Let me introduce goggle.com (no link — they are a malware source and a domain typosquatter to boot)!
So what if this happens: My sister Annie (super smart girl) is out surfing the net and she types in or clicks a link for http://www.goggle.com/ — a one-letter typo of http://www.google.com/ (”squatting” on the typo). Easy mistake, could happen to anyone. Unfortunately for Annie she doesn’t get the OpenDNS automatic redirection to google.com or even our search results page[1]. Instead, she is taken to a site, purporting to be an anti-spyware site, which starts to try and destroy her computer and create hours of tech support work for her brother (me). It has popups, automatic downloads and is just generally representative of the lamest parts of the Internet.
Here’s a screenshot:
Right now, even with OpenDNS, my sister still gets to goggle.com — this bothers me. My goal at OpenDNS is to give you choice, not to be a censor. So I don’t want to block goggle.com outright, nor do I want to try and decide what you want. Instead, I want to give you choices. That’s what OpenDNS is: a rock-solid reliable DNS platform with the tools on top to let you manage your network how you want. If you don’t want to manage your DNS, I want our defaults to be the best they can be, which is why I need your input.
I want to know what you think we should do.
- Should we silently redirect to google.com?
- Should we take you to a page that says: “This site is lame, click here to Google” so you know what’s happening?
- Should we just send you off to goggle.com ignoring the consequences?
No matter what we do, we’ll leave the choice in your hands, but I’m curious what our users think the best way to handle cases like this are.
How would you want it to work? How would you want it to work for your sister?
Leave your comments below.
1: Just a sidenote here. While OpenDNS corrects a lot of typos we don’t (yet) correct typos of domains which can legitimately be registered.
Update: Oops, I forgot to mention a thanks to OpenDNS user Danny for emailing in about goggle.com. Thanks Danny! 
Erik Swanson
Option 2 would be the best, in my opinion.
It’d be helpful if the gateway could also include a screenshot of the “blocked” page, so that a decision to bypass the “block” would be a little more informed than just “This probably isn’t the page you were looking for.”
posted on August 4th, 2006 at 6:09 pm
Ervin J
You should redirect to a warning page, that would offer the user a choice between continuing to google.com and accessing the unsafe site. Something like this: http://channel9.msdn.com/photos/Block_Page_small_1.png .
Once you start taking redirect decisions for your users, it’s a slippery slope.
posted on August 4th, 2006 at 6:14 pm
Kyle Welsh
I agree with Ervin J - put up a transition page that gives the user an option on where to go (and maybe even keep track of the total times each link is clicked) and the user can decide.
posted on August 4th, 2006 at 6:31 pm
Aashish
Yes. The best way would be
1. To warn the user that the typo leads to a unsafe site (while giving him the opportunity to continue if he/she wants to) i.e. www.goggle.com is unsafe site
2. Also present the user with the second option (correcting the typo) i.e. were you looking for www.google.com
You can also add your OpenDNS header / footer to the page and even ads like you do on the search page (just don’t overdo it).
posted on August 4th, 2006 at 6:42 pm
y0himba
Personally: redirect silently.
Safe: redirect to a page explaining the suspicions or facts, and offer links to relevant search terms, the corrected typo link, and the actual link.
posted on August 4th, 2006 at 6:46 pm
Scott McCausland
I agree with Ervin, redirect to an arbitrary page, that would offer a choice, or, since I think that malware should be blocked, I think that goggle should redirect to the search page (with google being the first link [if that is at all possible].
I dont think that we need sites like goggle plaguing the internet.
You will do whatever you feel is right, cause that is the power of OpenDNS.
posted on August 4th, 2006 at 6:49 pm
Bob Jones
Option 2.
posted on August 4th, 2006 at 7:07 pm
Ryan
Anyone who has done some kind of tech support before would greatly appreciate a warning page being displayed. It would also be cool if you could have a “Remember this choice” feature that would set a cookie and if the user ever makes the same mistake it will automatically redirect them.
posted on August 4th, 2006 at 7:24 pm
Owen
I agree with Ervin. A simple page giving the user an option to continue but recommending they don’t. Maybe add a “remember my choice” link so if the user NEEDS (for whatever twisted reason) to use a particular site they can without future nagging. Also, a button to report a mistakenly marked page would be convenient and may help improve the quality of the phishing database.
Owen
posted on August 4th, 2006 at 7:26 pm
Sal
these guys are not cybersquatters. Goggle is a dictionary word, a generic term, which they can do whatever they wish to do with it. Unlike Google, these gusy are not in the search industry. There’s zero confusion here.
Learn or consult with a trademark attorney before blaming someone for something they are not guilty of.
posted on August 4th, 2006 at 7:56 pm
BklynKid
Just fix for us what is obviously a typo.
Option 1 would be the best IMO.
I love OpenDNS!
posted on August 4th, 2006 at 8:48 pm
Paul Westbrook
In this case, I think that option 3 is the best. Once a user goes to that site, there will be no confuson between this a Google.
I think that the silent redirection should happen when the the site is attemptiong to trick the user.
posted on August 4th, 2006 at 8:48 pm
David Ulevitch
Sal,
You’re missing the point. It’s a spyware distribution site setup to catch typos of google. If it were a site about goggles we wouldn’t be having this discussion.
Just like they have a right to put up spyware (a questionable right at best) my users have the right to choose not to view that crap. They’ve never been given that choice before because DNS has been a black box. Now we’re opening it up a bit and they can decide what they want. Like a firewall, like a spam-filter. It’s the natural course of things on the Internet. Be as open as possible, but keep out what you know to be junk.
It is the users who are asking for this — I just want to know the best way to let them do this? And don’t worry, our service is a fast and reliable DNS. Everything else is a feature on top. You can choose to not enable it if you want to visit spyware sites; that’s okay too.
-david
posted on August 4th, 2006 at 9:29 pm
Limulus
What’s interesting is that there’s a posting on http://blog.washingtonpost.com/securityfix/ today called “Google to Warn of ‘Badware’ Sites” which reads in part:
“Google said today that it has started warning Web surfers when they click on search results that may lead to sites that try to install spyware or adware on their computers. If you do a Google search for “Asta-Killer,” for example, then click on any of the top links that show up, Google will present you with a page [ http://www.google.ca/interstitial?url=http://asta-killer.com/ ] that says “Warning — the site you are about to visit may harm your computer!” Users are then given the option to continue to the site in question or find out more about the warning at StopBadware.org, By the way, that site does indeed throw a kitchen sink full of junk at your browser, so you’re probably better off heeding the warning.”
posted on August 4th, 2006 at 10:51 pm
Eric VandenAkker
Option 2 with an option to save a cookie and not show option 2 and do either 1 or 3.
posted on August 5th, 2006 at 1:03 am
BrendanC
I agree too that there should…
a) be a choice
b) be a recommendation that the page you went to is not kosher
and c) automatically redirect to the page that isn’t malicious after 1 minute
posted on August 5th, 2006 at 1:07 am
Colin M
Unless you want to be sued, I’d suggest you leave it how it is. What if, for example, new.net (the people that have all those fake TLDs), started having their plugin move real TLDs to fake sites? Not good. Speaking of which, do you guys plan to incorporate new.net domains into OpenDNS?
posted on August 5th, 2006 at 1:11 am
Scott Elkin
I’m just glad there are people like yourself making a difference and trying to do the right thing.
posted on August 5th, 2006 at 1:13 am
Tom
I agree that you should do SOMETHING. Silent redirect would be great in this case.. But that would only work with specific case by case incidents. A redirect with a landing page that states the site could be infected or pose a security threat then that would work too. But for goggle.com it would be better to just silently redirect.
posted on August 5th, 2006 at 1:14 am
Josh
Block it at first, explain to the user what the website is, and give them a choice to go to Google.com or continue to Goggle.com IMHO
- Josh
posted on August 5th, 2006 at 1:16 am
Anonymous
Why not do a mixture of # 1 and 2? I think something like this would be slick: Show www.google.com inside of a frame and put a thin “information bar” style frame on top that says “goggle.com is a known typo-squatter. However, if you meant to go to goggle.com, click [here]. [close this frame]”.
Kind of like how google image search works when you click an image search result.
posted on August 5th, 2006 at 1:17 am
Tom
Option 2.
posted on August 5th, 2006 at 1:18 am
BugSaif
Option 2
posted on August 5th, 2006 at 1:19 am
Joshua Lange
I believe in option 3. Even though the user may not want to visit goggle.com very often it doesnt mean the site should be censored off the internet. Such a precident can have a negative effect on the face of the internet. If a major ISP were to adopt that policy it could mean the end of competitive sites with similar wordings, etc. Similar to what Net Neutrality tries to preserve, in a way.
posted on August 5th, 2006 at 1:20 am
drk
My preference would be a page that said “you have entered a URL that … .. did you mean to type www.google.com (or whatever)?
Pbe be warned that is and is a source of malware and a typosquatter and may cause your computer harm.
Click here to continue to or to continue to the real site.
In my mind covert blocking without informing the consumer is nothing more than misdirection and censorship - no matter how well intentioned - and the consumer should always be given the choice of continuing to the site they have chosen - if they want to
no site should be blocked because of content - no matter how repugnant we find it ourselves - that way lies net-censorship and your favourite site might be next
posted on August 5th, 2006 at 1:21 am
julian
Option 2 methinks, just make sure the links are big and clear and if you can, make it so whacking Enter/Return sends you to Google.
posted on August 5th, 2006 at 1:21 am
Seif
I think that doing a transition page is the best way to go. I’m glad to see that people are feeling that goggle.com is an outrageous act on a typo.
posted on August 5th, 2006 at 1:28 am
andrewcool
Is it possible to make it into like a page, where we get a choice of where we want to go.
That would be the best choice.
posted on August 5th, 2006 at 1:28 am
Speed up your internet, quickly. at Carbonite Life
[…] OpenDNS is a new service started by one of the former folks at CNET that claims to make your internet “Safer… Faster… Smarter…” and I have to say, it really works. It’s one of the best security and speed implementations I’ve seen in a while, no settings to configure all the time, and not only that, it’s not hard to configure. Just enter in the name servers into your router or computer and restart your browser, it couldn’t be easier. Just recently, they discovered that Goggle.com was being directed to a spyware application and asked it’s users if they should redirect the URL to the real Google.com, what do you think? Post this!These icons link to social bookmarking sites where readers can share and discover new web pages. […]
posted on August 5th, 2006 at 1:28 am
Lars G. Skjellerup
Why can’t you let people decide for themselves
- If they want to be guided by the hand in the wild and dangerous world of the internet, then they will have to install a program on their computer that guides them.
An DNS service is (to me) only (and nothing else) than a switch, translating an URL to an IP.
All other work are to be done on the client computer.
I don’t need another “Big brother” watching over me.
posted on August 5th, 2006 at 1:29 am
Caius Durling
I think you should do option 2. Everyone is happy to not get spyware unless they explicitly go there, and you aren’t censoring the internet from people (playing big brother.)
posted on August 5th, 2006 at 1:33 am
Jack
I think a simple redirect to google.com is best.
posted on August 5th, 2006 at 1:36 am
Tony
I saw this article on digg and have to put in my two cents.
just redirect it without anyone (besides the B****rds who set up the site) noticing. it’d be the best way to go because nobody wants to have that much s*** on thier computer without thier permission.
posted on August 5th, 2006 at 1:37 am
Rasmus Larsen
I think a version of the 1st or 2nd solution is best. This gives all the not so tech-savvy users typoing google.com a chance to survive goggle.com (especially if they’re using IE).
posted on August 5th, 2006 at 1:42 am
toph
The gateway idea def. be informative in it though
posted on August 5th, 2006 at 1:44 am
Brendan McClure
New option: Have an additional category of redirects from squatter sites that can be disabled from the Preferences menu (not sure what the default should be, still a touchy issue). That way everyone can make their own personal decision.
[ by the way, just learned of this site from this discussion, linked to on digg. Started using the service a moment ago, quite spiffy! ]
posted on August 5th, 2006 at 1:47 am
goggleBOX
I am somewhat of an expert on the mistakes that can be made between Google and goggle. I have been using this user name for about 8 years, long before I had even heard of Google.com. As Google is now my preferred search engine I often ended up at goggle.com due to the fact the word is drummed into my head. I can safely say I have never wanted to go to goggle.com. I have actually gone to the “extreme” step of adding a redirect to my hosts file to fix this problem.
For all possible typos you should offer the user a transition page. If you automatically redirect users away from any legally registered domain you open yourself up to all the pitfalls other censors faces. Just look at the backlash Google has taken over the China issue. Will you redirect Chinas users onto government preferred sites because the Chinese government tells you the correct domain is considered a typo in their country?
You should also offer the ability to easily bypass the filtering. You could bypass any filtering by adding a prefix to a URL. This prefix would normally cause a DNS error but, hello, what sort of company are you again? I.E. you could enter “http://goto=www.goggle.com/” to go straight to the website, bypassing the openDNS filtering. “http://redirect=www.goggle.com/” could be used to access the redirection page if you have clicked the remember this choice option in the past.
posted on August 5th, 2006 at 1:47 am
Jona
Option 1.
posted on August 5th, 2006 at 1:51 am
Stevieo
I would like to see these guys blocked. I can’t believe they get away with such blatent rip-off. But I’m sure you would ultimately get litigated.
However, if we, as users agree to terms of service that explicitely state ‘we allow you to exercise discretion and disallow the display of certains sites that you deam as misleading or sources of spyware’, then the issue should never go to court. However, trial system has a bad record of throwing out frivelous litigation and trial judges dont’ really understand the tubes (internet).
I really don’t want your wonderful service to be hurt by having to battle with the evil folks out there. However, I don’t like the cookie idea because I never allow cookies on my PC.
I wouldn’t mind you having multiple DNS services, with varrying degrees of domain name filtering. So someone wishing to be prompted (to choose) can have that option.
posted on August 5th, 2006 at 1:54 am
Halina Goldstein
I prefer Aashish solution above: Give us both a warning and a choice
Thanks for a great service btw!
posted on August 5th, 2006 at 1:55 am
Hugh M
OPTION 1 ALL THE WAY!!!!
posted on August 5th, 2006 at 2:02 am
Ahmed
I think option one is the best way to go, there is no legit reason for anybody to be going to goggle.com (you want a pair of goggles? yeah right). I wouldn’t mind the redirect, although to be honest i just use the search feature in my browser instead.
posted on August 5th, 2006 at 2:04 am
web design uk
I totally agree that malware/adaware sites should be shut down with no warning to the owner of the domain or hosting.
As for goggle.com I’m not sure but I think there’s a rule somewhere stating you must allow users the option whether or not to download thier nonsense. This site just pops up spyware.exe with no prior warning. I’m sure a lot of people have downloaded this after believing their false testimonies.
NoAdaware. It should be illegal to promote yourself as an anti-spyware company, tricking people, and wrecking innocent user’s computers.
Go for the kill. I say redirect it straight to google.com. Forget a ‘this site is lame’ splash page before redirection. We don’t want any memory of this spyware company.
-Sam
posted on August 5th, 2006 at 2:05 am
Nolihc
I don’t think it is your job to say something is ethical or not, censoring is bad. Redirection from not excisiting domainextensions is the reason for using openDNS.
posted on August 5th, 2006 at 2:12 am
Jason Kitcat
In cases where the domain is mispelled but has been registered I think an intermediary page is the best option to take.
Thanks for asking!
posted on August 5th, 2006 at 2:16 am
elmimmo
NOBODY will be wanting to go to gOggle.com voluntarily. I understand that the difference between good censorship and bad censorship is separated by a very blurred line.
However, in this specific case, do not even bother mentioning the surfer he made a mistake. gOgle does not even deserve that kind of publicity. Just silently redirect them to gOOgle.
posted on August 5th, 2006 at 2:21 am
phated
A site that read “Did you mean ‘www.google.com’?” - a là Google - would work best. IMHO.
posted on August 5th, 2006 at 2:22 am
jay
How about just using a sandbox for the Web broser to fight these attacks?
Nobody is going to get rid of typos. Just ask any English teachre (:-)).
Here is our contribution
http://www.trlokom.com/product/spywall.php?
See if goggle.com can hack you with SpyWall protecting you.
posted on August 5th, 2006 at 2:23 am
David Rickard
Definately option 2, BUT, it should explain why the site is bad, and not re-direct automatically. Tell people they are entering things wrong and it could be a bad move. Tell them all about it, then offer a link to both sites. You’d hope that they would read it, understand, and then in future go to the right place first time. You can’t save people from themselves, but you can at least inform those who can be informed!
posted on August 5th, 2006 at 2:23 am
JF
Option 1 or 2, please
posted on August 5th, 2006 at 2:27 am
Moritz
just curious: if you redirect the dns entry for goggle.com to a page displaying a warning - how can the user access the goggle.com page if he really wants to? because the A record would still point to your warning page?
posted on August 5th, 2006 at 2:32 am
Jerry
Choice is always good. Informed choice is better. Most users (I’m thinking of my mom here) want neither, and telling them about malware, etc., will only confuse.
I understand the implications of just silently redirecting, but in this case, who would want to go to goggle anyway? OpenDNS (the Internet equivalent on neighborhood watch?) has safety listed as a primary concern on its front page: if you guys and the the people who choose to use your service want that safety (like I do), then silently redirect.
posted on August 5th, 2006 at 2:33 am
Linh Dang
Warning page is good, but should not become the usual
posted on August 5th, 2006 at 2:34 am
Danny
I vote for option 2 - just use the standard openDNS phishing page, but add a link to google.
btw - just setup openDNS on my home network tonight, and it’s awesome. Great job guys
posted on August 5th, 2006 at 2:36 am
outsider
What is OpenDNS?
Do everybody get it (OpenDNS) automatically?
I would like to venture into goggle.com but won’t dare - just in case I accidentally clicked more than once and become infected.
Please tell me, OpenDNS, if it were save to venture into goggle.com?
posted on August 5th, 2006 at 2:38 am
Sean Straus
Definately number 2. Choice is good. You can’t just go around deciding what people want and redirecting them, but at the same time most people probably do want google.com. I would invision showing the page at gogle.com but putting a banner across the top of it saying “Did you mean google.com?, Click here”. Similar to what google itself does with a misspelled item.
posted on August 5th, 2006 at 2:41 am
Ben
i like the idea of an opendns header
posted on August 5th, 2006 at 2:42 am
thoughtcube
I vote for option #2.
Something along: “You asked for goggle.com, but you should know that it is a dangerous site that thrives on people reaching it because of typos.
If you wanted to reach the search engine Google, click here.
If you want to visit goggle.com despite our warning, click here.”
posted on August 5th, 2006 at 2:44 am
Varun
Just do what google does for spelling errors. Display the results, with a little bar on top that says “Did you mean www.gooogle.com“
posted on August 5th, 2006 at 2:46 am
Matt
My personal choice would be for option 2. I would be happy with option 1, but 2 seems the safest.
posted on August 5th, 2006 at 2:57 am
simon
It would also be cool to have a link to a removal tool in the warning page.
posted on August 5th, 2006 at 2:59 am
LJ
Definitely option 2. I think you’re being very sensible and mature about the whole issue, which is admirable considering the amount of hassle they’ve caused you.
@Sal, the legality of the domain is not in question. However, it’s very similar to one of the most common websites on the internet, and the vast majority of the traffic on that site will be due to a misspelling.
In normal cases, you’d leave users to realise their mistake and just correct the typo, but Goggle’s website is obviously filth and attempts to install spyware/adware without asking. A single typo could result in hours of tech issues.
posted on August 5th, 2006 at 3:00 am
Jernej
just make a hosts entry and redirect to some warning page stored on hdd.
posted on August 5th, 2006 at 3:04 am
Ivan Minic
Murder death kill!
posted on August 5th, 2006 at 3:09 am
Zufoo
I would prefer a warning page like Ervin J said.
The problem with just silently redirecting is that the user may continue to visit google.com by entering goggle.com so if they ever use someone elses computer who doesn’t use OpenDNS or start giving out URL’s to their friends they could be forwarding people to spyware sites without knowing.
posted on August 5th, 2006 at 3:10 am
Dave
Option 2.
Two links, one to google.com and one to goggle.com.
Also something like a 5 second auto redirect to google.com could also be nice.
But then again Option 1 is also a safe bet.
Maybe you guys could setup two sets of DNS servers? One set that employs option 1 and another that uses option 2.
posted on August 5th, 2006 at 3:10 am
Pat Villani
I have to agree with others in that redirect is a bad choice. Someone may have legitimate reasons to go to such a site, i.e., testing malware prevention software, research for an article such as this, etc. The warning page is best, and I suggest tracking hits/choices made and placing links to these statistics on the warning page. It will be fun to watch the effectiveness of the warning page.
posted on August 5th, 2006 at 3:15 am
Jamie Thompson
Why not make an Iframed page, with a heading like an interestrial al in the iframe saying this iste is blah blah blah…. Click to go to Google Search Engine. Of course in the Iframe load up goggle.
posted on August 5th, 2006 at 3:17 am
Orin
Strike one: three pop-ups blocked right off the bat
Strike two: unrequested prompt to download ‘noadware.exe’
Strike three: ugly, ugly frameset that apparantly hasn’t been updated since ©2004
If anyone actually wanted to go here, they’d go to the company’s real site: NoAdware.net (which is also phishy-smelling).
To me, this is THE classic example. This should be listed as a feature on the front-page. I mean, I set my grandma up with OpenDNS. If Grandma went to goggle.com now, she’d end up crying. Anything that makes Grandma NOT cry is a good idea.
posted on August 5th, 2006 at 3:34 am
Anonymous Coward
I suggest “2a”. That is, take me directly to google, but put up a frame at the top that says:
“OpenDNS thinks you probably wanted to go to Google, so we brought you there.
.
Click here to remove this frame.
Click here to really go to Goggle.com.”
This provides what the user wants without any additional work, and gives the option to do just what was requested.
posted on August 5th, 2006 at 3:38 am
REETS
I think this would be a good idea where a site could be accidentally typed wrong and the result could be a bad or stupid site. I love OpenDNS and can’t wait to see what is instore for the future!
Keep up the great work!
posted on August 5th, 2006 at 3:45 am
Halans
Hey, that’s why we are using OpenDNS, right.
If we didn’t want to be protected from that crap,
we would use our ISP’s DNS settings.
Still, would prefer option 2, give us the option to continue.
Love what google is doing for the malware sites, too bad they only use an interstitial for the main link though, and not for the snippet links they put below the main link.
posted on August 5th, 2006 at 3:46 am
J
I would like the filter page suggested by the other readers to be implemented, I think it allows protection but also freedom of choice.
posted on August 5th, 2006 at 3:47 am
Esrun
This is ridiculous, it is not your right nor job to even be considering editing any access to sites because you don’t feel they’re appropriate. The bottom line is you cannot police the whole internet so you would be targeting sites unfairly. How you can straight out call this a typo domain squatter I don’t understand! “Goggle” is actually a real word as found in the dictionary.
posted on August 5th, 2006 at 3:47 am
WhizzMan
Just make sure your sister doesn’t have an open/flawed computer system, if I visit this site using a non-windows computer, nothing bad happens. Don’t try to fix this by blocking a list of thousands of sites that change daily, fix the cause, an unsafe computer.
posted on August 5th, 2006 at 3:50 am
null
Use different configs for different nameservers. Then each user can choose what kind of “help” they want just by picking the appropriate server for their network config.
posted on August 5th, 2006 at 3:55 am
Terry Rich
If you are going to have a page saying “This is not the page you were looking for” you DEFINATELY need to get permission from Lucasfilms to have a picture of Obi Wan Kenobi. Oh, and the 2nd option seems the best.
posted on August 5th, 2006 at 3:56 am
Jonas Arnfred
I would say option 3.
People need to be educated, not nursed. We have probably all been infected with spyware at some time or another, but then we’ve learned something from that experience and moved on. It’s terribly irritating but nevertheless I think internet users should educated to take the decision whether to install something from an unknown site.
The warning is not a bad idea, but there is a problem with that solution, because as soon you start warning people, they will expect to get warned when they stumple upon a dangerous site. By placing warnings a few websites, you might actually approve of the rest in the users eyes. “Hey, i wasn’t warned, how was I to know that it was a bad site?”…
I vote for solution 3. I believe that even my sister will someday learn not to download malicious software from the internet.
posted on August 5th, 2006 at 3:56 am
Dan Atkinson
Hey.
I’d block goggle.com.
posted on August 5th, 2006 at 4:03 am
Shawn
In my opinion you should warn of the dangers and then give the option of what to do next. Save all us from having to sort it out for people who know no better, the poor souls.
A girl last night told me “I never know what to do so I just click OK or install and hope for the best”, a warning would have saved her PC from spyware/malware a thousand times over. Not to mention the fact that it might actually help to teach these people what to trust.
Good luck!
posted on August 5th, 2006 at 4:03 am
mugget
Yeah, I’d go for option number 2.
Then people realise that they’ve made a typo, and think ‘whoops - wake up self’.
posted on August 5th, 2006 at 4:09 am
James Olson
It should be redirected, it’s obviously a trap set for malware to be installed. You’d be protecting people from possibly harmful code being installed on thier computer. What’s the point of an alternative to DNS, if it doesn’t fix some of the flaws the current system has?
posted on August 5th, 2006 at 4:24 am
CptAJ
You should leave them alone. Its their domain, they can do whatever they please. You’re not “opening” up anything. You’re censoring.
Stop fu**ing up our internet.
posted on August 5th, 2006 at 4:33 am
David Redekop
David, you already know what a fan I am of OpenDNS. I want OpenDNS to become as effective as possible while making sure it never oversteps any boundaries (as arbitrary as those are at the moment, and you are discovering them very diplomatically and democratically).
I am reminded of SORBS. For a while I would implement and recommend implementation of its use to anyone administering SMTP servers. There is no question that a dramatic reduction of SPAM will be the result, but the unfortunate by-product is the percentage of false positives. Their de-listing services are far from perfect. If anyone wants to wreak havoc on you, they can just list your IPs as dynamic or report a message as spam - it has happened all too often to mail servers we have maintained.
We could debate the relative merits of SORBS for a long time, but suffice it to say that I will never recommend its use again because of how it takes control away from the users and in many cases simply gives them absolutely no option at all. I just don’t ever want that to happen to OpenDNS. Keep the users informed, give them options.
Thanks for keeping your dialogue open, guys!
posted on August 5th, 2006 at 4:44 am
amk29j
What about those bars that IE started using for ActiveX controls and stuff at the top of the browser. Firefox has them too for pop-ups, i think. If someone visits goggle.com goggle.com SHOLD load but the little bar should come down and say “WARNING” and explain the site is bad and then “Did you mean google.com? Click here to redirect” or something like that.
posted on August 5th, 2006 at 4:46 am
Ranjit Wilson
Considering all inputs as given, I would stick to option 2.
The user would therefore be informed that they might not be going to the intended site. After all, Google is the most popular search engine on the Web by a long way and is more likely to get a visit than goggle.com. However, goggle.com does need to be checked by an unbiased third-party who specialises in malware sites and once that is confirmed, the solution can be implemented.
By using this option, we are protecting user’s best interests while keeping them informed of what is happening.
posted on August 5th, 2006 at 4:52 am
Jake
I Think that You should just leave it the way it is. However if you contact the webmaster of goggle.com and they are willing to participate in adding a front page to their site, that will redirect to google.com then fine, hopefully they will do this. Adding the site for them, without their permission isn’t fair to them, whether or not their site is worth anything. The people at goggle.com have paid for their domain, and shouldn’t be CENSORED just because we like google.com better.
posted on August 5th, 2006 at 4:55 am
Tom Parker
I would silently redirect to google.com
posted on August 5th, 2006 at 4:56 am
Ron
Option 2. Let us be INFORMED users, not a captive of OpenDNS.
posted on August 5th, 2006 at 5:01 am
Peterix
You should add all three possibilities to http://www.opendns.com/prefs/ ( using some kind of dropdown list or something ) and make the second default.
posted on August 5th, 2006 at 5:11 am
Jordan
in a perfect world, this site should be disabled.
however, we are nowhere near that
a DNS hosting service has absolutely no rights to censor bad sites. First of all, if you were to do *anything*, the domain owners would move the domain, thereby doing absolutely nothing; at least I would think that they would.
Secondly, we are in an interesting position here; mixing two issues; accused “typosquatting” which they are NOT guilty of; and submitting adware, which they ARE guilty of; I think submitting and distributing adware is against some law; I could be wrong though. If in your TOS it says you may not host domains that are distributing or submitting, linking or anything of the sort to adware, then you can terminate their service.
I am in the domain biz myself; owning a name like goggle.com is completely and undeniably legal; regardless of it’s typo status to google.com. I tend to focus on the more generic stuff though, that has no connection with any such sites. This site seems to be taking advantage of google’s traffic as they are really doing nothing with the name’s inherrent generic purpose (goggle’s) so maybe they would lose in a URDP; though legally they probably should not.
the people behind this site are bad; but the only thing you can do is maybe terminate their service; you have NO rights to do anything else.
I wish things were different, but they are not.
If you were to do anything different you could be sued; ironic, but possible.
My suggestion would be to pass this information on to google; have them deal with it.
Good Luck. I’m sorry that my insights could not be more positive with regards to stopping these idiots, but I figured I would just share my honest thoughts. It’s unfortunate that the laws protect people like this but there is only so much that can be done.
posted on August 5th, 2006 at 5:14 am
Better Yet
Make it go to a page that has google in an iframe and a link to goggle outside of it. in white. on a white background. Muhahah
posted on August 5th, 2006 at 5:16 am
jo
Option 2 definitely. Not your place to redirect links. Also, what if http://goggle.com gets sold / tranferred to a goggle mfr co? You don’t want to keep track of the changes in DNS at that level.
posted on August 5th, 2006 at 5:16 am
Michael Linton
Good article, I think you should have a warning page detailing goggle and what it does then off the choice to go to google.com or goggle.com some users may actually wish to visit a malware breeding ground
posted on August 5th, 2006 at 5:21 am
Hugh
Would it be possible to offer the user the choice and then additional choices that can be remembered?
A series of checkboxes:
1- Please remember this choice and direct me to google.com automatically in the future for this misspelling
2- Please remember this choice, and re-direct me for all sites that opendns deems to be typosquatters and/or dangerous in the future
3- Please send me to www.goggle.com and remember this choice- I’ll deal with the consequences
Maybe some other choices, but those to start with seem like a good idea.
Good luck!
posted on August 5th, 2006 at 5:26 am
SamE
#2, please: Allow us the privilage think for ourselves.
posted on August 5th, 2006 at 5:27 am
Brandon
I agree with option number two.
posted on August 5th, 2006 at 5:27 am
carrickr
I’m sorry but the entire redirect silently sounds about on par with the Chinese DNS restrictions and stuff like that. I know blocking one malware site is far from censoring the internet, but I dislike the idea of it all the same.
I would vote for a warning page myself.
Really though this is not something DNS should be fixing. User education is the only way to stop with the malware. Sure you can save them from goggle.com, but there are still six million other hostile sites out there.
posted on August 5th, 2006 at 5:31 am
Jon Brightwell
it should be a browser blacklist and not DNS side. However, an extension to firefox that links to a dynamic blacklist is not a bad idea
posted on August 5th, 2006 at 5:33 am
Daza
I support option 2. If for example you redirected silently, person “A” using OpenDNS would obviously get sent to Google.com . Person “B” using their default DNS would get a different result. When person “B” tries to ask person “A” why, and assuming person “A” does not know they are using OpenDNS, confusion may arrise.
Plus, it’s always good to know things are working. I feel much better knowing that my anti-virus software has stopped, cleaned or deleted a virus, as opposed to silently solving the issue and not telling me.
=)
posted on August 5th, 2006 at 5:36 am
Carl M
Either port it to a warning page, or send it to Google.com. Also, contact that owners ISP and report them as hosting a malicious website and get the site removed from the internet.
I never understood how ISPs let people host that kinda crap on their space. I am a victim of such a site, and had to totally wipe and reload my box once because the virii was so darn bad that I could not get rid of it, period . So I’d like to see these kind of sites GONE!!
Another thought is that if Net Neutrality passes, and the net really is split, the side of the internet we’ll be left with, will be full of this crap. Best t start fighting against it now.
posted on August 5th, 2006 at 5:37 am
Ryan Williams
#2
posted on August 5th, 2006 at 5:37 am
tturow
Provide a warning page.
posted on August 5th, 2006 at 5:41 am
Andrew
Personally I would have to go with option three. Not because I support goggle.com or anything of the sort, rather I believe that the internet ought to carry zero sensors. The internet is about freedom, and redirecting away from goggle.com (despite how corrupt they may be) takes away the purpose of goggle.com
posted on August 5th, 2006 at 5:44 am
Jacob Walker
It’s clear that the page has 0 utility for anyone. That being said, obviously you don’t want to prevent the page from being accessed.
A page that shows a thumbnail of the page, explains what it does, and offers the user the chance to go ahead or the ability to head over to google would be perfect.
posted on August 5th, 2006 at 5:46 am
bMan
You are on the edge of a slippery slope. Currently the end user is ultimately responsible for whatever he/she types in his URL line, whether it’s Google or Goggle or news or kiddie porn. As soon as you “override” the end user’s decision, even with the best of intentions, you have just exposed yourself to incredible potential liability. The courts have always assumed that whenever a user enters a URL address into their browser, their ISP will take them there “no questions asked”. Now you’ve just tossed that assumption aside. I’m not a lawyer, but if I was — and if I had a client charged with doing something illegal via the internet — you can bet I’d subpoena you to testify in court that your “service” did not invisibly redirect my client’s innocent URL request to something nefarious. Lawyers and the courts have been fairly naive when prosecuting and defending internet -related crimes, but that won’t last forever. And if you start redirecting search requests for any reason, you can expect to see the inside of a lot of courtrooms in the future.
posted on August 5th, 2006 at 5:48 am
Allen
I like the idea of combining option 2 with a cookie to remember the choice.
I’ve helped far too many novice and casual users who have inadvertently been to these look-a-like pages and been infected and would appreciate the reduction in work load
posted on August 5th, 2006 at 5:52 am
Matt Foxtrot
I think that Option 2 is the best. Of course - it’d probably also be good to give them a link to direct them to goggle.com - should they really wish. You can have the two options read “Go to Google” or “Open the Can of Worms”
posted on August 5th, 2006 at 5:52 am
Alt
I recommend option 2. Dont let these type of people on the internet.
posted on August 5th, 2006 at 5:53 am
MikeOR
DNS is not the place to fix this. DNS needs to be neutral. Whilst this site is a real pain, the solution may be to get the registrars to act against bad sites. They are a major source of the pollution on the internet and whilst some of them notably Tucows and Go Daddy are very responsible, there are a few bad actors allowing the spammers and malware artists to run free.
posted on August 5th, 2006 at 5:56 am
bMan
One more thing — the owners of Goggle.com are obviously trying to force Google.com to buy them out by making their “typo” page as offensive to Google as possible.
posted on August 5th, 2006 at 5:56 am
Chris
Option 2 is the best. It alerts the person that there is potential problem and then allows them to take the action that they believe is the best.
I’ve been discussing the pros and cons of using OpenDNS with friends and collegues and we think its great, but we need to see that its actually blocking content, these types of pages would be great in proving that something is happening.
posted on August 5th, 2006 at 6:03 am
RES
F**k Goggle.com redirect to Google.com
posted on August 5th, 2006 at 6:17 am
James
Option 1 please
posted on August 5th, 2006 at 6:18 am
David Chartier
Silently redirect. Domain squatters of any kind aren’t really doing the internet any good, and malicious tricks like this need to be stopped.
I thought the bigger companies like Google and Microsoft started going after squatters like this? I have no idea what’s involved in an operation like that, but it sounds like they could use all the help they can get.
Silently redirect. Wait - scratch that. Redirect and make a huge deal out of it. After all, this has been dugg; ’silent’ probably isn’t possible anymore anyway. Redirect, and make a huge deal out of it. Let jerks like this know we’re sick of their tricks and the headaches they cause.
posted on August 5th, 2006 at 6:20 am
Serendipity-Crafts
I have not had time to read all the commnets on this topic but as I read a few of them a thought came to mind. When is typo not a typo? Allow me to explain.
My wife and I run a small online business at www.serendipity-crafts.com, why the hyphen you might ask. When we decided to start our online store we checked the name availabilty, it was available, but I hesitated for 2 days before purchasing. When I did purchase it was taken. GRRR. Anyways, long story short there are 2 Serendipity Crafts and we coexist. We share cyberspace, redirect potential customers via links and are happy.
So what would OpenDNS do in my case? Would they decide that the hyphen is a typo and redirect my customers? Or would my customers have to constantly put up with an error page everytime they typed in my address.
One of the early commenters said that this was a slippery slope…I totally agree. Your actions could impact many indivduals who don’t have the clout of Google.
Just my 2 cents.
Serendipity-Crafts
ps…perhaps OpenDMS could just redirect just www.goggle.com and call it a day.
posted on August 5th, 2006 at 6:27 am
Chad W Smith
Silently redirecting is very bad. I mean, silently redirecting is more of a “hijacking” type thing than “domain squatting” could ever be. That’s censorship. That’s taking control away from the user.
Either have some sort of warning - ala option 2 - or don’t get involved in deciding what you think users meant to do.
If you were to do option 2 - you should supply some sort of screenshot of the two websites you are making them choose between. With a frame or some sort of web 2.0 version of an iframe.
posted on August 5th, 2006 at 6:29 am
Bobby
Option 2 would be best!
posted on August 5th, 2006 at 6:34 am
Grant
I think its really important that opendns gives people the choice… I think a transition page would be really great.
You have to address the following points: would you do this for each malware site. What happens if a site has just been hacked? and was hosting malware for more than 3 days. I would also thing that you should let the site know that they are being blocked so if its a case of a hack that they can take action to get rid of the malware.
I believe in giving users the choice, however informing sites that you are blocking them is just as important. give them the option to clean up / dehack themselves before you institute a block.
posted on August 5th, 2006 at 6:39 am
OrthoPod
I vote for option 2. It does the right thing for the users without taking control away from them.
posted on August 5th, 2006 at 6:41 am
Trampish
A page that says, Goggle.com is a harmful website. Did you mean Google.com? Click here or wait while we redirect your browser.
posted on August 5th, 2006 at 6:42 am
RM
I don’t see how you have any legal right to redirect customers away from goggle.com no matter your feelings on their business model.
What they are doing is really no different then drug stores making cheaper versions of brand names with similar labels so people are tricked into trusting them, except that goggle.com is not going to a search engine so people don’t get the product they want in the end.
Putting a warning page up creates a serious detriment to goggle.com’s business for which I believe you are liable and they would be in their right to pursue opendns for damages.
posted on August 5th, 2006 at 6:44 am
Stuart
My *personal* option would be #3 as I do not like someone deciding what’s best for me!
However, I wouldn’t mind too much if I was taken to an option page first, and this option would most certainly help out those less “‘net savvy” (like some of the folks I end up providing support to!). You’d need to make the message nice and clear, providing either a screenshot or a description of the sites involved. I wouldn’t bother storing this in a cookie, though…
Option #1 is a complete no-no - unless you wish to be accused of AOL-style tactics!
ps. Great service guys!
posted on August 5th, 2006 at 6:45 am
Zaxcom
I vote for option 2.
These sound-a-like, typo websites are bad news, one wrong letter and you have a hard drive of garbage.
In fact with two internet surfing teenagers in my house I have already gone and blocked goggle from my router so I dont end up with trashed PC’s if they mistype when doing a search.
posted on August 5th, 2006 at 6:49 am
Nathan
Definately something similar to option 2. I still want the choice to go to a site even if it’s a trashy one
Or mabye give each user the option of choosing between the 3 different options with 2 being the default. Plus you could put ads on those pages and make more mulah. Good for everyone.
posted on August 5th, 2006 at 6:51 am
John Wells
Give a choice, asking the user if he or she intended to type Goggle or Google. Explain what each site is in simple and clear terms. If the user clicks on Goggle, show a warning before proceeding.
posted on August 5th, 2006 at 6:53 am
Fred’s Journal » Archive » OpenDNS, a Better and Safer DNS Network
[…] How did I know about OpenDNS? I came through the OpenDNS blog talking about the annoying domain squatter “goggle.com” (with two ‘g’) that use a common spelling mistake to display tons of ads and malware instead of the Google page. […]
posted on August 5th, 2006 at 6:59 am
kevin williams
#2 with option to remember the choice in the future.
posted on August 5th, 2006 at 6:59 am
owine
i want my sister to get malware.
posted on August 5th, 2006 at 7:00 am
Brian
Option 2
Should we take you to a page that says: “This site is lame, click here to Google” so you know what’s happening?
posted on August 5th, 2006 at 7:04 am
David K
Option 1 for me as long as you ask us for each and every site you do this for. Sites like Goggle.com shouldn’t exist and you can do a lot to make them that way.
posted on August 5th, 2006 at 7:09 am
Bog
Send me to goggle.com. It’s not the job of the name servers to decide how web sites use DNS.
posted on August 5th, 2006 at 7:12 am
iXneonXi
A page with a “Click here to return to the intended domain.” and a link a link saying “Did you mean www.google.com.” would work just fine. I wouldn’t mind that on several pages - the malware ones most definitely. Maybe even another OpenDNS server can have even more typo correction with a frame at the top that is very small for control (settings and incase you visit a page that was spelled wrong and while the site is legitimate at the top it would still ask “Did you mean”).
posted on August 5th, 2006 at 7:17 am
anonymous
So what happens when a legitimate person or business buys goggle.com and this whole fiasco is long forgotten? Do they have to go through the hassle of getting their new, real website white-listed on your family friendly DisneyInternet? Option 3. The Internet is not about censorship or making decisions for people.
posted on August 5th, 2006 at 7:24 am
Jeff
Redirect to Google. Problem solved. This site doesn’t deserve the traffic it gets due to bad typing. It has nothing to do with goggles, and is an opportunistic trap. I would like to be redirected, personally.
posted on August 5th, 2006 at 7:30 am
Chris
Option 1 or 2 either works.
posted on August 5th, 2006 at 7:32 am
Rohan Dhruva
Option 1, redirect silently.
posted on August 5th, 2006 at 7:33 am
Delucious
Option 2.
WITH the option to the correct web site or still continue with the typed web site.
posted on August 5th, 2006 at 7:39 am
SteveP
#2 - informed choice is the best option
posted on August 5th, 2006 at 7:42 am
Gary
Option 2 with an indication of what percent of the requests are for
Google.com and goggle.com. This will give the user a good hint if it was typo. The mini page and a choice would also help.
posted on August 5th, 2006 at 7:53 am
Relnah
Option 2.
That is, warn me but let me have the final say in where I want to go.
posted on August 5th, 2006 at 7:54 am
Chubbs
You shouldn’t do anything. Despite the fact that the goggle.com owners are a bunch of douchebags, if you start “interfering” with websites through DNS, you will open up a whole new can of worms. When you are re-directing websites through DNS, you could start getting “censorship” allegations thrown your way.
A better solution to malware sites would be to create a “warning list” of sites (maybe a FireFox extension) that would warn you (via an audible warning plus an alert box) stating that the site is listed under the “black list”.
Good luck with OpenDNS.
posted on August 5th, 2006 at 8:08 am
Nogg3r5
Let us know its a dodgy site, provide a link to goggle if we want it and a link to google.com. But make sure that it says why we have been directed to this page!
posted on August 5th, 2006 at 8:11 am
Tom Brook
I would show a warning page similar to the phishing filter and then allow the user to decide if they want to continue or go onto the “most similar suitable site”?
posted on August 5th, 2006 at 8:12 am
ricky chiu
as much as i hate this site and everything it represents, OpenDNS should be neutral, who’s to say that just because billboard.com and billboards.com should be merged just because one sounds like the other and the top music tracking site should take preference just because it is more popular. its a slippery slope.
posted on August 5th, 2006 at 8:12 am
david
Option 2, but the warning page must be equipped with an obvious feedback mechanism so that both the page owner(s) and users can “vote” for the legitimacy of the page.
Option 4: provide OpenDNS users with the choice of options 1, 2 or 3?
posted on August 5th, 2006 at 8:32 am
mordes
I would vote for the 2a option and a cookie to allow or disallow automatic redirecting… mom proof the computer (my grandmother gets it just fine my mom is the luddite in our family)
posted on August 5th, 2006 at 8:36 am
Tarun Kovvali
Option 1
Excellent template.
posted on August 5th, 2006 at 8:37 am
PAStheLoD
This is a no-brainer .. option 2.
posted on August 5th, 2006 at 8:42 am
John Edgar
Couldn’t you just do:
-Warning-
OpenDNS as determined the page you are about to enter is unsafe.
Click here to move to Google.com Search
Click here to continue to the site you requested.
posted on August 5th, 2006 at 8:45 am
CrazyLiberal
I’m against any change, no warning not changes. Heres are the primary reasons.
1. Unexpected behavior. If I really did want to go to goggle.com (or any other site thats handled this way, why should I be adversely effected)
2. Slippery slope. WHo decides what domains are bad? When does MS get into the frey and claim any non-MS site is bad?
3. Non-HTTP traffic. What about SMTP? SSH? how do you handle the myriad of ‘other ports? What should have when I send an email to john@gmial.com? I don’t think this idea is fully thought out.
posted on August 5th, 2006 at 8:55 am
Matt BK
Most desirable is an arbitration page, but then you gotta take it away if goggle.com goes legit.
2nd most desirable is just send them to goggle.com
Least desirable by a long way is sending straight to google.com. That’s some creepy chairman mao stuff.
posted on August 5th, 2006 at 8:56 am
Brad
Warning page. I wouldn’t bother with a “remember this” option. Once users see the warning once or twice they’ll learn to type it properly.
A silent redirect would be wrong in my opinion. There are the occasional legitimate reasons to go to harmful sites, such as researching and hopefully fixing the browser flaws that make these sites successful in harming visitors.
Even Google is now warning users about potentially malicious sites that are clicked on from their search results. Good luck.
posted on August 5th, 2006 at 8:58 am
Thad Judkins
I think that you’d open yourself up to more chances of being evil than good doing that. Much as I hate squatting, its currently a fact of the internet and teach people to type what they mean everywhere
I’d say leave the DNS associations completely neutral and let the big companies deal with the problems if they become too bad.
/thad
posted on August 5th, 2006 at 8:58 am
Dude
#3..
Goggle.com is blantant abuse that is obvious to anyone, but if you censor it, then the result will be that over time, the line for what is “Blantant” will start to move.
Sooner or later someone is going to block your site because you will be the wacko abusive site (in their opinion).
Just leave it alone.
If we all agree that tricking people into unknowingly installing software onto their computers should be the crime and for that there should be a trial and a punishment. Sony and Goggle.com both.
If you don’t want the “hours of tech support” then you should have put it in your hosts file pointing it to localhost.
posted on August 5th, 2006 at 8:59 am
Tim H
I support #2 + cookie. Even Google itself does a “Did you mean…” and it’d be good if you did the same thing.
posted on August 5th, 2006 at 9:01 am
Andrew Theken
Option 2.
Just make it obvious that it’s not the actual site, and try to inform the user that they haven’t actually gotten to the point where harm from goggle.com has taken place.
In the OpenDNS response page, add some header comments that indicate the level of threat. I (or someone, maybe you guys) could write an extension for Firefox that would check the response headers for the level of threat, and based on the user preference set in the FF Extension, could choose to be directed without notice for anything 60% bad, etc. If the site exceeds a my user-defined threshold, I am shown the standard OpenDNS “This site is no good, are you sure you want to continue” page. Otherwise, I go on, without notice.
posted on August 5th, 2006 at 9:23 am
CWK
I say redirect silently. Once the underlying site goes from adsense farming to malware, they go from being a nuisance like a homeless guy sleeping on the bench to a mugger who needs to be jailed.
posted on August 5th, 2006 at 9:30 am
Picky
I would go with option number two.
Create a generic page that clearly marks the page as an offending website, and then give them two links:
One to go to the proper website (Google.com, in this case) in much bigger text.
The second to go to the actual website (Goggle.com, in this case) in smaller text.
This way, users using OpenDNS still get the clear warning, but can continue if for some reason they wanted to go there.
By making it a generic page, you guys could reuse it for similar future cases.
posted on August 5th, 2006 at 9:30 am
Andrew
I say don’t fix the typo problem - I really don’t care about handling all domains to big corporations in the interest of saving a ‘free’ internet.
posted on August 5th, 2006 at 9:32 am
Anony
Option #2 would be superior, what I would want my own family members to experience.
posted on August 5th, 2006 at 9:45 am
Bull Dog
Option 2.
Text on that page saying somthing to the effect of: Oops! Did you mean Google.com or did you mean goggle.com (known to contain spyware as of xx/xx/xxxx)?
posted on August 5th, 2006 at 9:47 am
withheld
Option 2 since this will be applied by some judgement, and that judgement could be wrong.
posted on August 5th, 2006 at 9:54 am
Carl H
Wow, this is a pretty tough question. At first I go “hell yes, redirect me where I really want to go, this goggle.com site is atrocious.”
However, what sort of precedent does this create?
posted on August 5th, 2006 at 9:55 am
ThomasB
Redirect the site, these people are typosquatters and are in it only for the money, they have no morals what so ever, and this is shown by how they are currently using the domain until they can get so many complaints to google that the big G feels it needs to pay what ever insane price these morons are wanting.
If I walked into a Bank and said my name, which would sound a LOT like yours, tried to take money out of your account, and the teller didn’t notice the one letter different, what would that be?
Typosquatters are not a crime, *yet*, but they should be.
posted on August 5th, 2006 at 10:00 am
El Cerrajero
Option number 2, no doubt, because is useful and provides information for noobs.
posted on August 5th, 2006 at 10:01 am
sbarker
Silently redirect me. Please and thank you.
posted on August 5th, 2006 at 10:05 am
Culvertboy
Organize a class-action suit for those damaged by malware. When someone intentionally injures another, this is where our system of justice can work well. Sue the bastards. And block them. And be sure OpenDNS users know you do this and list the cases where you do. And if they sue you, countersue and let the fun begin.
posted on August 5th, 2006 at 10:37 am
chilote7
Option 2 is the best choice. Redirecting directly can’t be an option, but there’s got to be some kind of protection for this sites.
posted on August 5th, 2006 at 10:40 am
dkeav
i like option 2, but you might also throw in a 5 second automatic redirect to the corrected site, giving the user a 5 second option to go to the typo site if they want, but still keeping it kinda automatic
posted on August 5th, 2006 at 10:41 am
tuna
option 2
posted on August 5th, 2006 at 10:41 am
Charles
What about www.hotmale.com… :p
posted on August 5th, 2006 at 10:42 am
Peter
#1 would be best and most efficient, but #2 is funny.
#3 is the only bad choice.
posted on August 5th, 2006 at 10:48 am
MrPeach
This question actually leads into several areas in which openDNS could be helpful to it’s users. (note: I have only just became aware of openDNS a half hour ago, but have been thinking about these issues for a very long time)
For all the issues listed below, a redirect page should be used that lists the reason(s) they have been sent here, the option of going on to the site, or possibly the option to go to another more appropriate site.
1) transient domain protection - you know, those domains that get registered and then cancelled before they have to pay for them. Any domain that has been created in that timeframe should be redirected.
2) typo pages - you could maintain a list of typo squatters, and redirect them. Offer them the option of going to the “correct” page.
3) domain squatters in general - these all forward to a small set of IP addresses, there shouldn’t be much difficulty in detecting that the requested page is going to one of these oafs, and redirect them.
4) Pages/domains known to host malware, spyware, etc - recently google has been used as a tool to locate “fingerprints” of malware, etc. and domains that are hosting these should be redirected.
Perhaps even add a paid service that isolates “hate” sites, “porno” sites and so forth. These would be meant to catch the most egregious of sites only - not stuff like Boing Boing or Suicidegirls which only occasionally have mild stuff on them. Personally, I just don’t wanna stumble upon pictures of naked chicks or guys d***s while I’m browsing (unless I’m in the mood for that crap that is). ^_^
I tell you, offering a service like this should make money hand over fist!
Good luck guys, and I hope your service delivers on it’s promises.
posted on August 5th, 2006 at 11:02 am
Aaron
Go with option 2 letting the user know they made a mistake and you think they meant what ever and then give them a choice
posted on August 5th, 2006 at 11:12 am
Muerte
You should actually just send them to google.com, with a small Web 2.0 style bar at the top that asks the user to click the refresh button in the browser, or click on a link in the bar if they’d like to go to goggle.com instead. You should assume it was a mistake, as nobody would want to go to goggle.com unless they wanted to run tests or something.
posted on August 5th, 2006 at 11:23 am
Doug
I say option 2 - (though message text may be revised) - something more detailed to the user so they identify their own typo and it gives them some education on what WOULD have happened - this MAY help them to be more careful so when they aren’t using open-dns
posted on August 5th, 2006 at 11:24 am
Arkab
#3 is the only option you can take without sliding down that slippery slope. Once you make a choice for someone, the second or third choice gets easier to justify. Today it’s goggle, tomorrow maybe it’s some political or religious cause you don’t happen to agree with. Even a warning gives you editorial control over other people’s internet experience. Please resist the temptation.
posted on August 5th, 2006 at 11:28 am
r@dix
Well - I`d work with a couple of lists containing known typesquatters and ‘nasty sites’:
If a user requests eg. goggle.com, there should be a redirect to a site which says:
‘Warning - goggle.com is currently registered as a nasty site. Did you mean google instead?’
The site should provide links to the requested site (first position) and ‘probably meant’ sites (other positions).
There should also be some cookie mechanism to skip the check.
I think that would be be fair for all parties.
posted on August 5th, 2006 at 11:31 am
Brian
Malware:
If you run Windows, browse from a virtual PC (free) or don’t let your lil’ sis be admin.
Phishing
You can’t rely on a 3rd party to block you from your own stupidity. Eventually you’ll be in a situation without it and, being trained to rely on these training wheels will burn you, or the one time they aren’t aware of a problem site you may have to be the first duped.
Breaking/modifying your DNS service like this may have major unseen consequences. Changes in the way the internet works like this should be implemented solely on the client side by either a LAN DNS (for a business) or a service running on the clients PC.
This really needs more R & D. It is a fantastic idea, but needs to be tested by security experts, and network engineers for about a year before I’ll adopt it.
posted on August 5th, 2006 at 11:41 am
Ben
Definitely option 2. Further, their should be options to just redirect once, or redirectl always, a la Firefox’s handling of SSL certificates that you want accept. A digg style modding of sites that the “do you want to be redirected too…” would be kind of neat.
posted on August 5th, 2006 at 11:42 am
paul
So where do you draw the line? If you start taking any action for some domain that you disagree with for any reason what’s to stop this from turning OpenDNS into a bunch of filtered DNS entries.
Are you going to sanitise the entire DNS so you can feel “safe”. Is this going to extend to your morals? Are you going to redirect sites about satan and nazis to www.cute.com?
Personally I would to a blind redirect to google.com, however someone registered that domain name and it seems like a bad idea to start doing things like this.
The best solution is to take no action. Someone asked to go to goggle.com and you should send them there. PERIOD. This kind of typo check belongs on the client side, ppl need to become more intelligent, even little girls trying to get to google. If anything this is a good leson. You can protect everyone from everything you think is dangerous (which is only your opinion anyway)
If you are going to do something then give a list of ALL similar domain names to the one they typed.
What if they were not trying to get to google.com, but another site with a similar name. Only giving a google option seems naive.
Anyway like is said before, typo filter belongs on the client side or through a 3rd party service, perhaps you should create a OpenCleanDNS? and block all this malware, spyware, porn, etc or call it OpenKidsDNS.
My point is a DNS server shouldn’t be in the business of filter or providing “choices”. It should be a blind service. If it isn’t going to be a blind an unbiased service then it should be BRANDED as such.
NotSoOpenDNS anyone?
posted on August 5th, 2006 at 11:47 am
Tom
Option 2.
If you did option 1, you’d create a maintenance headache for yourselves… what if someone ends up buying goggle.com and puts up something legitimate there? You should at least give your customers the option of going.
If you did option 3, you’d be ignoring one of the main benefits of your service over a typical DNS provider.
If people are afraid of a “slippery slope” they don’t need to use your service. I think if you had a page on your site listing all of the sites you’re blocking for all to see, we could all make up our own minds about your judgement without fearing silent censorship.
posted on August 5th, 2006 at 11:50 am
Einstein
This is malarkie, trying to protect users from themselves. You are trying to port the police state onto the internet. If you type google.com you should go to google, if you type goggle.com, you should go to goggle.com
One, its insulting. Your first assumption is your sister is stupid, and needs to be protected from herself. I think she can quickly identify that was not where she wanted to go, if that was the case.
Two, webcontent is not *dangerous*. A webpage is just that, a webpage, data, information, and pixels on a screen. You need to tell your sister good habits of how to identify malware and avoid it.
Three, you are setting yourself up as a censor or slanderer, if you put a intermediary page up asking “is this where you really want to go… perhaps you would want to go HERE instead”.
I hate malware and spyware myself, with a passion, but you can’t do this. If your sister is too young to learn safe browsing, then you need to have her boot off a bootable linux CD distro that is indestructible and which she can surf any site to her hearts content. My own opinion is that kids should not be allowed on the internet until they are in junior high… but should be outside playing, reading books, etc, instead of glued to a computer screen. There is too much real world basic stuff they need to learn, and the internet is a wasteland of media.
posted on August 5th, 2006 at 11:55 am
Tom
I think option 2 would be the best also. A silent redirect is kind of a bad idea due to the fact that people w/o OpenDNS will continue to go to ‘goggle.com’ while the site/blog owner would never know they linked wrong if they use OpenDNS.
I think that is the way to go, but definitely a redirect would be best, silent or not.
-Tom
posted on August 5th, 2006 at 12:01 pm
demetrius pinder
Option 2
posted on August 5th, 2006 at 12:13 pm
SheFarted
Hey, I use the pimptastic theme too!
posted on August 5th, 2006 at 12:29 pm
Kevin
Option 1, I don’t think that this needs to be a blanket policy, but clearly in this case people intended to go to Google, and the concept behind OpenDNS is assisted and safer browsing, so this would assist people. If option 2 was selected, perhaps there is some way to use a cookie to make the change permanent.
posted on August 5th, 2006 at 12:39 pm
Hank
1. Make your sister switch to Linux
2. su -; echo ‘64.233.167.99 goggle.com’ >> /etc/hosts
3. No Worries anymore.
You can do this in Windows as well…in something like C:\Windows\System\Hosts or some crap.
posted on August 5th, 2006 at 12:50 pm
Tyler
I believe that you should either a: redirect it to the proper google site, or b: offer the users a choice but make it very obvious about their typo ie “You misspelled google, click here to goto Google Search or click here to visit goggle.com, an advertising website”
posted on August 5th, 2006 at 1:07 pm
Cole
Option 2 by far. I like that cookie idea, too.
posted on August 5th, 2006 at 1:44 pm
Keith
Sometimes, you can protect your sister for once, but possibly not forever. Any new computer learner will always have to start from scratch. The only difference between the past MS-DOS users and today’s Windows XP users is that, more viruses are lingering around the planet these days.
posted on August 5th, 2006 at 1:52 pm
chesscanoe
#2.
posted on August 5th, 2006 at 2:05 pm
JimXugle
I would make a page that gives the User The option of the two pages. Use Screenshots of the pages to make it obvious that goggle.com isn’t google. /My/ Sister could realise which one she wanted…. and she’s not that techno-savvy.
posted on August 5th, 2006 at 2:28 pm
kas
Option 2, for sure. Maybe a message like “Did you want to go to www.google.com? The adress you entered is a site which could install harmful programs onto your computer. To continue to go to google.com click here, to continue anyway click here.”
posted on August 5th, 2006 at 2:43 pm
Stu
Option 1. These douchebags are internet criminals.
posted on August 5th, 2006 at 2:52 pm
Brandon
I’m going to have to go with option 2 here. Certainly do not silently redirect, but there should be some kind of alert. Also, include a link to the prefs page so they can turn off the automatic redirection if they want.
posted on August 5th, 2006 at 3:09 pm
Alan
I vote for option 2. Better to let people know what’s going on instead of slyly taking them over.
Or another way would be to give them the option to never have to see that page in the future and be automatically redirected. That way, they get to choose how the redirection is handled.
posted on August 5th, 2006 at 3:26 pm
Patrick
I vote for option 2 as well, but with the option to “automatically redirect goggle.com typos to google.com from now on”.
posted on August 5th, 2006 at 3:38 pm
Pre
Go with option 2
The internet is still the modern day wild west
posted on August 5th, 2006 at 4:10 pm
Denis
How about offering both type of services and let everyone choose? You cannot change the DNS protocol, but having 2 different IPs and have people/admins select which one to use.
On opendns1.com, you get automatic redirection if you mistype. On opendns2.com, you get the warning page. Is that remotely feasible?
About the warning page, it was suggested to have a “remember my choice” option, which I think maybe better left out. The reason is, people will tend to select that option on their usual computer, then continue doing the same typing mistake. One day they switch to another computer/network that doesn’t use opendns, do the same mistake and lands on a malware site again. Since they got use to no longer pay much attention to the site thanks to that option, it is more likely they’ll get tricked in getting something evil on the computer they are on.
posted on August 5th, 2006 at 4:38 pm
Steven French
Bring up a page with a link to google and a warning of why they shouldn’t continue to goggle.com
posted on August 5th, 2006 at 4:42 pm
David Silverthorn
Redirect silently.
posted on August 5th, 2006 at 5:43 pm
Rawnnie
“automatically redirect goggle.com typos to google.com from now on”
posted on August 5th, 2006 at 6:44 pm
Ricky
If you could bring up a page instead that says “Oops you typed goggle.com, did you mean google.com? Or click here to go to goggle.com.” That is my suggestion.
posted on August 5th, 2006 at 6:46 pm
RickFu
I like option 2.
Let the person know *why* you are showing the warning, and give the option. Like some of those before me, I like the idea of a “remember this choice” option as well as a list of sites trated this way (if possible without affecting current service–I’m sure it would be massive).
posted on August 5th, 2006 at 7:52 pm
casey
definitely block it. show a screenshot at most, but i’d rather it just sent me straight to google.com. that’s where people want to go anyway. no one out there is TRYING to get to goggle.com.
posted on August 5th, 2006 at 7:55 pm
Mike
#2
posted on August 5th, 2006 at 8:26 pm
karenology
From reading the comments, I have been dithering back and forth between #2 and #3. I’ll go with #2, since it doesn’t seem drastically different from the services that OpenDNS seems to provide. Especially if the site attempts automatic downloads and other heinous crap that poses a real threat, even to fairly well educated users. I do agree with the slippery slope arguments, though, and would rather see this resolved another manner (i.e. terminating their service on a TOS violation as suggested earlier)
posted on August 5th, 2006 at 10:46 pm
didaio
I like option #1.
posted on August 5th, 2006 at 11:38 pm
Tom
If you’re going to do DNS, do DNS. If goggle.com is properly registered, then serve their IP, that’s DNS. This case is morally pretty clear-cut - but many won’t be, and there’s no clear place to draw the line. IANAL, but I suspect you open yourself up to liability when you start effectively blocking (or even interfering with) “legitimate” sites, no matter how reprehensible their actions.
If you want go defang the squatters - good on ya, more power. But do it with a different service that doesn’t claim to be DNS. Super Lucky Fun Name Lookup or something - but not OpenDNS.
posted on August 6th, 2006 at 12:07 am
Adam
#2
posted on August 6th, 2006 at 12:53 am
Scott McCausland
Here is the bottom line everyone… If you dont feel that OpenDNS should police the internet… dont use OPENDNS. Plain and simple… OpenDNS is revolutionizing what DNS actually is… if you dont like the fact that you cant go to goggle.com then dont use it. If goggle is a typo-squatter, then by all means it needs to be shutdown, but since we cant do that, why not going with a WARNING PAGE and give a choice of google or goggle (which is why OpenDNS is so great, it fixes typos).
People wont willingly going to goggle.com. And if they do, they arent smart enough to be using OpenDNS anyways.
You people who think that the internet should be left unpoliced are troubling me severely, it is our right to make a choice, but shouldnt we have the most informed choice. And most people wont know goggle.com is a typo-squatter until it is too late.
posted on August 6th, 2006 at 1:54 am
Cactus Joe
Ummm … all this discussion is about web page content, but since openDNS impacts all DNS data, how would options be given to mail servers and how should a mail server answer on that decision? This is not just about goggle vs google. This will impact all ‘misspellings’ as decided on by the openDNS.
Although option 2 is noble, I do not think it should be used. I am all for the principle of openDNS, but I am not sure that a name server should “communicate” on the HTTP protocol, since there is no real way that openDNS would know that it IS a web request(, unless of course there was an agent installed on my PC that would report this. I know this is not what happens - no one need get nervous).
I think that if people subscribe to openDNS, and openDNS says they will use their judgement to ‘protect’ the user, then openDNS should simply translate the goggle request on to google. If one does not want this filtering, one should not use openDNS.
posted on August 6th, 2006 at 4:12 am
IQ70
http://www.craiglist.com/
Instead of http://www.craigslist.com/
is a similar problem.
posted on August 6th, 2006 at 5:00 am
Joe Smith
I say that option #2 is the way to go.
posted on August 6th, 2006 at 10:14 am
Sebhelyesfarku
Redirect to google.com from the scumbags.
posted on August 6th, 2006 at 11:07 am
Gareth
In my own opinion you if you wish to do the whole thing correctly
then just go ahead and make a list of mistypes associated with various
sites and the malware typo’s.
Then when someone types in a name on the malware list pop up a
page that shows all the typo’s in the list for that site. Highlight what
appears to be the legitimate site with a short descriptor on the contents
of all the site’s in the list, even the legitimate ones showing.
An auto redirect defeats the point of helping people learn which is the
only way that the malware industry will ever be brought under control.
Sugar coating, aol’ing or other filtering that is invisible will only serve
to encourage people to stay uninformed and uneducated.
You will also need a page listing the known active malware site’s that
can be browsed, heck start a forumn with links to the sites so techies
can share horror stories of cleaning up there malware.
Good luck all around though, a good project you have here.
posted on August 6th, 2006 at 12:05 pm
David
option 1
posted on August 6th, 2006 at 1:10 pm
Mike Dawson
for that exact page (goggle.com) you should redirect silently, since you know 100% that it’s an evil page.
For others like it, take them to a “transition page” that includes a screenshot of both pages (if possible) and lets the user choose which one they want. Maybe say “You typed www.whitehouse.com, are you sure you didn’t mean www.whitehouse.gov ?”
To sum it up, if you know for SURE that the page they typed in has NO value other than malware / evil, ‘blacklist’ it , and silently redirect. Else, let them choose.
posted on August 6th, 2006 at 4:28 pm
Kevin
I say block the site, inform them why, but still have the option to continue at their own risk.
posted on August 6th, 2006 at 5:28 pm
Google Inside » Goggle.com … Some Interesting Results
[…] I was reading up on an article about goggle.com and I decided to do some digging. First off, no results are shown on the Google search engine when doing a site: search for goggle.com. When you go to Yahoo! to do the search, it brings up some even more interesting results: it pulls up data for Google.com. […]
posted on August 6th, 2006 at 6:43 pm
E. Low
Option two. Fo shizzle.
posted on August 6th, 2006 at 6:45 pm
Daniel
Option 2
posted on August 6th, 2006 at 8:17 pm
Raza A.
My personal desires for this utopian world I dream of tell me: Go for option 1… Go for option 2…
Ethically, I beleive, the correct option must be #3.
I believe that if you make it your policy to protect people from their own mistakes, you will eventually be burdened deeply by your responsibility to that purpose. For example: keeping tabs on every child pornography related website on the internet might become part of your role in dns adminsitration. every phishing site. every hate crime site. every site with objectionable or ambigious worth to the world, and what about a website that has an even more grey purpose? an anti RIAA site? would that be your responsibility to take down? who would make that decision?
Where would it end?
This is not your job. Its not what you do. It would be a good thing to do, but the precedent might be larger than this single act, in fact, it almost certainly would be.
-raza
posted on August 6th, 2006 at 9:35 pm
seventoes
Ill take door number 2.
posted on August 6th, 2006 at 11:23 pm
OffBeatMammal
Looks like Google has a similar idea…
check http://offbeatmammal.com/blog/blogs/obm/archive/2006/08/06/Stop-Badware_2100_.aspx
posted on August 7th, 2006 at 1:32 am
Abhishek
I did go with Option 2.
posted on August 7th, 2006 at 1:45 am
Taliesin Hoyle
Provision of choice is not censorship. Inform the user and allow the user to choose. I despise malware but recognise that the web is an open forum in many important respects and that troublesome voices are the health of the forum.
posted on August 7th, 2006 at 5:02 am
WRJ
The best option is #2 but post a link did you mean: google.com or goggle.com and show a preview image of goggle.com via google.com cache or askjeeves preview.
posted on August 7th, 2006 at 5:54 am
Patrick
Hi there, i would vote for a warning page if at all possible, however, it would be even nicer if it can remember the choice one made so that if next time someone goes to the site it will not get the warning anymore.
Why ? If in case the website in question once found ‘dubious’ has changed to a honest person (lets take goggles.com) and does not send out any spyware anymore wouldn’t get the traffic it deserves anymore, and they probably never know that all opendns users will not be able to visit their website!! This would be real bad, as you then are censoring websites which do not deserve to be censored, this should be avoided at all costs!
This is also what i have against the new way google is going to block websites, what if your new website you just registered is a legit site, but the previous owner was not!
Its like traveling with a name of a well name terrorist, and being denied access to a country, just because your name is the same. (god knows how many patricks live in this world!)
Also (and i wrote openDNS about this before) don’t forget to make everything multilingual, English is not the only language on planet earth
Kindest Regards,
Patrick
posted on August 7th, 2006 at 7:00 am
tyler
Option #2, definitely.
posted on August 7th, 2006 at 7:01 am
Jayant
i say take us to page where we can choose!
but i dont think i would mind too much if im silently taken to google as long as i can go to all sites that i still want to
posted on August 7th, 2006 at 7:28 am
Gabriel Bauman
I don’t like the idea of any one company deciding what’s “bad” and what’s “good”, but I see what you’re trying to achieve. The problem is, some domain-name similarities happen by chance. Redirecting people off to ‘what you think they meant to type’ would punish legit sites that are similar in name. I mean, “goggle” and “google” are both legit words.
So, if you must, give me #2 with the following changes:
o The warning page should only be shown when the ‘iffy’ domain name is an obvious mis-spelling of a well-established domain. If the iffy domain name is an english word in its own right, you really shouldn’t block the site unless it’s phishing or doing drive-by downloads or something.
o When shown, the warning page should show which site most other users chose to visit, to help the user make a decision. The warning page should show thumbnails of the sites side by side, so as not to impose visual rank. The idea is to get users to stop and think; don’t highlight one option or they’ll just click it.
Establish some strict guidelines, avoid labelling anything ‘good’ or ‘bad’, and let your users decide which result matters most to them. That’ll keep me happy anyway.
posted on August 7th, 2006 at 3:17 pm
Amos
Another problem with silently redirecting people would be people that type goggle.com and get google would start thinking it’s an official google page and may try it from another computer that is not protected by OpenDNS. If they get a warning page and link options then that would prevent this.
Option 2 is my vote. This is what I would want my wife and kids to see if they mistyped google.
posted on August 7th, 2006 at 6:48 pm
Larry
How about a disambiguation page, ala Wikipedia?
For instance, searching for Castro brings up:
http://en.wikipedia.org/wiki/Castro
posted on August 7th, 2006 at 9:40 pm
Dan - edefence.ca
Option #2. Why? Three reasons:
1) Everyone wants google.com; not goggle.com
2) Users should be made aware of their mistakes; not silently re-directed
3) Users should be made aware of the wankers that try to take advantage of their typo’s, and should feel motivated to take (positive) action against these squatters.
Oh, and don’t forget to add goole.ca, goggle.ca, etc. to the list of squatters.
-Dan
posted on August 8th, 2006 at 9:23 am
matthew
Problem, in the context of DNS handling, there are limits to what can be done, so unless combined with a toolbar, the only practical options are the silent ones.
Redirecting “void” typo’s is no problem, redirecting valid typos, even if most people would not want the alternative, is controversial unless the site is clearly 100% bad.
Maybe some extended preferences, with the “safe” option being to bring up a “XXX is a frequent mistype of YYY. The site exists but may be considered unsafe”
And then some way to select (preferably for each occurence), if it will be passed.
posted on August 8th, 2006 at 9:55 am
Joe
You should take users to a page that says: “This site is lame, click here to Google” so users know what is happening.
posted on August 8th, 2006 at 12:24 pm
Eric
What about domains that change ownership or content? Sure, today goggle.com is hosting malware/adware/whathaveyou… but what about in 6 mos when (bear with me, this is hypothetical) Disney buys the domain and uses it to promote their latest movie?
I guess my preference would be for Option 2 - with a bit of a mod. If you’re going to state that it’s ‘lame’ or whatever, at least put a date of lameness on it. Someone needs to followup at some interval to verify the continued lameness, as well…
My $0.02…
posted on August 8th, 2006 at 2:02 pm
Johnathon Mohr
You should definitely redirect, especially if something is a squatter or a known typo. Someone, somewhere, has got to be keeping a list of this type of stuff. Let’s incorporate it and make the world a better place. Oh yeah and ninjas…yeah.
posted on August 8th, 2006 at 6:08 pm
Tim Parsons
Option 2 makes sense for me. I like the idea of a “report misidentified lame site” option, though. Default “dumb user click without thinking” options should fail as safe as possible. “Remember this choice” cookies should probably be avoided, or given a fairly short time to live, because the internet’s not static and nor are the guys in black hats.
The “DNS should be a black box that does what it says on the label and nothing else” argument is an available choice for everyone anyway. People who /choose/ to use OpenDNS are also choosing a DNS server they know to be external to their ISP, and are making an informed choice, bits on top and all.
posted on August 9th, 2006 at 3:05 am
Fork
I would go with option 2, giving a choice, some people just like to go there lool.
posted on August 9th, 2006 at 11:29 am
Carol
Best would be an intermediate page offering the alternate links:
[1] What you think the user meant (in this case google, the search engine), and
[2] what the user really typed (in this case goggle, a page 99% of users should not visit).
This page could be a template, triggered whenever you become aware of a similar squatter. This format would also be familiar to many users, since search engine results often ask (at the top) if you ‘meant to type’ something else. So the first link would be prefaced with: “Did you mean [google.com]?” The second link would be prefaced with: “You typed [goggle.com], which is a site offering downloads which could harm your PC.”
I would oppose silent redirect, since some (teachers, for example) might intend to get to the site, and turning off your service to get there would be inconvenient — once they realized what was happening. In general, anything of this sort secret or hidden ‘for our own good’ is a bad idea, imo. That way, Microsoft lies….
posted on August 9th, 2006 at 11:59 pm
Drew
Personally I think all three should be options, and you can choose which you want to use from the preferences menu.
Since I, for one, would like option 1, but I know some people would rather use option 2 or 3.
posted on August 13th, 2006 at 1:01 pm
Rob
Just a little English correction (I couldn’t resist). Please consider using the phrase “try to…” instead of “try and…”. The word “and” connotes one thing and another. The web site was “trying to destroy” her computer, not “trying AND destroying” her computer.
I don’t know why this is important to me but I just thought I’d share it and, IMHO, make the world a slightly better place.
Peace,
Rob:-]
posted on August 13th, 2006 at 2:09 pm
MATT
I agree with most post. Option 2 is a great default. But i think that we should have the ability to set in preferances to change it to option 1 under our user prefs.
posted on August 14th, 2006 at 4:12 pm
Tim
Each user should make their own choice as to how they wish to proceed. A first time quick warning or notice is not too intrusive, but let the user decide from that point. Saving and remembering their choices would be pretty nifty.
posted on August 16th, 2006 at 6:13 am
Midge
Option 4 - nuke the site off the internet for being a security and privacy risk.
But in all reality, that’s never going to happen. so option 2 would be the logical step.
OpenDNS - you smart fellers ought to build in a reporting function so other squaters can be reported (and verified) then give users who are browsing to those sites Option 2 as well.
Option 2 sure beats browsing to number 2…
posted on August 20th, 2006 at 6:45 pm
David B
I think you should either block or put up a transition “What do you want to do” page as some users have suggested.
I agree, if the root servers were doing this sort of thing, I’d have a problem. However, I look at it this way: I very deliberately have chosen to use OpenDNS for protection. I think I’m making a statement that I don’t wish to see those sorts of sites. I, personally, feel as if my home network is better protected by not resolving these domains accurately.
The ideal scenario, imho, would be an option in preferences: let me choose what level of protection I want. To be totally honest, I would love to see an option blocking most typosquatters as well. In the perfect world, my gateway would never connect to those bottom feeders. I’ll take a 404 to a page served up by those guys anyday.
posted on August 22nd, 2006 at 10:49 am
Shaun McDonald
There are preferences for your domain, on other things, when using OpenDNS. So why not add one for this too. I would like to be able to switch between 1 & 2. Personally, I don’t want 3 (go straight to the domain).
How would the database be updated?
posted on August 28th, 2006 at 10:49 am
David Clements, jr.
I would say redirect to a page like noted above and let the users make the choice. Have it store a cookie on what the choice was made.
Personally I think it is Cybersquatting on google’s property. Of course who would not want that revenue from that cyber fly trap?
The best action I feel for opendns would be to redirect to a page and tell them that this site appears to not be of legitimate purposes, and may infect your machine.
If you wish to continue click here (opendns saves the cookie)
If you wish to go to google.com click here (opendns does not save cookie)
At the end of the re-direction page I would say “If you routinely clear your cache or cookies you might see this page again, this is normal operation.”
That’s how I would do it if I was in your shoes.
posted on August 29th, 2006 at 11:20 am
Venture Beat Contributors » Why do we pay Internet Bad Guys?
[…] These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com. […]
posted on September 13th, 2006 at 12:08 pm
David Lee
Well here is a idea to solve this problem.
First let the ip be able to enable or disable this feature
When enabled it will use a shared database that users are updating
Allow a database where users could input a misspelled url and input the real url. If more then 10 people input the same thing then it will redirect to the new site if url is misspelled. To prevent abuse of the system as in people redirecting sites to fake sites the arghothm will have to check to see if url a that goes to url b and see url b that goes to url c. The url with the most submitted changed of that will be the correct url and the other result will be ignored unless more people submit that and then made the other not work.
I hope you are understanding this.
Another method is to show a page that will say this site might be not what ur looking for and have urls of the correct spelling counted by most dns lookup of the domain name.
The user will be allow to contuine to the misspelled website by hitting countuine to this site. the page will submit a ip based setting to opendns and then reflesh the page. and let opendns give the new page or another way to save some trouble is just make the site go to like goggle.opendns that will show the page . only problem with this is that some sites uses domain names as part of the url so each page will go back to the parsed page.
posted on October 1st, 2006 at 3:06 am
MASA
1 and 2 would be awesome
posted on October 3rd, 2006 at 8:58 pm
Jonathan Dingman
I vote for option 3, just kick ‘em to Google instead
posted on December 6th, 2006 at 8:17 am
Gabe
I vote option 1.
posted on December 12th, 2006 at 3:37 pm
Will
Yes please make it an option so we can block crap sites like this…
Thank You!
posted on December 18th, 2006 at 7:53 pm
Chris
Option 1 or 2.
posted on January 17th, 2007 at 1:21 pm
Joe
Umm wouldnt a website installing malwarewithout your consent be illegal?
posted on January 19th, 2007 at 6:07 pm
Forrest Q.
On my blog there is a video on what happens to your computer (with some dramatic music) if anyone is really interested in the actual process, the permalink is http://forrestquay.wordpress.com/2007/01/21/beware-gogglecom/
posted on January 23rd, 2007 at 3:35 pm
Chris
I think that if someone types in or clicks a link to goggle.com they should be taken to a site where it explains what goggle.com is and on the site it should have a link saying click here to continue to goggle.com (not recommended) and another link saying go to google.com (recommended) that would be simple and it would help everyone. I don’t actually see the problem with blocking goggle.com as there is only one use for it and there shouldn’t be anyone who actually wants to go on to it. (to be honest I have felt tempted as I want to know if it is true) so I’d say option 1 or 2, 3 is just irresponsible. I think that everyone should be warned (tv ads internet ads on major sites like google and eBay) and then people will be more careful. Just an idea.
posted on February 5th, 2007 at 8:11 am
Rodney
Couldn’t OpenDNS provide various DNS choices, or IPs the user could enter, based on the service best for them? I know everyone has different needs and is different. Maybe services based on behavior for option 1, option 2, or option 3, or whatever options become available in the future. I think the decisions should be left up to the user what is best for them, not the government or company. I wouldn’t want a government or company dictating to me or my children what I can or cannot visit. However, on the other hand, as a parent, I wouldn’t want my children accidentally visiting unsafe sites that would risk harming my computer or themselves. Effective tools for such protection should be available for the user and constantly updated as new sites become available or someone bypass the filters that traditional programs aren’t able to reliably prevent 100%. And of course, some browsers do have a place where you can enter restrictive sites through their browser options, not that this is ideal or effective considering thousands of unsafe sites come online daily.
posted on March 11th, 2007 at 12:45 pm
Max Nguyen
I think that option 2 is the best to choose.
posted on March 22nd, 2007 at 2:56 pm
Alan
I agree with those posting that OpenDNS is supposed to be a service to translate domain names into IP addresses, nothing more. Having an extra functionality which offers suggestions when the domain name typed is invalid or non-existent is useful, but what you are suggesting is the deliberate substitution of a different “preferred” IP address for a perfectly valid real one. Go down that route and you cease to be a domain name service and become a new type of portal. If that is where you want to go (for example to become “KidSafeDNS”) then fine, but I’ll have to go back to a real DNS. And how do you address the problem of serving IP addresses to non-html traffic?
Option 3, please.
posted on March 31st, 2007 at 11:34 am
heyllo
hey goggle doesn’t work I tried it with and without popup blocker =)
posted on April 21st, 2007 at 12:54 pm
laconic
For stuff like this that seems obvious it’s probably a mistake, show a page that asks us if we made a mistake (and tell us the reasons why we would possibly want to block it). also have a checkbox that lets us save our answer if we want. you can then save in a cookie.
posted on April 23rd, 2007 at 1:55 pm
Leif Dalands blogg - IT & Annet » Ikke gå inn på denne nettsiden!
[…] kilder hevder at en feilstavelse når du skal taste inn google.com i adressevinduet i nettleseren, kan sende deg til en nettside […]
posted on May 8th, 2007 at 2:46 pm
johnny
Goggle.com is quite an annoying site but if u have a pop-up blocker it wont do a thing except the couple of minutes/seconds u wasted of ur life. ☻
posted on May 9th, 2007 at 10:42 am
Ryan
You should Get McAfee, cause i jsut went to that website to see wat would happen and nothing happened, so yeah, thats your safest bet, plus, it prevents other pop-ups and spyware stuff too. Its a really good investment
posted on May 24th, 2007 at 1:06 pm
Mike
I just visited and just popping one pop-up. More dangerous on IE
posted on May 30th, 2007 at 5:39 am
stuart
i think you should have a page that says that this website is a killer and a lkink to google underneath
posted on November 27th, 2007 at 3:21 am
Omar
Yes, goggle should be directed to Google.
Please.
posted on March 18th, 2008 at 11:33 am
Policing the net » JJHalans » halans.com
[…] which kind of defeats the purpose. Probably a slight oversight by the Google people.Find out more:OpenDNS blogGoogle to warn of badware sitesBBC […]
posted on August 9th, 2008 at 8:16 pm
Jonathan
I think it should redirect them automatically, but tell them that they made a type-o and that goggle is a dangerous site.
posted on June 16th, 2009 at 7:02 am