swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to fiberguy
Re: They do allow opt-out like the others
There's no way you could "opt out" of DNS redirection on a web page, unless it required Microsoft Internet Explorer and ActiveX and changed the DNS server specifications in your TCP/IP setup.
What they're offering as a so-called "opt out" is a choice of one redirect instead of another. It gives your browser a cookie specifying error message without ads, or automatically try a different URL. Users who choose one of these are still getting falsified DNS results. To get true results from DNS queries you would have to put the IPs of standards-compliant, untampered DNS servers in your TCP/IP settings.
The latter is what ISPs should be offering for users who want unmolested, real internet. |
|
fiberguy
My views are my own.
Premium
join:2005-05-20
| I will admit, I don't get involved in this kinda crap, because I believe it's crap.
But, the way they are doing the so-called opt out is to what, give you a different set up DNS servers that don't redirect? From what I gathered, you visited a page on the ISP, selected "don't redirect me" and it changed your account settings.
I know that it could be done based on a few things.. the account, the modem mac, or other criteria.. it just seems to be bad business.
Also, since search engines are not allowed to sell placement and ranking any more, it just seems that since this is "for profit" and it's calling up a search page, it would tend to cross that border depending on how it's being used. From what I've seen so far, it looks like Yahoo is a big player in this and, by all accounts, IS getting revenue from this service which should be in violation of the rules.
The one thing I also noticed missing from these pages were any clear message stating that "the page you were looking for was not found" message... it simply pulls up a page with some search options. To me, that's ANYTHING BUT what I'd expect. How am *I* supposed to know if the domain isn't valid or is someone simply sniped the domain from the person I intended to find.
IMHO, it's only a matter of time before some consumer group (hint hint) takes this one to court.
Being that this site is a 'consumer' site, I'm surprised they haven't started raising funds from it's vast user base and gone head to head with some of these issues where it counts in addition to the vast online bitch fest. Seems to me that there is an opportunity here that BBR is missing if they truly want to make a difference.
--
"Complaining is the least path of resistance for the self-serving, the lazy, and I’m told it’s a woman’s prerogative..." |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| I was mistaken, I forgot that most subscribers use the setting to "automatically get DNS server IPs" or whatever it's called in each particular router. In that case the ISP could look at who it is (based on MAC or whatever) and assign them a different DNS server and it could be a good one.
For those of us who specify IPs, a web page opt-out wouldn't work. |
|
fiberguy
My views are my own.
Premium
join:2005-05-20
| why wouldn't it?? Doesn't the user go to a web page to opt out?
»/r0/download/1···barq.jpg
It appears that in this example, you visit a website, change your setting, and that should do it.
What I was getting at is the very page you are redirected to should have the ability for the customer to either 1) opt out there. or 2) click to log into the page that you make the change. At minimum, they should tell you that the page wasn't found, they are 'trying to help you' (right) and that you CAN opt out of these pages.. ie: "Don't want to use this help? Click here for more info on how to opt out" ... or something like that
--
"Complaining is the least path of resistance for the self-serving, the lazy, and I’m told it’s a woman’s prerogative..." |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| said by swhx7  : [web page opt-out could work for those who set "automatically get DNS addresses" but] For those of us who specify IPs, a web page opt-out wouldn't work.
said by fiberguy :why wouldn't it??
A web page can't change your TCP/IP settings (maybe excepting some Active-X badware, if you allow it) or anything in your router (apart from some criminal hacking techniques). And this is a good thing; a browser shouldn't have access to system settings. If your device is configured to send DNS requests to xxx.xxx.xxx.xxx:53, there's no way the ISP could re-configure it to send them to yyy.yyy.yyy.yyy:53 instead.
On the other hand if it's configured to send the DNS requests to a generic address where they will be passed on to a DNS server the ISP's device selects (that's the "automatically select" option in OS or router settings), a web request could tell the ISP to put your MAC on a list of those which get their DNS requests sent to the un-borked nameserver instead of the borked one.
said by fiberguy :What I was getting at is the very page you are redirected to should have the ability for the customer to either 1) opt out there. or 2) click to log into the page that you make the change [or get] more info on how to opt out
Yes, that would be the least they could do. They probably don't because more people would opt out. Making it something you have to hunt for on their website maximizes the ad audience. |
|
dagman52
join:2007-11-12
32879
| It has to be doing it based on mac-address without re-assigning anything. I get opted out at the DNS server almost instantly. Doing nslookup in a shell loop directly against the server the answer changes real-time as I opt-in/opt-out of the service. This behavior is very different than my previous Charter experience, which there was no freakin way to shut off. |
|
anonposter
@insightbb.com
| reply to fiberguy
I will further this argument by asking what right does an ISP have to co-opt my subdomains? Say I own billsbigcars.com, I choose not to use wildcards on the nameservers for that domain for some technical reason, and one of my potential customers tries to go to toyottas.billsbigcars.com, with an obvious misspelling of toyotas. The user (at least on Insight ... I am sure others) will STILL be redirected to the ISP search page, even though billsbigcars.com exists. What's worse, they may immediately see an ad for bobsbigcars.com, a fierce competitor, click on their site, and buy a car ... leaving me holding the bag while Insight makes money off of the ad.
This practice reminds me of the old story of the competing tow truck companies (or similar service) ... COMPANY A fooled the phone company into setting up remote access call forwarding FOR COMPANY B... and often during rush hour would forward COMPANY B's calls to COMPANY A's phone number. This was outright fraud ... and to me the redirect situation described above is exactly the same thing! |
|
bleearg13
join:2001-03-03
Gaithersburg, MD
| reply to swhx7
When you opt-out, all it does is pass your DNS requests through without any redirection. I've tested a device like this before. You don't need to modify DNS settings in order to be opted-out - it's all done with access lists within the device. Here's how the device I tested works:
1. DNS request is made from client.
2. DNS request is sent to the DNS server.
3. Transparent DNS proxy sits *on the wire* between the network and DNS server(s) or load balancer(s).
4. If a requesting (client) IP is in the 'redirect' list, then the request gets sent to an external DNS server (off-net from your DNS server), with the source address of the device.
5. Replies come back to the device, which then get sent back to the client. This works much the same way as a web proxy.
6. If a client IP is not in the list, then the device simply passes the packet through the DNS server with no proxying or modification. If the power to the proxy device goes out, it will still pass traffic and just turns into a dumb device - no one is served proxy'd DNS - they all get real responses.
I'm not at liberty to say exactly what device it was, but it's my understanding that this company was behind the technology used in the Verisign SiteFinder fiasco several years ago. |
|
