Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups
from the nobody-likes-anti-features dept
Rogers -- a Canadian telco -- has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google's home page. As if that wasn't enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn't exist, instead of getting a "page not found" error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there's an "opt-out" feature, but it doesn't take long to see that it's pretty pathetic. The "opt-out" sends a cookie which just redirects the user to a different Rogers page instead -- a fake "Internet Explorer" error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser's cookies are cleared. The comments on Geist's post are evidence that many Rogers customers are not pleased (myself included).
This isn't just annoying, it's also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist's post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers' new "feature" ends up resembling a hostile attempt to redirect traffic to an unknown server.
Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn't exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won't meet much resistance. In another comment on Geist's post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): "What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks -- as they get used to the new behavior."
Rogers thinks it can just brush off complaints from its users, especially since there really isn't a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider "net neutrality" territory. Bell Canada (one of Rogers' few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven't heard the last of this.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dns lookup, redirects
Companies: rogers
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
More than a security risk; it also breaks a lot of VPNs...
The only thing those crooks understand is money. Take enough of that away from them, well...
[ link to this | view in thread ]
Sucks to be us...
The problem here is often we can't just find another provider. Why? There are so few. Also, because of their monopoly, Rogers, Bell, Telus etc. often bundle all of their services together at a "discount" price. So if you dropped your Rogers cellular you may impact the cost of your other Rogers' services.
If you buy your services a la carte from the various providers, you will pay much more than with buying the bundles.
We are over a barrel here, and the government and regulators are impotent. I see very little difference between Bell, Rogers and Telus. They all fuck us over and they get away with it. We want and need the services, so you have to decide which of the big three demons is the lesser evil to deal with.
It doesn't help that we have such a small population, either, but that's a whole other blog post :)
[ link to this | view in thread ]
Is it really surprising?
[ link to this | view in thread ]
Re: Sucks to be us...
[ link to this | view in thread ]
Re: Re: Sucks to be us...
Really? They're not much better. I'd argue, in some ways, worse.
[ link to this | view in thread ]
Re: Is it really surprising?
If Rogers offered this as an opt-in, it'd be different. Even if they offered a real opt-out, it'd be better. Instead, customers get surprised with the change and have to find their own solution if they want to fix it.
[ link to this | view in thread ]
Opt out works fine
You click 2 links and then you forever go back to the "normal" behaviour for failed DNS lookups. (unless of course you clear your cookies, if you do you just need to click those 2 links again)
[ link to this | view in thread ]
Re: Opt out works fine
It's kind of like someone bricking up a window in your house and putting a giant ad board on the inside. when you ask them if they please make it the way it was, they keep the brick wall there but instead paint the wall to look like the outside world. Oh, and the ad board sneaks back in every time you clean the room.
[ link to this | view in thread ]
Legal?
[ link to this | view in thread ]
More opportunity...
I hate Rogers, but I have no other wired provider available to me where I live.
[ link to this | view in thread ]
I just don't care
I use OpenDNS now since verizon's DNS has seemed slower for me. It also has phishing and other protection built in so it's really beneficial.
BTW, most US ISPs do this. Switch to a bigger DNS service such as OpenDNS and get better speeds and more reliable lookups.
[ link to this | view in thread ]
Re: I just don't care
Love how most of the comments here are ignoring the security threat implicit in such behavior.
At least there is always Level 3...
[ link to this | view in thread ]
Rogers
[ link to this | view in thread ]
Internet Explorer
[ link to this | view in thread ]
Re: Internet Explorer
[ link to this | view in thread ]
Re: Internet Explorer
When IE (or most any browser) takes you to a search page after you type in a non-existent address, that's purely an action on the *browser's* part. It *tries* to go to the page, receives a 404 error, then instead puts you on a new page. It knows that the original request failed, though. (The normal 'page not found' error also works exactly like this, except that the page it sends you to is stored on your computer rather than being somewhere else out on the net.)
On the other hand, what Rogers and some other ISPs are doing is redirecting you on the *server's* side, so that the browser never knows that it tried to access a bad address. Specifically, the error code that the browser is supposed to receive (404) never gets sent.
There's a third similar thing that can happen, actually. Individual sites can specify that 404 errors should bring up a specific page of their own (rather than the browser-specific page-not-found page). This can even be an ad-laden search page, just like what Rogers is doing. However, this practice *still* returns the proper error code as well, so that services which depend on that code to know that a link is bad will still work correctly.
[ link to this | view in thread ]
Re: Internet Explorer
What Internet Explorer does only handles web browser. What Rogers does is at the service provider level, not the application level, so ALL your applications are affected by it.
[ link to this | view in thread ]
Re: Re: Internet Explorer
[ link to this | view in thread ]
Woadan
[ link to this | view in thread ]
Re: Internet Explorer
You must remember that the advertiser calculates his ROI(return on investment)to stay in the black. With time these unethical practices will put advertisers out of business. You can then kiss the internet good by as a channel of commerce. For those in locations where there is only one ISP because of population, this means the people can go back to the dark ages and forget that many things don't exist, at least for them.
It isn't OK to turn a blind side to any issue like this, When you complain at a site like this, and not to the government that can regulate such practices you are accepting part of the blame.
[ link to this | view in thread ]
Time Warner Does This Too
http://www.scribkin.com/2008/06/13/my-isp-is-a-dns-sellout/
Thank goodness for OpenDNS.
[ link to this | view in thread ]
Re: Re: Re: Internet Explorer
[ link to this | view in thread ]
[ link to this | view in thread ]
Here we go again
There was a nation wide rebellion with people witholding payment and screaming from the rooftops particularly when they discovered that areas serviced by Shaw didn't have to go through that junk. Shaw offered the tiers as an opt in.
It got so bad that the normally "prisoner of cablecos" CRTC actually had to ban that particular practise.
Of course, that was before Rogers and Shaw did a sweetheart deal and cut the English speaking market into East/West which was dutifully approved by the CRTC.
Shaw. at least, still returns the 404 error and if they are serving ads there they're wasting their time because I use AdBlockPlus and won't see them.
Rogers has a well earned reputation for arrogance and money grubbing that has kept me well away from their non cable offerings and will continue to do so.
I'm glad that I don't live in an area served by Rogers as a cableco and, therefore, ISP though I'm not at all happy about this or the BS that Paxfire hands out about how those who complain about this are merely a bunch of unhappy geeks.
The really sad thing is that additional regulation won't help until the CRTC is told that it's job isn't to protect cablecos but to actually regulate them with the public and customers in mind rather than cableco profits. Right now it's actually tasked with encouraging cable growth in the most cabled country on earth!
ttfn
John
[ link to this | view in thread ]
Wide Open West (WOW) has been doing this for years
[ link to this | view in thread ]
[ link to this | view in thread ]
DNS redirect EMBARQ
Want to be an ISP? Be an ISP and not get stupid with a side line.
[ link to this | view in thread ]
phuck Ted Roger$
I'm particularly interested in the comment made about this practice being fraud.
[ link to this | view in thread ]
Re: More than a security risk; it also breaks a lot of VPNs...
[ link to this | view in thread ]
Re: Here we go again
One technical note though, for anyone reading this: "Shaw. at least, still returns the 404 error and if they are serving ads there they're wasting their time because I use AdBlockPlus and won't see them."
404 errors are a bit different from a failed DNS lookup.
A 404 error occurs when you are successful in contacting the web server (meaning, amongst other things, the DNS lookup succeeded) but the page you have requested does not exist on the web server. In this case, the protocol is for the web server to return a 404 error page explaining that. The error page comes from the web server you're contacting.
With a failed DNS lookup, you don't get as far as contacting the web server because the domain name you entered cannot be found. The protocol is for the DNS query to return "false", and then your application decides how to handle it (e.g. your web browser says "cannot be found" or something). The error page comes from your browser.
In both cases, ISP interference is troubling, but this is a case of the latter. (The former would be even more troubling, that's the type of thing Rogers was experimenting with using deep packet inspection.)
[ link to this | view in thread ]
Re: Re: Re: Re: Internet Explorer
[ link to this | view in thread ]
Redirecting
They also route all tech support calls to India (nice people but not very helpful).
AND........ They also discontinued most newsgroups.
This is, unfortunately, the way most ISPs are going, unfortunately.
It's more profitable for them and makes the stockholders happy.
This is the future of the Internet. Gone are the days of the friendly voice of tech support the other end of the phone, unlimited bandwidth and free speech.
"They" are now in control...
[ link to this | view in thread ]
Take action
[ link to this | view in thread ]
Rogers incompetence
Of course since the "opt out" function is a fake, using it didn't fix the problem. I couldn't access a page that was up and working more than half the time, because it took longer than Rogers liked.
I run a Mac, with OSX Leopard. I confirmed this under both Firefox and Safari.
The answer to the problem was quite simple. I added:
http://www20.search.rogers.com/not_found
to Add Block plus, and my problem disappeared. I've recommended that the Add Bloc folks add this site to their automatic updates, and hope that they will shortly.
[ link to this | view in thread ]
Safari whoas and Rogers
Not really...
At some point over the last few months Safari started taking me to google if I made a mistake in address field (or purposefully typed a search rather than a website). I really liked this as I use google all the time.
After switching to OpenDNS, I now get the old Safari page that offers google as an optional search. To activate this search I have to click on the link rather than being taken directly to google with the search already run (as was the case up until this new behavior from Rogers).
Has anyone else seen this behavior?
BTW: I'm guessing the reason the "highly technical users" stop complaining is not that they get used to the service, rather that they switch to other DNS providers.
Cheers and TIA,
Bruce.
[ link to this | view in thread ]
Re: Safari whoas and Rogers
You have to setup a (free) account and turn off "typo correction" in order to get normal DNS behaviour again.
I don't know if that's related to your problem or not though.
[ link to this | view in thread ]
Rogers Yahoo - pathetic experience
[ link to this | view in thread ]
Re: Legal?
[ link to this | view in thread ]
Re: Rogers
[ link to this | view in thread ]
Rogers Hijacks Failed DNS Lookups
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Opt out works fine
I switched to a non-rogers dns server.
[ link to this | view in thread ]
Re: Re: Re: Sucks to be us...
I paid for the VPN and it's looking like I threw my money away. It's constantly disconnected (by Rogers I suspect) and I keep getting a message to the effect that there's a DN problem (conflict with two or something) yadda yadda.
[ link to this | view in thread ]