Hacker News new | past | comments | ask | show | jobs | submit login

Verisign has nobody but themselves to blame, for "inventing" this with its SiteFinder fiasco in 2003.



Right! Around 2010, when this feature was implemented in Chrome, hijacking was a business model that was discussed in regular meetings. I recall one hijacker trying to sell themselves to the company that was 'complaining' about the hijacks.

"Buy us out and we'll stop, and you can use the tech on your customers?!?"

One of the boldest business proposals I've been party to. After a few deep breaths and some laughter, the offer was not taken. But that wasn't a one-off event. Spent a lot of time in early 2010's directly trying to protect customers from this stuff. Still do, but it's getting much harder with TLS-everywhere, HSTS, DOH, and many other things. Not impossible though, we can never let up on the pressure to keep the ROI too low for hijacking. The various network operators and ISPs that let these companies put racks in their data-centers to inspect user traffic should be <<insert_your_own_horrible_idea_here>>.


oh wow, I remember that and how it broke so many scripts and processes. It's what some of these crappy ISP DNS servers do, except for the entire .com/.net TLDs around the planet.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: