Cablevision Hijacks DNS Error Pages
September 30th, 2008 by Scott SelikoffI just noticed Cablevision’s Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-sponsored results:
And apparently I’m not the only one that noticed: Justin Flood and Dan. As Justin Flood reported Cablevision has secretly adjusted their TOS to reflect this morally questionable service:
The preceding search results page is displayed to you as a result of the specific Domain Name Service (DNS) servers used by Optimum Online to look up domain names. If you misspell or mistype a web address, dead-end “no such name” errors can occur. However, the DNS servers used by Optimum Online are designed to eliminate dead-end “no such name” error pages you can encounter as you surf the web. By displaying the preceding search results page, users know that the web site they’ve attempted to navigate to does not exist, and are presented with suggested sites they may have been seeking. No software is installed on your computer for this search service to work.
Don’t they realize the dangers of replacing DNS errors with content pages? Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off. I did find this broken disable button on the “About This Page” link:
Upon clicking it, you see a message “You have successfully opted out of the DNS Assistance service” although it appears to be broken as the service is still in effect. Defective by design perhaps? Rolling out morally ambiguous feature with a broken disable link? Sounds like the same people that send spam messages to me.
Update: From user comments it seems clear most (soon to be all?) ISPs are doing the same. I’m just surprised after the fiasco with VeriSign, this issue has been ignored so often in the IT community. I guess better to better to have a choice which ISP hijacks your URLs?
Another Update: Maybe I’m the only one who’s having trouble opting out. Or perhaps I need to restart my router. Either way its definitely not working on multiple browsers and computers.
Category: Technology.
Tags: cablevision, dns, hijack
Comments
Comment from TexasDex
Time September 30, 2008 at 9:06 am
Just so you know, Verizon does the same thing.
Comment from scott
Time September 30, 2008 at 9:09 am
Did you see the ads in yellow that come up first marked “SPONSOR RESULTS”? It indicates they are making a profit off the results via Google Adsense. Not that advertising models are bad, but profiting off of people’s mistakes seems questionable to me. Off hand, though, I’m more concerned about the technical implications of hijacking DNS errors than the moral ones.
Comment from scott
Time September 30, 2008 at 9:11 am
Verizon too? How come when Verisign pulled this years ago the entire Internet community was up in arms, and now that every ISP is slowly inserting their own DNS error page, no one cares? It’s unfortunate the state of affairs in the Internet community today.
Comment from mike
Time September 30, 2008 at 9:21 am
Scott, it’s not that no one cares, it’s that the marketing people who decide to do this kind of thing take silence to mean acceptance. “They” won’t do anything unless a large portion of people complain, and loudly. Verizon did the same thing with FiOS, but to stop the DNS redirect, you had to go into the router and statically assign the DNS servers. They didn’t make it easy.
Comment from Mike D
Time September 30, 2008 at 10:43 am
For those of you familiar with Mediacom, they recently started doing this same exact thing.
Comment from someDude
Time September 30, 2008 at 11:52 am
This message posted from a starbucks via Optimum online WiFi where, unless someone did some backflips in provisioning my account information and integrating it with a third party provider’s settings, this option to “decline highjacking” did not, and likely will not apply.
Comment from Vanilla Cokehead
Time September 30, 2008 at 1:10 pm
Yes, the people who push these “sponsored results” pages are probably folks who’ve drunken the marketing kool-aid - and who also firmly believe that their customers “enjoy” other promotional techniques that annoy non-marketing-inclined people.
Comment from AGuy
Time September 30, 2008 at 1:18 pm
The opt-out link worked for me. I didn’t even restart my browser like it asked me too. Although, I was logged into Optimum, maybe that’s why it worked.
Comment from It Works
Time September 30, 2008 at 2:00 pm
why do isp’s bother. I don’t even see the point
Comment from Fred
Time September 30, 2008 at 2:48 pm
I too use cablevision and found that i could opt out fine, but i never would have guessed that “about this page” would take me to that. Thanks.
Comment from Jake
Time September 30, 2008 at 4:37 pm
I’m glad AT&T isn’t doing it yet (my ISP). Nonetheless, I am using OpenDNS which does have the ads. However, I feel OpenDNS deserves the money much more than my ISP.
Comment from DancesWithRobots
Time October 1, 2008 at 1:39 am
I noticed this two or three days ago and I called them screaming. I’d been used to Firefox efficiently accepting that it was perfectly normal to drop “www” and “.com” and send me where I wanted to go most of the time. Suddenly OOL broke it on me.
After the phone jockey tried several times to explain that it was necessary to properly type in a url for the internet to work, I demanded he escalate the call. He put me on hold and came back a minute later to tell me that they’d “made a change.” and “there’s no way to go back.” I hoped they got a lot of irate customers that day.
Want to have fun with these guys? They’re not allowed to make a negative comment. Try and get one to say “No.”
BTW, the opt out worked fine for me. Thanks God for small favors.
Comment from MartinFierro
Time October 1, 2008 at 8:49 am
The opt out is probably implemented by a cookie, like Rogers.ca does (see below).
If you don’t allow cookies, it will not work.
And, if you delete them, you will get the “service” back…
=======================
You have successfully changed the selected landing page returned from
the Rogers Supported Search Results service. If you would like to
revert back to the default results page, simply delete your
“search.rogers.com” cookie or return to
options.search.rogers.com
NOTE: If you delete your cookies, or use a program that deletes cookies, you will have to repeat this process every time your cookies are deleted.
=====================
Comment from scott
Time October 1, 2008 at 1:58 pm
I thought about that but in the description it says “it will affect all computers running in the house” and a cookie can’t do that. So you might be right, but that means the text of the instructions is wrong.
Pingback from Optimum Online offering DNS hijacking “service” | INeedAttention.com
Time October 3, 2008 at 9:44 pm
[...] Lots of other people are pissed - and rightly so. Network Solutions (Verisign) tried to do this a few years back, but had to scrap those plans because everyone was up in arms about it. So what makes Optimum Online think they can get away with it? Greed, ignorance, and apathy - if customers don’t make a fuss, and they make more money, they’re happy. Don’t let them get away with this. Call Optimum Online and complain - ramble on even - and offer them no way to satisfy you besides stopping this service. “But you can opt-out!” they will cheerily point out - no one opted in to begin with (we still recommend you opt-out anyway to make it official). [...]
Comment from Peter U
Time October 3, 2008 at 9:46 pm
Thanks for posting this. I’m also upset and I’m also covering this on my blog (linked). I called Optimum internet support at least 4 times today, refused to give account info (press 0 and # three times when prompted to enter a phone number), and complained emphatically. The agents were obviously all ready for this — so it’s clear that they’ve been trained to handle this in advance. Screw the Dolans!
Comment from Michael Littman
Time September 30, 2008 at 9:00 am
Are you sure they aren’t doing it, perhaps, because they think customers want it? That particular page shown above seems like they just forwarded the text to google for processing, not that they are using it to push users to a particular cablevision-associated site…