Comments on: Cablevision Hijacks DNS Error Pages

By: greg

greg — Mon, 12 Oct 2009 02:29:16 +0000

Bell Canada has started doing this too, with ‘cookie’ opt out. THE ‘COOKIE’ OPT-OUT IS A FAKE! All it does is stop the service from sending you to an ad page. Instead it serves you a fake ‘domain not found’ page. So this doesn’t fix anything, your browser’s mechanism is still bypassed, since it won’t get domain not found errors. As has been stated, you need to complain and you need to complain now. There are two ways in which your service has been compromised: (1) The DNS service no longer functions according to spec, and the ‘change’ is in violation of the July/2004 recommendation from ICANN. Various applications can malfunction as a result of that change. We cannot accept a wide-ranging degradation of network services so that our ISPs can spam us. (2) Your privacy has been compromised, since all ‘mistyped’ URLs are being sent, along with your IP, to common point, in plain text, where they are all likely being logged and analyzed for marketing reasons. (3) You were never informed of either of these issues, they simply turned it on one day.

The service Bell is using is called ‘DNS Error Assist’ from infospace, and all the failed lookups are being set to an Infospace IP in seattle. So, complain to the service provider, and if (when) they don’t resolve the issue you then lodge a complaint with the CRTC and another with the Office of the Privacy Commission.

References: ICANN report:
http://www.icann.org/en/committees/security/ssac-report-09jul04.pdf

Infospace product page: http://www.infospaceinc.com/business/hp_dnserrorassistservice.aspx

It looks like ICANN can condemn the practice all they ike but when deployed within an ISP it may fall outside their jurisdiction (i.e. even to report on the practice). I suspect that if enough noise is made the CRTC and/or privacy commission may take an interest. This is the thin end of a very large wedge; if ISPs find they can get away with this, I don’t see what will keep them from reprocessing html on the fly to insert their own ads or overlay their own results on search pages.

By: hijacked

hijacked — Fri, 12 Dec 2008 02:17:44 +0000

Mediacom cable is now hijacking too. You could opt out until last week and it worked. Now the opt out option doesn’t work.

By: Peter U

Peter U — Sat, 04 Oct 2008 01:46:11 +0000

Thanks for posting this. I’m also upset and I’m also covering this on my blog (linked). I called Optimum internet support at least 4 times today, refused to give account info (press 0 and # three times when prompted to enter a phone number), and complained emphatically. The agents were obviously all ready for this — so it’s clear that they’ve been trained to handle this in advance. Screw the Dolans!

By: Optimum Online offering DNS hijacking “service” | INeedAttention.com

Sat, 04 Oct 2008 01:44:18 +0000

[…] Lots of other people are pissed – and rightly so. Network Solutions (Verisign) tried to do this a few years back, but had to scrap those plans because everyone was up in arms about it. So what makes Optimum Online think they can get away with it? Greed, ignorance, and apathy – if customers don’t make a fuss, and they make more money, they’re happy. Don’t let them get away with this. Call Optimum Online and complain – ramble on even – and offer them no way to satisfy you besides stopping this service. “But you can opt-out!” they will cheerily point out – no one opted in to begin with (we still recommend you opt-out anyway to make it official). […]

By: scott

scott — Wed, 01 Oct 2008 17:58:30 +0000

I thought about that but in the description it says “it will affect all computers running in the house” and a cookie can’t do that. So you might be right, but that means the text of the instructions is wrong.

By: MartinFierro

MartinFierro — Wed, 01 Oct 2008 12:49:12 +0000

The opt out is probably implemented by a cookie, like Rogers.ca does (see below).
If you don’t allow cookies, it will not work.
And, if you delete them, you will get the “service” back…

=======================
You have successfully changed the selected landing page returned from
the Rogers Supported Search Results service. If you would like to
revert back to the default results page, simply delete your
“search.rogers.com” cookie or return to
options.search.rogers.com

NOTE: If you delete your cookies, or use a program that deletes cookies, you will have to repeat this process every time your cookies are deleted.
=====================

By: DancesWithRobots

DancesWithRobots — Wed, 01 Oct 2008 05:39:32 +0000

I noticed this two or three days ago and I called them screaming. I’d been used to Firefox efficiently accepting that it was perfectly normal to drop “www” and “.com” and send me where I wanted to go most of the time. Suddenly OOL broke it on me.

After the phone jockey tried several times to explain that it was necessary to properly type in a url for the internet to work, I demanded he escalate the call. He put me on hold and came back a minute later to tell me that they’d “made a change.” and “there’s no way to go back.” I hoped they got a lot of irate customers that day.

Want to have fun with these guys? They’re not allowed to make a negative comment. Try and get one to say “No.”

BTW, the opt out worked fine for me. Thanks God for small favors.

By: jeanne

jeanne — Tue, 30 Sep 2008 23:02:58 +0000

New York’s Time Warner does the same.

By: Jake

Jake — Tue, 30 Sep 2008 20:37:19 +0000

I’m glad AT&T isn’t doing it yet (my ISP). Nonetheless, I am using OpenDNS which does have the ads. However, I feel OpenDNS deserves the money much more than my ISP.

By: Fred

Fred — Tue, 30 Sep 2008 18:48:22 +0000

I too use cablevision and found that i could opt out fine, but i never would have guessed that “about this page” would take me to that. Thanks.