OpenDNS wants to watch the web for you

OpenDNS is a new start up that wants users to redirect web traffic through its DNS nameservers, where an unusually large cache and an aggregated list of sites deemed guilty of phishing will make our web surfing faster and safer. It’s free and as simple as changing your DNS address from your ISP and to OpenDNS, but a number of serious concerns about the service have already been raised.

The San Francisco company is headed by CEO David Ulevitch and former CNet head of product development and business operations John Roberts. It’s been funded by CNET founder Halsey Minor’s fund Minor Ventures. The revenue model is advertising on search pages offered when a misspelling or otherwise unrecognizable URL is entered by users. The company says it will offer additional services on top of its enhanced DNS service as well – suspicious users would probably like to know what those will be before engaging with OpenDNS.

The company has two primary selling points. The first is its phishing filter, a list of malicious sites aggregated by a number of different sources that are blocked when access is attempted through OpenDNS. The second is faster page loads due to the company’s strategically placed servers and large cache of domain names that can resolve DNS queries faster than other servers, which the company says must often send requests to multiple locations before queries are resolved.

OpenDNS also says that it is “smarter” because it will understand misspelled URLs, something I know that I rarely experience and am perfectly capable of taking care of myself. The fact that serving ads when misspellings occur is the company’s business model seems insane to me relative to the infrastructure investments they must have made.

The service has already come under heavy criticism from bloggers who allege that it takes too much control away from end users, that it’s susceptible to gaming by malicious parties and that its claim of superior speed is unrealistic. Some have also warned that centralizing DNS services would give too much power to one party. The company has responded by allowing users to turn off both the phishing blocks and the spelling correction – though the speed improvements would have to scale well and remain substantial if anyone is going to turn off most of the features but keep the service.

It also seems to me that if a web user is capable of changing their DNS settings then they ought to be capable enough to avoid phishing attempts.

One site this could be compared to is SiteAdvisor, which was acquired by McAfee. That service actively goes out and registers on web sites, downloads whatever the site offers, and tests it all for malware. That’s cool. SiteAdvisor appears to only add a mark next to search results for malicious websites, instead of blocking them from any point of entry like OpenDNS does, but the what’s actually going on behind the scenes is more intriguing to me. Perhaps the sources for OpenDNS’s lists of sites are doing something similar, but making DNS the point of engagement in the fight against malicious sites is a strategy that seems questionable.

I’m not sure that getting users to redirect their DNS queries through a centralized filter is something that could happen quickly enough to be relevant in the fast paced arms race against anti-social profiteers online. Perhaps the company is hoping that ISPs will outsource their DNS services to OpenDNS and offer customers a safer and faster online experience freed from the encumbrances of bad spelling.

OpenDNS must have already made substantial investments in its infrastructure, so perhaps there is some strategic vision that will emerge later. As things stand now, I can’t imagine that it’s going to work.

For a different point of view, see positive reviews by Chris Pirillo, Matt Mullenweg and Scott Beale.