Here's what they're doing: if you type in a web address that doesn't exist, they (in violation of RFC) return a valid IP (instead of returning domain-not-found, which is the correct and socially-responsible value). For example:
mystique:~$ host verisign-is-pirating-the-commons.net verisign-is-pirating-the-commons.net has address 18.104.22.168 mystique:~$ host verisign-is-pirating-the-commons.com verisign-is-pirating-the-commons.com has address 22.214.171.124But note that .org doesn't do this:
mystique:~$ host verisign-is-pirating-the-commons.org Host verisign-is-pirating-the-commons.org not found: 3(NXDOMAIN)
This may not seem like a big deal, but here are some considerations:
- non-existent domains now resolve, which breaks spam blockers, ping, traceroute
- If you or your friends are running a website, now Verisign gets to find out all the people who mistyped it by one letter and offer them competitors' bids and their own "search" tools -- which don't agree with (e.g.) AltaVista or Google.
Don't let them get away with this abuse of their monopoly. Take action:
- Sign this petition
- send ICANN a complaint (comments (at) icann (dot) org), or use the web complaint form); they need some reinforcements here, and a demonstration that the users of the internet shouldn't have to put up with this.
- Don't forget to cc Verisign firstname.lastname@example.org. (spambots, feel free to send mail to Verisign too).
- If you have business with Verisign (or their subsidiary, Thawte), tell them how pissed you are. Tell them you'll be taking your business elsewhere.
- Encourage your ISP to install the BIND or tinyDNS patch which blocks the Verisign "oops" page, or, if you are an ISP, do it.