Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups

from the nobody-likes-anti-features dept

Rogers -- a Canadian telco -- has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google's home page. As if that wasn't enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn't exist, instead of getting a "page not found" error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there's an "opt-out" feature, but it doesn't take long to see that it's pretty pathetic. The "opt-out" sends a cookie which just redirects the user to a different Rogers page instead -- a fake "Internet Explorer" error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser's cookies are cleared. The comments on Geist's post are evidence that many Rogers customers are not pleased (myself included).

This isn't just annoying, it's also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist's post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers' new "feature" ends up resembling a hostile attempt to redirect traffic to an unknown server.

Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn't exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won't meet much resistance. In another comment on Geist's post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): "What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks -- as they get used to the new behavior."

Rogers thinks it can just brush off complaints from its users, especially since there really isn't a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider "net neutrality" territory. Bell Canada (one of Rogers' few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven't heard the last of this.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Av, Jul 23rd, 2008 @ 9:25pm

    I was shocked to discover that this affects Rogers Business customers as well. I quickly switched over to Level 3's free DNS servers at 4.2.2.1 through 4.2.2.6. No bullshit.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Chris Charabaruk (profile), Jul 23rd, 2008 @ 10:17pm

    More than a security risk; it also breaks a lot of VPNs...

    With the triple threat of unwanted advertising, security risks, and failing VPNs that rely on the proper DNS behaviour, my advice to Rogers customers is to find another provider. Preferably for all services that the customer gets from Rogers now.

    The only thing those crooks understand is money. Take enough of that away from them, well...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Craig, Jul 23rd, 2008 @ 10:38pm

    Sucks to be us...

    Rogers is much more than a telco. They are a media giant in Canada, with video stores, TV stations, telephone and internet as well as cable TV services too.

    The problem here is often we can't just find another provider. Why? There are so few. Also, because of their monopoly, Rogers, Bell, Telus etc. often bundle all of their services together at a "discount" price. So if you dropped your Rogers cellular you may impact the cost of your other Rogers' services.

    If you buy your services a la carte from the various providers, you will pay much more than with buying the bundles.

    We are over a barrel here, and the government and regulators are impotent. I see very little difference between Bell, Rogers and Telus. They all fuck us over and they get away with it. We want and need the services, so you have to decide which of the big three demons is the lesser evil to deal with.

    It doesn't help that we have such a small population, either, but that's a whole other blog post :)

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Rajesh Nair, Jul 23rd, 2008 @ 11:16pm

    Is it really surprising?

    Redirecting failed DNS lookups is hardly a new phenomena .In fact openDNS has made it a successful Business (granted that openDNS provides much more features when you opt for its DNS server).

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Chris Charabaruk (profile), Jul 24th, 2008 @ 12:10am

    Re: Sucks to be us...

    It may cost more to not bundle them, but it's still better for us. As a former customer of Rogers for both mobile phones and cable TV, I made sure when I got my current internet access that I wouldn't go anywhere near those bastards. Bell may suck, but at least they don't go trying to break the internet for profit.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Blaise Alleyne (profile), Jul 24th, 2008 @ 1:43am

    Re: Re: Sucks to be us...

    Bell may suck, but at least they don't go trying to break the internet for profit.

    Really? They're not much better. I'd argue, in some ways, worse.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Blaise Alleyne (profile), Jul 24th, 2008 @ 1:47am

    Re: Is it really surprising?

    It's not that there's something inherently or absolutely wrong with redirecting failed DNS lookups, but when you use OpenDNS, that's an opt-in. Rogers changed the behaviour of the DNS accounts on all its home and business accounts without notice, and it's now the default behaviour and they're opt-out is a sham.

    If Rogers offered this as an opt-in, it'd be different. Even if they offered a real opt-out, it'd be better. Instead, customers get surprised with the change and have to find their own solution if they want to fix it.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    D Mac (profile), Jul 24th, 2008 @ 2:50am

    Opt out works fine

    I just tried the opt out and don't see what the issue is.

    You click 2 links and then you forever go back to the "normal" behaviour for failed DNS lookups. (unless of course you clear your cookies, if you do you just need to click those 2 links again)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 3:14am

    Re: Opt out works fine

    ah, but you see you only think you've opted out. actually your DNS requests are being redirected to a fake error page. Problem with this is that other applications arent getting proper error data back.

    It's kind of like someone bricking up a window in your house and putting a giant ad board on the inside. when you ask them if they please make it the way it was, they keep the brick wall there but instead paint the wall to look like the outside world. Oh, and the ad board sneaks back in every time you clean the room.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Penn Computers, Jul 24th, 2008 @ 3:35am

    Legal?

    Isn't this a case of fraud, Hi-jacking, and/or miss representation? Think about it, if I go to google and I see more than what google has posted on there page. Then is this really legal? I would not want a user to come to my site and see more than what I publish without my prior authorization.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Simon, Jul 24th, 2008 @ 5:18am

    More opportunity...

    Maybe Rogers will start playing ads when you dial a non existent number using their phone service. Obviously you could opt out, in which case they would play a recording of the 'number not available' tone.

    I hate Rogers, but I have no other wired provider available to me where I live.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    John Biggs, Jul 24th, 2008 @ 5:27am

    I just don't care

    I don't care that ISPs or other DNS services do this. For me I actually like it because it provides a link to what I meant to type and I don't have to type it again.

    I use OpenDNS now since verizon's DNS has seemed slower for me. It also has phishing and other protection built in so it's really beneficial.

    BTW, most US ISPs do this. Switch to a bigger DNS service such as OpenDNS and get better speeds and more reliable lookups.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 6:05am

    Re: I just don't care

    Comcast doesn't thank god, at least yet.

    Love how most of the comments here are ignoring the security threat implicit in such behavior.

    At least there is always Level 3...

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Moe, Jul 24th, 2008 @ 6:08am

    Rogers

    Quite entertaining and definitely not surprising...gave up on all Rogers services a few years ago because of outright lies and misrepresentations. Time for some regulation to be exercised among these giants and bring them back down to earth.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Brandon, Jul 24th, 2008 @ 6:17am

    Internet Explorer

    How is this different from what Microsoft does with Internet Explorer? That one automatically takes you to Microsoft's Live Search if the address fails. Maybe I'm missing something somewhere. I also haven't seen an opt-out feature for the Internet Explorer redirect but then I usually use Firefox so I haven't really done much looking for an opt-out on IE. Some tell me if what Rogers is doing is different from what Microsoft is doing please!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 6:49am

    Re: Internet Explorer

    The difference is that the Microsoft solution only works in Internet Explorer. It does not affect other applications such as VPN.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Xanthir, FCD, Jul 24th, 2008 @ 6:53am

    Re: Internet Explorer

    The difference is somewhat technical, but important.

    When IE (or most any browser) takes you to a search page after you type in a non-existent address, that's purely an action on the *browser's* part. It *tries* to go to the page, receives a 404 error, then instead puts you on a new page. It knows that the original request failed, though. (The normal 'page not found' error also works exactly like this, except that the page it sends you to is stored on your computer rather than being somewhere else out on the net.)

    On the other hand, what Rogers and some other ISPs are doing is redirecting you on the *server's* side, so that the browser never knows that it tried to access a bad address. Specifically, the error code that the browser is supposed to receive (404) never gets sent.

    There's a third similar thing that can happen, actually. Individual sites can specify that 404 errors should bring up a specific page of their own (rather than the browser-specific page-not-found page). This can even be an ad-laden search page, just like what Rogers is doing. However, this practice *still* returns the proper error code as well, so that services which depend on that code to know that a link is bad will still work correctly.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Blaise Alleyne (profile), Jul 24th, 2008 @ 6:59am

    Re: Internet Explorer

    Your browser is on your machine. It's getting the failed lookup, and deciding how to handle it, just like any other application would (e.g. VPN software). In this case, Rogers is pre-emptively taking control and not returning to your applications the information they would expect or need to handle a failed lookup.

    What Internet Explorer does only handles web browser. What Rogers does is at the service provider level, not the application level, so ALL your applications are affected by it.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Brandon, Jul 24th, 2008 @ 7:02am

    Re: Re: Internet Explorer

    Ok, it makes sense now. I guess I didn't think about the way internet explorer handling things would be client side as opposed to server side. Thanks for clearing it up for me!

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Woadan, Jul 24th, 2008 @ 7:29am

    Not sure about the iPhone and its settings, but everyone should go to OpenDNS for their DNS settings. I think you have to sign up, but the service is free.

    Woadan

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Kevin Pemberton, Jul 24th, 2008 @ 7:32am

    Re: Internet Explorer

    Firefox! Why help the evil empires. Open source has nothing to gain by using unethical business practices. Net neutrality issues robs everyone. Remember any advertising that is hijacked has been paid for by the person who didn't receive the traffic.

    You must remember that the advertiser calculates his ROI(return on investment)to stay in the black. With time these unethical practices will put advertisers out of business. You can then kiss the internet good by as a channel of commerce. For those in locations where there is only one ISP because of population, this means the people can go back to the dark ages and forget that many things don't exist, at least for them.

    It isn't OK to turn a blind side to any issue like this, When you complain at a site like this, and not to the government that can regulate such practices you are accepting part of the blame.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    J. Phil, Jul 24th, 2008 @ 8:01am

    Time Warner Does This Too

    Time Warner's Road Runner service has been doing this for a while, and I wrote about it here:

    http://www.scribkin.com/2008/06/13/my-isp-is-a-dns-sellout/

    Thank goodness for OpenDNS.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Chronno S. Trigger, Jul 24th, 2008 @ 9:47am

    Re: Re: Re: Internet Explorer

    There is a setting in the Internet options under advanced called "do not search from address bar" if that is selected it will never redirect you. That's usually how I have mine setup.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 9:51am

    This is not surprising from ROGERS. They are always trying to pull a fast one. Some of their business practices are questionable. Just another reason to stay as far away from them as possible. Here in Canada we now have other options, so it is time we sent a message to Rogers that we won't put up with it anymore.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    John Wilson, Jul 24th, 2008 @ 10:39am

    Here we go again

    This is reminding me of something that Rogers did more than a few years ago when it went to tiered packages for cable tv. Back then you just got it and had to opt out in a very convoluted process that involved calling a help line that took forever to answer. Once answered you got a sales pitch telling you how wonderful the service was and you didn't really want to cancel did you, oh, by the way, there's a cancelation fee!

    There was a nation wide rebellion with people witholding payment and screaming from the rooftops particularly when they discovered that areas serviced by Shaw didn't have to go through that junk. Shaw offered the tiers as an opt in.

    It got so bad that the normally "prisoner of cablecos" CRTC actually had to ban that particular practise.

    Of course, that was before Rogers and Shaw did a sweetheart deal and cut the English speaking market into East/West which was dutifully approved by the CRTC.

    Shaw. at least, still returns the 404 error and if they are serving ads there they're wasting their time because I use AdBlockPlus and won't see them.

    Rogers has a well earned reputation for arrogance and money grubbing that has kept me well away from their non cable offerings and will continue to do so.

    I'm glad that I don't live in an area served by Rogers as a cableco and, therefore, ISP though I'm not at all happy about this or the BS that Paxfire hands out about how those who complain about this are merely a bunch of unhappy geeks.

    The really sad thing is that additional regulation won't help until the CRTC is told that it's job isn't to protect cablecos but to actually regulate them with the public and customers in mind rather than cableco profits. Right now it's actually tasked with encouraging cable growth in the most cabled country on earth!

    ttfn

    John

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    n0npr0phet, Jul 24th, 2008 @ 10:46am

    Wide Open West (WOW) has been doing this for years

    In Columbus, Ohio the US, ISP Wide Open West (WOW) has been doing this for years.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 11:18am

    Verizon has been doing the very same thing for some time now.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jul 24th, 2008 @ 1:30pm

    DNS redirect EMBARQ

    Don't forget Embarq. They also redirect even from site links. Seems like they all want to make some extra money at the customers expense, both money and security.
    Want to be an ISP? Be an ISP and not get stupid with a side line.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    phuck Ted Roger$, Jul 24th, 2008 @ 1:57pm

    phuck Ted Roger$

    Does anyone know if the Rogers EULA supports this crap?
    I'm particularly interested in the comment made about this practice being fraud.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    slr, Jul 24th, 2008 @ 6:13pm

    Re: More than a security risk; it also breaks a lot of VPNs...

    Done :-)

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Blaise Alleyne (profile), Jul 25th, 2008 @ 2:33pm

    Re: Here we go again

    Agree with you here, it's all very frustrating...

    One technical note though, for anyone reading this: "Shaw. at least, still returns the 404 error and if they are serving ads there they're wasting their time because I use AdBlockPlus and won't see them."

    404 errors are a bit different from a failed DNS lookup.

    A 404 error occurs when you are successful in contacting the web server (meaning, amongst other things, the DNS lookup succeeded) but the page you have requested does not exist on the web server. In this case, the protocol is for the web server to return a 404 error page explaining that. The error page comes from the web server you're contacting.

    With a failed DNS lookup, you don't get as far as contacting the web server because the domain name you entered cannot be found. The protocol is for the DNS query to return "false", and then your application decides how to handle it (e.g. your web browser says "cannot be found" or something). The error page comes from your browser.

    In both cases, ISP interference is troubling, but this is a case of the latter. (The former would be even more troubling, that's the type of thing Rogers was experimenting with using deep packet inspection.)

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Blaise Alleyne (profile), Jul 25th, 2008 @ 2:35pm

    Re: Re: Re: Re: Internet Explorer

    Right, but I doubt this would solve the problem here. Since DNS lookups are being hijacked, your browser doesn't even know it's doing a "search from the address bar" because your ISP is doing it for you -- whether you want it or not -- before sending the information back to your browser.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Pappy, Jul 25th, 2008 @ 4:50pm

    Redirecting

    Verizon (Massachusetts, USA) also redirects erroneous URLs to its search page and also throttles download speed if you are detected downloading from a torrent.

    They also route all tech support calls to India (nice people but not very helpful).

    AND........ They also discontinued most newsgroups.

    This is, unfortunately, the way most ISPs are going, unfortunately.

    It's more profitable for them and makes the stockholders happy.

    This is the future of the Internet. Gone are the days of the friendly voice of tech support the other end of the phone, unlimited bandwidth and free speech.

    "They" are now in control...

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Fox, Jul 25th, 2008 @ 6:20pm

    Take action

    Are there any law firms out there willing to take this case up as a class action?

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Wayne, Jul 27th, 2008 @ 2:57pm

    Rogers incompetence

    Yes, incompetence. I first became aware of the problem when a web comic that I read every day refused to load, and I got the Rogers "not found" page. Since I could tell the server for the web comic was up (by going to a different page on the server), I did some experimentation. The page would load some times, and wouldn't load others. Apparently Rogers is making the assumption that if something doesn't load within a specified time, that it's "not found".

    Of course since the "opt out" function is a fake, using it didn't fix the problem. I couldn't access a page that was up and working more than half the time, because it took longer than Rogers liked.

    I run a Mac, with OSX Leopard. I confirmed this under both Firefox and Safari.

    The answer to the problem was quite simple. I added:

    http://www20.search.rogers.com/not_found

    to Add Block plus, and my problem disappeared. I've recommended that the Add Bloc folks add this site to their automatic updates, and hope that they will shortly.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Bruce A. Knack, Jul 28th, 2008 @ 10:35pm

    Safari whoas and Rogers

    Tonight I noticed this new behavior from Rogers. I setup to use OpenDNS and opted out of everything. Problem solved?

    Not really...

    At some point over the last few months Safari started taking me to google if I made a mistake in address field (or purposefully typed a search rather than a website). I really liked this as I use google all the time.

    After switching to OpenDNS, I now get the old Safari page that offers google as an optional search. To activate this search I have to click on the link rather than being taken directly to google with the search already run (as was the case up until this new behavior from Rogers).

    Has anyone else seen this behavior?

    BTW: I'm guessing the reason the "highly technical users" stop complaining is not that they get used to the service, rather that they switch to other DNS providers.

    Cheers and TIA,
    Bruce.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    Blaise Alleyne (profile), Jul 29th, 2008 @ 7:22am

    Re: Safari whoas and Rogers

    Not sure if this addresses your problem or not, but OpenDNS actually redirects failed lookups too. Except, you can actually turn it off.

    You have to setup a (free) account and turn off "typo correction" in order to get normal DNS behaviour again.

    I don't know if that's related to your problem or not though.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    MM, Aug 21st, 2008 @ 1:39pm

    Rogers Yahoo - pathetic experience

    I wonder if there is an easy solution to this - I'm so annoyed by this experience, I hate it and the Rogers Yahoo search results are SO BAD!

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Mark, Jan 7th, 2009 @ 8:00am

    Re: Legal?

    I absolutely agree that is illegal. But what would you expect from a company which sells their users private information to other companies.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Mark, Jan 7th, 2009 @ 8:04am

    Re: Rogers

    Totally agree on that. Whatever it takes, we should not compromise these Monopoly blood suckers behaviors anymore. Government should take action and we need to have more options as media providers.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Mr Reply, Jan 10th, 2009 @ 3:12pm

    Rogers Hijacks Failed DNS Lookups

    "Rogers Hijacks Failed DNS Lookups" is like typical Canadian fart… when one makes mistake, if they sit next to that one then they fart silently with horrible smell. O’Canada!

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    دردشه, Jul 5th, 2009 @ 2:39pm

    Totally agree on that. Whatever it takes

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    jorolo87 (profile), Jul 30th, 2011 @ 3:58am

    to annoy customers??? Naaah that is baad. Why would he do that?

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    Anonymous Coward, Aug 12th, 2011 @ 11:15am

    Re: Opt out works fine

    My mileage is different, it doesn't go back to the normal behaviour. It gives a different page, it may not send the search to paxfire, but it does serve up a page rather than returning a dns fail. And yes, that is a problem.

    I switched to a non-rogers dns server.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This