Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups
from the nobody-likes-anti-features dept
Rogers — a Canadian telco — has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google’s home page. As if that wasn’t enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn’t exist, instead of getting a “page not found” error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there’s an “opt-out” feature, but it doesn’t take long to see that it’s pretty pathetic. The “opt-out” sends a cookie which just redirects the user to a different Rogers page instead — a fake “Internet Explorer” error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser’s cookies are cleared. The comments on Geist’s post are evidence that many Rogers customers are not pleased (myself included).
This isn’t just annoying, it’s also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist’s post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers’ new “feature” ends up resembling a hostile attempt to redirect traffic to an unknown server.
Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn’t exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won’t meet much resistance. In another comment on Geist’s post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): “What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks — as they get used to the new behavior.”
Rogers thinks it can just brush off complaints from its users, especially since there really isn’t a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider “net neutrality” territory. Bell Canada (one of Rogers’ few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven’t heard the last of this.
Filed Under: dns lookup, redirects
Companies: rogers
Comments on “Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups”
I was shocked to discover that this affects Rogers Business customers as well. I quickly switched over to Level 3’s free DNS servers at 4.2.2.1 through 4.2.2.6. No bullshit.
More than a security risk; it also breaks a lot of VPNs...
With the triple threat of unwanted advertising, security risks, and failing VPNs that rely on the proper DNS behaviour, my advice to Rogers customers is to find another provider. Preferably for all services that the customer gets from Rogers now.
The only thing those crooks understand is money. Take enough of that away from them, well…
Re: More than a security risk; it also breaks a lot of VPNs...
Done 🙂
Sucks to be us...
Rogers is much more than a telco. They are a media giant in Canada, with video stores, TV stations, telephone and internet as well as cable TV services too.
The problem here is often we can’t just find another provider. Why? There are so few. Also, because of their monopoly, Rogers, Bell, Telus etc. often bundle all of their services together at a “discount” price. So if you dropped your Rogers cellular you may impact the cost of your other Rogers’ services.
If you buy your services a la carte from the various providers, you will pay much more than with buying the bundles.
We are over a barrel here, and the government and regulators are impotent. I see very little difference between Bell, Rogers and Telus. They all fuck us over and they get away with it. We want and need the services, so you have to decide which of the big three demons is the lesser evil to deal with.
It doesn’t help that we have such a small population, either, but that’s a whole other blog post 🙂
Re: Sucks to be us...
It may cost more to not bundle them, but it’s still better for us. As a former customer of Rogers for both mobile phones and cable TV, I made sure when I got my current internet access that I wouldn’t go anywhere near those bastards. Bell may suck, but at least they don’t go trying to break the internet for profit.
Re: Re: Sucks to be us...
Bell may suck, but at least they don’t go trying to break the internet for profit.
Really? They’re not much better. I’d argue, in some ways, worse.
Is it really surprising?
Redirecting failed DNS lookups is hardly a new phenomena .In fact openDNS has made it a successful Business (granted that openDNS provides much more features when you opt for its DNS server).
Re: Is it really surprising?
It’s not that there’s something inherently or absolutely wrong with redirecting failed DNS lookups, but when you use OpenDNS, that’s an opt-in. Rogers changed the behaviour of the DNS accounts on all its home and business accounts without notice, and it’s now the default behaviour and they’re opt-out is a sham.
If Rogers offered this as an opt-in, it’d be different. Even if they offered a real opt-out, it’d be better. Instead, customers get surprised with the change and have to find their own solution if they want to fix it.
Opt out works fine
I just tried the opt out and don’t see what the issue is.
You click 2 links and then you forever go back to the “normal” behaviour for failed DNS lookups. (unless of course you clear your cookies, if you do you just need to click those 2 links again)
Re: Opt out works fine
ah, but you see you only think you’ve opted out. actually your DNS requests are being redirected to a fake error page. Problem with this is that other applications arent getting proper error data back.
It’s kind of like someone bricking up a window in your house and putting a giant ad board on the inside. when you ask them if they please make it the way it was, they keep the brick wall there but instead paint the wall to look like the outside world. Oh, and the ad board sneaks back in every time you clean the room.
Re: Opt out works fine
My mileage is different, it doesn’t go back to the normal behaviour. It gives a different page, it may not send the search to paxfire, but it does serve up a page rather than returning a dns fail. And yes, that is a problem.
I switched to a non-rogers dns server.
Legal?
Isn’t this a case of fraud, Hi-jacking, and/or miss representation? Think about it, if I go to google and I see more than what google has posted on there page. Then is this really legal? I would not want a user to come to my site and see more than what I publish without my prior authorization.
Re: Legal?
I absolutely agree that is illegal. But what would you expect from a company which sells their users private information to other companies.
More opportunity...
Maybe Rogers will start playing ads when you dial a non existent number using their phone service. Obviously you could opt out, in which case they would play a recording of the ‘number not available’ tone.
I hate Rogers, but I have no other wired provider available to me where I live.
I just don't care
I don’t care that ISPs or other DNS services do this. For me I actually like it because it provides a link to what I meant to type and I don’t have to type it again.
I use OpenDNS now since verizon’s DNS has seemed slower for me. It also has phishing and other protection built in so it’s really beneficial.
BTW, most US ISPs do this. Switch to a bigger DNS service such as OpenDNS and get better speeds and more reliable lookups.
Re: I just don't care
Comcast doesn’t thank god, at least yet.
Love how most of the comments here are ignoring the security threat implicit in such behavior.
At least there is always Level 3…
Rogers
Quite entertaining and definitely not surprising…gave up on all Rogers services a few years ago because of outright lies and misrepresentations. Time for some regulation to be exercised among these giants and bring them back down to earth.
Re: Rogers
Totally agree on that. Whatever it takes, we should not compromise these Monopoly blood suckers behaviors anymore. Government should take action and we need to have more options as media providers.
Internet Explorer
How is this different from what Microsoft does with Internet Explorer? That one automatically takes you to Microsoft’s Live Search if the address fails. Maybe I’m missing something somewhere. I also haven’t seen an opt-out feature for the Internet Explorer redirect but then I usually use Firefox so I haven’t really done much looking for an opt-out on IE. Some tell me if what Rogers is doing is different from what Microsoft is doing please!
Re: Internet Explorer
The difference is that the Microsoft solution only works in Internet Explorer. It does not affect other applications such as VPN.
Re: Internet Explorer
The difference is somewhat technical, but important.
When IE (or most any browser) takes you to a search page after you type in a non-existent address, that’s purely an action on the *browser’s* part. It *tries* to go to the page, receives a 404 error, then instead puts you on a new page. It knows that the original request failed, though. (The normal ‘page not found’ error also works exactly like this, except that the page it sends you to is stored on your computer rather than being somewhere else out on the net.)
On the other hand, what Rogers and some other ISPs are doing is redirecting you on the *server’s* side, so that the browser never knows that it tried to access a bad address. Specifically, the error code that the browser is supposed to receive (404) never gets sent.
There’s a third similar thing that can happen, actually. Individual sites can specify that 404 errors should bring up a specific page of their own (rather than the browser-specific page-not-found page). This can even be an ad-laden search page, just like what Rogers is doing. However, this practice *still* returns the proper error code as well, so that services which depend on that code to know that a link is bad will still work correctly.
Re: Internet Explorer
Your browser is on your machine. It’s getting the failed lookup, and deciding how to handle it, just like any other application would (e.g. VPN software). In this case, Rogers is pre-emptively taking control and not returning to your applications the information they would expect or need to handle a failed lookup.
What Internet Explorer does only handles web browser. What Rogers does is at the service provider level, not the application level, so ALL your applications are affected by it.
Re: Re: Internet Explorer
Ok, it makes sense now. I guess I didn’t think about the way internet explorer handling things would be client side as opposed to server side. Thanks for clearing it up for me!
Re: Re: Re: Internet Explorer
There is a setting in the Internet options under advanced called “do not search from address bar” if that is selected it will never redirect you. That’s usually how I have mine setup.
Re: Re: Re:2 Internet Explorer
Right, but I doubt this would solve the problem here. Since DNS lookups are being hijacked, your browser doesn’t even know it’s doing a “search from the address bar” because your ISP is doing it for you — whether you want it or not — before sending the information back to your browser.
Re: Internet Explorer
Firefox! Why help the evil empires. Open source has nothing to gain by using unethical business practices. Net neutrality issues robs everyone. Remember any advertising that is hijacked has been paid for by the person who didn’t receive the traffic.
You must remember that the advertiser calculates his ROI(return on investment)to stay in the black. With time these unethical practices will put advertisers out of business. You can then kiss the internet good by as a channel of commerce. For those in locations where there is only one ISP because of population, this means the people can go back to the dark ages and forget that many things don’t exist, at least for them.
It isn’t OK to turn a blind side to any issue like this, When you complain at a site like this, and not to the government that can regulate such practices you are accepting part of the blame.
Not sure about the iPhone and its settings, but everyone should go to OpenDNS for their DNS settings. I think you have to sign up, but the service is free.
Woadan
Time Warner Does This Too
Time Warner’s Road Runner service has been doing this for a while, and I wrote about it here:
http://www.scribkin.com/2008/06/13/my-isp-is-a-dns-sellout/
Thank goodness for OpenDNS.
This is not surprising from ROGERS. They are always trying to pull a fast one. Some of their business practices are questionable. Just another reason to stay as far away from them as possible. Here in Canada we now have other options, so it is time we sent a message to Rogers that we won’t put up with it anymore.
Here we go again
This is reminding me of something that Rogers did more than a few years ago when it went to tiered packages for cable tv. Back then you just got it and had to opt out in a very convoluted process that involved calling a help line that took forever to answer. Once answered you got a sales pitch telling you how wonderful the service was and you didn’t really want to cancel did you, oh, by the way, there’s a cancelation fee!
There was a nation wide rebellion with people witholding payment and screaming from the rooftops particularly when they discovered that areas serviced by Shaw didn’t have to go through that junk. Shaw offered the tiers as an opt in.
It got so bad that the normally “prisoner of cablecos” CRTC actually had to ban that particular practise.
Of course, that was before Rogers and Shaw did a sweetheart deal and cut the English speaking market into East/West which was dutifully approved by the CRTC.
Shaw. at least, still returns the 404 error and if they are serving ads there they’re wasting their time because I use AdBlockPlus and won’t see them.
Rogers has a well earned reputation for arrogance and money grubbing that has kept me well away from their non cable offerings and will continue to do so.
I’m glad that I don’t live in an area served by Rogers as a cableco and, therefore, ISP though I’m not at all happy about this or the BS that Paxfire hands out about how those who complain about this are merely a bunch of unhappy geeks.
The really sad thing is that additional regulation won’t help until the CRTC is told that it’s job isn’t to protect cablecos but to actually regulate them with the public and customers in mind rather than cableco profits. Right now it’s actually tasked with encouraging cable growth in the most cabled country on earth!
ttfn
John
Re: Here we go again
Agree with you here, it’s all very frustrating…
One technical note though, for anyone reading this: “Shaw. at least, still returns the 404 error and if they are serving ads there they’re wasting their time because I use AdBlockPlus and won’t see them.”
404 errors are a bit different from a failed DNS lookup.
A 404 error occurs when you are successful in contacting the web server (meaning, amongst other things, the DNS lookup succeeded) but the page you have requested does not exist on the web server. In this case, the protocol is for the web server to return a 404 error page explaining that. The error page comes from the web server you’re contacting.
With a failed DNS lookup, you don’t get as far as contacting the web server because the domain name you entered cannot be found. The protocol is for the DNS query to return “false”, and then your application decides how to handle it (e.g. your web browser says “cannot be found” or something). The error page comes from your browser.
In both cases, ISP interference is troubling, but this is a case of the latter. (The former would be even more troubling, that’s the type of thing Rogers was experimenting with using deep packet inspection.)
Wide Open West (WOW) has been doing this for years
In Columbus, Ohio the US, ISP Wide Open West (WOW) has been doing this for years.
Verizon has been doing the very same thing for some time now.
DNS redirect EMBARQ
Don’t forget Embarq. They also redirect even from site links. Seems like they all want to make some extra money at the customers expense, both money and security.
Want to be an ISP? Be an ISP and not get stupid with a side line.
phuck Ted Roger$
Does anyone know if the Rogers EULA supports this crap?
I’m particularly interested in the comment made about this practice being fraud.
Redirecting
Verizon (Massachusetts, USA) also redirects erroneous URLs to its search page and also throttles download speed if you are detected downloading from a torrent.
They also route all tech support calls to India (nice people but not very helpful).
AND…….. They also discontinued most newsgroups.
This is, unfortunately, the way most ISPs are going, unfortunately.
It’s more profitable for them and makes the stockholders happy.
This is the future of the Internet. Gone are the days of the friendly voice of tech support the other end of the phone, unlimited bandwidth and free speech.
“They” are now in control…
Take action
Are there any law firms out there willing to take this case up as a class action?
Rogers incompetence
Yes, incompetence. I first became aware of the problem when a web comic that I read every day refused to load, and I got the Rogers “not found” page. Since I could tell the server for the web comic was up (by going to a different page on the server), I did some experimentation. The page would load some times, and wouldn’t load others. Apparently Rogers is making the assumption that if something doesn’t load within a specified time, that it’s “not found”.
Of course since the “opt out” function is a fake, using it didn’t fix the problem. I couldn’t access a page that was up and working more than half the time, because it took longer than Rogers liked.
I run a Mac, with OSX Leopard. I confirmed this under both Firefox and Safari.
The answer to the problem was quite simple. I added:
http://www20.search.rogers.com/not_found
to Add Block plus, and my problem disappeared. I’ve recommended that the Add Bloc folks add this site to their automatic updates, and hope that they will shortly.
Safari whoas and Rogers
Tonight I noticed this new behavior from Rogers. I setup to use OpenDNS and opted out of everything. Problem solved?
Not really…
At some point over the last few months Safari started taking me to google if I made a mistake in address field (or purposefully typed a search rather than a website). I really liked this as I use google all the time.
After switching to OpenDNS, I now get the old Safari page that offers google as an optional search. To activate this search I have to click on the link rather than being taken directly to google with the search already run (as was the case up until this new behavior from Rogers).
Has anyone else seen this behavior?
BTW: I’m guessing the reason the “highly technical users” stop complaining is not that they get used to the service, rather that they switch to other DNS providers.
Cheers and TIA,
Bruce.
Re: Safari whoas and Rogers
Not sure if this addresses your problem or not, but OpenDNS actually redirects failed lookups too. Except, you can actually turn it off.
You have to setup a (free) account and turn off “typo correction” in order to get normal DNS behaviour again.
I don’t know if that’s related to your problem or not though.
Rogers Yahoo - pathetic experience
I wonder if there is an easy solution to this – I’m so annoyed by this experience, I hate it and the Rogers Yahoo search results are SO BAD!
Rogers Hijacks Failed DNS Lookups
“Rogers Hijacks Failed DNS Lookups” is like typical Canadian fart… when one makes mistake, if they sit next to that one then they fart silently with horrible smell. O’Canada!
Totally agree on that. Whatever it takes
to annoy customers??? Naaah that is baad. Why would he do that?
Sucks to be us...
I have a look at Michael Geist’s blog from time to time. He’s a people’s champion. I can’t follow a lot of his tech talk, but I get some of it. He certainly has a low opinion of Bell. He thinks it’s the worst when it comes to caring about our privacy. It’s just a miserable task trying to figure out which of these mafia capitalist operations is less brutal. I’m on Rogers at home, in a rooming house owned by a friend who is supplying us all with our wifi, from Rogers. And it’s looking like Rogers is treating my vpn (HMA) like a problem.
I paid for the VPN and it’s looking like I threw my money away. It’s constantly disconnected (by Rogers I suspect) and I keep getting a message to the effect that there’s a DN problem (conflict with two or something) yadda yadda.