September 26, 2003
SiteFinder: Everybody hates it - and it's more evil than you think

If you were in doubt about what the world thinks of SiteFinder, VeriSigns large scale commercial hijacking of DNS, take a look at the news. Absolutely nobody thinks it is a good idea. VeriSign has said that they are waiting for various advisory groups to comment. They have started to do so: here's the IAB, here's ICANN's security and stability advisory committee. There's plenty more where that came from.

As if SiteFinder itself wasn't obnoxious enough, think a second about the security concerns. VeriSign receives a copy of all HTTP request that had a misspelled domain name, and they are forwarding all of these requests to a marketing analysis company. This is simply pure evil, ranking VeriSign up there with SCO in the competition for "most despicable business initiative of the year".

And then of course there are all the standard utilities that all of sudden don't have proper failure diagnostics (samples are windows tools, but the conclusiong applies everywhere).

Maybe we should simply start petitioning ICANN to take .com and .net away from VeriSign at next review of the agreement, regardless of whether or not they take down SiteFinder. It appears they are just not trustworthy. It's pretty ironic that a company whose other business is to make sure you only go where you want to and always in a safe fashion, are at the same time busy eroding the trust in addresses in general. Or maybe its not so much ironic as deeply cynical. One wonders if there is some internal memo floating around at VeriSign HQ that analyzes the possible spin off value of an increased deplyment of certificates by people who want to be absolutely sure that their customers aren't misdirected to SiteFinder and therefore shit their web traffic to https instead of http.

Posted by Claus at September 26, 2003 10:14 PM | TrackBack (0)
Comments (post your own)
Help the campaign to stomp out Warnock's Dilemma. Post a comment.
Name:


Email Address:


URL:



Type the characters you see in the picture above.

(note to spammers: Comments are audited as well. Your spam will never make it onto my weblog, no need to automate against this form)

Comments:


Remember info?