Let’s beat on Verisign

Chip has been doing a good job of beating the drum on Verisign’s offensive “typojacking” (great word) of all unassigned domain names on the Internet. Meaning, for example, if you accidentally type “corssroads.net” into your browser, you are taken to a Verisign page that tell you “perhaps you meant one of these pages.” Prima facie, that actually sounds helpful, but there are serious problems with it. The architecture of the Internet depends on the ability to check whether a domain name is valid or not. This trick stymies that ability. It’s also sleazy, because Verisign can monetize your typos: rather than pointing you to the most likely correct spelling, they can suggest you visit sponsoring sites that seem like likely hits.

And finally, simply by visiting Verisign’s website, you are agreeing to their terms of service. There may have been a tattered fig leaf of respectability for that stunt when you had to intentionally go to their site, but that fig leaf is completely gone now. One harassment tactic that geeks could take would be to write them, saying “I came to your site completely by accident, and I do not agree to your terms of service. Please make it so that I can no longer accidentally violate your TOS.”

In fact, now that I think about it, I wonder if we can write up a sort of “reverse-TOS”–that is, we could file a TOS (hidden in a locked filing cabinet stuck in a disused lavatory with a sign on the door saying Beware of the Leopard) reading something like “responding to any HTTP GET or POST requests originating from my computer constitutes acceptance of these terms of service,” which might include terms like free ice cream delivered daily for the next year.

2 thoughts on “Let’s beat on Verisign”

  1. Thanks for the link. I’m glad you mentioned the TOS and brought in the effect on the user. That’s a whole ‘nother angle to this problem. The closer you look, the worse it gets. For instance, the web page that Site Finder serves includes not only a web bug (an invisible image that marketing firms use to track you), but also javascript encryption. The latter is a trick used by the sleaziest of spammers.

Comments are closed.