• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Spotlight

Google turns the page… in a bad way.

Author avatar of David UlevitchDavid Ulevitch
Updated — October 15, 2020 • 6 minute read
View blog >

This is a long post but it’s worth the read. In short, Google and Dell have teamed up to install some software on Dell computers that borders on being spyware. I say spyware because it’s hard to figure out what it is and is even harder to remove. It also breaks all kinds of OpenDNS functionality. At the end, I’ll tell you what we’re doing about it.
About a year ago Google and Dell announced a partnership to include the Google Toolbar on new Dell computers. At the same time, Google was trying to convince the Department of Justice that changing the default search engine in the (then) new IE7 was too difficult (when in reality it’s really simple). Installing the toolbar meant that users would have Google as their default search engine in IE7. It also meant that Dell and Google would share some of the revenue from the advertising clicks that resulted from these installations, much like The Mozilla Foundation does with its Firefox browser.
The computer hardware business has razor-thin margins which means making a profit is tough. So the opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it’s huge. It also means a couple other things:

  1. Dell and Google have an incentive to make it very hard for users to turn this off.
  2. Because users can’t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page.

They’re now doing both of these things.

The screenshot below shows what the Dell-branded Google search results page looks like when you make a typo in your address bar. You can’t even see the search results in the picture (800×600 resolution) because the entire top of the page and right side are plastered with ads.

This page isn’t being shown to Dell owners just because they have the Google Toolbar. In fact, uninstalling the Google Toolbar won’t get rid of it. Dell and Google are now installing a second program on computers that intercepts all sorts of queries that the browser would normally try to resolve. This program has no clear name and is very hard to uninstall. In some circles, people would call this spyware.
Google tries to explain the hidden software with this ambiguous statement:

Wow. Are you kidding me? In order for a user to get rid of this brokenness the person has to remove a piece of software called “Browser Address Error Redirector?” That barely makes sense to techies and it makes no sense to normal people. Would your Mom uninstall something with a name like that? I don’t think so.
Not only that, but due to some support inquiries we’ve gotten it seems like this software is being installed on older Dell computers that use some sort of automatic update service from Dell. Is this thing spreading? Ugh. How bad is it?
Let’s see what happens with certain queries and what shows up above the fold. For good measure, I’ve included what we do too, for comparison.

Typed               Dell/Google             OpenDNS
Digg.xom            Paid results            Automatically typo-corrected
Digg                Paid results            Shortcut / Search results
Digg,com            Paid results            Search results

As an aside, for every single one of these pages, OpenDNS provides an unpaid link at the top of the page asking, “Did you mean Digg.com?” If Google and Dell were really trying to give users a good experience, they would offer that, at the very least. They are certainly smart enough.

Is Google being true to their roots?

I love Google’s technology, don’t get me wrong. But I think Google has turned a page here. They have now enabled a piece of software that is hard to remove and forces users to look at a really bad page. In fact, Google knows that this provides users with a dramatically worse experience.

Here’s a press release that talks about what people look at while using Google. (You can be sure Google uses similar technology internally.) Here’s a screenshot, with a red-line indicating what is below the fold.

The Dell-branded page doesn’t look anything like that at all. If you were to put a heatmap on the Dell-branded page… well, users can only look at ads. Dell and Google’s behavior here isn’t okay. Users never asked for this experience and they can’t get rid of it!
Moreover, this new “functionality” breaks things. Instead of making DNS requests, the address bar now sends single word queries to Google. This application breaks a lot of OpenDNS functionality our users love. Typo correction? Broken. Shortcuts? Broken. Google’s application breaks just about every user-benefiting feature we provide with client software that no user ever asked for.

We enjoy challenging problems at OpenDNS. But we’d rather spend our time making the Internet better rather than solving problems that shouldn’t have been created in the first place. We know that Google is capable of launching great products and services, but this isn’t one of them.

How is OpenDNS solving this problem?

Fortunately, we have a fix which does not require more client software. OpenDNS applies intelligence to the network, and we’ve stretched a bit beyond DNS itself to work around Google’s mis-directed efforts. Before I get into that, let me digress for a second:

Many of you have toolbars installed on your computer. Some of you have the Google toolbar, some have the Yahoo toolbar, and some of you have Zwinky (Don’t ask… I think little kids use it). These toolbars are able to see every single website you visit when you surf the web. Most report your surfing habits back to the company that operates the toolbar. Toolbars are something worthy to be concerned about, if only because so little attention is paid to them.

Okay, back to our solution. We did not want to enter the toolbar market. We don’t have any interest in it, and we don’t believe more software installations are the answer.
The solution to this problem was to route Google requests through a machine we run to check if the request is a typo or one of your shortcuts. If it is a typo or shortcut then we do what we always do, just fix the typo or launch your shortcut and send you off on your way. If it’s not one of those two things, we pass it on to Google for them to give you search results. This solution provides the best of both worlds: OpenDNS users get back the features that they love and Google continues to operate without problems.

I want people to know (and be sure) that we aren’t doing anything shady. We’re not spying on you. We don’t care what websites you visit. (Check our privacy policy.) Solving the issue like this allows us to fix the problems with Google (and future similar services) without having to route all your traffic through a toolbar or other service.
Below, there is a mini-FAQ.

Update: Danny Sullivan has a great write-up on this too.

Mini-FAQ

Will this make Google slower?

No. We are doing this URL redirection on all of our servers in all of our locations. Loading Google should take no longer than it took before we made this change. Also, all of Google’s other domains like like gmail.com and even subdomains like reader.google.com still work as they did before. We don’t re-route any of those.

Are you tracking or keeping a log of my searches?

No way. Absolutely not. We don’t keep copies of your cookies, your search history or anything else that would cause an AOL Search disaster. Any logs we have for technical debugging are wiped within an hour of the request, usually much sooner. We also aren’t in a position to log it for the government, and we aren’t a front for the CIA. “The Feds” already know that if they want to know what websites you visit they can just talk to your ISP, unfortunately.

Does this break anything?

Nope, but let us know if you see anything awry.

What about secure logins to Google? Can you see them?

No. Typically when people try to proxy SSL pages it creates an error. We didn’t want that to happen so we did something we think is pretty clever. We actually just forward your packets on to Google when you are doing anything that is secure. This keeps your data encrypted and ensures we can’t perform a Man in the middle attack on you.

Does Google know about this?

We contacted a couple of friends who work on the security side of things at Google to give them a friendly heads up. They said it’s not a technical or security problem on their end. Based on that we don’t think Google has any problem with it. The technology we’re using is pretty standard stuff.

Suggested Blogs

  • Hitachi’s SASE: How Umbrella & Duo Delivered Identity and Security December 13, 2022 2 minute read
  • Why Using DNS for Protection Should Be Your First Line of Defense September 1, 2022 2 minute read
  • New Security for a World Where Everyone and Everything Are Connecting August 30, 2022 3 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella