What’s The Deal with Rogers DNS Hijacking?
It was discovered today that Rogers Internet has started a new practise (often called “DNS Hijacking”) that redirects you to a Rogers-branded pages full of advertising instead of a “Page Not Found” page when you mis-type a web address (or type a non existent web address).
Click on for a patented “What’s the Deal?” Breaking down what this is about, why it sucks, and why you should care.
What’s the History of This?
This is a scheme that was first seen five years ago when VeriSign launched it’s “SiteFinder” initiative (which did exactly the same thing Rogers is doing, but on an Internet-wide level). The SiteFinder program was so widely decried by the Internet community, that ICANN (the governing body of domain names) told VeriSign to shut it down after only three days. Recently, Canadian ISP’s have been dusting off some of the worst ideas of the Internet to show they can mess up as well as any US telco… and thus…
Why is this a problem?
In and of itself DNS redirection is not intrinsically a problem. In fact I voluntarily use (and recommend) a service called OpenDNS which does some of the same things. However mucking around with things like DNS breaks how the Internet is supposed to work. There are lots of legitimate useages that depend on DNS working the way it is supposed to. For example, lots of spam software checks to see if e-mail is coming from a domain which actually exists. Implementing something like this across the board breaks the basic understanding of what happens if a site does not exist. Imagine you dial a phone number and, unexpectedly, get a pizza advertisement instead of your aunt Maude. Did you dial a wrong number? Has Maude changed her number? Has Maude opened a pizza joint? The internet is a complicated place, and there’s a big difference between someone choosing to use an alternative option like OpenDNS (who, in exchange for ads on error pages gives you perks like a much more customizable and robust DNS service) – and just having the Internet start to work differently. For everyone. Without warning.
Rogers clearly prefers the latter – forcing non-standard behaviour on everyone without recourse. Even their “opt out” option to turn the feature off can only be done by setting a “cookie” (something that doesn’t work for lots of software or hardware). If that seems like an oversight wait until you hear that the “opt out” doesn’t actually work. It still redirects all your traffic (breaking everything), but then it fakes an internet explorer 404 page – no matter what browser you’re actually using.
Without a vital “opt in” step this practise creates huge security vulnerabilities, breaks some users VPN’s and Intranet’s, and is a scary first step down the slope of ISP content replacement.
I’m not quite sure what Rogers could be thinking here, unless they’ve decided it’s time to join the race to become the most unscrupulous of the big Canadian ISP’s.
Hooray for the consumers.
What’s the Deal?
There is a difference between choosing to use a third-party phone book which contains advertising, and having your phone company play random advertisements every time you dial a wrong number, while not making it clear if you’ve reached the number you were intending to dial or not.