This is a long post but it’s worth the read. In short, Google and Dell have teamed up to install some software on Dell computers that borders on being spyware. I say spyware because it’s hard to figure out what it is and is even harder to remove. It also breaks all kinds of OpenDNS functionality. At the end, I’ll tell you what we’re doing about it.

About a year ago Google and Dell announced a partnership to include the Google Toolbar on new Dell computers. At the same time, Google was trying to convince the Department of Justice that changing the default search engine in the (then) new IE7 was too difficult (when in reality it’s really simple). Installing the toolbar meant that users would have Google as their default search engine in IE7. It also meant that Dell and Google would share some of the revenue from the advertising clicks that resulted from these installations, much like The Mozilla Foundation does with its Firefox browser.

The computer hardware business has razor-thin margins which means making a profit is tough. So the opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it’s huge. It also means a couple other things:

1. Dell and Google have an incentive to make it very hard for users to turn this off.
2. Because users can’t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page.

The screenshot below shows what the Dell-branded Google search results page looks like when you make a typo in your address bar. You can’t even see the search results in the picture (800×600 resolution) because the entire top of the page and right side are plastered with ads.

This page isn’t being shown to Dell owners just because they have the Google Toolbar. In fact, uninstalling the Google Toolbar won’t get rid of it. Dell and Google are now installing a second program on computers that intercepts all sorts of queries that the browser would normally try to resolve. This program has no clear name and is very hard to uninstall. In some circles, people would call this spyware.

Google tries to explain the hidden software with this ambiguous statement:

Wow. Are you kidding me? In order for a user to get rid of this brokenness the person has to remove a piece of software called “Browser Address Error Redirector?” That barely makes sense to techies and it makes no sense to normal people. Would your Mom uninstall something with a name like that? I don’t think so.

Not only that, but due to some support inquiries we’ve gotten it seems like this software is being installed on older Dell computers that use some sort of automatic update service from Dell. Is this thing spreading? Ugh. How bad is it?

Let’s see what happens with certain queries and what shows up above the fold. For good measure, I’ve included what we do too, for comparison.

Typed               Dell/Google             OpenDNS
Digg.xom            Paid results            Automatically typo-corrected
Digg                Paid results            Shortcut / Search results
Digg,com            Paid results            Search results

As an aside, for every single one of these pages, OpenDNS provides an unpaid link at the top of the page asking, “Did you mean Digg.com?” If Google and Dell were really trying to give users a good experience, they would offer that, at the very least. They are certainly smart enough.

What do we do for the user?

I’ve included a screenshot of what OpenDNS shows people, too, for comparison:

Is Google being true to their roots?

I love Google’s technology, don’t get me wrong. But I think Google has turned a page here. They have now enabled a piece of software that is hard to remove and forces users to look at a really bad page. In fact, Google knows that this provides users with a dramatically worse experience.

Here’s a press release that talks about what people look at while using Google. (You can be sure Google uses similar technology internally.) Here’s a screenshot, with a red-line indicating what is below the fold.

The Dell-branded page doesn’t look anything like that at all. If you were to put a heatmap on the Dell-branded page… well, users can only look at ads. Dell and Google’s behavior here isn’t okay. Users never asked for this experience and they can’t get rid of it!

Moreover, this new “functionality” breaks things. Instead of making DNS requests, the address bar now sends single word queries to Google. This application breaks a lot of OpenDNS functionality our users love. Typo correction? Broken. Shortcuts? Broken. Google’s application breaks just about every user-benefiting feature we provide with client software that no user ever asked for.

We enjoy challenging problems at OpenDNS. But we’d rather spend our time making the Internet better rather than solving problems that shouldn’t have been created in the first place. We know that Google is capable of launching great products and services, but this isn’t one of them.

How is OpenDNS solving this problem?

Fortunately, we have a fix which does not require more client software. OpenDNS applies intelligence to the network, and we’ve stretched a bit beyond DNS itself to work around Google’s mis-directed efforts. Before I get into that, let me digress for a second:

Many of you have toolbars installed on your computer. Some of you have the Google toolbar, some have the Yahoo toolbar, and some of you have Zwinky (Don’t ask… I think little kids use it). These toolbars are able to see every single website you visit when you surf the web. Most report your surfing habits back to the company that operates the toolbar. Toolbars are something worthy to be concerned about, if only because so little attention is paid to them.

Okay, back to our solution. We did not want to enter the toolbar market. We don’t have any interest in it, and we don’t believe more software installations are the answer.

The solution to this problem was to route Google requests through a machine we run to check if the request is a typo or one of your shortcuts. If it is a typo or shortcut then we do what we always do, just fix the typo or launch your shortcut and send you off on your way. If it’s not one of those two things, we pass it on to Google for them to give you search results. This solution provides the best of both worlds: OpenDNS users get back the features that they love and Google continues to operate without problems.

I want people to know (and be sure) that we aren’t doing anything shady. We’re not spying on you. We don’t care what websites you visit. (Check our privacy policy.) Solving the issue like this allows us to fix the problems with Google (and future similar services) without having to route all your traffic through a toolbar or other service.

Below, there is a mini-FAQ. I know a bunch of you are very technical might have additional questions about how this works. We’re happy to talk about it. To keep this post from getting unwieldy I’ve made a page where you can ask all the technical questions you want. I’ll read the comments and update that page with answers as they come in.

Update: Danny Sullivan has a great write-up on this too.

Mini-FAQ

No. We are doing this URL redirection on all of our servers in all of our locations. Loading Google should take no longer than it took before we made this change. Also, all of Google’s other domains like like gmail.com and even subdomains like reader.google.com still work as they did before. We don’t re-route any of those.

No way. Absolutely not. We don’t keep copies of your cookies, your search history or anything else that would cause an AOL Search disaster. Any logs we have for technical debugging are wiped within an hour of the request, usually much sooner. We also aren’t in a position to log it for the government, and we aren’t a front for the CIA. “The Feds” already know that if they want to know what websites you visit they can just talk to your ISP, unfortunately.

Nope, but let us know if you see anything awry.

No. Typically when people try to proxy SSL pages it creates an error. We didn’t want that to happen so we did something we think is pretty clever. We actually just forward your packets on to Google when you are doing anything that is secure. This keeps your data encrypted and ensures we can’t perform a Man in the middle attack on you.

We contacted a couple of friends who work on the security side of things at Google to give them a friendly heads up. They said it’s not a technical or security problem on their end. Based on that we don’t think Google has any problem with it. The technology we’re using is pretty standard stuff.

Courtesy of Matt Marshall, I was asked to contribute an article to VentureBeat. You can read my article, “Why do we pay Internet Bad Guys?,” in its entirety over there or below. Matt has some really great stuff on VentureBeat, so go check it out!

Two weeks ago Auren wrote a dead-on post about the Black Hat Tax that really struck a chord with me. I’ve been paying the Tax for five years with my first company, EveryDNS, and for a few months now with my current start-up, OpenDNS. The problem has become much worse in the last few years. Why? Simply put, bad guys are getting paid. Moreover, the Tax is on users as much as its on businesses. Today we see phishing sites, malware and spyware sites growing at an astounding rate.

Consider the example I cite often when discussing the issue with friends: goggle.com (see image below; not providing a link, bad site), the site that might be the most insidious of all typo squatting and malware sites on the Internet. Goggle.com, an obvious typo of google.com, offers an anti-spyware product called SpyBouncer in addition to being filled with pop-up ads (nb: SpyBouncer claims the copyright on the bottom of goggle.com). The website makes a user believe that their computer is currently infected with spyware and that installing SpyBouncer will get rid of it. They say it’s free to try and the program conveniently finds spyware which it will remove for a price, of course.

Symantec and others all claim that this product is a total scam and that it neither detects nor repairs spyware with any accuracy. Thanks to the accidental traffic that lands on goggle.com by unsuspecting users, SpyBouncer has no incentive to make a good product, they can just fool a new batch of users everyday.

Why does a site like goggle.com exist? Because crime pays, but that’s hardly news. Why it doesn’t get shut down by its webhost (DataPipe) is a good question for another time. What I do want to know is… why is SpyBouncer allowed to run Google ads on its Web site (as they do on the top)? Why are these kinds of abusive software programs allowed to purchase AdWords campaigns luring even more users into this trap? Why is Revenue.net paying SpyBouncer to show ads on goggle.com? Why is Google accepting money from fraudulent advertisers which continues the cycle of malware and spyware? This is why users react so negatively to online advertising. It’s not the relevant and unoffensive advertising that they bemoan, it’s the scams and tricks the advertisers and advertising networks spread around the seedier neighborhoods of the Internet.

These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com.

It’s time that ad networks cleaned up their act and started being more transparent about fraud and abuse. It’s time security companies started fighting the causes of network abuse and not simply the symptoms. There will always be a Black Hat Tax but right now legitimate companies are making it more expensive. That has to stop.