Tuesday, October 13, 2009

Who Stole My Web Browser?

When you make a mistake typing in a website's name, such as www.microsoft.cot, when you meant to type www.microsoft.com, you're supposed to get an error message from your web browser. Full stop. But that was so last year. Now, chances are that your ISP (Internet service provider) hijacks your web browser to its own advertising page when you make a typo.

Here's what you see when you enter microsoft.cot through RCN, a popular ISP in the Washington, DC area:

And here's what it's supposed to look like when you make a typo or type in an URL that doesn't exist:

This is your basic oops browser error message.

The technical term for what your ISP is doing is DNS (domain name system) redirect. Sometimes it's called browser redirect. The DNS is what converts the words that you type, such as usatoday.com into the actual IP address, (Type in your browser's address bar and you'll arrive at USA Today's website.)

ISPs say that they're offering a convenience, because along with the ads come suggested alternatives for what you really were looking for. Most ISPs also give you a way to opt out of their browser hijacking, though this isn't easy, because ISPs don't want you to opt out of their advertising page. Even if you can find the hidden op-out setting, opting out of the ISPs ads still brings you to a web page that's still under the ISP's control, even though it looks like your browser's error page. In other words, when you opt out of this DNS redirect, you're not actually opting out; you're still going to a web page run by your ISP, instead of getting an error message that's entirely contained on your own computer.

When your browser, be it Firefox, Internet Explorer, Safari, Opera, or another browser, gives you an error message (without a redirect), this what you see in the browser's address bar: simply www.microsoft.cot. When your browser is directed to RCN's advertising site your browser's error message is replaced by something that disrupts your ability to use your web browser the way you want.

What's wrong with directing you to your ISP's advertising page when you make a simple typo? Plenty, as it turns out. When you make a mistake with an ISP that doesn't deploy browser redirecting, it's a simple matter to correct your typo: Just highlight the "t" in www.microsoft.cot and replace it with an "m." When you type in a web address that doesn't exist, you have to delete or backspace over everything in the address bar --for example, www17.searchresults.rcn.com/search?qo=www.microsoft.cot&rn=T2GXqYjiwVxRWms-- and type what you wanted again. That slows down your browsing and makes using the Internet a pain, unless, of course, you never make typos. It's so much easier to fix a single letter than to retype in the entire URL again.

Another problem with browser redirecting is that it takes time for an ISP to figure out that the page you requested doesn't exist and to return an advertising or search page. In contrast, your browser's error page appears lightning fast.

Browser redirection can result in your browser being sent to a malicious website or a link on that webpage leading to a website that's teeming with computer viruses. A simple error message poses no danger to your computer; a redirect could harm your computer and you would never know that until it was too late.

It's also simply wrong. When we type in a URL we expect to go to that website. When we type in a URL for a site that doesn't exist, we expect to go nowhere. It's deceptive for ISPs to send us to their own advertising page every time we make a typing mistake.

If you use Firefox, there's a solution to this deception: the add-on, No Redirect prevents browser redirects. You can find No Redirect at https://addons.mozilla.org/en-US/firefox/addon/11787 . After you install it, you'll need to add your ISP's redirection page URL to the list. Use the wild card, ".*" to exclude all redirects from your ISP. Then check the DNS Error box. Here's how I set up No Redirect for RCN on my computer:

(The instructions on how to do this accompany the add-on, too.) Yes, it's a tad complicated to stop these unauthorized browser hijackings: You can thank your ISP for that.

Fortunately, not all ISPs force redirects. (Verizon doesn't, but Comcast and RCN do.) I'm not sure if complaining to your ISP and the FCC will help, but if we don't do so, then it's certain that this deceptive practice will never stop.

1 comment: