October 23rd, 2003: Don't take my word for it... Take the opinions of several hundred network engineers, among other users: Paul Vixie's survey solicited from the North American Network Operators' Group. I'm pretty sure NANOG knows what they're talking about...
October 7th, 2003:Verisign has obeyed ICANN's demand to suspend the SiteFinder hijack. They're whining like little bitches about how it's "stifling innovation," etc, but at least they took that bastard service down. Whattya know - ICANN showed their teeth. WOO!
Verisign has lost all trust and credibility with this last escapade. I personally consider them untrustable, and will never buy SSL certificates from them again, nor will I ever register domains through their services. I recommend the same to my customers. Wake up, Verisign - you do not own the internet.
|What does this break?
September 15, 2003: Verisign, the US Government-appointed corporation in charge of the .com and .net top-level domains, added wildcard entries to both the .com and .net zones. This action hijacked all unregistered domain names in .com and .net, redirecting those unregistered domain names to Verisign's own advertisement servers. Verisign derives revenue from hits to these advertisement servers in the form of paid advertising sold to other entities.
For example, if you accidentally type "www.ybhoo.com" into your web browser, your connection will now be automatically redirected to Verisign's SiteFinder service. You have no choice - Verisign has removed that for their own financial gain. Be assured that links you click on while on SiteFinder generate revenue for Verisign - up to $150 million dollars, according to their own estimates. All for spending nothing hijacking the global .com and .net zones. Pretty handy.
How would you feel if your telephone company redirected all of the wrong numbers you dial to a telemarketing firm? Perhaps, a telemarketing firm that they themselves own? This is precisely what Verisign has done. And you can't choose another Verisign. Yet.
|Well, what can we do?
Do what I did - I just finished transferring my last domain away from them, to a competing registrar. One that doesn't consider themselves above the law, above question, or above review. Personally, I'm guessing this sort of action is what drove them to this level of lawlessness - customers are quite simply pissed off with their incredible level of customer disservice, their questionable (illegal?) business practices, and their complete willingness to forget about ethics and go right for the buck. Customers have been fleeing Verisign's registration services like rats abandoning a sinking ship, so they're becoming more and more desperate.
Customer service does matter, and Verisign hasn't provided any of that for the past four years.
When it comes time to renew your SSL certificates, refuse to do business with Verisign. They've breached the entire internet community's trust by implementing these wildcards, as well as continuing their shady business practices. They're untrustable. Purchase your certs from someone else that you can trust.