Cablevision Hijacks DNS Error Pages

I just noticed Cablevision’s Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-sponsored results:

And apparently I’m not the only one that noticed: Justin Flood and Dan. As Justin Flood reported Cablevision has secretly adjusted their TOS to reflect this morally questionable service:

The preceding search results page is displayed to you as a result of the specific Domain Name Service (DNS) servers used by Optimum Online to look up domain names. If you misspell or mistype a web address, dead-end “no such name” errors can occur. However, the DNS servers used by Optimum Online are designed to eliminate dead-end “no such name” error pages you can encounter as you surf the web. By displaying the preceding search results page, users know that the web site they’ve attempted to navigate to does not exist, and are presented with suggested sites they may have been seeking. No software is installed on your computer for this search service to work.

Don’t they realize the dangers of replacing DNS errors with content pages? Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off. I did find this broken disable button on the “About This Page” link:

Upon clicking it, you see a message “You have successfully opted out of the DNS Assistance service” although it appears to be broken as the service is still in effect. Defective by design perhaps? Rolling out morally ambiguous feature with a broken disable link? Sounds like the same people that send spam messages to me.

Update: From user comments it seems clear most (soon to be all?) ISPs are doing the same. I’m just surprised after the fiasco with VeriSign, this issue has been ignored so often in the IT community. I guess better to better to have a choice which ISP hijacks your URLs?

Another Update: Maybe I’m the only one who’s having trouble opting out. Or perhaps I need to restart my router. Either way its definitely not working on multiple browsers and computers.

20 thoughts on “Cablevision Hijacks DNS Error Pages

  1. Are you sure they aren’t doing it, perhaps, because they think customers want it? That particular page shown above seems like they just forwarded the text to google for processing, not that they are using it to push users to a particular cablevision-associated site…

  2. Did you see the ads in yellow that come up first marked “SPONSOR RESULTS”? It indicates they are making a profit off the results via Google Adsense. Not that advertising models are bad, but profiting off of people’s mistakes seems questionable to me. Off hand, though, I’m more concerned about the technical implications of hijacking DNS errors than the moral ones.

  3. Verizon too? How come when Verisign pulled this years ago the entire Internet community was up in arms, and now that every ISP is slowly inserting their own DNS error page, no one cares? It’s unfortunate the state of affairs in the Internet community today.

  4. Scott, it’s not that no one cares, it’s that the marketing people who decide to do this kind of thing take silence to mean acceptance. “They” won’t do anything unless a large portion of people complain, and loudly. Verizon did the same thing with FiOS, but to stop the DNS redirect, you had to go into the router and statically assign the DNS servers. They didn’t make it easy.

  5. This message posted from a starbucks via Optimum online WiFi where, unless someone did some backflips in provisioning my account information and integrating it with a third party provider’s settings, this option to “decline highjacking” did not, and likely will not apply.

  6. Yes, the people who push these “sponsored results” pages are probably folks who’ve drunken the marketing kool-aid – and who also firmly believe that their customers “enjoy” other promotional techniques that annoy non-marketing-inclined people.

  7. The opt-out link worked for me. I didn’t even restart my browser like it asked me too. Although, I was logged into Optimum, maybe that’s why it worked.

  8. I too use cablevision and found that i could opt out fine, but i never would have guessed that “about this page” would take me to that. Thanks.

  9. I’m glad AT&T isn’t doing it yet (my ISP). Nonetheless, I am using OpenDNS which does have the ads. However, I feel OpenDNS deserves the money much more than my ISP.

  10. I noticed this two or three days ago and I called them screaming. I’d been used to Firefox efficiently accepting that it was perfectly normal to drop “www” and “.com” and send me where I wanted to go most of the time. Suddenly OOL broke it on me.

    After the phone jockey tried several times to explain that it was necessary to properly type in a url for the internet to work, I demanded he escalate the call. He put me on hold and came back a minute later to tell me that they’d “made a change.” and “there’s no way to go back.” I hoped they got a lot of irate customers that day.

    Want to have fun with these guys? They’re not allowed to make a negative comment. Try and get one to say “No.”

    BTW, the opt out worked fine for me. Thanks God for small favors.

  11. The opt out is probably implemented by a cookie, like Rogers.ca does (see below).
    If you don’t allow cookies, it will not work.
    And, if you delete them, you will get the “service” back…

    =======================
    You have successfully changed the selected landing page returned from
    the Rogers Supported Search Results service. If you would like to
    revert back to the default results page, simply delete your
    “search.rogers.com” cookie or return to
    options.search.rogers.com

    NOTE: If you delete your cookies, or use a program that deletes cookies, you will have to repeat this process every time your cookies are deleted.
    =====================

  12. I thought about that but in the description it says “it will affect all computers running in the house” and a cookie can’t do that. So you might be right, but that means the text of the instructions is wrong.

  13. Pingback: Optimum Online offering DNS hijacking “service” | INeedAttention.com

  14. Thanks for posting this. I’m also upset and I’m also covering this on my blog (linked). I called Optimum internet support at least 4 times today, refused to give account info (press 0 and # three times when prompted to enter a phone number), and complained emphatically. The agents were obviously all ready for this — so it’s clear that they’ve been trained to handle this in advance. Screw the Dolans!

  15. Mediacom cable is now hijacking too. You could opt out until last week and it worked. Now the opt out option doesn’t work.

  16. Bell Canada has started doing this too, with ‘cookie’ opt out. THE ‘COOKIE’ OPT-OUT IS A FAKE! All it does is stop the service from sending you to an ad page. Instead it serves you a fake ‘domain not found’ page. So this doesn’t fix anything, your browser’s mechanism is still bypassed, since it won’t get domain not found errors. As has been stated, you need to complain and you need to complain now. There are two ways in which your service has been compromised: (1) The DNS service no longer functions according to spec, and the ‘change’ is in violation of the July/2004 recommendation from ICANN. Various applications can malfunction as a result of that change. We cannot accept a wide-ranging degradation of network services so that our ISPs can spam us. (2) Your privacy has been compromised, since all ‘mistyped’ URLs are being sent, along with your IP, to common point, in plain text, where they are all likely being logged and analyzed for marketing reasons. (3) You were never informed of either of these issues, they simply turned it on one day.

    The service Bell is using is called ‘DNS Error Assist’ from infospace, and all the failed lookups are being set to an Infospace IP in seattle. So, complain to the service provider, and if (when) they don’t resolve the issue you then lodge a complaint with the CRTC and another with the Office of the Privacy Commission.

    References: ICANN report:
    http://www.icann.org/en/committees/security/ssac-report-09jul04.pdf

    Infospace product page: http://www.infospaceinc.com/business/hp_dnserrorassistservice.aspx

    It looks like ICANN can condemn the practice all they ike but when deployed within an ISP it may fall outside their jurisdiction (i.e. even to report on the practice). I suspect that if enough noise is made the CRTC and/or privacy commission may take an interest. This is the thin end of a very large wedge; if ISPs find they can get away with this, I don’t see what will keep them from reprocessing html on the fly to insert their own ads or overlay their own results on search pages.

Leave a Reply

Your email address will not be published.