VeriSign Sued Over SiteFinder Service

dmehus writes "It was only a matter of time, the pundits said, and they were right. Popular Enterprises, LLC., an Orlando, Florida based cybersquatting so-called 'search services' company, has filed a lawsuit in Orlando federal court against VeriSign, Inc. over VeriSign's controversial SiteFinder 'service.' While PopularEnterprises has had a dodgy history of buying up thousands of expired domain names and redirecting them to its Netster.com commercial "search services" site, the lawsuit is most likely a good thing, as it provides one more avenue to pursue in getting VeriSign to terminate SiteFinder. According to the lawsuit, the company contends alleges antitrust violations, unfair competition and violations of the Deceptive and Unfair Trade Practices Act. It asks the court to order VeriSign to put a halt to the service. VeriSign spokesperson Brian O'Shaughnessy said the company has not yet seen the lawsuit and that it doesn't comment on pending litigation."

This isn't cybersquatting.

[oneiros27]

There were two main types of cybersquatting, as I saw it --

• buying up random names, and hoping someone would buy it from you (aka. domain speculation)
• buying up specific company names, and charging them obnoxious amounts if they want it (which would end up in court, etc)

In this case, Verisign didn't pay for anything-- they're claiming everything that hasn't been bought. Not only that, but if someone had a domain, but didn't have a host in the domain, they're claiming that as theirs, too.

[Not that I'm surprised...the first sign that things like this were going to happen was when IE started replacing webserver error messages with their own if they decided your error message wasn't big enough, and replacing 'server not found' with links to their search engine]

So well, your 40 acres comparison falls through as it's more the equivalent of someone saying 'all this is mine until someone else buys it' and then, after you buy your plot, they still claim the area that you haven't built on yet, even though you have the deed to it.

Re:Is it possible Verisign's move will be irreleva

[John Paul Jones]

Someone probably deserves recompensation for the hassle, but it's looking like the Internet has proven resilient to even this "high level" attack.

At what cost? Routers are working harder, code has been introduced into core servers that has no technical reason to exist, and an IP address, or possibly a sizeable range of IP addresses are now blacklisted worldwide. Those IPs won't be usable for anything anymore, or at least until we see widespread adoption of IPv6. *cough*

What the Internet doesn't need is to become even less of an end-to-end transport, less reliable. And we did it to ourselves.

Hello, Pot? This is kettle!

[dacarr]

This is a classic example of hypocrisy, but maybe this'll pay off.

Excellent; battle of the twits

[bigberk]

Note the various inaccuracies in the article. First, SiteFinder (despite its name) doesn't "search" for domain or anything; it is simply a wildcard that catches all lookups right on the COM and NET root servers. This is exceedingly simple to setup; there's no 'technology' involved.

Also, users of course do not get a 404 when a domain doesn't exist. The domain freakin' doesn't exist, so the DNS lookup itself fails (should get NXDOMAIN) and the browser reports an error in domain resolution.

But this is nice; I want to see all these leeches in the cybersquatting and "World Wide Web" enhancement business pitted against each other.

When will people learn?

[dmiller]

The enemy of your enemy is not necessarily your friend. Domain and typosquatters are the near bottom of the barrel, just a rung above spammers. Just because they are attacking another bottom-feeder does not make them heros.

Re:Is it possible Verisign's move will be irreleva

[JayBlalock]

Oh, I'm not arguing that it doesn't suck and that Verisign didn't do a very, very naughty thing.

But at the same time, if you take a step back, the rapid mobillization of the response to this is VERY impressive, and the rate at which the Internet is reconfiguring itself to get rid of the trouble is quite amazing.

Remember, three days ago, people were moaning about how this would be a disaster, DNS would be broken, spam filters would be rendered impotent, etc etc.

I'm just saying that, objectively, if you look at this sort of like a body repelling a bacterial attack, the rate at which it's been countered is quite amazing, and shows how well the Internet is fundamentally put together.

Re:Homesteading

[jms]

Homesteading required that the homesteader develop and improve the property in order to receive title. You had to actually live on the land, and farm it, and build a house with a door and window, and after you had proved the land, you would receive title.

Cybersquatters do no such thing. There's a difference between registering coffee.com to build a coffee site and registering www.coffee.com to resell it later. Cybersquatters are more akin to ticket scalpers than to homesteaders.

Re:what the fuck?

[IHateUniqueNicks]

Where have you been? Have you noticed the fact that it's important to be able to tell when a site doesn't exist? That this crap means typos can cripple most e-mail servers? That it invalidates a good section of the RFCs the Internet itself was based on???

Wake up. If you want to find a site, you use Google. If you want to go to a non-existant one, you should damn well be told there's nothing there.

Re:"Unfair advantage"?

[Caled]

Verisign has just acquired more domain names than there are atoms in the universe. If Mountain View wanted them they'd have to pay more money than exists, whereas it only cost versign a line in their DNS records.

This is clearly abuse of monopoly.

Null space needs to remain null

[mabu]

First off, the idea that Verisign can appropriate unregistered domains represents a huge conflict of interest with its management of the TLDs. Nobody should be able to reassign IPs for non-registered domains. This undermines the whole system, which has facilities to address this situation.

The fact that ICANN didn't block this move is further evidence than this organization is totally useless and political.

Along the same vein, I disagree with MS's misleading implementation of the IP-not-found error page to redirect users to their proprietary search engine.

The Internet community should rally against any entity that seeks to appropriate undefined address space for their own gain.

If Verisign is allowed to do this, what we're likely to see is each major ISP and browser manufacturer follow suit and hijack undefined space to promote their own systems.

Imagine if you dialed a wrong number on the telephone and you got an advertisement for the phone company. What if local broadcasters bombarded all the unused frequency spectrum with their own promotions.

This has less to do with Verisign than it does to protect the sanctity of null space.

It makes me wonder if someone has a patent on silence yet?

Re:Someone at Network Solutions responded to me.

[Bronster]

Wow, that document was published 10 days ago. That's best practices for you.

Notice that they only address HTTP and SMTP in the guidelines. I guess there really aren't any other protocols worth speaking of.

(https maybe? Hmm - I wonder what happens there)

I dunno about that.

[TheSHAD0W]

They get it for free, but they also lose it any time someone wants to take it away, for any specific domain. I personally don't like it, but I don't know if this particular avenue of attack will succeed.

Re:"Unfair advantage"?

[digital bath]

You know, I wouldn't really have THAT much of a problem if verisign at least served up the page with a 404 status error in the header. However, their sitefinder gives out the normal "200: ok" status on bad domains, which seems to me like a serious problem - I can see this breaking existing apps.

Re:Verisign delusional

[j0hnn135]

It's called PR spin.... and yes it sucks.

As far as the RFCs go, maybe the internet architects never thought of this abuse.

Re:"Unfair advantage"?

[tessaiga]

Verisign has just acquired more domain names than there are atoms in the universe. If Mountain View wanted them they'd have to pay more money than exists, whereas it only cost versign a line in their DNS records.

Exactly. Most Slashdotters (myself included) are objecting to the fact that Verisign has essentially hijacked all unused domains. However, Mountain View's objection is that doing the same would cost them money, while it's free for Verisign. The action itself doesn't bother them; it's the uneven costs of doing so that has them annoyed.

Or, put another way, Mountain View would be perfectly satisfied if the result of the lawsuit was that Verisign allowed other cybersquatters to grab mistyped domains for free also, creating a huge happy cybersquatting family. Somehow I don't think the rest of us would be quite as delighted though.

Re:I'm not surprised...

[lpontiac]

Nice injection attack. Hmm, I wonder if feeding such a URL to a censorware site could get all of verisign.com in some blacklists?

Re:Verisign delusional

[Anonymous Coward]

www.verisignsucksdonkeyballsandlikesit.com. They're either not looking at their logs or they really like it. On a more serious note, would you expect any corporate drone to admit that greed overruled insight? Especially with a lawsuit at their door? I'm not sure if they're really violating an RFC, but I like to think that RFCs describe *how* to do things, not *what* to do. You can launch perfectly RFC-compliant DoS attacks, but should you?

Re:what the fuck?

[shostiru]

Netsol (now verislime) was chosen to administer the .com and .net gTLDs in the public interest, not to use them as their private playground.

Let me put it this way ... let's say the state hires you to be the caretaker of a museum (originally paid for by taxpayers!) and tells you that you can make money on the side from the gift shop. Instead, you decide to knock down a bunch of walls and turn the majority of the building into a bar for your private profit. Don't you think people might become a bit pissed off?

Re:what the fuck?

[holt]

It has nothing to do with HTTP responses. This is DNS we're talking about, which operates on an entirely different level of importance, because it affects so much more than just the web.

Re:Is it possible Verisign's move will be irreleva

[Baki]

Actually I think the BIND solution, to mark certain zones as "delegation only" is very elegant, and should have been implemented sooner or later anyways. Even without the current abuse it makes sense, and it hardly adds any complexity to the code.

maybe it's time to give DNS back to the public?

[thomas_klopf]

When Verisign was given the authority to manage DNS for these TLDs, they were given this responsibility with the public trust.. The public trusted them NOT to do things exactly like this. You should do DNS, and that's it - nothing more, nothing less. In return, Verisign was given a source of income. I think that if Verisign continues in this way, it may be time to take back this thing entrusted to them. This has become yet another disaster in "privatization", and we should maybe consider moving this service back to the "public" sector (as much as it can be...).

Re:what the fuck?

[Anonymous Coward]

You are missing the whole reason everyone is so upset. Verisign DOESN'T HAVE the rights. They DO NOT OWN the .com or .net domains. They have entered an agreement with ICANN where they are the designated people who ADMINISTER the domains. They are being financially compensated to provide a service related to .com and .net; this does not mean they own them!!

Think about this distinction. If you'd like an analogy, think of mutual funds. Mutual funds are owned by shareholders; however, they pay a fund administrator to manage them. The administrator has the power to make all kinds of changes, but this does NOT mean he owns the mutual fund! If the administrator decided he was going to manipulate the direction of the mutual fund to maximize his own personal income instead of the fund's income, he'd be taken down faster than you can say "Martha Stewart".

Re:Someone at Network Solutions responded to me.

[MLC2012]

https://asdfhaulshfhasdf.com -- The connection was refused when attempting to contact asdfhaulshfhasdf.com.

ftp> open asdfhaulshfhasdf.com
Connected to asdfhaulshfhasdf.com (64.94.110.11)
421 Service not available, remote server has closed connection
ftp>

telnet> open asdfhaulshfhasdf.com
telnet: asdfhaulshfhasdf.com: Name or service not known
asdfhaulshfhasdf.com: Host name lookup failure
telnet>

$ ping asdfhaulshfhasdf.com
PING asdfhaulshfhasdf.com (64.94.110.11) 56(84) bytes of data.
^C
--- asdfhaulshfhasdf.com ping statistics ---
45 packets transmitted, 0 received, 100% packet loss, time 44011ms

No point in going on, I suppose...

Re:what the fuck?

[MrMickS]

Don't like it, don't agree with it, but acknowledge their right to use the service they faught for and won. If you can't take it, fight the fight to give them (better) competition, instead of filing some frivolous lawsuit.

What rights did VeriSign fight for here? They *bought* Network Solutions Inc. who managed have managed the .com and .net namespaces since time began (well almost ;)). They don't have a *right* to the contents of the namespace, there are many other registrars that can delegate domains into it. They only have control for historical reasons and the fact that no one could be bothered to change things.

The .uk the TLDs are run by Nominet, a not-for-profit organisation that allows anyone to register as a registrar. They manage the .uk namespace but have no commerical interest in it. Given that VeriSign have now demonstrated that they can't be trusted not to take advantage of their position for commerical gain a similar organisation to Nominet should be setup to manage the .com and ..net domains.

What about 3rd level domains?

[blanks]

I didnt see anything in the articals about this. But what if someone goes to something.mydomain.org, Will this take them to a VeriSign website, or will they recive one of my error messages? I own the domain name, it's in use, so what happens with subdomain names?

How come noone complains about other TLDs?

[Harald Paulsen]

Tried http://www.jflkdsjads.cx/ [jflkdsjads.cx] or http://www.jflkdsjads.nu/ [jflkdsjads.nu] lately? Other TLDs have had this for years, yet noone has complained about them. I'm all for stopping what VeriSign is doing now, but we should round up ALL the guilty parts while we're at it.