One of the many reasons more than 30 million people around the world choose OpenDNS is a feature called automatic typo correction. It works by automatically redirecting common typos in top-level domains (.com, .net, .edu, etc.) to the right place, so if you type www.google.cmo, and that domain doesn’t exist, we just automatically take you to www.google.com.
Although this feature helps with a tremendous amount of typing mistakes and enables people to stay on-course online, an increasingly popular phenomenon called typosquatting means there are still typos we can’t fix, some of which are much more precarious than a dead end. Typosquatting is what happens when someone registers a domain that’s nearly identical to that of a popular brand: Twtter.com and Twitter.com, for example. It banks on the idea that a fast-fingered typist may not notice that she’s arrived at the unintended site due to an omitted “i”. And since the typo exists in a real, registered domain, we don’t interfere.
Twtter.com is a particularly tricky example. In the case of this site, the typo — an omitted “i” — might not even be apparent at first glance. The people who run this site are clearly trying to capture typo traffic destined for Twitter.com. And regardless of the fact that the site has a URL redirect (the domain in the address bar changes after the site has been resolved), the blatant use of Twitter’s well-known design themes prove the site is aiming to fool people into thinking it’s the real website of Twitter.
Typosquatting is not new, but this sort of high-polish, branded version seems to be on the rise. In the case of Twtter.com, the Twitter.com imposter, the site’s entire function is to get your contact information. A very appealing offer is presented to answer two survey questions and get what is, by all accounts, an awesome prize: an iPad2. It’s unclear what will happen with your personal information once it’s in the wrong hands — it could range anywhere from being used to send SMSs to your cell phone that you get charged for or simply selling your email address.
As with any online threat, protecting yourself and those people using the networks you manage starts with education. Here are three tips for outsmarting typosquatting:
1. Use OpenDNS: It’s the only service that will automatically correct common typos in TLDs, and help ensure you end up at the website you want. OpenDNS solves a large portion of the problem, and also automatically blocks phishing websites.
2. Watch the address bar: Legit websites rarely do redirections like Twtter.com does. Keep an eye on what the site is doing and note suspicious redirects. Also simply note the URL of the website you’re visiting after you’ve been taken there. Is the site the one you wanted? Did you make a typo?
3. Don’t share your personal information: If a website offers you a chance to win a prize, simply for providing personal information or taking a survey, be skeptical. You should never share your personal information online unless you’re on an extremely trusted website.
For businesses, schools and households alike, online safety is of the utmost importance. And it’s all about education. Know what to look for and you can outsmart much of the bad stuff. And use OpenDNS and tell others to do the same.
We’d love to hear your thoughts: We’re considering an opt-in service that would let people avoid these kinds of unintended redirections. Even in cases like that of Twtter.com, where technically it’s a real, registered website. What do you think? Would you use such a service?
JK
Not sure if I would enable that kind of feature on my personal account, but for relatives and coworkers… just show me the checkbox.
posted on September 2nd, 2011 at 2:26 pm
Brad
It should be a standard feature.
posted on September 2nd, 2011 at 2:33 pm
Ant
I would use it, just to save the annoyance of typing the address again. The fact that it will also protect against malicious sites is a bonus. Of course, there needs to be a very solid watch on what gets classed as a typo for what.
posted on September 2nd, 2011 at 2:55 pm
John Riley
I’d be fine with that being a standard feature!
posted on September 2nd, 2011 at 2:58 pm
William Hook
I think it’s a great idea, but I don’t think it should be enabled by default.
posted on September 2nd, 2011 at 3:02 pm
Rudy
I encountered this about a decade ago. I was a CDNow affiliate (remember them?), and one day, I had incorrectly typed the URL as cdnwo.com rather than cdnow.com. I found out that it was also an affiliate site, using mistyped URLs to draw traffic to itself. I can’t recall, but I believe it may also have loaded a redirect as well, just enough to get their tracking cookie onto your computer to make the affiliate sales.
Two things bothered me about it: 1) it was dishonest and hurting legitimate affiliates, but… 2) in a small way, I wish I had thought of it first. ;o) I remember complaining about it, but don’t know if anything happened. At any rate, Amazon took over CDNow’s business and it was all a moot point.
posted on September 2nd, 2011 at 4:09 pm
Notkedbod
Absolutely! We’re sick of the fraudsters and all the evil scumbags who take advantage of unsuspecting (and experienced) Internet users. Children and the elderly are especially vulnerable. We hope you will seriously consider adding this as an opt-in feature in Security Settings right below Phishing Protection! Thank you for all you do.
posted on September 3rd, 2011 at 12:33 am
Bryon
I would definitely use a feature that blocked malicious typo-squatting websites.
posted on September 3rd, 2011 at 4:28 am
Tom
I would use it, mostly to protect my kids and coworkers. I found my way to wwwyoutube.com via a mistyped URL which does the same thing as your example.
posted on September 3rd, 2011 at 6:19 am
Mark Myers
I think that this would be a great idea. Sign me up!!
However, from the stand point of end user functionality, I think it should be the opposite of some of the comments above: I think it SHOULD be enabled by default, with an option to turn it off. Case-in-point: Think about how many home wireless routers DO NOT use any type of security because the wireless router industry has determined that it is best to NOT have the security enabled by default…._
Even though some users in the general population have enough tech savvy to install OpenDNS, most of them will not go back an adjust the default settings after that initial set up.
Just my thoughts.
posted on September 3rd, 2011 at 3:34 pm
bil castine
i would absolutely use the service if provided, and i think most people would benefit by having it turned on by default. i can see the other side of this argument, that you’re actually interfering with someone’s attempt to load a web page so it should be optional, but i think the pros outweigh the cons.
how about an interstitial page when loading (say) twitter.com that would ask if you actually meant to type twitter.com?
posted on September 4th, 2011 at 2:34 pm
Chris
I want that feature for my network. We’re doing it all the time. I wouldn’t mind it being built in or opt-in, but it sounds like a fantastic feature overall!
posted on September 5th, 2011 at 9:13 am
Steven Causey
HECK YES I would use it.
posted on September 7th, 2011 at 12:49 pm
Marty Labatt
+1 @ Mark Myers – good point.
My “vote” would be an *option* with default “on” to redirect typos.
As a “techy” give me the choice AND do what is best for the masses.
posted on September 8th, 2011 at 7:54 pm
rebootwalters
I think that the intersital page is a great idea [an intermediate page asking the end user if it was actually their intent to view the fraudulent page], and should be the default. This way the typeosquatter can’t complain about being filtered, and the end user gets to see that they would have been redirected, and if that was their desire, then they can visit the page anyway. This protects the end user from fraud, and also demonstrates the type of open and honest intent of OpenDNS.
posted on September 9th, 2011 at 4:39 am
Mark C
Great Idea. I think it should be implemented on an Opt-Out basis. Just make it very clear when people sign-up that the feature is enabled by default.
posted on September 9th, 2011 at 2:14 pm
James Riley
I think it is a great idea, and that it should be a standard default option (user switchable, of course)! And like other sites, URLs should be submittable to the OpenDNS Community for voting on whether they should be blocked as a typo site or not.
I know how many times I’ve typo’ed something and have landed on a phishing site / porn site / parking page. This would be a welcomed addition for 1) office productivity; 2) student safety & protection; 3) home safety & protection.
Bring it on! …Oh, and switch mine on by default when it’s added
posted on September 9th, 2011 at 2:52 pm
BlindOldmp
I like the idea of catching the redirect and yes switch mine on by default when it’s added. but there should be the option, which I would also switch on by default of the interstitial page. This is a great idea.
Great product by the way! I run mine on my router so everybody in the house get’s the benefit including my visitors.
posted on September 9th, 2011 at 5:37 pm
BOB BARKER
Cracking idea, keep me posted as to if/when you plan a start up date for it.
A check box for yes / no (opt in or opt out) is imperative though in these days of , invasion of privacy, denial of rights, freedom of information etc etc!
Keep up the good work.
posted on September 10th, 2011 at 1:50 am
Frank Haywood
It *might* be a good idea, but then some ISPs thought Phorm *might* be a good idea and the public uproar that ensued ended in the UK courts.
Virgin Media by default will already redirect you to it’s own search when you mistype a domain as their network detects it and I’ve already told them I think it’s disgusting behaviour to enable by default. You can turn it off, but it should be OFF to start with and only enabled if the end-user wants it.
Anything like this should always purely be on an opt-in basis only as it’s far too easy to be abused by the company in control – I’m talking about you. I’m sure Open DNS doesn’t want to be likened to MicroSoft who always seem to know better then their users.
Yes security is always a good thing, but what are you really trying to secure exactly? So occasionally someone mistypes something and ends up on the wrong site. So what? That’s what they told their computer to do.
I would have thought that someone who knows enough about computers to use OpenDNS is the kind of person who also knows enough not to be stupid and give away their details to a scam site. So why treat your users as if they *are* stupid?
Add the feature if you want, but it must ALWAYS be on an opt-IN basis.
Otherwise we’re just handing control of our final destination over to you and once you have that power, then just like other companies before you, it’s oh-so-tempting to direct people to where you want them to go rather than where they actually wanted to go in the first place.
And finally, what’s wrong with people using bookmarks? I can’t believe anyone would actually type in the name of a site like twitter.com once they’ve visited it once. And most modern browsers remember sites you’ve already visited anyway and try to auto-complete the URL for you.
The more I think of it as I’ve been typing this, the more I can’t see any good reason to add the feature at all. It seems largely pointless unless you intend to redirect people to ads yourself.
-Frank Haywood
posted on September 13th, 2011 at 10:41 am
Nick
Haven’t read all of the replies as I’m at work so apologies if this has already been suggested but would it be technically possible to redirect to an OpenDNS webpage that offered the option:-
You appear to have typed the url twtter.com, do you want to go to twitter.com?
{The [text] are buttons}
[I know what I meant, take me to twtter.com] [Oops, I meant twitter.com, please take me there]
Other than that – good idea but leave it as a manual setting please, many users don’t like being corrected without say in it!
posted on September 14th, 2011 at 2:26 am
John Shamraj
WOW, what a range of responses. Most of them seem to realize that the dangers of landing on the wrong website and then clicking on a “tempting” survey box outweigh the inconvenience of being able to quickly get to the “twtter” website or the “yuotube.com” website when you need to get there in a hurry. Mr. Frank Haywood, on the other hand, doesn’t want anyone to get in his way when he’s hot to get to his twitr account.
Apparently, he also doesn’t make typos. Maybe he should be reminded that OpenDNS is not for immortals like hisself, it’s designed for mortals. I think it’s a great idea, and should be on by default (us immortals can turn it off easy enough, and then we can instantly get to facebool.com whenever we need to)……
here’s a few reasons, and we all know there are many more:
1. I have 7 computers at home,and 20 at work, and they don’t all have the same bookmarks (I’m a mere mortal, remember?)
2. I’m responsible for a lot of other people using these computers, and as much as I have flogged them for every time the wrong finger hits the wrong key, they still seem determined to make mistakes. (can’t stand those darn mortals!!)
3. I’ve landed on many websites like “bankogamerica.com” “symantic.com” and similar sites, and long ago realized that there is a determined, energetic and very clever bunch of people out there who are willing and able to pounce on any mistake to take advantage of others.
4. There are botnets of thousands of computers used to attack other computers, bring down websites, etc, and many of them were infected by one simple click mistake. Many belong to very savvy users, who may have made the mistake themselves, or simply owned the computer while someone else made the mistake. Most of these users, either savvy or unsavvy, have no idea that their computer is infected this way………
5. The “average” computer user has no idea how much trouble one simple mistake can cause, and doesn’t even have a very clear idea of what a “mistake” in the computer world is. There are millions of these average users, none of whom are as smart as Mr. Hayward (oops!)
Anyway, I would definitely use it, and think it’s a great idea. Go, OpenDNS!!
posted on September 15th, 2011 at 6:54 pm
Bob Flaminio
This would be a great addition to the OpenDNS service, but I do feel that it should be opt-in.
There’s a scam going around with typosquatters. Say a scammer registers the domain opendsn.com to typosquat opendns.com. Now a clumsy emailer might send an email to allison@opendsn.com in error. Instead of bouncing, the scammer forwards it onward to allison@opendns.com, and it appears that everything went OK. Except that now the scammer has a copy of the email. And if the mail client caches email addresses (like Microsoft Outlook, for example), every future email to Allison will also route through the scammers typosquat’d domain, revealing who knows what sort of personal information.
For this reason it would be a great value add for enterprises, as well as home users, to have typosquatted domains resolve to the “real” domain. But like I said, opt-in only.
posted on September 16th, 2011 at 9:18 pm
Erich
I would certainly test the service for a longer while to thoroughly see what it does for me and my networks. Then I would decide to stay with it or not. If not, I would certainly express the reasons for this.
Btw, twtter.com and http://www.twtter.com are already blocked in my network by a hosts file automatically updated from the internet and automatically distributed to all computers in my network.
posted on September 17th, 2011 at 1:46 pm
Joshua Todd Cowper
I’d use it, and I think it should be enabled by default, with the option to turn it off.
posted on September 21st, 2011 at 6:08 am
John Howell
I’d use it.
posted on September 22nd, 2011 at 4:42 am
Gordon
I definitely get annoyed when this happens to me.
Many of these sites should be included in the “Phishing Protection” option under security settings. If this is not phishing, then perhaps it is time to add a “Typos” category to the content filtering section. Some providers automatically redirect typos to the correct domain, but I think that is presumptions, and it can be incorrect.
posted on September 23rd, 2011 at 10:49 am
Sam
If this is implemented it should:
1. be opt-in
2. be via interstitial e.g. continue as entered or correct to what we think you meant to type
3. include the “legitimate” URL’s e.g. do you really NEED to twit this?
ODNS is a fantastic service but people should be encouraged to think for themselves rather than rely on someone else to do so for them.
posted on September 27th, 2011 at 11:54 pm
J
Great Idea!!
If a site can be classified as a typo-squatter then you can give the option to automatically redirect to the correct site, else a page to confirm the selection and maybe the user flags it as a legit site or otherwise – not sure if hosts file additions would end up the size of Encyclopaedia Britannica if it was used for user selections!
I think we all need to think up ways of solving such issues – maybe death penalty to typo-squatters. That would certainly prevent them from doing another typo! Maybe laws against typo squatting would allow names to not be registered. there are mnay ways of trying, but legislation would probably get in the way!
posted on October 3rd, 2011 at 3:30 am