[wildcard-comments] Comments after reviewing the Oct15th meeting captioning
- To: wildcard-comments@xxxxxxxxx, secsac-comment@xxxxxxxxx, sitefinder@xxxxxxxxxxxxxxxx
- Subject: [wildcard-comments] Comments after reviewing the Oct15th meeting captioning
- From: "Dave Oatley" <oatleyd@xxxxxxxxx>
- Date: Wed, 22 Oct 2003 14:27:49 -0400 (EDT)
- Reply-to: oatleyd@xxxxxxxxx
- Sender: owner-wildcard-comments@xxxxxxxxx
Please forgive the length of this email, I noted items as I read
the captioning output from the SECSAC meeting on Oct 15th, as
found at http://secsac.icann.org/captioning-15oct03.htm
Please do not allow Verisign to abuse their monopoly control and impose
SiteFinder on us all again.
Verisign examined 73,000 spam emails and concluded that SiteFinder
did not increase spam on the internet. It is estimated that there
are over 4.5 billion spam emails sent every day, how could such a
paltry sample be expected to tell them anything?
If you offered $1 to every person that came to your site, they?d
like the site. They wouldn?t care about what other costs were
created by it, or who bears those costs. So certainly, if
SiteFinder is a nice, clean, usable page and it is simply
compared against a stark "no such site" error page, an average
user would choose the usable page. But that?s not the whole story.
Who got hurt getting that page to the user? Is the overall effect
worth the costs? And can the same page be presented in another way
that allows Verisign and the user to bear the costs, since they
alone are getting the supposed benefit? (A browser plug-in would
serve this purpose)
Verisign repeatedly alludes to the idea that because they are
*only* "inconveniencing" people and because it is possible to
create "workarounds" for their system, the system is ok to impose on
people. It's like building a speedbump on the highway in front of
your house to slow traffic. The first few cars that hit it will
careen off the road and crash, then people will recognize it's there,
and eventually people will just slow down before they hit it.
Granted, traffic will backup for miles, new roads will have to be
built to get around your house, and businesses along that road will
suffer because people won't drive through there anymore. And of
course the costs for the damage to vehicles, medical care, road
construction, and loss of business will be borne by others, not you.
But at least you're slowing traffic around your house. You got what
"I guess more basically using HTTP over port 80 in this way by
automated tool is discouraged according to BCP 56."
I love the idea that it's ok to break things if they shouldn't have
been working anyway. Imagine building a parking garage, and a road
leading into the door, then years later the architect points out that
the door was actually supposed to be 10 feet further to the left.
Would it make sense to preserve the integrity of the blueprints by
bricking up the current entrance and building a new door? Or would it
make more sense to understand that people can drive in and out of the
current door and it should be considered the defacto standard?
"we said very clearly that we don't even have log files there to
Verisign often responds to the privacy issue by saying, "But we're
don't they get about the idea that we don't trust them? They have
shown themselves to be untrustworthy. They snuck this huge change
into the system, only pulled it under threat of legal action,
threaten to bring it back without regard to public opinion, but we're
supposed to trust them? They don't want anyone to see
their "proprietary" surveys, but they expect us to trust them.
"the take-away numbers are the summary numbers which is 76% rated the
site excellent or very good."
Verisign's usability statistics seem to be talking about user's
reactions to the specific sitefinder page. The page is located at
http://sitefinder.verisign.com and it is a reasonable search page.
The page itself is not at all the issue, but they are trying to shift
the focus to it. Banging out a pretty search page would take a couple
of hours of HTML work. The problem is the underlying internet
plumbing that takes the hit to serve up that page inappropriately.
The exact same page could be served by a browser plugin and the users
that responded to the surveys wouldn't have known the difference.
"And then basically what that says is that there's more functionality
than you get with a 404 so it's helpful for me."
Verisign is not incompetant, they know full-well their system doesn't
intercept 404 errors. Yet they happily quote users that cluelessly
thought Verisign was fixing the dreaded 404 for them.
"many thought before we launched the service that the presence of
wildcard in the DNS would somehow break the Internet. Well clearly
the evidence does not support that at all"
What exactly does "break" mean? Is my car "broken" if it sputters at
a stop light? If my cable "broken" if my favorite channel disappears?
Does my computer have to completely disintegrate into silicon dust
before I can declare it "broken"? In general usage, we use the
term "broken" to refer to things that aren't working the way we
expect them to. Often a new release of software is said to "break"
things the users previously liked, even though 99% of the application
is still functional, even enhanced. But if it is a vital item for the
user, he may choose to revert to the previous version despite any new
benefits, to avoid suffering the 1% loss.
In regard to research conducted into SiteFinder's impact on non-HTTP
protocols: " their findings was that the user experience would not
It's hard to know what a company means by "change dramatically" when
they are already known to misrepresent the work "break". In my view,
any change I make to a system used by others needs to leave their
experience unchanged altogether, or only with their consent. Even
an "un-dramatic" change would be unacceptable.
Rusty Lewis recognized Verisign was being accused of surveying users
in a way that would force them to give positive answers, so he
stepped in and said, "From our perspective, we did not conduct this
survey for purposes of convincing the SECSAC or ICANN or anybody
else, for that matter, that end users want to use this service. We're
a commercial company. We are interested in getting unbiased,
unfettered feedback from the marketplace so that we can design
services that meet commercial needs."
Realistically, why would they care who wanted to use the system and
who didn't? Like any company, their ultimate goal is to make money,
not friends. If making friends leads to making money, then they'll
make friends. But if capitalizing on a revenue-generating advertising
opportunity makes them both enemies and money, why would they care?
They wouldn't, and perhaps we could even say they shouldn't. The
fact, though, that they are lying about people's attitudes toward the
system (by framing the surveys to skew the results, proven by their
unwillingness to reveal the surveys themselves) shows that they are
not to be trusted.
Verisign: "One of the segments of the community that has not been
looked at in this whole issue, in my opinion, is the user community."
Users would like it if every time their ISP served them a web page,
they were required by law to send the user a dollar, too. But the
ISP's wouldn't care for it. They'd go out of business, then the user
would be sad. Verisign isn't looking out for the consumer or they
would take the same course that others have taken, they'd produce a
browser-plugin or other opt-in service that users could decide to use
or not. They'd compete in that market, like everybody else. Instead,
they've chosen to abuse their monopoly and then hide behind the end-
user whose best interests they supposedly have at heart.
Steve Crocker asked if there had been a change to the registry.
Verisign's response was "in the definition of registry operations
that you're using, the answer is no, there was no change to the
There's a reason people lie like this. Bill Clinton worked very hard
not to admit his affair with Monica. He lied, but used words that he
thought he could legally defend as being truthful, or at least not
lie-ful. But this isn't a legal game and we shouldn't spring Verisign
on a technicality. They're lying. Give them this, and they will
certainly do worse in the future. They have to be stopped now.
Verisign said, "I'm totally confused about how what we've been
talking about the last few minutes has to do with security and
Verisign's own presentation was primarily usability surveys that
arguably had nothing to do with security and stability. Again, lies.
Not legal lies, but lies.
" we've heard a lot of anecdotal data"
Verisign uses this term often. It seems to be a way for them to
dismiss what people are saying. If I play my radio too loudly, I
could blow off any complaints as anecdotal, instead saying that my
own surveys showed that people prefered my music over dead silence.
Unless the complaintants had some decibel numbers they wanted to bat
around, or perhaps a multi-thousand dollar survey of their own they
wanted to put forth, I could just dimiss them out of hand.
" we've bent over backwards to not adversely impact the stability or
security of the Internet"
If I'm ever accused of a crime, I want Rusty Lewis to be my lawyer.
" Ben Turner: the way we do the web bug is compliant with the
standards that exist. It is a typical implementation for this type of
There are standards for "bugging" users? Steve's comment echoes mine:
Steve Crocker: I'm speechless.
We mock the news, so you don't have to!
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com