my role as CEO of Tucows and how that relates to employees, a board of directors and investors. Where I've got to, which is not necessarily relevant for this post, is that stewardship needs to exist at EVERY level of a company and a life. With the recent dustup created by Verisign's new Sitefinder service it has crystallized for me what has always bothered me about the .com/.net registry and the way Verisign has approached it.
Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it's coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers.
The Internet, ultimately, is a fragile thing, as an entity. It depends upon the consensus of those responsible for its infrastructure to operate on a daily basis. Because of the inherent robustness as a technical architecture, there is no entity that can "break the Internet" in the sense of stopping the flow of traffic, but there are several entities that can create a variety of inconveniences, some minor and some serious, for the millions who use the Internet.
I just discovered that VeriSign's SiteFinder Web site is leaking data submitted in Web forms to its marketing analysis partner, Omniture. Forms can easily contain personal information such as an email address. For the problem to occur, a Web form must use the GET method. This data spill problem occurs if a Web page anywhere on the Internet submits a Web form to an action URL with a misspelled or expired domain name. Because of VeriSign's recent controversial changes to the DNS system, this form data is submitted to the SiteFinder Web site.
Public Interest Registry, the .ORG registry operator, sent a letter today to ICANN President and CEO Paul Twomey concerning VeriSign's implementation of a DNS wildcard redirection service commonly known as SiteFinder. The letter says that it supports ICANN's call for VeriSign to voluntarily suspend SiteFinder and the Internet Architecture Board (IAB) preliminary position paper. It goes on to say that PIR will not be implementing any DNS wildcard to the .ORG zone...
But even if the collateral damage is left out of the picture, the very idea behind SiteFinder is user-unfriendly, and that's the second half of the ALAC's note: SiteFinder is, ultimately, about short-cutting other error handling methods, and redirecting any users that enter non-existing domain names into a web browser to Verisign's own service, for commercial purposes. SiteFinder is designed so it becomes difficult to deploy superior error handling services that would compete with it -- because errors aren't flagged.
Go Daddy Software, Inc. has filed a lawsuit in Federal District Court in Arizona against VeriSign Inc., seeking a temporary restraining order against VeriSign's new Site Finder service, a paid-advertising page VeriSign has established on the Internet to which the traffic associated with mistyped, and other, domain names will be directed. Go Daddy's lawsuit claims that VeriSign is misusing its position as the .com and .net domain registry to gain an unfair competitive advantage by intercepting (and profiting from) internet traffic resulting from the scores of invalid domain names that are typed into users' browsers on a daily basis.
A few days ago, Eric Goldman wrote an interesting thinkpiece in CircleID regarding users' feeling about privacy. He seems to conclude that the existent regulations and policies on the matter are unnecessary, since Privacy doesn't "really" matters to the consumer. Eric based his argumentation on a number of surveys, stating that, even when the user expresses concerns about their privacy, on line behavior shows a different reality. We don't want to discuss here the soundness of surveys as a reliable source of information, but the author could be assuming too much in his analysis.