Typosquatting

Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.

Overview

Generally, the victim site of typosquatting will be a frequently visited website. The typosquatter's URL will usually be one of four kinds, all similar to the victim site address:

(In the following, the intended website is "example.com")

*A common misspelling, or foreign language spelling, of the intended site: exemple.com
*A misspelling based on typing errors: xample.com or examlpe.com
*A differently phrased domain name: examples.com
*A different top-level domain: example.org

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do thisFact|date=March 2008.

Alternatively, the user will be forwarded to a site of a completely different nature from what they intended. This tactic was infamously used by John Zuccarini, who redirected domains targeting children to pornographic websites. Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, spyware or other malware. Some are also shock sites. More common are benign domain parking sites, selling advertising to firms based on keywords similar to the misspelled word in the domain.

As with cybersquatting in the past, the term typosquatting has been used by covetous parties in an effort to unseat domain registrants from brandable variants of generic domain names. The shortage of poignant and generic domain names in the coveted .com generic top-level domain has left many hopeful registrants with no alternative but to locate catchy variants of existing generic words e.g. Orbitz.com (popular travel site with "z" to replace the "s") in an effort to find "new land" on which to build their website. As in the preceding example, the line between typosquatting and registering a brandable variant of a generic domain name blurs dependent upon the circumstance of each situation.

Combatting typosquatting

A victim website will usually send a cease and desist letter to the offender at first, in an attempt to quell the activity.

It may also try to purchase the website address from the typosquatter, which could have been the typosquatter's aim all along.

Occasionally, lawsuits will be taken against the offending site or individual.

A company may try to preempt typosquatting by obtaining a number of websites with common misspellings and redirect them to the main, correctly spelled website. For example www.gooogle.com, www.goolge.com, www.gogle.com, www.gewgle.com, and others, all redirect to www.google.com.

Microsoft has released new [http://research.microsoft.com/URLTracer/ software] to help combat this issue. The software is called "Strider Typo-Patrol". This is a tool that scans and shows third-party domains that are allegedly typosquatting. It also lets parents restrict access to typo-squatting domains that show sexually oriented ads on typos of children's web sites. Caution should be exercised as to how results from this tool are interpreted. It highlights misspelt sites that use cookies and employ HTTP re-directions. Both of these are commonly used mechanisms for providing Web Services and don't necessarily mean a site is hosted by a domain squatter.

Defensive registrations

Many site operators have resorted to registration of long lists of seemingly-duplicate names across multiple countries and top-level domains; for instance, amazon.com is duplicated across most country code TLD's and a local version of Google exists in nearly every available inhabited region, including a nominally-localised google.pn for the Pitcairn Islands, population 56. Google's domain name is also registered (but inactive) in uninhabited Internet regions such as the French Antarctic territories.

A growing trend to abusive use of defensive registration, where the "derogatories" are targeted, is common. These are names such as sucks.com or lawsuit.com which are of no commercial value but are potentially of legit use to builders of consumer-complaint sites. By registering the names themselves, corporations keep them out of the hands of potential critics and dissatisfied clients.

Typosquatting and the law

"Typosquatting" is a meaningless term where the law is concerned. Laws generally are not concerned about registrations of domain names that are similar to other domain names or similar to existing trademarks, unless some other important factor is involved.

Non-criminal law is primarily concerned with unfair competition between people who register domain names that are typographically similar to known trademarks. This is the "hook" for trademark infringement: not simply using the same or a similar name, but using the same or a similar name for the purpose of competition with the trademark owner. In other words, it may be perfectly acceptable to use a domain name that is confusingly similar to an existing trademark IF the web page standing behind the new domain name is not used to compete with the trademark owner, OR if the web page standing behind the new domain name is used to help consumers to locate the product identified in the trademark.

Free speech, not unfair competition

On April 17, 2006, controversial evangelical Jerry Falwell failed to get the Supreme Court to review a decision allowing Christopher Lamparello to use [http://www.fallwell.com "www.fallwell.com"] . Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that counter the fundamentalist preacher's scathing rebukes against homosexuality. The high court let stand a 2005 Fourth Circuit finding that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

Mitigating in favor of Mr. Lamparello's case was that his website did not mimic Falwell's site stylistically so as to confuse site visitors into believing that Falwell endorsed Lamparello's site content.

Further, that Lamparello's site is non-commercial preempts a claim of unfair business practices. Whereas, a communicative forum for comment and criticism constitutes a "bona fide non-commercial or fair use" of a trademark interest, under the Anticybersquatting Consumer Protection Act (ACPA).

On his site, Lamparello provided a link to an Amazon.com webpage selling a book he favored. The court determined this did not diminish the communicative function of his website, saying use of a domain name to engage in criticism or commentary "even where done for profit" does not alone show a bad faith intent to profit (Lamparello did not stand to gain financially from sales of the book at Amazon.com).

This case demonstrated the importance of balancing the property interests of trademark owners with the interests of Internet users who seek to make lawful uses of others' marks, “including for purposes such as "comparative advertising, comment, criticism, parody, news reporting, fair use", etc." When the alleged infringer establishes a gripe site that criticizes the markholder, the markholder must show a “bad-faith attempt” on the part of the infringer to profit from the misuse.

Examples of typosquatting

*Wikipedia is a victim of typosquatting: en.wiipedia.org, en.wikpedia.org, www.eikipedia.org, www.wilipedia.org, en.wikipedi.org, en.wikipediia.org, www.wikipedi.com and www.wikipaedia.org as of 2007, are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.
*A related gambit is obtaining "800" numbers that correspond to misspellings; a good illustration is AT&T's sudden abandonment of "1-800-OPERATOR" and replacing it with "1-800-CALL-ATT". Many callers would misspell operator, thus MCI Communications was raking in a lot of business with "1-800-OPERATER", reaping the benefits of AT&T's advertising. (In both numbers, the final "R" is superfluous.)
*The [http://www.orf.at National Austrian Public Service Broadcaster "ORF"] was typosquatted by [http://0rf.at 0rf.at] a net art site.
*Google's anti-typosquatting defense is incomplete; as of April 2006, "http://www.goggle.com" redirects to a rogue software vendor rather than to Google. The site attempts to spam users with a popup and foist an executable download upon them without any further user action. Also www.googl.com is another similarly named website with a search engine.
*Apparently people at gni.org are "typosquatting" Savannah, since there is an SSH server running at savannah.gni.org. [ [https://savannah.gnu.org/faq/?group_id=5802&question=CVS_-_What_is_savannah.gni.org.txt Maintenance Docs FaQ ] ]
*The US White House site "whitehouse.gov" is parodied at whitehouse.org; whitehouse.com at one point was the site of a notorious pornographic magazine
*The "encyclopedia.com" site is typosquatted by "uncyclopedia.com", an advertisement. This site is not related in any way to uncyclopedia.org or uncyclopedia.info, a parody site.
*The New Zealand auction site [http://www.trademe.co.nz TradeMe] is parodied at [http://www.tardme.co.nz tardme.co.nz] .
*The Portuguese language Wikipédia (pt.wikipedia.org) is parodied at pt.wíkipedia.org - the only visible difference in the domain name being a misplaced accent on the first «í». An attempt to access «wikipédia.org» with the accent in its correct position for that language returns only advertisements.
*ISP subdomain redirect -- http://doesnotexist.google.com/ when served through Charter DNS services yields the redirected url: http://www11.charter.net/search?qo=doesnotexist.google.com . Note: The first link is to a non-existent google subdomain as an example. If you don't use Charter DNS services, the first link may look very different. If you see a clean 404 without ads, your ISP's DNS servers (or your browser) is likely not set to redirect subdomains. If you see ads or a redirect to a search page, your ISP DNS servers are (or your computer is) set to redirect subdomains.

"Catchall" typosquatting

In addition to purchases of individual domain name, several attempts have been made by larger corporations to profit from users' typos by redirecting them without their knowledge.

*Microsoft's Internet Explorer automatically redirects users' mistyped URL queries to their MSN Search page. Though a user can reconfigure their browser to use a different search tool, Google, one of MSN's biggest rivals, is not in the list. However, on their [http://www.google.com/options/defaults.html web site] , Google has explained how to make their search engine the IE default for mistyped urls.
*In 2003, top-level domain registry operator VeriSign's Site Finder automatically redirected traffic sent to unregistered domains. This caused a fair amount of outrage from the Internet standards community, and an emergency patch to BIND was issued to circumvent VeriSign's actions. VeriSign disabled the service after only three weeks.
*Paxfire, a startup company, sells partner Internet service providers a tool that redirects mistyped queries to a Paxfire-generated page with sponsored advertiser content related to the mistyped "hotword". Revenue generated from user clicks is split between Paxfire and the Internet service provider.
*Certain types of malware pose as browser plugins and redirect a user's web requests or search queries without their knowledge or consent, even if the URLs themselves are properly typed.
*In August 2006, the operators of the ccTLD for the nation of Cameroon added a wildcard DNS record for the entirety of the .cm TLD. Since .cm is a common possible typo for .com, some have argued that this action constitutes a form of typosquatting. ICANN does not have any direct control over what national registrars do with their ccTLDs (as it did for VeriSign).
*In 2007, Verizon launched a service quite similar to the Paxfire catchall redirection that redirects subdomain traffic and nonexistent domains for all of their internet customers.
*In early 2008, Charter Communications joined the growing list of ISPs that use catchall redirects. Charter redirects unused subdomains to a Yahoo-based search function. (See 'ISP subdomain redirect' in examples above.)
*In 2008 UPC Austria launched a catchall redirection that displays a full page of ads. Although it can be deactivated, it was set up without the agreement of the customer.

ee also

*Phishing
*DNS
*Top-level domain
*UDRP
*URL
*Anticybersquatting Consumer Protection Act

Notes

Further reading

*cite web |url=http://internetcommerce.org/internet_commerce_association_announces_member_code_of_conduct_affirming_its_commitment_to_best_practices |title= The Internet Commerce Association Code of Conduct |accessdate=2007-09-13 |publisher=InternetCommerce.org |quote=The Internet Commerce Association’s (ICA) Member Code of Conduct expresses the ICA’s recognition of the responsibilities of its members to the intellectual property, domain name, and at large Internet communities and will guide members in conducting their domain name investment and development activities with professionalism, respect and integrity.
*cite web |url=http://complianceandprivacy.com/News-CADNA-campaign.html |title= The Coalition Against Domain Name Abuse to Combat Cybersquatting |accessdate=2007-09-20 |publisher=ComplianceAndPrivacy.com |quote=With growing ease and profitability, sophisticated cybersquatters are exploiting a flaw in the domain name registration process whereby domain names are registered and subsequently dropped, risk free, within an accepted 5-day grace period.

External links

* [http://money.cnn.com/magazines/business2/business2_archive/2007/06/01/100050989/index.htm "The man who owns the Internet"] - (CNNMONEY.com, May 22 2007) This article is about Kevin Ham the man responsible for the Cameroon .cm wild-card redirect ploy.
* [http://slate.msn.com/id/2113397/ "The Typo Millionaires"] (Slate, 11 February, 2005) - This article's author identifies new forms of typosquatting, including VeriSign's Site Finder and Paxfire.
* [http://yro.slashdot.org/article.pl?sid=05/07/09/1944219&tid=217&tid=17 Slashdot discussion] , Google Wins Typosquatting Dispute.
* [http://techdirt.com/articles/20060501/0858253.shtml "Typosquatting A Growth Industry"]
* [http://research.microsoft.com/URLTracer/ Strider URL Tracer with Typo-Patrol] at Microsoft Research
* [http://research.microsoft.com/Typo-Patrol/ Strider Typo-Patrol Project] at Microsoft Research
* [http://www.droit-technologie.org/actuality/details.asp?id=1049 "Typosquatting and the .eu Top-Level Domain']
* [http://www.youtube.com/watch?v=MjbKmw4tK8c "Youtube: Goggle.com']
* [http://www.cs.ucr.edu/~anirban/Anir-Infocom-08.pdf "Extent of Typo-Squatting in 2007-2008"]
* [http://us.mcafee.com/root/identitytheft.asp?id=safe_typo "State of Typo-Squatting in 2007"]

External Links about ISP Subdomain Redirection - Security and Legal Concerns

* [http://www.theregister.co.uk/2008/04/20/kaminsky_demo_at_toorcon/"ISP typo pimping exposes users to fraudulent web pages"] - April 2008 - Hacking and fraud aspects of ISP subdomain redirection.
* [http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html "ISPs' Error Page Ads Let Hackers Hijack Entire Web, Researcher Discloses"] - April 2008 - Hacking and fraud aspects of ISP subdomain redirection.
* [http://www.schneier.com/blog/archives/2008/04/hacking_isp_err.html "Hacking ISP Error Pages"] - April 2008 - The comments in particular bring up legal issues about subdomain redirection.
* [http://kickasswebdesign.com/wordpress/2008/04/my-isp-is-dns-error-adserving-on-my-unused-subdomains/ "My ISP is DNS Error Adserving on MY unused subdomains!"] - April 2008 - Example webmaster reaction to ISP subdomain redirection.