Apr 21 2008
No one should be surprised that profits are more important to an ISP than the security of their customers. They are a business and the same rules apply to them that apply to any business: if they’re not profitable, they don’t stay in business for long. I don’t approve of the practice, but I am not even slightly surprised to hear that Earthlink is redirecting non-existent domain names to their own search pages in the hope of a small profit. And I’m even less surprised to find that it’s Dan Kaminsky who’s reporting the issue; it is a DNS issue after all. (Side note: IOActive’s web site appears to be down while I’m writing this; I wonder if they’re experiencing heavy traffic or if something else is going on)
The only reason an ISP is going to stop this practice is because the negative publicity outweighs the potential profit. Even though the profits are minuscule, they can make the difference between staying in business or not. More likely, they make the difference between someone in corporate making their numbers and getting a bonus or not. This isn’t a new practice nor is it without it’s own controversy, but as long as there’s a profit to be made by it, non-existent domain name redirection will continue.
Update: IoActive site appears to be back up, don’t know what the issue was. Maybe my ISP was redirecting me to a 404 error?