"It's a trap! Reported phishing or malware site" : who?

[Guest]

Unfortunately for Sonic I AM a lawyer,

Liar.

and what they have allowed to happen is 100% actionable.

Wrong. Please read your T&Cs. Financial loss is not actionable if the loss occurred incidental to a lawful and reasonable action done to limit harm to a third party. Reasonable security measures are specifically permitted under the Sonic T&Cs and the filtering of DNS results is certainly reasonable given the prevalence of phishing and attack sites. Good luck with your legal action, though. Let me know how that goes for you.

[mkld]

Come on, people, grow up!

Sonic does so many things right, and you're "angry" over this?

Why don't you switch to AT&T, Comcast, or any of the other "choices" you think you may have, and see if they offer you any alternative to any of their "security" policies? They'll tell you "F-U" with faux politeness.

Further, if you're truly concerned about privacy & censorship, run a VPN. The VPN will provide you with their own DNS.

Thank you to the Sonic staff for providing the best IT service I've ever experienced!

[bear]

Well, I won't be bothered by this again for now. I set up my own DNSSEC using bind9.

What really really makes me angry is that the mousetrap page didn't even say what it was.

Never mind branding concerns or whose name to put on it. The crucial information that it needed to contain was a one-liner that said clearly, "The DNS request for this site was diverted by your ISP because..." and THEN go on about it being possibly phishing or malware.

If I had known that it was DNS blocking rather than stringing along trying to figure out what misconfigured plugin I needed to get rid of, I would have set up my own DNS months ago.

But I couldn't even have imagined that Sonic would be blocking DNS requests, because I trusted them. Now, I guess I don't any more, and that's kind of sad.

I'm sticking with Sonic, because, yes, it does more things right than anybody else I could go to. But the crucial issue here is that I had trusted them. This feels like losing a friend. AT&T was *NEVER* my friend; I never felt anything but incompetence and arrogance from them. They literally could not disappoint me. But Sonic. Sonic has been the ISP that I thought I could trust.

[dane]

I have been a Sonic.net customer for twenty years. But this is a complete betrayal of trust. This is not filtering, this is censorship. You guys never asked my permission or got my consent to do this. You never even admitted to me that you were doing it until I ****ing tracked the attack down MYSELF, and called you on it! And now with your crippled "opt-out" offer you're making DNSSEC unavailable to me unless I allow random internet trolls and scammers to censor the sites I'm allowed to read by reporting them as malware sites?

What the hell, dudes? Who are you and what have you done to the honorable people I used to deal with?

Hi there Bear, I am sorry we've left you feeling this way.

We work hard every day to deliver a reliable service and to protect our customers from a broad array of threats. We block millions of emails every day in our SpamAssassin service. We reject thousands of telemarketing spam calls to Fusion customers. And the firewalls deployed in every Sonic customer router and at our edge block tens of millions of direct attacks on our customer IPs every day. Finally, we DNS block phishing destinations and virus distribution sources, which present a threat to our customers, their privacy, their banking and other login credentials.

This DNS blocking is similar and complimentary to the blocking done today by most browsers, including both Chrome and Internet explorer.

But based upon the feedback here, we have now made changes to the "It's a trap!" page to make clearer WHO is doing the blocking. This is somewhat challenging because the Sonic infrastructure is utilized by about seventy ISPs, each of whom must support their customers, but we have now updated the page to make clear that the blocking is done for and by the ISP, and that the end-user can contact the ISP for opt-out information.

Additionally, based upon the input that the opt-out servers are inferior because they do not include DNSSEC, we will be enabling DNSSEC on that array early next week. Note that this may result in some challenges when a remote site makes a configuration error, which is why those servers didn't include DNSSEC, but we'll have to work around those issues as they occur concurrently on both platforms.

Finally, I'd like to acknowledge that the commercial blacklist service that we use for DNS filtering is not perfect. Like our anti-spam efforts, sometimes a target is wrongly listed and blocked. It happens to email (which ends up in Graymail), and to websites (which end up at the "It's a trap" page.) In both cases members can act to engage manual intervention and whitelisting. But, we will be looking at statistics for reported bad listing over the past few months to more closely analyse the scope of that issue and the quality of the blacklist, and we'll have more data to report on that next week.

I hope these changes and my response assists in your understanding of the position we are in: It is an arms race between spammers and those who seek to abuse and compromise our customers, and we work hard to deliver the best protection that we can to all of our customers.

[mkld]

Dane, I forwarded an email from the Privacy Mailing List to support@sonic.net. I asked them to forward it to you and admin staff for your attention. Some people continue to be pretty upset about this issue. It's request number 2872235.

If you don't receive it, let me know.

[bear]

I'm just saying, opting out (using sonic's non-DNSSEC servers, or setting up your own) is easy once you know what the damn problem is.

The time and effort I wasted eliminating possibilities and fooling with configuration options on a bunch of crap which wasn't the problem, and finally in tracing down what was an apparent MITM attack, was time I spent getting madder and madder at whoever was doing it. That was the big damn emotional lever that made me really angry when I finally realized that the "attack" was being perpetrated by the very same people I'd been relying on to protect me from it.

If the mousetrap page had just led off with the information that yes, DNS was being diverted, and no, it wasn't being diverted by some cracker somewhere specifically as an attack implying that the cracker had subverted security or compromised my system or Sonic's, and if hadn't wasted my time tracking down the attack, I wouldn't have been nearly as angry.

If the mousetrap page had just said, "DNS is being diverted by the ISP", I wouldn't have been in nearly such a horrible emotional space when I finally tracked it down. I'd have been disappointed, sure, and I'd have set up my own DNS - but I wouldn't have been nearly as angry because I wouldn't have spent hours becoming madder and madder at the supposed cracker as I tracked down the attack.

[bear]

We work hard every day to deliver a reliable service and to protect our customers from a broad array of threats. We block millions of emails every day in our SpamAssassin service. We reject thousands of telemarketing spam calls to Fusion customers. And the firewalls deployed in every Sonic customer router and at our edge block tens of millions of direct attacks on our customer IPs every day. Finally, we DNS block phishing destinations and virus distribution sources, which present a threat to our customers, their privacy, their banking and other login credentials.

No, Dane, it isn't the same thing at all. When something gets caught in SpamAssassin, it's treated as filtering.

1. In-channel notification. I get a daily "here's what we're blocking" mail.
2. Identification. The in-channel notification comes from Sonic.
3. click-through. If something is blocked by mistake, I can get it from graymail.

I am grateful for your spamfiltering; you guys do an awesome job of it.

If your DNS block was implemented as filtering rather than censorship -- ie, if it met the same three tests -- I would be grateful for that as well. It would be a genuine value-add and I'd be glad to have it.

But it isn't. It appears to be exactly the kind of attack it is warning about, in fact; a web form that you're asked to fill out by a completely unknown party, which will then go off and deliver your email address and whatever else it's pulling out of your browser using whatever horrible browser exploit someone has come up with, to a completely unknown agency that will then use it to spam you or try to crack your logins elsewhere.

The mousetrap page made me believe that there was an attacker who had subverted your DNSSEC servers and was now trying to subvert my desktop machine. You can understand a bit of rage on my part at such a person? You can imagine rage building for hours as I tracked the attack down?

[bear]

Damn, I shouldn't even have gone and looked....

The bitcoin I *COULD* have bought if DNS had not been blocked while that buy wall was in progress, is up 20% in 6 days.

That's the other thing that makes it hard not to rage.

[arminius]

I finally found this message thread via Google.
Sonic.net customer service and the scary looking response box on the mousetrap site did not respond to my emails, although I did get a canned response from Sonic and the site I wanted to look at did get unblocked.

Plenty of others have complained already (and gotten sanctimonious responses) but you've made me angry enough to complain even more.

First of all, the blocking seems to rely on anonymous vigilantes "reporting" a site. Perhaps some of the blocked sites really are bad, but certainly in the case of the site I tried to visit, the reporter must have been malicious or playing a prank and you guys just decided to block the site without checking anything yourselves.

There is no excuse for making the mousetrap page so vague and anonymous. It is just a way to avoid responsibility.

There is also no excuse for being so vague about how your customers can "opt out" of this censorship, it is simply disrespectful to your paying customers to not mention changing DNS servers right there on the mousetrap page.

Shame on you, Sonic.net. You are just as evil as any phisher or spammer. You have power over what your customers get to see and you have chosen to abuse this power while being sloppy about it and hiding your identity.

[mkld]

Shame on you, Sonic.net. You are just as evil as any phisher or spammer.

Hyperbole much?