How your ISP hijacks the Internet

Update: The company that broke the Internet is VeriSign, not Verizon. They sound the same.

Do a quick test: open a new browser tab and in the address bar mash the alphabet keys randomly, then end it with .com. Hit return.

What do you see? It will be different in various browsers but if you see a page that says “we couldn’t find that domain” and not much else, you’re ok. If you see a page with your Internet service provider’s logo and a list of suggestions of what you might be looking for, your ISP has hijacked the Internet.

Wait, what?

So there’s this system called DNS which means Domain Name System. It translates domain names like “google.com” to computer-understandable IP numbers like “74.125.39.103”. It’s a nice system because remembering ugly numbers for websites is hard.

The Domain Name System is run by an international committee called ICANN. This committee manages the Root Servers which provide the authoritative list of translations from domain names to IP numbers.

Your Internet Service Provider runs their own DNS servers which are copies of the root servers. They do this because it makes your Internet faster (usually).

If you ask a root server to translate a bogus domain name it comes back and says “I don’t know” and you get an ugly message in your browser. But at least it’s honest.

Some Internet Service Provider DNS servers have been… “enhanced”. When you type a bogus domain name they pretend to be that bogus server but then serve you a page with some suggestions on what you were looking for. And ads. Always ads.

So?

Verizon VeriSign did this with the root servers a buncha years back and people freaked the heck out. It broke the Internet.

There was one bug where, when Verizon VeriSign impersonated the fake server to feed you ads, they would also accept emails. Meaning if you mistyped an email address it would look like the email was sent but in actually fact Verizon received it. Nobody knows where the emails went. Maybe Verizon VeriSign still has them on file.

This happened with other sorts of programs too. It broke the Internet so badly that Verizon VeriSign had to stop it and ICANN got so mad they made them promise to never, ever do it again. And they haven’t.

Deutsche Telekom, however, does not care. They have broken their Internet because when I, as a Deutsche Telekom customer, mistype a domain name I see an ugly pink page with the Telekom logo and some ads.

The thing about these custom systems is what else they might have done. ICANN has rules and procedures about how to get a domain name, and how your domain name can be revoked if you do bad stuff. There are international tribunal-type procedures for breaking “Internet laws,” if you will. The DNS database is authoritative and complete.

Your Internet Service Provider might have other ideas. Maybe they heard from some government that a website had some dangerous information (like Wikileaks or The Pirate Bay). They can just delete that from their copy of the database. Whoops! You’d never know because you normally assume the Internet is a global, censorship-tolerant, open network like it used to be.

More likely, they’ll just break shit by accidentally accepting emails with mistyped domain names or something weird like that.

Or maybe you’ll just find the stupid ad pages annoying.

The point is what you’re seeing is not the Internet. It’s some weird distorted copy where your ISP changed reality. Like those football games on TV where you see ads on the field that are not really there but totally look like it.

Help.

Luckily you can escape from your ISP’s weird, broken DNS servers. Other companies provide free DNS servers. Notably, Google runs free and very fast DNS servers at 8.8.8.8 and 8.8.4.4.

Changing your default DNS servers varies by operating system but if you search for it you’ll find step by step guides.

Of course, if you change your DNS servers the servers above you are now trusting Google to translate your DNS lookups. Google tries not to be evil, but who knows? If you don’t trust them you can find other free DNS servers.