Virgin Media's UK customers are about to experience a wonderful new service that intercepts unresolvable DNS requests and redirects the user to a page full of ads and search results. It's becoming a frequent trick that ISPs are pulling on their customers, as non-technical executives who could even put the airline industry to …
"You see, a free people enjoy certain unalienable rights: life, liberty, and honest NXDOMAIN responses." Oh come on! This is nothing to do with so-called net neutrality. It's to do with
a) interoperability, which is why we have standards and ISPs need to follow them
b) an engineering principle called "the law of least astonishment"
c) our inability to predict the future.
The first two points shouldn't need explanation. The third one goes: who knows what use will be made of standard (non-existent domain) response codes in some future technical standard? For example, not getting an IPv4 address might cause you to go look for an
IPv6 address, or the opposite, according to where in the world you happen to live. It's just short-sighted of any ISP to break technical standards in this way.
Paris, because she tends to take the short view too...
Fail and who?
>>And for entertainment, there's probably no finer ISP that Virgin Media. ®
I know it's hard for startup puppies to remember
there's a whole rest of the internet out there, champ. port 80 isn't the only one that people look for domains on -- and an opt-out system based on browser cookies doesn't really cut it.
yammer about "frustration barriers" all you want, but the web is basically the only internet protocol that even pretends to give a crap about letting idiots use it. the rest of us are trying to get work done, and we'd appreciate it if ISPs would stop fucking us.
also: please stop defending them when they fuck us. thanks.
The only whining I see is that of the author.
Breaking standards to make a few bucks is OK because it only impacts a few?
Did one of the guys from Phorm write this article? Seems like the same logic. And most people aren't worried about their privacy.... Just whiners, right?
If the results are relevant ...
"If the results are relevant"
A big IF, from what I've seen.
This is just as bad as people who register misspelled domain names and stick a bunch of ads on the page. They are ads! You only get ads if someone is paying for them, so if the site you are looking for is not running ads (on the right ad network) you will not see what you are looking for.
What if the site is down? Is a bunch of ads going to help you more then an error message? You still can't get to the site.
You know what happens if you type "google.cmo" with openDNS? You get redirected to google.com (same for any other obvious typo). That is making the web work better.
There's two kinds of DNS requests
Maybe they should extend the DNS so that you can query A records as either A or AW (W=web). That way, the web browsers of the world can be patched to query AW records, the DNS servers still treat it as an A query but can return their fancy advertising pages for NXDOMAINs.
BUT if an application searches for an A record, it gets back what it asked for or an NXDOMAIN. It works for everybody since hijacking domains from non-browsers serves no purpose.
The internets and the interwebs are different things but even the ISPs, custodians of these things, don't always get that.
Oh fuck off...
All your points are correct, except for the general gist of the argument, which is that no one understands, therefor no one should care.
That is utter bullocks, because when users in my corporation start having weird VPN issues while in the field, because some ISP decided to play silly buggers with their DNS, it comes back to us to support. In this case your damned right that the users don't understand, but they sure will care when they can't VPN in and email their quarterly report!
And as far as opting out... how can an application developer tell his users they have to opt out of their ISPs proprietary mechanism? And how can the user, when in a hotel for a night "opt out" of their DNS? The internet needs standards to survive, and your readers are the ones that try to keep the damned thing together.
Ted, your only flaw is that you think your readership shares your apathy.
Isn't their ad-laden 'host not found' page opt-in? I certainly didn't have to opt-out of it and I don't see no ads.
And hell, what's the difference if Virgin hijack the no such domain response anyway? 9 times out of 10 a mistyped domain *does* exist with some scum bag typo squatter creaming some cash off it (e.g. thregister.co.uk). I'd rather Virgin made a few pence from the mistyped URL than the scum bag.
It's already being done in Asia
So, not exactly new. I've got that with China Unicom, and I've had it in Malaysia as well in several hotels.
Of course, in the article's author world, everybody speaks English. Me living in another one, I can say that it's a pain to be presented with a page in Chinese. But hey, if I understand the author's drift correctly, if you're not part of an overwhelming majority, there's nothing to complain about. Actually, ISPs could make 70% of their users happy, and that would be fine. Or 80. or 51. Where's the treshold exactly?
Now, here, if I mistype "google.cmo", here's the very relevant first result. Not.
传一拍网前老总王怀南任Google亚洲CMO _ 中国人力资源开发网 _ ...
www.chinahrd.net/zhi_sk/jt_page.asp?artic ... 24K 2005-11-28 - 百度快照
It's Baidu providing the answer. And they don't care about net neutrality either: they won't give a result linking to their competitor. So, I don't see how the user will be happy about that?
More technically, for the geeks amongst us: it's not only "google.cmo" they redirect. They also do it for "localhost". And yes, I've seen buggy applications trying to connect to the ISP instead of 127.0.0.1, which is really unsettling.
This should be opt-in not opt-out but nobody would bother and they'd make fuck all so the choice is reversed.
As for OpenDNS Ted, unlike you, they serve a purpose. A service that's configurable and free unlike whatever some twat at an ISP decides everyone should be getting.
This is extremely annoying.
Cablevision/Optimum Online started to do this recently. Hijacking DNS links whether they are top level OR subdomains.
I type in XXXXX.mypersonalhost.com, and my ISP shows it's ads.
Being technologically inclined, I can block my ISP's DNS servers on my personal pipe (since they haven't yet blocked external DNS), but it's annoying that they are displaying ads on my domain to others.
Let's not forget that DNS affects more than just HTTP..
One not so subtle interruption is, since many systems are setup to resolve names using DNS first, connecting to local machines will cease to work using Netbios/SMB name. I used to be able to type "\\Server\Share", but that stopped working with the ISP's ad server taking over.
If they mimiced OpenDNS...
...and offered some protection from phishers and porn then perhaps this would be a nice default situation. However if all they do is convert www.theregister to www.adserve.com them there is nothing in this for the customer and opting out is the only sensible route (assuming that remains an option).
I have set up OpenDNS for my in-laws and my parents and myself. In most cases it was as easy as going to the router and setting the DNS server to that of OpenDNS. However BT have a funny idea that trying to change the default DNS server is something that only scammers would want to do and so they do not allow it. This forced me to change it in the computer which is not my ideal solution and actually just as possible for the scammers.
It will only be suprerceded by the comments which I'm going to follow to have a laugh at all the smart arse holier than thou uber geeks who will no doubt spout forth on how it doesn't affect them because they have adblock, noscript or whatever. I'm sure we'll see one from a Mac/Linux user who thinks it's just a windows issue. Reality is they don't have enough of a brain to simply ignore unwanted advertising and just get on with life.
Due to moderator lag by the time this gets through I'm sure there'll already be a number of such comments.
it's not the browsers, it's the DNS
The issue is *not* with browsers pulling ads out of the void. The problem is that people should be able to, and do, rely on NXDOMAIN. It can make determining the causes of network failures *much* easier. And of course there are already the stories of database corruption based on loading bad data from domains that previously bailed with nx.
Oh, and while they're at it, are they spoofing an SPF record too? Spammers would be very interested in this - you could wipe out SPF with a few careless strokes, though the big mail providers would likely find a way to opt out. I'd be curious to hear what someone's results are for a TXT record on a fake domain. Verizon is still honoring NXDOMAIN for me.
But hey, I'd gladly write you a browser plugin that not only would replace nxdomain, but would also replace all HTTP 4*, 5*, 3*, and hell, even 2* error codes with ad search pages. I mean, who cares about all those pesky error codes? HTTP, DNS, what's the difference, right?
After reading this insane rant against some antagonist I'm not sure exists...
I feel much saner... all of the sudden.
Why are both sides of an argument, that matters to almost no one, done with such exaggerated anger? Yet the issue, when explained properly, seems to show that it is a non issue, due to the fact it is too late to do anything about it, one way or another. Net neutrality has never actually existed, and if it did, it was only because the men (and women, in case there were any there at the time, just to be P.C.) who ran the companies that actually own the net were too old to know how to properly exploit its potential to make them more money while giving customers what they want, and that everyone who used the net took this as a conscious act of leaving them alone (which I'm not sure anyone really ever thought, since no one really thought about it).
Noticing the lack of neutrality is like noticing the sun is up during the day. The lack of there ever truly having been a neutral net makes defining what net neutrality is very difficult, or just wishful thinking, like wanting unicorns to be real again. Instead approaching the issue with the "There's never going to be any goddamn unicorns again you unitards" attitude, sometimes having to repeat oneself using logic and reason will eventually teach the uninformed the truth. Especially in a situation where every month there's a new wave of newbies to the topic, who instead of hearing rational argument, hear people shouting at them that they're stupid the first time they say something that is inaccurate, or even before they have the chance to even learn about it. Who likes going into a room only to immediately have someone point at them and tell them it's people like you who make me so frustrated. The ONLY reason anyone believes the net "should be neutral" is because it sounds good, like having a sunny day every day. But rain can be beneficial too, when it comes to the entire economy that is the internet.
Sometimes simplifying things too much leaves everyone outside of the informed argument that it should be, and creates opposition where there should be none. And since there's a new misinformed person every day, judging by the crazed frustration of the anti-conspiracy-nut-nuts, the job should be left to those with more patience and the willingness to just repeat the facts and teach the history, and not to those who have obviously run out of the patience needed to help inform those that need it.
There are no businesses that are neutral, as they all, at the very least, need to try to keep themselves in business, even at the cost of changing how they do business. And that is as neutral as it can ever be because it is also a part of human nature, so while it can be tempered, it will always be this way. The real problem the neutrality topic fails to address, or is avoiding, is that businesses can be very antagonistic towards their customers, usually unintentionally, or because the business has been taken over by complete assholes who hate everyone who isn't like them, which is pretty much everyone. But to throw into it the replacement of an error message with adds, while a little late anyway as all the ISP's where I have lived the last 2 years have been doing this already, is like comparing hunting with genocide. I honestly have yet to see the ISP's get into this neutrality debate in any serious way, so it seems to be mostly average people who are making all the fuss, or it may even be just the fringe loudmouths who believe what they say should be heard by everyone whether they want to or not, like the TV news channels seem to be nowadays. But I realize, pausing to think is very difficult for the modern person, and it's easier to pick sides in a fight that isn't real.
Of course, if the article is an example of how crazy a small issue can become when it is blown out of any reality based proportion, I missed the punchline, and the sarcasm, and deeply apologize.
It can be disabled at least.
You can disable this 'feature' if you're on Virgin Media... just go to this website: https://my.virginmedia.com/advancederrorsearch/settings and click No.
They hid that link pretty deep!
Is this guy for real?
I know it can be difficult to judge humour, but this guy won the class prize for missing the point at the Imperial Stormtrooper Marksmanship Academy.
Virgin Media are doing a lot of stuff to customers without telling them. For a friend, the breaking point was blocking telephone access to mobile phones. Including her husband's. Since, for light use, a mobile phone can be cheaper than paying line rental...
And are all these adverts being ciunted against any bandwidth limits?
@ Yes Me
"who knows what use will be made of standard (non-existent domain) response codes in some future technical standard?"
Hmmm. I'll give you the first two, but the third isn't a great reason not to offer a page of possibly relevant ads instead of a browser error.
One of the reasons I like Ted is that he's man enough not to begrudge someone making a buck. The ISPs need income from somewhere, especially if you/me/we are going to continue to get uncapped ADSL at less £ than a point to point. And is this service that will make life a little easier for the person who needs a bit of help with the internet anyway (and that guy is the kind of user who probably subsidises yours and mine heavy internet usage). Having said that, I have a large hangover today, and thus am probably wrong.
"It's one of the many tumors that is slowly killing real liberty: the belief that if you whine about something enough and call it a right, the government will do something, and when they don't, you whine even louder, at which point the general public stops caring about your cause because Global Warming is starring in its very own movie, and dammit, nobody out-whines Al Gore."
Yeah. I like that.
Verisign sitefinder again?
I remember when Verisign tried to pull this trick a while back and got shot down in flames for it.
Also, the ISC released the delegation-only patch for BIND in order to neuter sitefinder.
Boy am I glad I don't use NTL/Virgin/whatever-their-name-is-today for DNS, preferring to run a caching nameserver (in delegation-only mode!) on my own network, which also allows me to NXDOMAIN various domains notorious for hosting ads...
I make it a point when writing contracts to allow me to drop packets on the floor from IP addresses that don't follow the RFCs, when I see a need to drop those packets.
This is one of those cases. And has been, for about a dozen years.
Do try to keep up, Ted. Or don't, as you see fit. I won't be reading you anymore, regardless.
Ah yes, but...
Recall that this is one of the ISPs who are apparently congenitally incapable of supplying what the customer is paying for.
If they can't supply the 20mb/s service advertised all day every day, without odd little excursions into 'fair use' territory and rate limiting, why would I expect them to provide a clean domain resolution service? The correct approach to an unrecognised request is to flag it, not start making assumptions about what the requester really wanted. And surely, are not mass-dumped adverts normally known as 'spam', something expressly forbidden to the ISP's users? But of course, Virgin know best. Obviously these are adverts I *want*, right?
I don't pay for cable or satellite TV and won't unless and until they decide I can have a completely advert-free stream. Looks like it might be time to start thinking the same about ISPs...
And on a side note - Charlie Stross (hi Charlie, been a while!) has an interesting discussion regarding web-page inflation here: http://www.antipope.org/charlie/blog-static/2008/05/why_your_internet_experience_i.html - it's a year old, but I can only assume it's got worse since then.
Missing the point
The Internet works, and works well given its size, in part because of simple, well understood standards. Any ISP that breaks those standards is pissing in its own well.
Another factor behind the functioning of the Internet is the large army of admins who spend their time tracing & fixing real problems and really don't need bright ideas from some marketing twerp interfering with core services like DNS.
@Yes Me... I have to disagree... this is precisely about net neutrality. The network should not interfere with a users traffic (even things like security/malware/spam should be left to the endpoints). To do so pre-judges what a user may want to do.
I did wonder...
.... last night I got a VM page for a mistyped URL - was mighty annoyed by the whole affair, I just retyped rather than them getting a click-through, I would have thought they could have warned me about this new "feature" of theirs before implementing it.
Now I know it's optional, I'm gonna go looking this evening for the option - unless anybody wants to give me the answer (other than dropping cable broadband ofcourse - I can have 20mb cable with a crappy company, or a max of 2mb adsl with few crappy companies).
I guess it could have been worse - they may have been tempted not to plaster Virgin Media all over the page, and therefore I'd just think it was an updated dns error page from Safari/Firefox/IE or something.
Global Warming star of it's own movie
A very witty peice. However the world is not controlled by the many, it's controlled by the few. So yes most people don't care about net neutrality and what is returned from a miss-keyed domain name, but it is still important. Their may be millions of people who know how to create a website, but their are billions who simply look at them.
When you think about all the stunts that an ISP could pull, then DNS error re-direction is pretty mild. As techies we should care and we should make a fuss, for the sake of the Internet the way we like it and for the sakes of all those billions of people who don't know why they should care. We are the few...
oh well i lol'ed
never liked virgin media anyway :)
nice article though
Yet another reason...
...that I'm glad I left Virgin Media for BE. Advertising isn't something I'm fond of. Life is so much more peaceful when you aren't being told what to want next. I don't watch live TV, I don't listen to commercial radio, I use ABP on Firefox (sorry Reg), and I don't take kindly to advertisements sneaking into my error messages.
Imagine... "Windows Media Player has stopped responding. Click here for fantastic Windows Media Player ringtones on your mobile. Interested in Windows Media Player? Everything you need to know is here. Enlarge your Windows Media Player and maker her squeal with delight!"
It's only one step away.
More pointless, rambling bile from Mr Dziuba
Why do you chaps at vulture central continue to give this stuff screen space?
Didn't Tiscali try this?
IIRC Tiscali tried this a while back, and were eventually forced to back down. At least that's the way I remember it!
Why should an ISP have a right to fiddle with DNS requests, just to make a few pence? If the user is too plain stupid to work out that they got an error because they typed google.cmo then their ownership of a PC is probably a danger to everyone else.
Standards exist for a reason, and no ISP should piss around with them. OpenDNS doing it is one thing, after all you sign up to the service knowing they do it, but for an ISP to change the way they operate?
And what's going to happen when Joe Average starts typing Google into his address bar, and gets a drop down list of every google related typo he's made recently?
As Ted mentioned, it has an effect on software that relies on DNS fidelity, why should users have to put up with the fault, and why should developers have to find a workaround to cope with an ISP who's not complying with standards?
Not that any of this is too big a surprise, Vermin Media were looking at Phorm, so the changing of a few DNS replies probably isn't that big a deal to them.
Now I've been wondering this for a while, and maybe we can clear it up now: do you dictate your articles Ted? I'm sure it sounds great as a speech but trying to read it is very hard going. Maybe it's just me but I have to re-read some of the sentences several times to work out what you're trying to say.
That said you make some interesting points. You missed the one about standards though.
this`ll be fun for users that have had browser hijackers before...
"Thomas Jefferson was a touch pissed when he penned the Declaration of Independence."
You know that in English that means a touch drunk, don't you?
NXDomain redirecting and Sky
Interesting timing on this article!
I've just spent 2 weeks trying to fix a collegues laptop as he was unable to correctly resolve our internal IP address when connected remotely via VPN.
I eneded up wiping his machine down and rebuilding it hoping it would clear the problem. After this failed to sort it, i realised that the issue was his ISP - specifically Sky - which were hijacking his DNS lookup and thus causing the problems above. The number of hours and thus money that have been wasted sorting this.
He's yet to start the pain of trying to contact sky to get them opt him out of this redirect 'service'. I can only begin to imagine the hours it will take and various calls to delhi to try and get that done. Poor guy.
This started off as looking like an interesting piece on the way that ISPs are trying to take over our browsing (how big a step is it from a mis-typed URL going to a page full of ads to a legitimate URL getting a response of "you don't want to look at that page, you want to look at *this* page"?)
Unfortunately it then rapidly devolved into a barely coherent rant which meandered all over the place and any point that it might have had to make got buried under the sound of axes being ground.
In defense of OpenDNS
They offer a content filtering service for free so you don't have to see naughty sites if you set it up for that. I have only noticed their advertising a couple of times since I used it and even then the correct result that I wanted was top of their suggestions.
To do this on an ISP level seems to be taking the mickey. Customers are already paying for the service, why are the ISPs then lumping advertising on top of it? If we take a TV metaphor, people pay for a service and the TV channels support themselves through advertising. Websites already support themselves through advertising, so if ISPs introduce this "service" will we see our subscription fees reduced?
... when you type "google.cmo" into your browser what you really want is links to bing.com and a whole bunch of domain squatters.
I'll stick with my browser sticking things it doesn't understand into google, rather than have my ISP recommend its "trusted partners" to me.
protip: DNS is de-centralised, if they're hijacking packets it's a RIP Act violation, if they're not you can just resolve direct from the root servers.
How does this work?
Do I still recieve a page served by virgin with an http status of 404 or 200?
If I still get a 404 but with some virgin content then that's not AS bad but if they take the 404 and replace it with a 200 it's going to mess up loads of stuff... App that connects to a web service? If that web service goes off line the app will be set up to cope with a 404 but what happens when that app gets served a load of adverts when it expects nice tasty XML?
How does one go about opting out?
What's the betting to opt-out you have to phone them up and go through some tedious procedure to get this disabled? I'm sure there won't be anything as simple or helpful as a checkbox on a website. And the instructions for opting out will probably be hidden in a basement with the lights out (and the stairs) and in a locked filing cabinet with a warning sign about leopards...
I loved Telewest as an ISP, their service offered speeds you couldn't hope to get with ADSL and there were genuinely no limits on usage. Now that Virgin Media are running things the service gets throttled if you even glance in the direction of a large file, they're always on about throttling services like the iPlayer and they're the only ISP who seem dead keen on being copyright cops.
It's too expensive to bother getting BT in to switch to ADSL at the moment, but I'm moving soon and VM will be at the bottom of my list of ISP choices.
Perhaps if one is not smart nor dexterous enough to type an address correctly one deserves a page full of ads? ;-)
More info on DNS hijacking here: Warning PDF
I consider myself reasonably technical (15 years in IT), but I don't understand what the issue is.
So now instead of my browser going to a 404 page provided by IE/Firefox/Chrome/Safari and them getting some ad-revenue Virgin, BT, et al. are doing it?
What's broken? Who cares? and just what the heck is NXDOMAIN and why should *I* care as an average end user?
Answer these questions and then you might, just might, be able to persuade the average internet user of your point of view, but until then, the response will be "Huh?"
WTF? because despite everything, the IT community still complains about users not understanding the complex nature of computers rather than making them easier to use and speaking their language rather than ours.
only serve adds on missing domains?
ISP's ain't getting any cash from $SMALLSITES either. So they could pretend it didn't exist and show some ads in exchange for money instead. Who'd know the difference?
$SMALLSITES disappear all the time.
Free people enjoy inalienable rights.
Privacy is one of them - being bombarded by ads and behaviorally monitored 24x7 fucks with that principle big time, irrespective of whether it's the state or a corporate gangster behind it.
am I the only one who thinks this article reads like one of amanfrommars's posts?
The issue isn't with the fact that I believe it's an unalienable right, it's that it breaks the way the internet is supposed to work. If I've got an app that parses a http response, I want it to tell me that the host couldn't be resolved, not that the response couldn't be parsed, I don't want to have to boot up Wireshark and view the response stream to find out that some cunt is giving me ads because of a DNS error.
Tiscali have been hijacking DNS requests for ages, initially under some random name which meant nothing. Now it's under "EDEH and UEI", which at least has an explanation of what it means. It's helpfully hidden under "Personal Details".
Why am I with Tiscali? Believe it or not, the service has been pretty good and I get free calls to half Europe.
Already here in France
Very annoying when you mistype something, get redirected to another
(ISP hosted) page and you can't just quickly correct your mistake in the address
bar as it now contains the diverted URL.
I think I'll take a piss through Teds Letterbox
I'm sure there might be some rules against doing that sort of thing but fuck that. It's not as if it's going to affect that many people. In fact it's only going to affect Ted who is prone, at times, to being a whining shit so it's not as if anyone would notice much difference there. I'll even give him the chance to opt-out if and when he works out that having someone piss through his letterbox is actually a value added public service rather than someone just randomly pissing through his letterbox. Just think, if I did not piss in Teds letterbox I'd end up pissing in the street and that's going to upset a lot more people. Of course then he will have to find out how to opt-out and, if I bother to read his request, I'd get around to processing it some time next year. Oh and don't give me no crap about pissing in toilets being standard practice. That smacks too much of 'standards' as if anyone would think standards are important. Fuck, since I'm a generous sort of person I'll also shove some leaflets advertising cleaning products for piss sodden doormats so Ted can tidy up afterwards.
Nice article, low on expletives
Made me think - If you operate a DNS domain it might make sense to run your own wildcard on subdomains, e.g. *.mydomain.com to catch at least a proportion of typos yourself.
15 years in IT
@Stuart Boston you have "15 years in IT" but don't know how DNS works, or Google ?
You would have thought that in your 15 years you might have realised that not everything on the Internet operates on Port 80.
The Reg should really part ways with poor old Ted, whose tiring expletives and misdirected bile would be well replaced with that wit of yours. Reading that gave me more laughs than the last few months of this crap.
Its as bad as spam... but then I expect nothing better from a company like Virgin.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- Apple cored: Samsung sells 10 million Galaxy S4 in a month
- BBC suspends CTO after it wastes £100m on doomed IT system