Cameroon Typo-Squats all of .com

wayne writes "As reported on CircleID, the nation of Cameroon, which controls the .cm top level domain, has typo-squatted all of the .com domain space. They have placed a wildcard DNS record to redirect all traffic to an ad-based search page. Unlike the earlier case of Verisign putting a wildcard in the real .com domain, ICANN has very little direct control over what a nation can do with their own TLD. Will the owners of .co and .om follow?"

Smart move.

That should double their GDP!

Re:Smart move.

It's too bad that none of that is likely to trickle down.

From what I understand, the government there controls (well, attempts to) the broadcast channels pretty damn strictly, and voicing an opposition political opinion is generally called "libel" and involves jail time. Hoarding the TLD isn't a surprising move for them.

Re:Smart move.

That's a horribly uncivilised way for a government to act. Next thing you know, they'll be using propaganda to control citizens, taking bribes from big companies, and scaring people into doing what they want, with nasty words and phrases like "terrorist cells", "weapons of mass destruction" and "axis of evil" ;)

Re:Smart move.

I agree, although by using terms like "good guys" and "god-forsaken" you're in danger of being as irrational and downright inaccurate as the post you reply to.

Re:Smart move.

Then we'd be right at home then. It's not hard to change "libel" to "trator". From reading a little about Cameroon, their government is as accountable as our own. Of course, we should just assume they are evil incarnate as they aren't white anglo-saxon Christians.

No, we should instead assume that they can do no wrong because they aren't anglo-saxon Christians.

The idea, implied in your post, that all anglo-saxon Christians are racists against all other people is racist in itself. But of course that is okay, since it is fashinable to bash anglo-saxon Christians right now, just as it was once fashionable to bash negros, judes, redskins, gooks, insert deragatory racial group term of your choice here.

After all, no one who isn't anglo-saxon Christian couldn't possibly do anything to deserve criticism. It's all just a plot of White Supremacists, fighting for control with the Elders of Zion and the Freemasons. Right ?

And for the record: I know nothing about Cameroon, besides a quick Wikipedia lookup, and can't say whether their government is dictatorial or not. I am simply commenting on your idiotic, racist assumption that any criticism is motivated by racism.

Re:Smart move.

pple who cant tyhp shoulndyt be ushing the inpternet anwywya

Re:Smart move.

Funny thing is, there's a big flaw in their click script: http://www.slashdot.cm/click.php?b=zQmE%2BQ3Pc00%3 D&term=slashdot&position=1&to=aHR0cDovL3NsYXNoZG90 Lm9yZy8 [slashdot.cm] Ability to redirect to any site you want? GNAA will have fun with this.

Re:Smart move.

And to help the people that don't want to copy and paste.

SXQncyBiYXNlNjQgZW5jb2RpbmcuIE5leHQgcXVlc3Rpb24/
  =
http://www.slashdot.cm/It's%20base64%20encoding.%2 0Next%20question [slashdot.cm]

Re:Smart move.

Very cute. Actually, Cameroon is an oil exporter, with an effective GDP of $40 billion. Of course, very little of this wealth has trickled down to the masses, but the country as a whole is hardly poor.

The fix is easy

Just for any address I will never want to visit, you can just block it. For example, I never will visit ad.doubleclick.net. I have very little reason to visit Cameroon. I will just block all of .cm if the resulting site is annoying.

Re:The fix is easy

Wouldn't a better solution be to redirect *.om and *.cm to the .com equivalent?

What happens if the typo wasn't in the TLD? They'll then get redirected to a site they didn't ask for instead of recieving a more appropriate "Not Found" message. What happens to systems that rely on DNS returning those "not found" messages? There's also the question of US-bias. There are other TLDs that could be mistyped to produce the ones mentioned. If you want your typos to be automatically translated into what the system thinks you *might* have meant then that should happen at the application level (i.e. your web browser) so that users have a choice. It shouldn't be built into DNS.

www.gkj.cm

I tried it, it works! I must say it's a real clever idea. I want a country too!

What's next?

I'm sure the government of Vomania will benefit highly from my URL mistakes.

Re:for those that don't get it, .cm == typo of .co

lk buddy, my keybard is quite ld s yu dn't expect all the keys t wrk prperly, nw d yu?

I have truble with .cm very ften

Not an issue.

As long as the money made from this is going to the goverment of Cameroon and not some registrar, why is this an issue? The .cm ccTLD belongs to Cameroon. Why can't they decide what they want to do with it?

Re:Not an issue.

As long as the money made from this is going to the goverment of Cameroon and not some registrar, why is this an issue? The .cm ccTLD belongs to Cameroon. Why can't they decide what they want to do with it?

Same reasons that Verisign's wildcard service was decried, among other things this will cause every name.cm to resolve so it's going to at least screw with some spam blocking methods. If other countries follow suit then it gets even messier.

You're right that it belongs to them but there is such a thing as playing nicely. Also it's a bit of a spammy trick, so it's already making me associate Cameroon with spammers and their ilk. Was that their intention? Will they be happy with that? If you lived in Cameroon would you like the fact that your government (since the government assigns who runs the ccTLD) is making your country look like that?

Re:Not an issue.

Same reasons that Verisign's wildcard service was decried...

And, fortunately, the fix is exactly the same: Here's the default named.conf:

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

So, this option will preemptively avoid all jerkwads like Verisign and Cameroon. The only question is, why this isn't enabled by default.

Re:Not an issue.

Because the government of Cameroon is not Cameroon.

This isn't just an attempt to grab cash; that's a side effect. This is to hamper the ability of opposition parties to use the Internet as a voice. The government in Cameroon controls the TV stations, radio stations, and newspapers tightly; they don't want the Internet to be any different.

Re:(Still) Not an issue.

Because the government of Cameroon is not Cameroon.
That can be said about any country, anywhere, about the people and the government.

This isn't just an attempt to grab cash; that's a side effect. This is to hamper the ability of opposition parties to use the Internet as a voice.
Then they will have to find another voice. The masses aren't stupid. If they are being owned by a government, they know it, and if they don't like it they will do something sooner or later. BTW, some people don't mind being under a military or controlling government. It's not what everybody is accustomed to, but there are many ways to rule on the face of this earth.

The government in Cameroon controls the TV stations, radio stations, and newspapers tightly; they don't want the Internet to be any different.
Then practically speaking why should the Internet be any different? It makes sense in the context of that country.

I can see no good reasons in this discussion why Cameroon (the government) cannot do what they want with their domain name. The exceptions are: we don't like typo-squatting, or we don't like the government. The government is representing the people whether outsiders agree with it or not, and even if the people being represented don't agree. Everybody else in the world is too opinionated about what other countries should do, whether it be a different ruling style or something as small as a domain name suffix. We don't like being told what we should do with our country's domain name suffix, so why should we care what another country (yes the government, not the people) does with theirs?
(Actually, I expect to get many good reasons back about the history and politics and Cameroon and the people because I only know what I've read in the news and wiki -- I've never studied the country in depth.)
Everybody who surfs the Internet has no doubt experienced a typo and a typo-squatter. People will correct the spelling and move on. The generic Cameroon page looks like any other page full of advertisements on the Internet. Nobody is going to think it's the actual destination they want to surf to.

If you think about it

.com is typo-squatting all the .cm sites for people who suck miserably at typing.

This story is complete bullshit

Cameroon is not typo-squatting anything. If you type in a domain name ending in .cm that hasn't been specifically assigned to someone, you get a fairly innocuous default page with links to ads. So what?

Re:This story is complete bullshit

Root wildcarding considered harmful [iab.org].

The definition of typo-squatting

- Typo squatting is *registering* a specific typo. Like trying to get www.gooogle.com and www.gogle.com assigned to your own ad-page (it won't work actually, google have though of it first. But you get the idea). Typo-Squatters buys specific name and puts his page there.
Original customer un-happy because someone else has bought the typo-name and he can't have it (he can do what google did and buy typo names, because typos are registered to someone else).

- This case is using wild-cards to divert *UN-registered* domain names. One types something with .CM at the end. If genuine website exists, website is displayed. If website doesn't exist, instead of error message, you got sent to an search engine.
Original user doesn't mind anything, because if he wants he can still buy the typo name : the typo-name is free to buy, only NON-assigned names are diverted to search site.
The one who is pissed of is the IT-guy, because everything breaks because TLD aren't suposed to work that way, TLD are supposed to give error messages for non-existing domain (and this can break an algorithme that was supposed to detect bogus URLs. URLs aren't invalid any more, they always point to something now !).

So the both aren't exactly the same.

The official rationnal behind wildcarding is that people make typo.
One solution is to buy all possible typo name, but this can be quite expensive and cumbersome, because you have to guess all typos and you may have a lot to buy.
The other solution would be to harness the power of a search engine (and even better if the engine supports spelling suggestions like Google) and help the user find what they really wanted.
This is not unlike what the infamouse Microsoft Explorer "simplified error message" whitch gave you the opportunity to search the name on msn's search engine, and somewhat related to a side effect of the "search engine keywords from the URL bar" function of FireFox.
But the main difference is that those two are users choices, where as in .cm's case it's a governement forcing it.

The real rationnal behind is that the Cameroune governement can make huge amounts of money from an ad-supported search engine, and even more money when some big company realise that there are a few more typo that they can buy a few more typo domains (only the non-existing domain are search diverted. The typo are still available to buy !).
Even if the wildcarding gets forbiden and/or blocked, it will have attracted enough publicity around this few more typos to buy (and the side effect to also attract attention to other TLD that the big companies may have missed, like .OM (oman) and .CO (colombia) ) more money to come from domain name selling !
(Let's hope that at least part of this money will go to the poeple and not only to the pocket of a few highly placed guys :-/ )

Sadly, because in this case the people that are pissed off aren't the one with the money (big company will be happy to buy more typo domain, unlike what happens with real cases of typo-squatting) but are the average users (who except tld to issues error for non existing domains), we probably won't see any massive action against Cameroune.

Unless they suddenly happen to discover huge underground petroleum reserves. Then except to see Bush leading a god-inspired holy war to liberate all the poor American-.COM domains squatted by vilain .CMs, and be ready to accept those evil "Typo-Squatters" as a new entry in the list of subject used to scare people, next to "Terrorist", "Pirate", "Pronographer" and "Communist (now defunct)" and other un-american freedom haters.

Re:This story is complete bullshit

The issue isn't people who want to go to aaa.cm accidently typing aab.cm, it's people wanting to go to aaa.com and forgetting the 'o'.

I think you are missing the point. The owner of, say, neimanmarcus.com would be a victim of typosquatting if someone else took the domain name niemanmarcus.com, because someone typing in the latter spelling would really be deceived if it went to the wrong page. He could look carefully at what he typed and think, "yes, niemanmarcus.com, that's right." But if you type neimanmarcus.cm, the mistake is obvious when you look again.

When trying to allow for users' mistakes, at some point you have to draw a line. Beyond a certain point, the user has to take responsibility to type what he or she means. For example, philips.com [philips.com] and phillips.com [phillips.com] are different domains. Neither is typosquatting; the user has to get it right. Top-level country domains are a much clearer case than that.

correct solution (that will never fly)...

From some dude's blog that was linked to TFA:

The lesson here is that something is fundamentally screwed up in the domain world when one server manager in Cameroon can enable this much confusion. But I still can't figure out what the right solution is.

(from here: http://weblog.johnlevine.com/ICANN/cameroon.html?s eemore=y [johnlevine.com])

... is to require that US based sites use a US-specific country suffix, just like the rest of the internet.

I.e., migrate all of .com, .net, etc to .com.us, .net.us (or whatever).

That way, typoing the .com or .net suffix won't take you to a different country unintentionally :D

Sure, the internet was originally created in the US, but it's bigger than that now, and having one country that just doesn't use country suffixes is non-standard. :)

Of course, typo-ing the country suffix will still either not work, or take you to a different country, but what can you do...

As a side-effect, this would no doubt deter other country's businesses etc from simply registering .com, .org or .net domains because the domain rego is cheaper and it's "country-ambiguous"... (yes, I own .net and .org domains and i'm in australia. if it was going to have to be .com.us or whateever, I probably wouldn't be using up your precious US namespace :D)

Re:correct solution (that will never fly)...

The problem is that .com isn't just US companies. And having domains by country isn't that useful. Given that you use .net and .org domains and aren't US-based, I'd have thought you'd understand this.

I gather that the Cameron business is pretty serious. My take is that if all else fails, *.cm addresses can simply be blocked at the root DNS level till the .cm admins comply by removing the wildcard DNS entry.

How long until...

...the Nigerian scammers get wind of this, and move? I mean, it's right next door!

Ctrl+Enter

I seriously don't think I've actually typed out "www." or ".com" in at least 4 years. Just type website then Ctrl+Enter and Firefox and IE add it for you. I don't think Safari, Nautilus, or Konqueror do it by default but I might be wrong. But if you're using Firefox, it's so much easier. There's also Shift+Enter for ".net" and Ctrl+Shift+Enter for ".org".

who cares

There are so many missdirects on search results anyway, if it's not the right one, just delete the browser tab and move on.

Once upon a time...

I might have cared passionately about something like this. Now, I have more faith -- the Internet tends to route around folks with bad manners. This isn't the first time someone's come up with a grandiose plan to corner the market on user error and I doubt it will be the last. If Cameroon pisses off or annoys enough people with a stunt like this, I suspect someone, somewhere will do something about it. At the moment, there's not much more I can do than whine and complain, and I just don't see that it serves a useful purpose to do so.

If any one of the geniuses who dreamed up this little scheme happens to read this message, than I've got just one thing to say to them -- good luck. Maybe it will work out for you... and than again, maybe it won't. Regardless, if you could tell those Nigerian bankers to stop sending me letters asking for my help with fraudulent transactions, I'd surely appreciate it.

More concerned with domain name squatting

Considering it's only the .cm domain that's being polluted, this problem doesn't really bother me that much. On the other hand, the mass registration of domain names under the .com TLD for the purposes of advertising or resale is a much more significant problem. Most of the domain names I've tried to register have already been registered for such purposes. I'd rather see that situation fixed than the .cm typosquatting issue.

Ah... time to crontab wget again

Once every 5 minutes I think I'll be hitting www.youcontributenothingtotheinternet.cm!

Company behind it

Looking at this is appears that a company called "NameView Inc" is supplying the ads from the IP block 72.51.27.0 - 72.51.27.255 http://www.nameview.com/ [nameview.com]

Prehaps calling them on +1 (309) 424-5497 might help to say what a bad idea this is or we can just block the IP range (which is now what I'm going to do)

BIND has a quick fix for this

;; QUESTION SECTION:
;google.cm. IN A
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6369
;; ANSWER SECTION:
google.cm. 518 IN A 72.51.27.58
zone "cm" IN { type delegation-only; };
;; QUESTION SECTION:
;google.cm. IN A
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12264

ccTLD's aren't really "top level".

ICANN has very little direct control over what a nation can do with their own TLD.

ICANN controls a root DNS server [isoc.org], which is authoritative for the "." zone - one level higher than a ccTLD. This means they get to say what DNS servers are authoritative for .cm, and could send traffic to different servers if they really wanted to. Or at least they could redirect queries that came to their particular root server. If the other root servers followed suit they could do whatever they want with any ccTLD.

URL FCixer entension will sort this

Just install the following extension:-

http://www.efinke.com/url-fixer/ [efinke.com]

Corrects common .com typos for you.

 

Most queries at www.google.cm

Cameroon location earth

At ask.com: "Where the fuck is Cameroon, Jeeves?"

WWW/HTML is a minor problem

While possibly the most visible effect, landing on a page full of ads when you wanted www.cnn.com is the least of your problems.

Remember, this is DNS, so this will affect not only your web browser, but all your Internet applications.

So, guess what happens if you try to send a mail to friend@gmail.cm? Yup, it also gets the Cameroon treatment:

$ telnet gmail.cm smtp
Trying 72.51.27.58...
Connected to gmail.cm (72.51.27.58).
Escape character is '^]'.
220 blackhole.gdei.com

Even though the server currently will bounce your mail with a 550 Domain does not exist, they now have your email address and, with a quick typo-fix, that of your friend.

Hey! Guess what country is next door to Cameroon? Yup, Nigeria. Now, who in Nigeria might want a fresh source of email addresses...? [419eater.com]

And who is to say they bounce all mails? Or will continue to?

Re:WWW/HTML is a minor problem

Hey! Guess what country is next door to Cameroon? Yup, Nigeria

Hey! Guess what country is next to Cameroon in the CIA World Factbook? Yup, Canada.

The conspiracy is clear!

Re:There's typos, and then there's THAT

But if you mean to type .com and you actually type .cm then its a typo. If you mean to type .cm and you .cm then it's not a typo.

Re:There's typos, and then there's THAT

If you mean to type .cm, chances are the domain actually exists, and you'll go to the website as you intended. They're not redirecting *.cm to an ad page, just (unregistered).cm. Like Verisign did with (unregistered).com until the tubes were all full of user backlash.

Re:There's typos, and then there's THAT

Uh, do you understand the point of the article?

Go to this site: http://www.cnn.com/ [cnn.com]

Now go here: http://www.cnn.cm/ [www.cnn.cm]

That's typosquatting.

Re:There's typos, and then there's THAT

No, they typo-squatted ".com", in the same way that "goggle.com" and the like typo-squatted "google.com". Domain-squatting is something else entirely, and involves registering the actual target address and sitting on it, then trying to sell it for an increased sum.

They typo-squatted .com by domain-squatting .cm.

Re:There's an easy fix for this...

Just edit your hosts file, and redirect *.cm to 127.0.0.1 in it. That way, even if you ever make that kind of typo on accident, you don't reward them for it.

Since when could the hosts file support wildcards?

Bad Article Title - Bad Summary Title

They did NOT typo-squat "all of .com".
They typo-squatted "all of .cm".

Quite a difference, if you ask me.
Unless you are a sensationalist, of course.

Re:Bad Article Title - Bad Summary Title

Quite a difference, if you ask me. Unless you are a sensationalist, of course.

If one were to register micosoft.com, mirosoft.com, and mcrosoft.com, that would be typo-squatting on Microsoft.com, no?

In adding a redirect for .cm, with a wildcard redirect for all nonregistered entries, it seems that Cameroon is typo squatting on a TLD. It's the same idea as the Verisign deal, it's just that this one is doing it on a tld that could easily be a typo for .com. Why could this not be classified as being both a Sitefinder-type redirect, and a TLD typo squat?

It seems to me that rather than being bullshit, the headline is getting to the meat of the story.