VeriSign’s new search facility stirs up anger

PUBLISHER’S NOTE: Please note that, as of 9/29/03, all of your valued Network World Fusion newsletters will be delivered to you from nwfnews.com. If you use filters to manage your newsletters based on domain name, please adjust accordingly.

In case you needed another clue that identity management was the “real buzz,” at least one very interested party has made an interesting claim against VeriSign’s latest initiative.

The party claimed that VeriSign’s recently-introduced site search engine for identifying mistyped URLs was not only a violation of some misguided “right to privacy” but also was somehow linked to “identity theft” (yeah, that ought to get them a headline in the Peoria Picayune).

Last week, VeriSign – which controls the root servers for both the .com and the .net domains – began redirecting browsers to its own search engine site (sitefinder.verisign.com) when its DNS servers were queried but couldn’t find an entry for a URL. That is, where you’d normally get a “404 – No DNS” error returned, VeriSign will send you to its search site.

Most users won’t see anything different, though, since Microsoft’s Internet Explorer will pop up its own “404” screen when a URL isn’t located. Netscape and Opera (the only two other browsers I had available to test) both redirected to the VeriSign site when I typed in an unknown domain name. But since over 90% of Internet users are using one version of Internet Explorer or another – what’s the big deal?

Well, it isn’t a big deal. But it is a chance for people to try to draw attention to themselves as numerous gadflys have done. Even ICANN (The Internet Corporation for Assigned Names and Numbers, and no stranger to controversy itself) has criticized Verisign’s move. The biggest howlers, though, are people who have commercial products to sell such as mail server add-ons that verify the legitimacy of senders’ domains as a way of fighting spam.

Most of the spam I receive contains real domain names in its headers, but they are forged real domain names. Verifying the domain won’t stop them at all.

The anti-capitalists are also up in arms that VeriSign could actually sell advertising on the search page. Well, it could charge every domain holder an extra buck a year to cover the cost, but I’m content to let it be advertising supported. It works for Network World Fusion, why not for VeriSign?

The strangest response I’ve seen, though, is from Anonymizer (http://www.anonymizer.com), the folks who think there’s an equivalence between anonymity and privacy.

In a “how dare they?” e-mail from Anonymizer’s PR folks, the company identifies “major privacy issues associated with VeriSign’s new DNS name resolution service, including the potential for e-mail address harvesting, personal data collection, and monitoring of individual browsing habits.” All that from a redirected DNS search? Hardly – more like all that from any Web page you choose to visit.

There’s nothing inherent in the VeriSign server that makes it any more risky to visit than Anonymizer’s own home page. But just in case that wasn’t scary enough, the e-mail goes on to identify Anonymizer’s mission: “…to bring innovative solutions to market that empower and protect individuals, businesses and organizations from privacy abuses and unwanted annoyances such as identity theft…” Oh look, a buzz phrase! Unfortunately, identity theft is only seen as an annoyance while VeriSign’s helpful redirection is seen as a threat. Lewis Carroll (https://sundials.org/about/humpty.htm) would have had a field day with high tech and its buzzwords.