Forgot your password?
typodupeerror

Cameroon Typo-Squats all of .com 402

Posted by ScuttleMonkey
from the can't-fault-them-for-the-idea dept.
wayne writes "As reported on CircleID, the nation of Cameroon, which controls the .cm top level domain, has typo-squatted all of the .com domain space. They have placed a wildcard DNS record to redirect all traffic to an ad-based search page. Unlike the earlier case of Verisign putting a wildcard in the real .com domain, ICANN has very little direct control over what a nation can do with their own TLD. Will the owners of .co and .om follow?"
This discussion has been archived. No new comments can be posted.

Cameroon Typo-Squats all of .com

Comments Filter:
  • Smart move. (Score:5, Funny)

    by Duncan3 (10537) on Monday August 07, 2006 @01:42AM (#15857572) Homepage
    That should double their GDP!
    • The truth is often spoken in jest.

      I'm not sure about double, but it will contribute to their GDP no doubt.
      • Re:Smart move. (Score:5, Informative)

        by Pantero Blanco (792776) on Monday August 07, 2006 @02:02AM (#15857625)
        It's too bad that none of that is likely to trickle down.

        From what I understand, the government there controls (well, attempts to) the broadcast channels pretty damn strictly, and voicing an opposition political opinion is generally called "libel" and involves jail time. Hoarding the TLD isn't a surprising move for them.
        • Re:Smart move. (Score:5, Insightful)

          by CarpetShark (865376) on Monday August 07, 2006 @08:08AM (#15858193)
          That's a horribly uncivilised way for a government to act. Next thing you know, they'll be using propaganda to control citizens, taking bribes from big companies, and scaring people into doing what they want, with nasty words and phrases like "terrorist cells", "weapons of mass destruction" and "axis of evil" ;)
      • by MECC (8478) * on Monday August 07, 2006 @08:13AM (#15858200)
        pple who cant tyhp shoulndyt be ushing the inpternet anwywya

    • Re:Smart move. (Score:3, Interesting)

      by Lars T. (470328)
      At least it will pay for the upkeep of a DNS root server that mostly had traffic asking for non existing sites.
    • You have to wonder how much of the ad revenue they do get. I suppose there must be a lot of type in traffic for them to even consider this
    • Re:Smart move. (Score:4, Informative)

      by fm6 (162816) on Monday August 07, 2006 @12:11PM (#15859428) Homepage Journal
      Very cute. Actually, Cameroon is an oil exporter, with an effective GDP of $40 billion. Of course, very little of this wealth has trickled down to the masses, but the country as a whole is hardly poor.
  • The fix is easy (Score:4, Insightful)

    by narfbot (515956) on Monday August 07, 2006 @01:43AM (#15857576)
    Just for any address I will never want to visit, you can just block it. For example, I never will visit ad.doubleclick.net. I have very little reason to visit Cameroon. I will just block all of .cm if the resulting site is annoying.
    • Re:The fix is easy (Score:2, Insightful)

      by telchine (719345)
      Yes of course the fix is easy. My personal fix is to type my domain names in correctly. In over 10 years of internet use, I can't ever remember typing .cm instead of .com That doesn't fix the underlying problem though, does it?
  • www.gkj.cm (Score:5, Funny)

    by tsa (15680) on Monday August 07, 2006 @01:51AM (#15857597) Homepage
    I tried it, it works! I must say it's a real clever idea. I want a country too!
  • by macserv (701681) on Monday August 07, 2006 @01:59AM (#15857613)
    I'm sure the government of Vomania will benefit highly from my URL mistakes.
    • by Anonymous Coward
      not nearly as much as The People's Rebublic of Cmonistan.
  • Not an issue. (Score:3, Insightful)

    by natrius (642724) <niran@nir a n .org> on Monday August 07, 2006 @02:00AM (#15857619) Homepage
    As long as the money made from this is going to the goverment of Cameroon and not some registrar, why is this an issue? The .cm ccTLD belongs to Cameroon. Why can't they decide what they want to do with it?
    • Re:Not an issue. (Score:5, Interesting)

      by Maestro4k (707634) on Monday August 07, 2006 @02:11AM (#15857643) Journal
      As long as the money made from this is going to the goverment of Cameroon and not some registrar, why is this an issue? The .cm ccTLD belongs to Cameroon. Why can't they decide what they want to do with it?

      Same reasons that Verisign's wildcard service was decried, among other things this will cause every name.cm to resolve so it's going to at least screw with some spam blocking methods. If other countries follow suit then it gets even messier.

      You're right that it belongs to them but there is such a thing as playing nicely. Also it's a bit of a spammy trick, so it's already making me associate Cameroon with spammers and their ilk. Was that their intention? Will they be happy with that? If you lived in Cameroon would you like the fact that your government (since the government assigns who runs the ccTLD) is making your country look like that?

      • Re:Not an issue. (Score:2, Insightful)

        by ChronosWS (706209)
        Cameroon's tactics are fine. It's our poor typing which has gotten us into this mess. Can't blame them for our inability to type .com properly before hitting enter.
      • Re:Not an issue. (Score:3, Informative)

        by CRC'99 (96526)
        Same reasons that Verisign's wildcard service was decried, among other things this will cause every name.cm to resolve so it's going to at least screw with some spam blocking methods. If other countries follow suit then it gets even messier.


        Last time I checked, Verisign wasn't a country or even a government service. It's a private company. That's where the difference lies.
        • Re:Not an issue. (Score:3, Interesting)

          by khallow (566160)
          A difference that is irrelevant, might I add. As I mention elsewhere, there are plenty of options for dissuading the .cm admins. These include blocking *.cm entries at the root DNS servers. I think there's enough leverage there to stop this.
      • Re:Not an issue. (Score:5, Informative)

        by KiloByte (825081) on Monday August 07, 2006 @05:24AM (#15857938)
        Same reasons that Verisign's wildcard service was decried...
        And, fortunately, the fix is exactly the same: Here's the default named.conf:

        // From the release notes:
        // Because many of our users are uncomfortable receiving undelegated answers
        // from root or top level domains, other than a few for whom that behaviour
        // has been trusted and expected for quite some length of time, we have now
        // introduced the "root-delegations-only" feature which applies delegation-only
        // logic to all top level domains, and to the root domain. An exception list
        // should be specified, including "MUSEUM" and "DE", and any other top level
        // domains from whom undelegated responses are expected and trusted.
        // root-delegation-only exclude { "DE"; "MUSEUM"; };

        So, this option will preemptively avoid all jerkwads like Verisign and Cameroon. The only question is, why this isn't enabled by default.

        • Re:Not an issue. (Score:3, Insightful)

          by Chops (168851)

          All hail the new unremovable advertising popups in GPLv3 (section 5c)!

          I think you're mistaken -- all that that requirement means is that there must be an option in the menus of an interactive GUI application to display copyright information (as in "Help / About"). See for yourself [fsf.org]:

          If the modified work has interactive user interfaces, each must include a convenient feature that displays an appropriate copyright notice ... if the interface presents a list of user commands or options, such as a menu, a comm

      • Re:Not an issue. (Score:3, Insightful)

        by rs79 (71822)
        "Was that their intention?"

        Just a guess, but maybe they want to put an end to people costing them money when random folks screw up and ding the wrong TLD server?
    • Re:Not an issue. (Score:5, Interesting)

      by Pantero Blanco (792776) on Monday August 07, 2006 @02:35AM (#15857705)
      Because the government of Cameroon is not Cameroon.

      This isn't just an attempt to grab cash; that's a side effect. This is to hamper the ability of opposition parties to use the Internet as a voice. The government in Cameroon controls the TV stations, radio stations, and newspapers tightly; they don't want the Internet to be any different.
      • by icepick72 (834363) on Monday August 07, 2006 @08:32AM (#15858252)
        Because the government of Cameroon is not Cameroon.
        That can be said about any country, anywhere, about the people and the government.


        This isn't just an attempt to grab cash; that's a side effect. This is to hamper the ability of opposition parties to use the Internet as a voice.
        Then they will have to find another voice. The masses aren't stupid. If they are being owned by a government, they know it, and if they don't like it they will do something sooner or later. BTW, some people don't mind being under a military or controlling government. It's not what everybody is accustomed to, but there are many ways to rule on the face of this earth.


        The government in Cameroon controls the TV stations, radio stations, and newspapers tightly; they don't want the Internet to be any different.
        Then practically speaking why should the Internet be any different? It makes sense in the context of that country.


        I can see no good reasons in this discussion why Cameroon (the government) cannot do what they want with their domain name. The exceptions are: we don't like typo-squatting, or we don't like the government. The government is representing the people whether outsiders agree with it or not, and even if the people being represented don't agree. Everybody else in the world is too opinionated about what other countries should do, whether it be a different ruling style or something as small as a domain name suffix. We don't like being told what we should do with our country's domain name suffix, so why should we care what another country (yes the government, not the people) does with theirs?
        (Actually, I expect to get many good reasons back about the history and politics and Cameroon and the people because I only know what I've read in the news and wiki -- I've never studied the country in depth.)
        Everybody who surfs the Internet has no doubt experienced a typo and a typo-squatter. People will correct the spelling and move on. The generic Cameroon page looks like any other page full of advertisements on the Internet. Nobody is going to think it's the actual destination they want to surf to.

  • Thanks to SiteFinder, the fixes for this have already been developed. For example, BIND 9 allows the administrator to declare certain zones as being delegation only [isc.org].

  • by Koragnar (780289) on Monday August 07, 2006 @02:05AM (#15857632)
    .com is typo-squatting all the .cm sites for people who suck miserably at typing.
  • by njdj (458173) on Monday August 07, 2006 @02:16AM (#15857657)

    Cameroon is not typo-squatting anything. If you type in a domain name ending in .cm that hasn't been specifically assigned to someone, you get a fairly innocuous default page with links to ads. So what?

    • Cameroon is not typo-squatting anything. If you type in a domain name ending in .cm that hasn't been specifically assigned to someone, you get a fairly innocuous default page with links to ads. So what?

      The "so what" is that when you try to go to a non-existent domain, you should get a name resolution failure. That way, you know that you have an error. The screws that up.

      • Quite so, but that's not what this /. story is about. The story is about typosquatting.

        To quote from the document to which you posted the link: "Proposed guideline: If you want to use wildcards in your zone and understand the risks, go ahead, but only do so with the informed consent of the entities that are delegated within your zone."

        • Right, even outside the .com => .cm typosquatting though, it's still a bad idea because it creates many downsides for legitimate users of .cm. With any TLD on the public internet, it's probably extremely difficult/impossible to get informed consent from even a majority of involved users.
        • Quite so, but that's not what this /. story is about. The story is about typosquatting.

          This is slashdot; we have zero time for those who deal with facts or what the article actually says. Who cares if it's simply a case of a TLD that we've never heard of implementing wildcarding? That's boring. But an attack on the .com namespace? We'd better regime change those asshats asap and liberate their assets!

    • Cameroon is not typo-squatting anything. If you type in a domain name ending in .cm that hasn't been specifically assigned to someone, you get a fairly innocuous default page with links to ads. So what?

      So that's exactly what typosquatting is. What do you think it is?

      • by DrYak (748999) on Monday August 07, 2006 @05:56AM (#15857985) Homepage
        - Typo squatting is *registering* a specific typo. Like trying to get www.gooogle.com and www.gogle.com assigned to your own ad-page (it won't work actually, google have though of it first. But you get the idea). Typo-Squatters buys specific name and puts his page there.
        Original customer un-happy because someone else has bought the typo-name and he can't have it (he can do what google did and buy typo names, because typos are registered to someone else).

        - This case is using wild-cards to divert *UN-registered* domain names. One types something with .CM at the end. If genuine website exists, website is displayed. If website doesn't exist, instead of error message, you got sent to an search engine.
        Original user doesn't mind anything, because if he wants he can still buy the typo name : the typo-name is free to buy, only NON-assigned names are diverted to search site.
        The one who is pissed of is the IT-guy, because everything breaks because TLD aren't suposed to work that way, TLD are supposed to give error messages for non-existing domain (and this can break an algorithme that was supposed to detect bogus URLs. URLs aren't invalid any more, they always point to something now !).

        So the both aren't exactly the same.

        The official rationnal behind wildcarding is that people make typo.
        One solution is to buy all possible typo name, but this can be quite expensive and cumbersome, because you have to guess all typos and you may have a lot to buy.
        The other solution would be to harness the power of a search engine (and even better if the engine supports spelling suggestions like Google) and help the user find what they really wanted.
        This is not unlike what the infamouse Microsoft Explorer "simplified error message" whitch gave you the opportunity to search the name on msn's search engine, and somewhat related to a side effect of the "search engine keywords from the URL bar" function of FireFox.
        But the main difference is that those two are users choices, where as in .cm's case it's a governement forcing it.

        The real rationnal behind is that the Cameroune governement can make huge amounts of money from an ad-supported search engine, and even more money when some big company realise that there are a few more typo that they can buy a few more typo domains (only the non-existing domain are search diverted. The typo are still available to buy !).
        Even if the wildcarding gets forbiden and/or blocked, it will have attracted enough publicity around this few more typos to buy (and the side effect to also attract attention to other TLD that the big companies may have missed, like .OM (oman) and .CO (colombia) ) more money to come from domain name selling !
        (Let's hope that at least part of this money will go to the poeple and not only to the pocket of a few highly placed guys :-/ )

        Sadly, because in this case the people that are pissed off aren't the one with the money (big company will be happy to buy more typo domain, unlike what happens with real cases of typo-squatting) but are the average users (who except tld to issues error for non existing domains), we probably won't see any massive action against Cameroune.

        Unless they suddenly happen to discover huge underground petroleum reserves. Then except to see Bush leading a god-inspired holy war to liberate all the poor American-.COM domains squatted by vilain .CMs, and be ready to accept those evil "Typo-Squatters" as a new entry in the list of subject used to scare people, next to "Terrorist", "Pirate", "Pronographer" and "Communist (now defunct)" and other un-american freedom haters.

    • You are missing the point. The issue isn't people who want to go to aaa.cm accidently typing aab.cm, it's people wanting to go to aaa.com and forgetting the 'o'.
      • by njdj (458173) on Monday August 07, 2006 @03:14AM (#15857789)

        The issue isn't people who want to go to aaa.cm accidently typing aab.cm, it's people wanting to go to aaa.com and forgetting the 'o'.

        I think you are missing the point. The owner of, say, neimanmarcus.com would be a victim of typosquatting if someone else took the domain name niemanmarcus.com, because someone typing in the latter spelling would really be deceived if it went to the wrong page. He could look carefully at what he typed and think, "yes, niemanmarcus.com, that's right." But if you type neimanmarcus.cm, the mistake is obvious when you look again.

        When trying to allow for users' mistakes, at some point you have to draw a line. Beyond a certain point, the user has to take responsibility to type what he or she means. For example, philips.com [philips.com] and phillips.com [phillips.com] are different domains. Neither is typosquatting; the user has to get it right. Top-level country domains are a much clearer case than that.

    • Er..... Do you work for VeriSign, perchance?

  • not sure what all the fuss is about. we've been working the dot typo's since .com represented the first three letters...

    the Cummin spice group, pls. plc whatever

  • by smash (1351) on Monday August 07, 2006 @02:18AM (#15857662) Homepage Journal
    From some dude's blog that was linked to TFA:

    The lesson here is that something is fundamentally screwed up in the domain world when one server manager in Cameroon can enable this much confusion. But I still can't figure out what the right solution is.
    (from here: http://weblog.johnlevine.com/ICANN/cameroon.html?s eemore=y [johnlevine.com])

    ... is to require that US based sites use a US-specific country suffix, just like the rest of the internet.

    I.e., migrate all of .com, .net, etc to .com.us, .net.us (or whatever).

    That way, typoing the .com or .net suffix won't take you to a different country unintentionally :D

    Sure, the internet was originally created in the US, but it's bigger than that now, and having one country that just doesn't use country suffixes is non-standard. :)

    Of course, typo-ing the country suffix will still either not work, or take you to a different country, but what can you do...

    As a side-effect, this would no doubt deter other country's businesses etc from simply registering .com, .org or .net domains because the domain rego is cheaper and it's "country-ambiguous"... (yes, I own .net and .org domains and i'm in australia. if it was going to have to be .com.us or whateever, I probably wouldn't be using up your precious US namespace :D)

    • As a side-effect, this would no doubt deter other country's businesses etc from simply registering .com, .org or .net domains because the domain rego is cheaper and it's "country-ambiguous"... (yes, I own .net and .org domains and i'm in australia. if it was going to have to be .com.us or whateever, I probably wouldn't be using up your precious US namespace :D)

      By this, I mean registering US-based .com.us or .net.us domains may not be as attractive, because they would indicate that the company in question

    • why do we even have "country" codes? isn't the whole point of the internet to connect the world? where does politcal and geographic lines come into play here? cnn.com and cnn.co.uk should be the same site with different localization options available for users.
    • by khallow (566160) on Monday August 07, 2006 @03:22AM (#15857805)

      The problem is that .com isn't just US companies. And having domains by country isn't that useful. Given that you use .net and .org domains and aren't US-based, I'd have thought you'd understand this.

      I gather that the Cameron business is pretty serious. My take is that if all else fails, *.cm addresses can simply be blocked at the root DNS level till the .cm admins comply by removing the wildcard DNS entry.
      • The problem is that .com isn't just US companies. And having domains by country isn't that useful.

        For commercial entities it would actually be very useful. Even if the product they are selling is for download, it would be useful to know if you are giving your credit card details to some business thousands of miles away without useful consumer/data protection laws.
      • One pay 4 times less for a .co.uk domain than for a .com domain in the UK.

        It is not only a matter of cost, it's also a matter of branding, marketing, clarification, etc.

        Anybody using a local domain is stating clearly where his website is and provide a clue to who it may be aimed at.
    • National domains are idiotic. World economy willy nilly is unifying, that is the only way for economy, no matter how many mcdonald'ses you burn. Existence of national domains is pre-EC, pre-NAFTA, pre-WTO atavism.

      Typosqatting, especially the absurd ".cm" is invented by tech lawyers. It exists only in the head. They are going to parasitize on the actions of legally insane people who cannot distinguish between wallmart.com and wallmart.cm.

      Utter piece of rubbish is that what this article is.
  • by FlyByPC (841016) on Monday August 07, 2006 @02:21AM (#15857669) Homepage
    ...the Nigerian scammers get wind of this, and move? I mean, it's right next door!
  • Ctrl+Enter (Score:3, Informative)

    by IceCreamGuy (904648) on Monday August 07, 2006 @02:31AM (#15857694) Homepage
    I seriously don't think I've actually typed out "www." or ".com" in at least 4 years. Just type website then Ctrl+Enter and Firefox and IE add it for you. I don't think Safari, Nautilus, or Konqueror do it by default but I might be wrong. But if you're using Firefox, it's so much easier. There's also Shift+Enter for ".net" and Ctrl+Shift+Enter for ".org".
  • who cares (Score:5, Insightful)

    by no-body (127863) on Monday August 07, 2006 @02:31AM (#15857695)
    There are so many missdirects on search results anyway, if it's not the right one, just delete the browser tab and move on.
  • by hpavc (129350)
    so how does an admin cname all of .cm to .com?
  • by rmckeethen (130580) on Monday August 07, 2006 @03:03AM (#15857766)

    I might have cared passionately about something like this. Now, I have more faith -- the Internet tends to route around folks with bad manners. This isn't the first time someone's come up with a grandiose plan to corner the market on user error and I doubt it will be the last. If Cameroon pisses off or annoys enough people with a stunt like this, I suspect someone, somewhere will do something about it. At the moment, there's not much more I can do than whine and complain, and I just don't see that it serves a useful purpose to do so.

    If any one of the geniuses who dreamed up this little scheme happens to read this message, than I've got just one thing to say to them -- good luck. Maybe it will work out for you... and than again, maybe it won't. Regardless, if you could tell those Nigerian bankers to stop sending me letters asking for my help with fraudulent transactions, I'd surely appreciate it.

    • Do we actually know they meant to "typo-squat" to .com TLD, (never heard that term before), or whether they meant to just typo-squat unregistered domains in the .cm space? The latter could certainly be possible; don't some other countries do it, and is there a major reason why Cameroon shouldn't? If you get an ad page and expected something else, you should check you visited the correct URL. If you don't, quite frankly you're stupid.
  • by Adrian Lopez (2615) on Monday August 07, 2006 @03:04AM (#15857767) Homepage
    Considering it's only the .cm domain that's being polluted, this problem doesn't really bother me that much. On the other hand, the mass registration of domain names under the .com TLD for the purposes of advertising or resale is a much more significant problem. Most of the domain names I've tried to register have already been registered for such purposes. I'd rather see that situation fixed than the .cm typosquatting issue.
  • by MrPerfekt (414248) on Monday August 07, 2006 @03:19AM (#15857802) Homepage Journal
    Once every 5 minutes I think I'll be hitting www.youcontributenothingtotheinternet.cm!
  • Company behind it (Score:5, Informative)

    by rf0 (159958) <rghf@fsck.me.uk> on Monday August 07, 2006 @03:22AM (#15857804) Homepage
    Looking at this is appears that a company called "NameView Inc" is supplying the ads from the IP block 72.51.27.0 - 72.51.27.255 http://www.nameview.com/ [nameview.com]

    Prehaps calling them on +1 (309) 424-5497 might help to say what a bad idea this is or we can just block the IP range (which is now what I'm going to do)
  • I dare say that Africa is the most ignored continent. I must admit that I know very little about it, but what I do know is both interesting (armchair history) and really fscked up (Muslim fundies, civil war, extreme poverty).

    So by adding one wildcard, Cameroon suddenly manages to get a good portion of the geek internet and maybe a few blurbs on the normal internet paying attention to it. Brilliant.
  • by sa3 (628661) on Monday August 07, 2006 @03:49AM (#15857840)
    ;; QUESTION SECTION:
    ;google.cm. IN A
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6369
    ;; ANSWER SECTION:
    google.cm. 518 IN A 72.51.27.58
    zone "cm" IN { type delegation-only; };
    ;; QUESTION SECTION:
    ;google.cm. IN A
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12264
    • This will work also:

      options {
      root-delegation-only exclude {
      "ad"; "af"; "ar"; "biz"; "cr"; "cu"; "cm"; "de"; "dm"; "id";
      "lu"; "lv"; "md"; "ms"; "museum"; "name"; "no"; "pa";
      "pf"; "se"; "sr"; "to"; "tw"; "us"; "uy";
      };
      }
  • I'm always hitting enter before the m - google.com
  • by nuckfuts (690967) on Monday August 07, 2006 @04:25AM (#15857879)

    ICANN has very little direct control over what a nation can do with their own TLD.

    ICANN controls a root DNS server [isoc.org], which is authoritative for the "." zone - one level higher than a ccTLD. This means they get to say what DNS servers are authoritative for .cm, and could send traffic to different servers if they really wanted to. Or at least they could redirect queries that came to their particular root server. If the other root servers followed suit they could do whatever they want with any ccTLD.

  • ... did we just slashdot an entire country?
  • Just install the following extension:-

    http://www.efinke.com/url-fixer/ [efinke.com]

    Corrects common .com typos for you.

     
  • by totallygeek (263191) <sellis@totallygeek.com> on Monday August 07, 2006 @06:02AM (#15857992) Homepage
    Cameroon location earth


    At ask.com: "Where the fuck is Cameroon, Jeeves?"



  • by Bjarne Bula (11937) on Monday August 07, 2006 @08:09AM (#15858195)
    While possibly the most visible effect, landing on a page full of ads when you wanted www.cnn.com is the least of your problems.

    Remember, this is DNS, so this will affect not only your web browser, but all your Internet applications.

    So, guess what happens if you try to send a mail to friend@gmail.cm? Yup, it also gets the Cameroon treatment:
    $ telnet gmail.cm smtp
    Trying 72.51.27.58...
    Connected to gmail.cm (72.51.27.58).
    Escape character is '^]'.
    220 blackhole.gdei.com
    Even though the server currently will bounce your mail with a 550 Domain does not exist, they now have your email address and, with a quick typo-fix, that of your friend.

    Hey! Guess what country is next door to Cameroon? Yup, Nigeria. Now, who in Nigeria might want a fresh source of email addresses...? [419eater.com]

    And who is to say they bounce all mails? Or will continue to?

Someone is unenthusiastic about your work.

Working...