Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Courts Government The Internet News

3rd Lawsuit Against VeriSign Seeks Class Action 128

dmehus writes "A third lawsuit has been filed late Friday in a federal district court in California against VeriSign, Inc. over its controversial DNS wildcard redirection service known as SiteFinder. According to the article, it was filed by longtime Internet litigator Ira Rothken. In addition, while two other lawsuits have been filed by Go Daddy Software, Inc. and Popular Enterprises, LLC. in Arizona and Florida, this is the first lawsuit to seek class-action status."
This discussion has been archived. No new comments can be posted.

3rd Lawsuit Against VeriSign Seeks Class Action

Comments Filter:
  • No Shame (Score:5, Insightful)

    by Anonymous Coward on Saturday September 27, 2003 @09:04AM (#7071703)
    Verisign truly has no shame, but the reason they can get away with this is simple: most people on the net now are new to it, and have not the faintest idea about how the net used to be a cooperative medium, where bullshit like this was not tolerated. Today? No such luck, users expect to be scammed and abused with every click, they will accept this, and they are the majority.
    • Actually, it doesn't seem like it is being tolerated. That's three major lawsuits in about two weeks, as well as a pretty strong message from ICANN about it, as well as a couple other people and organizations. Not doesn't seem like 'tolerance' to me
      • Sure, the ICANN has sent their message, and lawsuits exist, but it is being tolerated. How many common internet users know what w3c is? Or the ICANN? How many people know the difference between AOL and the internet. The fact is that most people could care less about being screwed over, As this AC pointed out. 50 million people signed a do not call list. They expect the internet to be annoying and full of popups. If 50 million people signed a petition to censure Verisign, you bet there will be some legislati
        • 50 million people signed a do-not-call list because it is possible to enforce and because the problem has been around for years. This is a really NEW problem, and it's getting plenty of attention. It is only a problem for regular internet users if these current measures fail.

          You can't expect an issue to be a problem to people so quickly. If I did not read Slashdot, I wouldn't care about this. Why? The last time I mistyped an address was longer ago than I can remember. After all, I'm a decent typist and usu
    • true, except they don't even reaslise they are being scammed. paying for everything you do, and being constantly subjected to advertising the the norm for most people. they don't know any different and accept it as being normal online.

      unfortunately, the large corps that 0wn the net now are loving it too. most punters think the internet is msn and explorer, and that miscrosoft runs the internet. unless they use aol. it's just bits and packets to me, but to them it's "an experience". or something.

      the only p

    • The Internet was founded as an academic and research universe, then it went commercial...
    • Verisign is responsible for the Registry, which is the official database of .com and .net domain names, IP addresses, and whois information, but the Root Servers actually implement the DNS. Aren't they also responsible for making sure their config files are correct (and *.com is obviously an error)? Some of them are run by Verisign, but some aren't, including some outside the US, and even some by Paul Vixie, the author of BIND who did the recent patch that made it not accept Verisign's bogus data. This
  • I for one... (Score:3, Informative)

    by rekkanoryo ( 676146 ) * <rekkanoryo AT rekkanoryo DOT org> on Saturday September 27, 2003 @09:04AM (#7071707) Homepage
    will be happy to see VeriSign blasted on this one. This is one of the stupidest ideas I've ever seen, and is a pain in the ass. I also wouldn't mind seeing someone else have control over the TLDs VeriSign currently controls.
  • by Anonymous Coward on Saturday September 27, 2003 @09:06AM (#7071710)
    Recently, the .museum TLD went live. It's just like any other TLD except that domains that don't exist diect you to a page saying the domain doesn't exist and with a couple of links. Many other countries also do this sort of thing with their domains. They're not very different than Verisign's SIteFinder, but there's little to no outcry over this. I'm curious because a lot of the objections about SiteFinder should also be true about the .museum TLD and all the others. What's different here?

    And don't tell me because nobody uses those domains, that it's okay. That's just an elitist view and also blatant hypocrisy.
    • I would bet it's because most people here don't realize that's happening. If the TLD was more common, more people here would know it's happening and bitch and whine and moan just like we're doing over VeriSign SiteFinder.
    • by doktor-hladnjak ( 650513 ) on Saturday September 27, 2003 @09:44AM (#7071861)
      What's different here?

      The big difference as I see it can be broken down to 2 big points:

      1. Verisign is NOT the only company through which you can register a com or net domain. Many of these other smaller domains (small islands in the south Pacific, .museum, etc) usually have one government sanctioned registrar. Leading to the registration site in those cases is in many cases helpful. Although there are no links to their registration forms, what's to stop them from doing that later?

      2. Verisign is running a search engine on SiteFinder, which they control. I don't believe they do it now, but they could very easily commercialize this search engine: ads, charging for high results in the search.

      3. com and net are much larger than other obscure domains that have already done this. Just because other TLDs have done it does not make it right! There are apparently some standards laid down by ICANN that have been broken by doing this.

      Bottom line though: just because they manage the TLDs, does not give them the right to break things for their own commercial gain.

      • 2. Verisign is running a search engine on SiteFinder, which they control. I don't believe they do it now, but they could very easily commercialize this search engine: ads, charging for high results in the search.

        SiteFinder is already commericalized. Gambling isn't one of the most popularly looked for areas on the Internet, but it is one of the highest paying for redirections. The search engine also features Overture-like (if not powered by Overture already) paid placements...

        SiteFinder isn't being done o
      • Verisign runs the Registry which keeps the master database that all the Registrars use when they're selling .com and .net domain names. Verisign is also a Registrar, but this is a Registry problem, not a Registrar problem.

        That doesn't mean that you can't argue that Verisign doesn't owe somebody (themselves?) $6/name for the previously-unregistered names they're now using, or that they don't owe ICANN whatever cut ICANN gets of those names....

    • Actually, its neither elitist nor hipocrisy. The .museum domain is for museums. Their page points you to a list of museums and an information page about the museum pages. VeriSign points you at adds, while they are running .net and .com, which have almost anything on earth hosted on them.

      The difference? The museum redirect is useful, the VeriSign redirect is useless and profiteering.
      • I don't think it is different. Even if it's useful, it still can wrongly give false info.

        One of the complaints is that Verisign broke the way some anti-spam filters determine if the mail comes from a valid domain.

        Could this mean that spammers could use "jkfjjd.museum" and bypass this kind of filters?

        (Man, I hope someone else thought of this first for I'd hate to be the one that gave them this idea)
        • No it was discussed earlier on slashdot even.
          Basicly I think it is not too much of a problem. You can even speed up the check by not even doing a look up on those domains and just scoring the same as if it were a nonexistant domain name.
          You probly would actually do it as a whitelist of conforming domain systems.
        • There are a couple of ccTLDs that have supported wildcards, as well as .museum doing that. I can't check which ones any more because my ISPs seem to have all installed the BIND patch that makes them disappear :-) I'm not aware of any of them besides Verisign's .com and .net that have catchall mail servers as opposed to just catchall web servers, but there may be some, and it's a problem either way.

          But yes, spammers can do this with those ccTLDs, and the fact that it's an obvious problem when .com and .ne

        • "Could this mean that spammers could use "jkfjjd.museum" and bypass this kind of filters?"

          "(Man, I hope someone else thought of this first for I'd hate to be the one that gave them this idea)"

          Nope, the spammers already thought of it. Many ISPs have implemented spam filters that check the validity of a domain before allowing it through the server. This effectivly makes that check useless. Now, there are ways around this but considering how long it took my ISP to implement domain verification, I don't hold
      • Interesting index.museum doesn't exist except as a *.museum record, which I found out when I blocked wildcard records on that domain :|
    • My issue with Verisign's SiteFinder is functionality; back when Internet Explorer started searching the net for the mistyped domain name, I quickly turned it off because I wanted to be able to fix my mistype in the address bar, and Internet Explorer's/MSN's search screwed it up. Verisign's search does the same, and you can't turn it off, or switch browsers. .museum gives you an informative page and still allows you to correct your mistake in the address bar.

      This is another one of those "features" that I'
    • >Recently, the .museum TLD went live. It's just like
      >any other TLD except that domains that don't exist
      >diect you to a page saying the domain doesn't exist
      >... What's different here?

      The difference, in a nutshell, is that this wildcard was
      only implemented after discussion by, and agreement
      from, the subdomains under .museum.

      r7
    • As Paul Vixie said [ietf.org], the major problem here is one of broken expectations. The .com and .net domains have behaved in the non-wildcard manner since day dot. There is a reasonable expectation that a DNS query on a non-existent .com or .net domain will return a "no such domain" response. VeriSign unilaterally broke this without warning. I believe that ".museum" has implemented the wildcard since day dot, so there are no broken expectations there. As the IAB said [iab.org], it's reasonable to implement wildcards with the
    • I bet any other TLDs started up with an agreement that they could do it. VeriSign has no such agreement, and it would be unthinkable to allow such an agreement in the case of the .com and .net domains.

      Basically, VeriSign is making a power grab. The only appropriate response to such a power grab is to kill the company making the grab. It's time to bankrupt VeriSign.
    • The big deal is that it's at the wrong conceptual level. The domain lookup for a non-existent domain should return "domain not found" and not refer the user to an IP that does not represent that domain. (I believe that could be called "misrepresentation".)

      A similar mistake is made by sites that do not return 404 errors when a page is not found on the site, but instead return 200 and some sort of "was this what you were looking for?" page. Instead I would prefer a 404 page with that content.

      Unfortunately,
  • Here's a question... (Score:5, Interesting)

    by dnaboy ( 569188 ) on Saturday September 27, 2003 @09:06AM (#7071711)
    Can one get in trouble for launching a DOS attack on an unassigned web address? Do they all by default belong to Veri$ign (OK, I couldn't resist porting the obligitory $, generally reserved for M$), or are they fair game to hit with reckless abandon?
    • by Anonymous Coward
      Guess they should have done this earlier, before the DOS against the non-existant windowsupdate.com was launched.
    • Considering that your intent is to down VeriSign, it's irrelevant what combination of numbers you technically "attack".
    • root@kami / # alias slashdotted="DDOS -t death"
      root@kami / # host ifyousendmeadnsreplyyouagreethatthereplieddnswillb eslashdotted.com
      ifyousendmeadnsreplyyouagreethat thereplieddnswillb eslashdotted.com has address 64.94.110.11
      root@kami / #

      Special thanks to slashcode for inserting extra spaces for the site [ifyousendm...dotted.com]
    • y0u h4v3 n0 ski11s s0 d0n'7 3v3n w0rry 4b0u7 i7. y0u c0u1n'7 h4X 4 br0wn p4p0r b4g. i ru13!

      WOOT

      j/k
    • AHEM, the DOS attack you envision would be an attack on DNS, and would threaten DNS service for everyone.

      Unassigned DNS names don't have unassigned addresses.

      If you attack SiteFinder, you'll find that they have an owner, one who can afford expensive owners.
      • You probably meant "one who can afford expensive lawyers"?

        No, a DOS on Sitefinder's IP address, which is what a DOS on bogus .com domain names would accomplish, wouldn't affect the root name servers. It would interfere with reaching their web search pages and email trap pages, taking longer for bouncegrams to get back, which is still bad, but it wouldn't bother DNS at all. And of course, it would still be Wrong and probably illegal.

        Now, if you want to have fun with SiteFinder's email system, you can sta

    • Compu$erve got this LONG before Micro$oft was anything evil.
      Back in the day Compu$erve was basicly a large mainframe (Compusere had been in business for a VERY long time) and at the time BBSes were everywhere.
      The problem was that Compuserve had become very expensive for the time due to charging an hourly rate and most of Compuserves services were available for free from BBSes.

      People had gotten tired of it and started calling it Compu$erve.

      Now a days Microsoft basicly overcharges for Windows for what they
    • Considering all of the traffic they expect, I doubt that anything less than a thousand 1337 h4x0rz performing a DDoS with a thousand machines for each of them would even make a dent. Besides, all those packets will just end up clogging the internet, making it slower for everyone.
  • instead of the verisign sitelooker page, I suggest that BIND (the software that runs 60% of the DNS) should be enhanced in several ways: The most important one, IMHO, is to compute a list of close matches and present these choices to the user. They may use the Soundex algorithm or some other tricks to see if characters are transposed, if one characters is wrong, if one is missing, etc.

    If well implemented, this would solve 60% of the problem. The remaining 40% is due to the fact that people sometimes doesn
    • Thats a good idea, however its fundementally flawed for one part - it couldnt be done by BIND alone, BIND only does the name translation, it couldnt send to a search engine ...

      -Gwala
    • by DavidpFitz ( 136265 ) on Saturday September 27, 2003 @09:18AM (#7071768) Homepage Journal
      What about Email, IRC, USENET etc etc... How would that be forwarded to a search engine? HOw do I prompt a user in IRC to choose which is the mistyped addresses they really meant? Do you expect half the software for internet communication to be re-written?

      The Internet is not just the web!

      And this is a very stupid, ill-thought out idea!!

      D.
      • I know what to do in a case of email:

        MTA must return (bounce) the message with the original error message (MX) not found) as well as all those rule/soundex-based search results. The sender then makes a correction based on newly available information.

        In order to protect mail-list agents, the addition field can be used, like "X-Bounce: NO" to switch-off the bouncing (by MTA) for such senders.

        As for IRC, when you connect to IRC your IRC program has a dialog, where more DNS disagnostics (including the sug

        • DNS is not a search engine. DNS look ups are final, authoritative and precise. The host and/or record type you're looking for either exists, or it doesn't. You want a search engine, go to Google. Maybe Google will come up with a DNS search widget? But this functionality does NOT belong in DNS.
          • Bottom line is, this functionality does not belong in DNS. It is up to the individual applications to do what they think is best when a user tries to communicate with an invalid host. IRC and FTP connections fail. Web browsers display a search page. Email bounces (albeit with a usually cryptic message). And who's to say that what DNS will suggest is even remotely applicable to the protocol and application at hand?

            DNS is a basic underlying protocol. It doesn't need to be saddled with this extra, mostly usel
            • I disagree. The current DNS functionality is "lookup for names and addresses", which is based on the exact string comparison, which is just a subset to more genereal search engine functionality - "look up for strings using exact AND approximate comparison".

              With all my respect to the current core functionality of DNS, I do not see anything wrong to extend it by OPTIONAL plugins implemented more lookup rules in addition to the existing ones.

              THEN it will be up to individual applications to utilize those ex

              • I disagree. The current DNS functionality is "lookup for names and addresses", which is based on the exact string comparison, which is just a subset to more genereal search engine functionality - "look up for strings using exact AND approximate comparison".

                DNS isn't a subset of a search engine... it isn't a search engine at all. It is just a system to associate simple ascii strings with IP addresses and other network information. It was never meant to be a system that you can type fuzzy queries into and h
                • The exact string comparison based lookup function is a subset of more general set of lookup functions based on various rules, including exact string comparison AND fuzzy string comparison. If you have a problem to understand that then go back to your school and learn your math harder than you did.

                  DNS as it is now has not been designed for fuzzy string comparisons. But who told you that it will never be designed that way? It is not deadly frozen protocol and it can get new RFCs describing new extensions an

                  • The exact string comparison based lookup function is a subset of more general set of lookup functions based on various rules, including exact string comparison AND fuzzy string comparison. If you have a problem to understand that then go back to your school and learn your math harder than you did.

                    I don't know what you're talking about when you say DNS's string comparison function is a subset of a more general set of lookup functions including fuzzy comparison. That is completely not true. There is nothing
              • If you go to look up a phone number for someone and they aren't listed, you want to be told they aren't listed, not given the number for someone else with a similar name.

                DNS is the phone book of the Internet. What you're describing is nice when looked at just as part of browsing the Web, but not as part of FTP or LDAP lookup or NTP synchronization.

                • If you go to look up a phone number for someone and they aren't listed, you want to be told they aren't listed, not given the number for someone else with a similar name.

                  Exactly the functionality I've missed in North America (In Russia and in some European countries you can do it) - sometimes I want a list of suggested numbers with similar names or with similar functions. "Sometimes" means that it should be an option saying to the directory service to use an alternative set of lookup rules.

                  And there is

                  • Forget that the Web exists. 90% of the Internet doesn't involve the Web. Three-quarters of it doesn't even involve human beings. Therein lies the rub. "Similar function" means different things depending on context. For example, the SNMP client in a LAN network monitoring box has a very different idea of what might be a correct alternative than the program-driven automated FTP application trying to grab today's payroll files or the SCP transfer of a password file. The problem is that DNS doesn't know which o

    • and how often will bind work? DNS servers cache site, so there is moon.com and noon.com, noon.com falls off for a day or something and now all noon.com requests go to moon.com, noon.com comes back online, how long will the noon.com requests keep going to moon.com? HRM, cnn.com is popular, some crazy haxors get cnnn.com, and DDOS cnn.com and everything on its network out of this world, requests for cnn.com now start going to cnnn.com.

      I don't think the solution should be in bind. If I do a telnet host12
    • Yeah, thats a pretty poor idea. See, first off, I think you are wrong about what the Soundex algorithm does. It categorizes names by similar phenomes, not by similar spelling. So it would recommend, say, yeehaw.com (is there one) as a replacement for yahooo.com, when obviously that should be yahoo.com.

      Second, and far more important, you forget that DNS is used for more than just web browsing. As someone pointed out above, what about protocols that do not support that search page? How do you present a sear

    • This would ruin the authoritative nature of DNS. It's not supposed to be an "approximation" system. Doing the above would cause more problems than it would solve, as it would leave to misdirected emails, misdirected websurfers, and big privacy and security issues.

      Failed lookups are a good thing. It empowers the end-user to decide how to best handle those errors. Shifting that power to the registry (in the case of Verisign's Sitefinder), or to BIND (hosted by the ISP) would remove power from end-users.
    • Incidentally, Tirel, your signature really gives away your identity. Can't we just call you Krapongor [slashdot.org]?

      I mean, seriously. Did your dad beat you, or your mom not tell you she loved you? What sort of emotional issues would lead you to get such satisfaction from acting like an immature 13 year old on the Internet? Or are you a 13 year old (if so, trust me, you'll feel stupid about this when you're older)?

    • And how, Mensa Member with your impressively high IQ, do you propose that bind, a piece of software that does not directly interact with the user, present this list of choices?

      Do you suggest it does this also for all other internet applications? (there is more than just the web you know).
    • I've said it before [slashdot.org], and I'll say it again.
  • by ubiquitin ( 28396 ) * on Saturday September 27, 2003 @09:21AM (#7071784) Homepage Journal
    1. The distributed network in its infancy is lovingly brought to life by researchers: arpanet is born.
    2. Rapid protocol development as the network begins to start walking: from gopher to httpd to mosaic. Email and usenet populate most universities.
    3. Private enterprise realize the potential and small companies start forming around services and products aimed at network usage. Network usage is a daily exercise for academics and early adopters. Linux arrives and Slashdot's squeaky pubescent voice first heard.
    4. The internet meets the economy and Wall Street goes apeshit. Billion dollar companies are started, sustained, and identified by their position on the network and mindshare of net users. The network is the computer.
    5. Infrastructure buildout is complete, and educated people worldwide use it as a communication medium. Initial high-growth opportunities are gone so Wall Street sours on the newness, returning its attention to fundamentals of profit-grubbing.
    6. Annoying spammers take over, search engines are all manipulated, pop-ups for porn and travel are everywhere, Microsoft mass-marketed virus hysteria takes place, simple hosting efforts become a bitch.
    7. Lawyers and short-sighted opportunists inexorably and slowly strip everything likeable from the network by lawmaking and lawsuits until there is nothing left but death and taxes.

    Shakespeare's As You Like It (Act 2:7) ...man in his time plays many parts, His acts being seven ages. At first the infant, Mewling and puking in the nurse's arms. And then the whining school-boy, with his satchel And shining morning face, creeping like snail Unwillingly to school. And then the lover, Sighing like furnace, with a woeful ballad Made to his mistress' eyebrow. Then a soldier, Full of strange oaths and bearded like the pard, Jealous in honour, sudden and quick in quarrel, Seeking the bubble reputation Even in the cannon's mouth. And then the justice, In fair round belly with good capon lined, With eyes severe and beard of formal cut, Full of wise saws and modern instances; And so he plays his part. The sixth age shifts Into the lean and slipper'd pantaloon, With spectacles on nose and pouch on side, His youthful hose, well saved, a world too wide For his shrunk shank; and his big manly voice, Turning again toward childish treble, pipes And whistles in his sound. Last scene of all, That ends this strange eventful history, Is second childishness and mere oblivion, Sans teeth, sans eyes, sans taste, sans everything.
  • Exactly how the hell is this any different from Register.com's redirected stuff? Or any other webhosts for that matter? Is it ONLY because VeriSign runs the domain names for .net and .com? I really don't understand why this is a problem, and I can guarantee you the overwhelming majority of people seriously don't give a s**t. Can anyone explain it without bringing down showers of FUD?
    • Yes, the difference between what verisign has started doing and what the domain name purveyors do is this: instead of just redirecting purchased domain names which have yet to be "pointed to" an IP#, they are redirecting any request for any domain name, in realtime that isn't already registered by use of a wildcard redirect, and furthermore, they are tracking the number of occurrances and origin of these requests with Overture web-bugs. This is a major privacy concern in addition to taking advantage of any
      • I don't see how that's a privacy concern any more than any other website logging IP's is. What, are the Internet Police going to come and beat my ass for misspelling 'slashdot.org'? ;)

        Okay, serious now. I've run into Sitefinder a few times. I really don't see what the big deal is about. When you make a mistake it redirects you to a page that lists domain names close to what you were looking for. I find this a lot better than register.com's popup laden crap, or anyone elses for that matter. I don't see ho
        • when you mistype that domain name, you get a few suggestions. You also get a list at the bottom of the box for "popular searches". Click on them and you get "sponsored results for:" listings. Sponsored results means they are making money off of this via their "monopoly" on the fact that they run the DNS.

          Of course, it's a messy fight, because VeriSign wants to make money off people clicking on the links that display because of their position of power, while the companies suing like Netster want to make

          • I'd rather lose to the tune of a page with sponsored links than lose to 18 popups, gator, and having my homepage changed. There are some levels of BS you have to put up with, and I'll take SiteFinder over Netster any day of the week.
        • "I don't see how tracking the number of occurences and origin of a misspelling is a privacy concern."

          It's not primarily a privacy concern as such (unless you typo'd hotkiddiepr0n.com or ihaveaids.com and wound up at Sitefinder instead, IP address in tow). However, it IS a concern if they correlate typoes, and decide that goggle.com looks like a good one to squat on and sell to the highest bidder. Which, IMO, is what this is *really* all about.

          There are already domain squatters who have a nice form for fol
    • Data mining! They set up a fake SMTP server that dosn't drop the connection until AFTER they have the 'FROM' address. There partners in this sitefinder are overture [overture.com], how is this FUD?
    • by LostCluster ( 625375 ) on Saturday September 27, 2003 @11:01AM (#7072194)
      Register.com simply put up a test patern page by default when somebody registered a domain but failed to come up with with valid nameservers. That was annoying to those who paid for domains they weren't using, but then again its also their fault for not having one of the reqirements it takes to operate a domain.

      This is different because Verisign isn't limiting their actions to domains registered through them. In fact, SiteFinder replaces every domain in .net and .com that hasn't been registered, which is something only VeriSign could possibly do.

      Basically, SiteFinder's IP address is being returned any time a .com or .net query is supposed to return "NXDOMAIN", an indication that the domain doesn't exist and therefore the request is no good. That was an error that used to be handled by the user's software, now Verisign has overtaken that.

      This breaks any application that depended on "NXDOMAIN" accurately being reported. One key application was an important spam defense... if the domain in the from field returns an "NXDOMAIN" when somebody tries to look it up, trash the message because the from line must be bogus. Now, nothing returns "NXDOMAIN" when queried, so that test always returns a negative.

      ICANN hired VeriSign to run the DNS system according to the protocols. This is something that's not in the protocols, and VeriSign is just doing with a "You can't stop us!" attitude. ICANN nicely asked VeriSign to suspend the service, and got a defensive reply. It's time for either ICANN to fire VeriSign, or for the US Dept. of Commerce to fire ICANN...
  • by GeorgeK ( 642310 ) on Saturday September 27, 2003 @09:28AM (#7071807) Homepage

    Register.com [register.com] might be the next one to file suit, given their strongly-worded letter [icann.org] which was sent to VeriSign and ICANN.

    The Stop Verisign DNS Abuse Petition [whois.sc] is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here [icann.org] at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).

    • Have you corrected the spelling of the message forwarded to ICANN? I have no intention of sending them an email that says "I have signed an agree with blahblah." What the hell is an agree?
  • I'm not happy with sitefinder, but I have seen some referrals from misspelled names to our main site. Not a lot, but enough to get noticed. What I also notice is that several domain names that I previously owned, but not owned by anyone at the moment, are all coming up as a sitefinder page. I just wonder if they are doing this to all expired, previously registered domain names. And for the record, the domain names were originally registered on Network Solutions/Verisign.
    • VeriSign *IS* applying this to all expired but previously registered sites.

      I know this because last weekend we got bit by this. We had a monitoring script that checked whether or not one of our web sites was in DNS. In a bizzar set of circumstances, the domain had expired 6 days prior to this. We didn't receive any email or snail mail notices about this, and it was only after 6 days had passed since the expiration that VeriSign sent an email to the admin handle, et al.

      By that time customers were

  • by anon*127.0.0.1 ( 637224 ) <slashdot AT baudkarma DOT com> on Saturday September 27, 2003 @09:34AM (#7071829) Journal
    Let me guess... it'll be settled out of court, Verisign will admit no wrongdoing, the lawyers will get a few million dollars, and we'll all the $5 off the next domain we register with Verisign.

    I can hardly contain my enthusiasm.

  • Big Problems? (Score:5, Insightful)

    by tarnin ( 639523 ) on Saturday September 27, 2003 @09:44AM (#7071862)
    I see big problems arising from this. One, if it looks like VeriSign will lose, they will more than likely settle out of court and make sure an issue like this stay untested as to be lawful or not. Just like the DMCA mess and the mass suing from the RIAA.

    Second, VeriSign is handling the .com/.net domain on good faith really. No one has the power to remove them from handling these domains. There is no true law up to this point on who owns them and what guidelines they HAVE to follow. Even the RFC's don't contain any insight on how something like this should be handeled.

    Do we really want the gov (at any level) to start getting their hands in this? Do we want another self appointed body saying what can and cannot go? Both of which, to me, are scary but it seems that the "self healing" that the internet was built apon is failing at this point. Even if another RFC is written, who's to say that VeriSign will follow it?

    I see no good comming from this really. The only good ending would be that VeriSign halts its practice on its own and an RFC is drafted to prevent this in the future and people follow it. The only issue I see there is it's still done on faith and it looks like faith has gone the way of the dot.coms.
    • Re:Big Problems? (Score:4, Informative)

      by LostCluster ( 625375 ) on Saturday September 27, 2003 @11:04AM (#7072213)
      Second, VeriSign is handling the .com/.net domain on good faith really. No one has the power to remove them from handling these domains. There is no true law up to this point on who owns them and what guidelines they HAVE to follow. Even the RFC's don't contain any insight on how something like this should be handeled. .com and .net are really properties of the US Dept. of Commerce. DoC has a contract with ICANN to provide this service, and ICANN has a contract that makes VeriSign the authoritative servers for .com and .net. VeriSign once upon a time had control of .edu, but they lost that. The same thing can happen to .com and .net if they act too stupid.
    • Re:Big Problems? (Score:3, Insightful)

      by Sphere1952 ( 231666 )
      "Do we really want the gov (at any level) to start getting their hands in this?"

      Um... The Internet was _created_ by the military (DARPA); which is part of our government. It used to be called ARPA Net.

      DARPA decided it didn't want to be the owner of the Internet and stuck the Department of Commerce with the problem. DoC didn't want the headache either and set up ICANN; which it has been trying to hand the Internet to for years.

      It seems to me that the gov already has its hands into this rather deeply, a
    • Re:Big Problems? (Score:3, Insightful)

      by gothicpoet ( 694573 )
      A little history lesson seems to be in order.

      The government created the Internet. The government ran everything until the Internet was commercialized. Verisign got the position they now have when it was relinquished by the government.

      We didn't have this problem when the government was running things.

      The Internet is one of those cases where the "government is always bad" dogma is way off course.

      • I know that the gov created it to use for the ability to communicate and trasfer information incase of war. I belive everyone knows and understands that but it as grown well out of those early days and is now a freeflowing form of its former self.

        Of course no one cared at the time, no one either knew about it or was using it outside of a select few schools and the gov itself. Now that the WORLD is using it it's a totally different story.

        As I asked before, do you really want the gov to get involved with
        • The government is already involved.

          Who set up the contract with Verisign? The "gov" did. Who kept the contract with Verisign? ICANN, but who set up ICANN? The Department of Commerce -- the "gov".

          Do I want to see the government directly administrate this? No. Do I want a for profit company to be granted the monopoly that Verisign has? HELL, no. I think the second option is actually worse in the long run.

          Personally I think that a non-profit organization should be doing what Verisign has been doi

      • Firstly, when it was 100% government on the ARPA net, everyone with access was supposed to have access and if they messed with it they would be court marshalled. Secondly it obviously wasnt commercial and so greed never entered in as a reason for major change. Thirdly, there weren't enough people, or for that matter malicious people, who were on the net. Its apples and oranges. The internet was to ARPA as intranets are to us now. It would be like sabotaging your company network, and being dishonorably disch
    • Re:Big Problems? (Score:3, Informative)

      by SEE ( 7681 )
      Do we really want the gov (at any level) to start getting their hands in this? Do we want another self appointed body saying what can and cannot go?

      VeriSign runs .com and .net under a contract with the U.S. Department of Commerce. Similarly, ICANN is *not* self-appointed; it was appointed by the U.S. Department of Commerce. The government is already in this up to its elbows.
  • Hm. I seems every domain owner who has disabled his DNS entry could go into such a lawsuit, couldn't he?
    VeriSign does redirect the domain he buyed for the use permission just because no DNS entry is present.
    At least already registered domains with just no DNS delegation should be excluded.

    Same is the case with every TLD which does make use of the same feature so I agree on this point really. Making not-registered domains valid does break services so it's generally a No-No. IMO ICANN should give any resolut
  • Join it! (Score:2, Interesting)

    by davetrainer ( 587868 )

    IANAL of course and most of you probably aren't either, but if you really detest VeriSign then don't just rant about it on Slashdot, join the lawsuit. It doesn't take much of your time, is a learning experience, will make a real difference by strengthening the case against VeriSign, and there's a slight cance it will actually net you some cash.

    The catch, of course, is that you have to fit the description of the proposed class, and this story is short on details regarding what that proposed class is. I ca

  • Verisign now has not only ICANN telling them to stop, but three suits against them for doing this crap. They won't get the message, but perhaps they will stop this and remove the wildcard from their root if the suit is found not in their favor.
  • How many lawsuits will it take Verisign to get the hint that they can't do this? I'm just waiting for the trademark lawyers to start filing lawsuits next. Verisign balance Sheet: Income 1,000,000 Expenses 2,000,000 (1.5 million went to lawyer and settlement fees.)
  • Fundamentally, I think some of the complainers here are just bitching because Verisign grabbed for itself the ability to scam via redirection that these folks previously were independently making money off of.

    This sort of bogus redirecting is rampant. Not just with people who hoard typo domains, but with more "reputable" companies such as major ISPs.

    I still haven't gotten to the bottom of this one, but when my machines were set up to get their DNS settings via DHCP, I would find weird "search" directives
    • About Mozilla Firebird:

      In some cases, if you get s NXDOMAIN responce, Mozilla Firebird will do a Google "I'm feeling lucky" search. In some cases, Web1000 happens to be the site that Google turns up. Thus Firebird goes and sends you to that site.
  • The email that Go Daddy sent its customers can be found here [jonbirdseye.com] and their complaint against Verisign can be found here [godaddy.com].
  • Their Terms of Use [verisign.com] page. I love this part:

    By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.

    So basically, they've hijacked my browser to take them to their site, and then claim that my use of their "service" contractually binds me to their terms of use. Nice. Make sure you type your urls very carefully lest you become contractually obligated to

  • Is anyone having difficulty resolving domains and hosts registered through GoDaddy?
  • by SEE ( 7681 ) on Saturday September 27, 2003 @06:06PM (#7074481) Homepage
    1. The Department of Commerce [mailto]; VeriSign's contract to operate .com and .org was originally with them.
    2. The Federal Communications Commission [fcc.gov], which oversees telecommunications.
    3. The Senate Commerce Committee's Subcommittee on Communications [senate.gov]; contact the committee itself [senate.gov], the chairman [senate.gov], the ranking member [senate.gov], and any of the other members you'd like.
    4. The House Subcommittee on Telecommunications and the Internet [house.gov], including the committee itself [house.gov], the chairman [house.gov], the vice-chairman [house.gov], and the ranking member [house.gov]. Plus any of the other members you feel like contacting.
    5. The Federal Trade Commission [ftc.gov], which hears consumer complaints.
    6. Your U.S. Representative [house.gov]
    7. Your Senators [senate.gov]
    8. Your Governor [firstgov.gov]
    9. Your State Legislators [ncsl.org]
    10. ICANN's wildcard comment address [mailto]
    11. VeriSign itself [verisign.com]
    12. Finally, complain to the media. If they get lots of letters on a topic, they'll run stories. Try the New York Times [mailto], the Washington Post [mailto], the Washington Times [mailto], the Los Angeles Times [latimes.com], USA Today [usatoday.com], the Wall Street Journal [mailto], CNN [cnn.com], Fox News [foxnews.com], CBS News [cbsnews.com], ABC News [go.com], NBC News and MSNBC [msnbc.com].

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...