back to article Orange broadband trials error hijacking

Orange broadband is trialling taking advantage of address bar spelling mistakes and server errors to serve sponsored search results and contextual ads to its customers. An Orange spokesman said the move had been made "in order to deliver a better experience to our customers". The changes, which customers have not been informed …


This topic is closed for new posts.
  1. Jason Croghan


    My god, they really don't wany anyone to be able to contact them do they haha!

  2. Paul

    Are Orange using stealth proxy then?

    For Orange to be able to do this, surely all the web traffic from there broadband users must be directed through a proxy server. or at least monitored for the content.

    how else could they know if someone had misspelt a web address?

  3. Paul Fleetwood

    I highly recommend not using the DNS provided by Orange

    in the bad old days when I used to be a sufferer of freeserve/ dontwanadoo before they became orange, I discovered that using OpenDNS rather than the one provided by the ISP improved page loading speeds, and didn't let me down as often as theirs did.

    It also has nice phishing features for those who can't help but click on stupid links in emails.

  4. John

    Re: Are Orange using stealth proxy then?

    Paul: No proxying or monitoring of traffic is necessary for this to work; they're breaking Internet protocols at a lower level than that. Like VeriSign (who started this crap), and then EarthLink after them, what they're doing is mangling your DNS service.

    Here's a quick "Breaking DNS For Fun And Profit 101" to make sure everyone's up to speed on this issue (and yes, for those of you who have already passed "DNS 824", this is the super executive summary version, yes I know about root servers and recursion but come on, it's a comment post):

    1) Your machine has the hostname of the machine it wants to contact, which as far as finding your destination on the Internet goes, is useless except in the sense that it will lead you to an IP address.

    2) To get this IP address, your machine goes to the "authoritative DNS server" for the controlling domain that corresponds to the hostname...this DNS server gives your machine the IP address that corresponds to the hostname. If you have an invalid hostname, instead of the IP address you'll get an informative error message explaining (to the best of the DNS server's ability, anyway) what the problem is.

    3) Profit! Now that we have our IP address, we can route packets. Or, we have an error, and we can debug.

    Now, here's where VeriSign, EarthLink, and now Orange come in. If you have a valid hostname, nothing changes in the process. However, if not (say you typed in ""), then step 2 becomes this:

    2) To get this IP address, your machine goes to the "authoritative DNS server" for the controlling domain that corresponds to the hostname...this DNS server gives your machine the IP address that corresponds to the hostname. If you have an invalid hostname, instead of an informative error message, you'll get a completely different IP address corresponding to a machine under Orange's control...returned as a completely valid DNS reply, so your machine has no way to differentiate the "redirection" from a legitimate reply.

    To equate this to the phone system; say you're at work, and you want to get someone else's phone number. You call your receptionist and tell him whose number you want, then hang up and wait for a callback (the receptionist is your ISP, in this case Orange). Your receptionist calls the phone company information number (the authoritative DNS) and asks for the number. He passes the number along unchanged if he gets one back, but if the phone company info number says "we don't know that person", then when he calls you back to tell you the number, he gives you the phone number of the sales line of a direct marketing firm he owns...without telling you it's not actually the number you asked for.

    I'm with Paul Fleetwood; OpenDNS is the way to go. I switched to them years ago and have never looked back. Orange customers can try filling out the form if they want, but it won't do any good unless the note you send says "...and that's why I'm leaving" (in which case it may have some effect, but still won't prevent the inevitable). The percentage of ISP customers who understand this issue well enough to know why it's a terrible idea is much too small to overcome the pressure from the marketing department to implement this; remember, this isn't about "delivering a better service", this is about "making money from click-through advertising". Your odds of success are zero because marketing will convince the decision-makers at the company that the revenue generated will offset any possible losses by tech-savvy users jumping ship.

  5. Chris

    Orange tech support claim they aren't doing this

    I contacted Orange tech support when I first noticed this on 15th March and they told me to email them. I emailed them on 19th March and haven't had a response yet (1 month later).

    Today I called. The guy, Melchious, and his supervisor both claimed that Orange are not doing this.

    How can they be "gauging customer reaction" if they haven't told their support staff about it?

  6. peter

    everyone should tunnel

    I am with NTL and they run transparent proxies that mess up one or two sites all the time.

    Running everything DNS, VOIP, Email, Web through a SSH tunnel to a remote proxy means they can't proxy it to save bandwidth, because the stream of data is encapsulated.

    I have a constant tiny stream of compressed data going back and forth, fully secure and protected from Voip bans or port blocking, but comparitively massive bandwidth for movie downloads I levae up to them because the faster the better and I don't care what they do with it.

    Also I can use any wireless connection i can find (legally of course) and it doesn't matter how monitors or sniffs it, of course a man in the middle ssh attack would work but they may as well just sit behind me for a simpler attack.

  7. Nicholas Wright

    Broadband usage...

    ... and so intead of a 2kb webpage saying web page does not exist, you're treated to a website of Orange's choosing which is almost guarenteed to be > 2kb in size and which will affect your download quota.

    I don't know if they do this on WAP/GPRS, but two bad DNS names could then easily lead to £1 on your bill.

  8. Chris

    Orange's solution

    I have been speaking to even more people at Orange customer relations about this.

    Yesterday I was told: "If you want to see page cannot be displayed, when you mistype a URL you should unplug your network cable".

    Today I was actually told by the first CSR I have got through to that actually understands it - that they have put the new feature on the following two DNS servers:

    And if I don't like the new features I can use the follwing:

    The problem is that the livebox doesn't seem to let you configure which DNS it uses, so you have to put the settings in each machine you use on your network (and remove them from any laptop when you go to another network).

    The email I am waiting (and have been for 32 days) for a response from went as follows:


    Thank you for your response.

    It is a change that you have put in to the service in the past few days and is against the DNS standards that define how DNS should be used. This idea was tried by EarthLink in the USA and you only have to do a simple Google search to see how their customers reacted to it and how EarthLink have backed down from forcing it on all their customers. It was also tried by versign on a much larger scale and faced an even bigger backlash from web users the world over - and also resulted in them being taken to court by ICANN the people responsible for names and numbers (i.e. dns lookups)

    I noticed that you assert there are not privacy issues. I assert that there are and they are as follows:

    * With the correct implementation of a DNS server the only information that can be collected for incorrect addresses is the server hostname. You are now able to and actually collecting and using the full URL

    * If someone attempts to connect to a private server (eg a corporate server) which is not accessible from the internet but is accessible through a vpn then if they have not got their vpn connected you are able to capture the full URL they were trying to access rather than just the server name

    * You are collecting a "participant id" swell as the failed URL

    There are also other issues:

    * An incorrectly typed URL can no longer be corrected by simply modifying the typo - it has to be completely re-written

    * The page is badly written so it is not supported by Internet Explorer on mobile devices. I use the wifi connection on my Orange phone to connect to my Orange broadband. If I were to mistype a URL I now get a silly orange advert page with a popup dialog box saying the page has more than 10 frames and is not supported in pocket internet explorer. Obviously, this was not an issue before you started redirecting all the traffic

    * The IE address bar keeps a list of recently typed addresses, the incorrect addresses are kept in it because of the DNS response saying that address exists

    * Some software relies on the error response from DNS queries such as third party spam filtering tools that want to check that a return email address has a valid dns record

    * Other (non internet browser) traffic stalls (eg telnet, pop3, imap4, ssh, https) because the DNS server directs the traffic to your barefruit server which simply ignores it. If the DNS server respond with the "domain name does not exist" error the software could easily deal with this rather than waiting for a timeout

    * Increased web traffic - loading your error page takes many KB of data instead of a few bytes of data to say domain name does not exist - this increases the chance of your customers going over their capped allowance

    * You have not told your tech support people so they don't understand that this is happening

    Finally you are just plain not providing a DNS server as prescribed in the internet standards therefore you are not providing an internet service.

    If you are not happy to remove the service completely just yet then may I suggest you take a leaf out of EarthLink's book and provide a 'traditional' dns server that provides standard responses in addition to your newly modified ones.

    I look forward to your reply,


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022