Jump to content

Typosquatting

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 67.170.86.33 (talk) at 14:35, 18 February 2010 (→‎Typosquatting and the law: -opinion). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

An incorrectly entered URL could lead to a website operated by a cybersquatter.

Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.[citation needed] Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.[1]

Overview

The typosquatter's URL will usually be one of four kinds, all similar to the victim site address:

(In the following, the intended website is "example.com")

  • A common misspelling, or foreign language spelling, of the intended site: exemple.com
  • A misspelling based on typing errors: xample.com or examlpe.com
  • A differently phrased domain name: examples.com
  • A different top-level domain: example.org

Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content.

Typosquatting and the law

In the United States, the 1999 Anticybersquatting Consumer Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting.[2][3]

However, on April 17, 2006, controversial evangelist Jerry Falwell failed to get the U.S. Supreme Court to review a decision allowing Christopher Lamparello to use "www.fallwell.com". Relying on a plausible misspelling of Falwell's name, Lamparello's gripe site presents misdirected visitors with scriptural references that counter the fundamentalist preacher's scathing rebukes against homosexuality. The high court let stand a 2005 Fourth Circuit finding that "the use of a mark in a domain name for a gripe site criticizing the markholder does not constitute cybersquatting."

Militating in favor of Mr. Lamparello's case was the fact that his website did not mimic Falwell's site stylistically so as to confuse site visitors into believing that Falwell endorsed Lamparello's site content.

Further, the fact that Lamparello's site is noncommercial preempts a claim of unfair business practices. Whereas, a communicative forum for comment and criticism constitutes a "bona fide non-commercial or fair use" of a trademark interest, under the ACPA.

On his site, Lamparello provided a link to an Amazon.com webpage selling a book he favored. The court determined this did not diminish the communicative function of his website, saying use of a domain name to engage in criticism or commentary "even where done for profit" does not alone show a bad faith intent to profit (Lamparello did not stand to gain financially from sales of the book at Amazon.com).

"Catchall" typosquatting

In addition to purchases of individual domain name, several attempts have been made by larger corporations to profit from users' typos by redirecting them without their knowledge.

  • Microsoft's Internet Explorer automatically redirects users' mistyped URL queries to their MSN Search page. Though a user can reconfigure their browser to use a different search tool, Google, one of MSN's biggest rivals, is not in the list. However, on their web site, Google has explained how to make their search engine the IE default for mistyped urls.
  • In 2003, top-level domain registry operator VeriSign's Site Finder automatically redirected traffic sent to unregistered domains. This caused a fair amount of outrage from the Internet standards community, and an emergency patch to BIND was issued to circumvent VeriSign's actions. VeriSign disabled the service after only three weeks.
  • Paxfire, a startup company, sells partner Internet service providers a tool that redirects mistyped queries to a Paxfire-generated page with sponsored advertiser content related to the mistyped "hotword". Revenue generated from user clicks is split between Paxfire and the Internet service provider.
  • Certain types of malware pose as browser plugins and redirect a user's web requests or search queries without their knowledge or consent, even if the URLs themselves are properly typed (for example, Internet Optimizer).
  • In August 2006, the operators of the ccTLD for the nation of Cameroon added a wildcard DNS record for the entirety of the .cm TLD. Since .cm is a common possible typo for .com, some have argued that this action constitutes a form of typosquatting. ICANN does not have any direct control over what national registrars do with their ccTLDs (as it did for VeriSign). Registration for .cm domain names has since been opened.
  • In 2007, Verizon launched a service quite similar to the Paxfire catchall redirection that redirects subdomain traffic and nonexistent domains for all of their internet customers.
  • In early 2008, Charter Communications and Insight Communications joined the growing list of ISPs that use catchall redirects. Both ISPs redirect unused domains to a Yahoo-based search function.
  • In 2008 UPC Austria launched a catchall redirection that displays a full page of ads. Although it can be deactivated, it was set up without the agreement of the customer.
  • In August 2009 Virgin Media began redirecting mistyped URL queries to their advancedsearch.virginmedia.com service. For example, attempting to browse to typo.squatting would redirect to the service. As of August 23, 2009 it was powered by Yahoo search and Nominum and did not contain third-party advertising, however there are many links to Virgin Media pages.

See also

Notes

  1. ^ Microsoft Strider project with screenshots of typosquatted domains.
  2. ^ "Anti-CyberSquatting Protection Act." US Library of Congress, http://thomas.loc.gov/cgi-bin/query/z?c106:S.1255.IS:=, accessed 24th October 2008.
  3. ^ "Without typosquatters, how far would Google fall?" Cade Metz, The Register, http://www.theregister.co.uk/2008/10/23/google_and_typosquatting/, accessed 24th October 2008.

Further reading

  • "The Internet Commerce Association Code of Conduct". InternetCommerce.org. Retrieved 2007-09-13. The Internet Commerce Association's (ICA) Member Code of Conduct expresses the ICA's recognition of the responsibilities of its members to the intellectual property, domain name, and at large Internet communities and will guide members in conducting their domain name investment and development activities with professionalism, respect and integrity.
  • "The Coalition Against Domain Name Abuse to Combat Cybersquatting". ComplianceAndPrivacy.com. Retrieved 2007-09-20. With growing ease and profitability, sophisticated cybersquatters are exploiting a flaw in the domain name registration process whereby domain names are registered and subsequently dropped, risk free, within an accepted 5-day grace period.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Typosquatting&oldid=344819663"