Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: incrediBILL
Comcast is currently targeting Firefox users in the SF Bay Area with DNS Hijacking [arstechnica.com], or "Domain Helper" as they call it, and showing pages of advertisments when inactive domains are accessed.
The new product, which has been tested in trial markets since July 9, redirects nonexistent URLs like www.example.com/clinteckergoatbonedbyhisnewbicycle to a search page slathered in advertising instead of returning the proper DNS error to the browser. Readers began reporting the change to us yesterday.
Just happened to me today for the first time so I thought I'd report it since it has gone live. This whole mess scared me at first because I just upgraded to the latest FF 3.5, perfect timing with a new FF release, and thought maybe it was a new "feature" and I couldn't find any way to disable it. Tested on a couple of machines with both FF 3.0 and FF 3.5, same results, no change for MSIE 7.
So I go check example.com [search2.comcast.com] to see what happens and we got ads, which is amusing because example.com technically responds with the following:
You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.
These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.
If you simply change your user agent to be MSIE 7 the "Domain Helper" behavior stops.
Just to see how much hijacking is going on, I tried CURL from my desktop command line to access a non-existent domain and got the proper error:
curl: (6) Could not resolve host: example333.com; No data record of requested type
So Comcast is definitely targeting just the smaller, yet substantial subset, of Firefox users for this test.
This will most likely interfere with any Firefox plug-ins that link check your bookmarks or anything of this nature.
Gee thanks Comcast.
[edited by: incrediBILL at 4:57 pm (utc) on Aug. 6, 2009]
joined:July 19, 2001
Also it is a real pain if you make a typo when putting a URL in the address bar as you can't just type in the correction as you have to get rid of the opendns URL first.
joined:July 29, 2007
I wonder how long it will be before someone picks up a domain and realizes it's been serving up ads for a while so it has a history already.
Of course if you just want to block everything you can use the following filter...
Gotta love Comcast...they also falsely advertise their upload speed. In example here in Florida when I upload things via FTP the first 10 megabytes are transferred at the full speed of 440KB (or 3.5 megabit) however after ten megabytes have been transferred the speed drops down to only about 120KB (0.96 megabit). Imagine driving on to the highway and you see a sign that says, 'After first 1,000 feet reduce speed by two-thirds; also feel free to look at all the billboards we've put up!'
Why single out Firefox users only, why penalize us with this garbage?
I'm sure I know the answer, but it's massively discriminatory IMO to a typically higher end class of customer to be singled out for assaulting with advertisements.
Could come back to bite them.
Also, the upload thing you describe is a feature called PowerBoost. I suspect you do not subscribe to a tier that has 3.5Mbps upstream right? I'm curious what it is. In any case, PowerBoost allows you to boost over your subscribed upstream and downstream speeds for a brief time.
still goes on here ( if you let it :)..on all browsers
Also, and importantly, I am not sure where the statement that we redirect "www.example.com" comes from. If this is the case, I would like to see the DNS query response, as redirect should not occur. Why not - because a valid A record exists. What you did provide was a link to the resulting search engine with "www.example.com" at the end of the URL string. But it is just a simple search engine and you could modify it with any search in that URL string -- such as the URL of this site (http://search2.comcast.com/?cat=dnsr&con=ds&url=www.webmasterworld.com). Just because you can perform a search on that site with that FQDN appended to the URL string does not mean the Domain Helper service would have performed the redirect and sent you there.
This is *not* just a FF thing, this would work on any browser and you can test this yourself if you have not already opted out.
Per my original post I tested it on multiple computers and multiple browsers here and the only browser showing Comcast ads using my test criteria was Firefox.
Basically, it must have "www." and the domain must be invalid.
That explains a LOT...
I never type "www." in front of anything and Firefox attempts to insert "www." in front of the domain name if it fails without the "www." and some of my other browsers don't do that by default.
Had I realized that it was that feature of Firefox I would've titled this thread differently!
I am not sure where the statement that we redirect "www.example.com" comes from.
I entered it into Firefox without the www. and your ads popped up so you're intercepting more than you think with some browsers, I'm sure it's a Firefox quirk.
Looks like something changed on your end because I tested this on 2 computers yesterday and Firefox showed a Comcast ad page for "example.com" however I can't reproduce that today.
Good to know it's only triggered by typing "www." since I never do that so I'll never see those Comcast ads again as soon as I disable this behavior of auto-adding "www." in Firefox.
Most websites are running "www." free these days and to make sure their domain is canonicalized in the search engines actively redirect from the "www." version to the shorter non-www version, so Comcast is going to lose a ton of type in traffic if you only trigger based on the presence of "www.".
Thanks for clearing it all up and now I know that my domain typing behavior combined with Firefox's automated DNS resolving feature is why it appeared you targeted Firefox.
In my personal opinion, I think folks recognize that we'll lose some traffic but with "www." we know with a high degree of certainty that it is http or https, and so not as likely to cause technical problems in edge cases. It is a more conservative and less lucrative approach but less controversial and less potentially problematic.
BTW, **very** interesting that FF added that www - that really does explain the difference you saw. It had us all scratching our heads here - mystery solved. :-)
You're returning a 302 instead of failing to resolve the host so any existing bookmark or link checkers *MAY* fail to recognize domains that no longer exist if they aren't smart enough to record the previous results to know something has changed.
This is a serious problem breaking people's software and basic functionality of the internet that we depend upon for these automated tools to work that make our daily lives so much easier.
Here's a simple example of how Comcast's interference with DNS will cause issues:
c:\curl>curl -v www.examplethisdomaindoesnotexist.com
* About to connect() to www.examplethisdomaindoesnotexist.com port 80 (#0)
* Trying 208.68.139.nnn... connected
* Connected to www.examplethisdomaindoesnotexist.com (208.68.139.nnn) port 80 (#0
> GET / HTTP/1.1
> User-Agent: curl/7.18.1 (i386-pc-win32) libcurl/7.18.1 OpenSSL/0.9.8g zlib/1.2
> Host: www.examplethisdomaindoesnotexist.com
> Accept: */*
< HTTP/1.1 302 Found
< Date: Thu, 06 Aug 2009 15:23:23 GMT
< Server: Apache/2.2.3 (Red Hat)
< Location: http://search2.comcast.com/?cat=dnsr&con=ds&url=www.examplethisdomai
< Content-Length: 5450
< Connection: close
< Content-Type: text/html; charset=UTF-8
A "302 Found" response is a far cry from an unresolvable domain name so the above will totally fool a link checker that doesn't understand that redirects are a potential problem and people with bookmark lists full of bad links will see COMCAST on every broken page.
Glad I'm not going to be taking all those calls ;)
[edited by: incrediBILL at 4:05 pm (utc) on Aug. 6, 2009]
as in "did you tell them" ? ..or do you just wait for the calls ? ) ..
Our ISP's here never have said anything about it ..they just did it ..with no opt outs ..( except those we hack ourselves ..if we know what they are doing on the sly ) .
Re how we told people and opt-in/out status:
1 - For our tech savvy users who had some time ago statically-configured their DNS IPs: Opted-OUT by default. (The DNS redirect servers have new IPs.)
2 - For the balance of customers, this is opt-out. Most ISPs with experience in this area see 0.1% or fewer customers opt-out over time.
3 - We sent an email to every customer advising of the service launch and with a direct link to the opt-out page.
4 - We announced this on our Network Management policy page at [networkmanagement.comcast.net...]
5 - We announced this on our Comcast Voices blog.
6 - We proactively posted about it on the Broadband Reports web forum and have jumped reactively on many other sites (like this one).
7 - We published an Internet Draft with the IETF describing exactly how the system works and documenting our view of best practices (and I presented this last week to both the IETF and to an ICANN committee meeting).
We have tried to go out of our way to communicate with customers and to go to places they go online, and also to be very generally transparent about the whole thing.