

 Why does iTunes 10.7 try to contact the domain bogusapple.com? - wglb
https://discussions.apple.com/thread/4380270?tstart=0

======
VxJasonxV
Hi everyone.

I registered bogusapple.com after a buddy of mine posted a screenshot of
Little Snitch prompting iTunes' access to the domain. All credit for finding
this snafu goes to gentmatt, and my bank account for allowing me the ability
to frivolously buy a domain.

I don't believe that accessing this domain is built directly into the compiled
code of apps, since (in my opinion) it did not happen close enough to a
software update. I believe it is just some kind of a typo (bogus.apple.com?)
for something used as part of the web page views that comprise the iTunes and
the Mac App Store apps. I fully expect that this problem will quietly go away
once they deploy new versions.

I picked up the domain just to see if any particularly exciting web requests
were being made, and it's been fun to watch user agents, but as soon as
Twitter, news sites, and forums got wind of it, it's pretty much impossible
for me to discern any meaningful traffic anymore.

I suppose I could start filtering any requests with a referer, or ones not
coming from *.apple.com. We'll see.

It's been a fun 13 hours.

Any questions?

~~~
avar
Not a question but just a word of advice to be careful.

What you did could to a layperson be construed as intentionally exploiting a
bug in their software with the result that you're now intercepting requests
from unsuspecting customers of theirs, and getting data via your logs that in
some countries falls under privacy laws.

Depending on how big of an embarrassment this turns out to be for them and how
well funded their legal department is this might not turn out to be hassle-
free for you.

~~~
droithomme
Well, it's not his fault Apple is sending traffic to the web site he owns.

If it is true that there is anything illegal with owning that domain and
receiving traffic, then it is also true that a nefarious agent could
"mistakenly" send a bunch of requests containing "private information" to the
server of an enemy, then report the enemy's "illegal actions" to the
authorities.

~~~
thrownaway2424
Right. If there's anything illegal going on here, it's Apple using its
customers' computers to DDoS this guy's domain.

------
patio11
Sounds like "A cheap way to figure out if we're in a restricted DNS
environment like e.g. airport wifi pre-payment." The implementation is clearly
suboptimal, though - you want to control the canary domain.

~~~
bgrohman
Surely Apple wouldn't use a domain they don't control for this.

~~~
alanh
If you read the linked thread, it’s clear they did not, in fact, register or
otherwise control the domain.

~~~
bgrohman
Right. I should have been more clear in my statement. I meant that, since
Apple clearly doesn't control the domain, I find it hard to believe that they
would use it intentionally.

~~~
avar
I think you're being overly generous in ascribing the intentions of an entire
company on this.

Most likely the real reason behind this is that some programmer in their
employ who didn't know better hammered in "bogusapple.com" as the first thing
he could come up with, committed it since it worked for him, and now a lot of
people are trying to ascribe more complex intentions to Apple than that.

~~~
bgrohman
Could be. I don't know much about the internal development practices at Apple.
One has to assume they have strict development and testing guidelines, but
you're right - it is possible that some programmer hammered this in, and the
change slipped past the code review and testing phases.

------
ak217
They should be using example.net.

<http://en.wikipedia.org/wiki/Example.com>

~~~
brey
nope, example.com resolves just fine. apple's trying to test for non-
existence.

see .invalid - <http://en.wikipedia.org/wiki/.invalid>

~~~
mtrimpe
Yup; example.com is defined as not available for _email_ not as far as DNS is
concerned.

------
jschuur
Same reason iOS connects to <http://www.apple.com/library/test/success.html>
when you go on WiFi?

Of course, the question then is, why don't they just use that one?

~~~
TazeTSchnitzel
Microsoft does something similar: [http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%...](http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%29.aspx)

They request <http://www.msftncsi.com/ncsi.txt> and check the DNS of
msftncsi.com

~~~
its_so_on
#creative (see [1])

The Apple implementation is "logically the same" as the Microsoft
implementation, yet so much cleaner.

check for yourself. <http://www.apple.com/library/test/success.html> vs
<http://www.msftncsi.com/ncsi.txt>

i won't comment on the differences, which include the meaningless URL and
useless "ncsi" in the text, and the fact that it still looks like an error
rather than a successful test page.

The Apple page is absolutely minimal. Yet everything is in its place, and it
can't leave any developer confused for a millisecond, or make a typo, as it's
a human English word at a human, English URL.

Apple is Apple. Microsoft is a split millisecond of headache for a developer
who rechecks his spelling of "ncsi" and the whole meaning of the ncsi concept
three times to make sure his code is correct.

just like windows versus mac. yeah, it's logically the same. but one just
works, one requires a three-page document. [http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%...](http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%29.aspx)

\----

[1] This post is tagged as being creative (as opposed to rational). as a note,
about half of my posts speak to creativity and design and half speak to
rationality and logic. most people only do one or the other, so i can
understand why each group is confused by the other. this lets me build two
brands. just ignore the posts that don't apply to you.

~~~
TazeTSchnitzel
Microsoft uses a DNS query, even cleaner.

Now stop trolling.

~~~
jodrellblank
Not at all cleaner. Don't test DNS resolution if you want to know about HTTP
access, they are different and many networks or firewalls will allow DNS but
require a login for HTTP.

~~~
undantag
You really should test both, HTTP can't be trusted if DNS has been
compromised.

------
DigitalSea
Pretty sloppy on Apple's end if you ask me. Why check for a domain that you
don't actually own? Imagine if someone bought the domain and worked out how to
maliciously use it to their advantage? (I seriously doubt that's possible
though). What kind of info was being sent to this domain, was it just a
standard request to see if there is connectivity or was other information sent
that could be used to identify a user? Sounds sub-par just like how the Wifi
functionality does a request to:
<http://www.apple.com/library/test/success.html>

~~~
VxJasonxV
A lot of folks are suggesting it was a typo, and they intended to use
bogus.apple.com instead, which is very very likely.

I can tell you with 100% certainty that standard HTTP request information is
being sent to the domain. So, IPs for the connection, User Agents of the
software used to connect, and the request URL. That's pretty much it in a
nutshell.

I've seen a few iTunes UAs, both Windows and Mac, and since this news has made
the rounds, the signal to noise ratio just went wayyyyyy down. (Go figure.)

~~~
MichaelApproved
It's still a sloppy name: "Bogus" ? Why not something more descriptive and
less suspicious like netcheck.apple.com

------
VxJasonxV
It looks like this was never a connectivity test, but some sort of outright
statistics hostname error:
<https://discussions.apple.com/message/19852289#19852289>

And it looks like the issue's already been fixed too (two posts down).

------
bitcartel
This reminds me of the recent iOS 6 wifi connection problem, where a web page
on the Apple site was broken or removed accidentally, causing wifi to be
disabled. [http://arstechnica.com/apple/2012/09/wifi-connectivity-
under...](http://arstechnica.com/apple/2012/09/wifi-connectivity-under-
ios-6-temporarily-broken-by-server-proble/)

Now, it's the reverse situation. If iTunes and the App Store expect
bogusapple.com to not resolve, what happens when it does? Why did Apple not
own this domain?

~~~
VxJasonxV
I was very concerned that this could occur when I picked up the domain and
started allowed traffic to it to succeed, but I haven't seen the massive
social network outcry about problems... So I've put that concern to rest :).

As said elsewhere, I think the theory that they likely intended
'bogus.apple.com' is the best guess. Either way it was just a consideration
that some developer and/or their code reviewer(s) overlooked.

It happens.

------
mrng
Chrome, too, does three initial lookups on start up to see if ISPs intercept
requests that cannot be resolved. It compares the IP addresses of the pages
that are returned, and turns the infobox off if they are identical (as this
suggests an ISP is intercepting the look ups).

~~~
secure
It is worth pointing out that Chrome requests randomly generated nonsense,
while bogusapple.com is always the same.

~~~
mrng
Absolutely right - I forgot to mention that in my initial comment.

Chrome's behaviour makes much more sense than Apple's -- who hadn't even
secured the bogusapple.com domains for themselves (as Microsoft did with
Contoso, for example).

------
cyber
Oddly, I keep getting requests from people trying to buy my "DNS configured,
but no web site" domain I use for testing. (Right now DNSSIG is expired, and
if one examines the rest of the headers, it's obvious it was configured
expired.)

------
brey
if they want to test for domain non-existence, that's what the .invalid TLD is
good for.

<http://en.wikipedia.org/wiki/.invalid>

~~~
benjoffe
I wonder, do any routers, proxies or local internet exchanges filter requests
based on TLDs that don't exist in a dictionary of valid TLDs? I'm guessing at
least some do, which may give incorrect results.

------
pavlominus
Clearly a bug that got through QA. What a mess Apple is becoming.

~~~
VxJasonxV
All of this grief over what may amount to missing a single dot?
(bogus.apple.com)

STEVE JOBS IS ROLLING IN HIS GRAVE OVER THIS GOD AWFUL FAILURE ON TIM COOK'S
PART!

~~~
skeletonjelly
You jest, and we have the benefit of hindsight, but you can't use the "just a
single dot" defense when Apple themselves tout their attention to detail with
every product release (wasn't there something about their product design team
now working on a nano/micrometer scale?)

------
VonGuard
Is this a subtle way of DDoS'ing a site they don't like?

~~~
wilfra
No, the domain wasn't registered until this came to light today.

~~~
VxJasonxV
^ 100% correct.

------
VxJasonxV
It appears this was never for network discoverability, but stats instead, and
a bad hostname was simply filled in:

<https://discussions.apple.com/message/19852289#19852289>

Perhaps for testing purposes? "What happens when the stats server isn't
reachable?"

And then it got left that way, WHOOPS.

Long story short, this problem appears to have been resolved the same day it
started, since it did not require a software update to fix, they just updated
the web views for their store pages.

Is anyone still concretely still seeing the problem?

------
VxJasonxV
As best as we can tell, this issue started in the late evening Sunday,
registration occurred very early in the morning Monday, and was subsequently
resolved later in the day:

<https://discussions.apple.com/message/19852289#19852289>

And it appears it was never about DNS resolution / network discoverability.

------
tamersalama
After the domain was registered (and assuming no change in iTunes & App Store)
- I'm curious to know who owns the right to the domain. And possibility of
domain sale.

~~~
wilfra
Apple would have no problem taking this away if they filed a WIPO claim. He
clearly registered it in 'bad faith' (a legal term) and is willfully and
purposely violating their trademark. I suspect though all they would have to
do is ask and he'd hand it over - perhaps with a letter threatening legal
action if he didn't immediately comply.

~~~
pbhjpbhj
> _is willfully and purposely violating their trademark._ //

Go on.

He's not trading using the Apple Computers trademark nor is their any
confusion. There is nothing clear about his intention, there is no _mens rea_
nor _actus rea_ that can be established from the information in this thread
AFAICT.

Apple have no automatic right to everything bearing the name "Apple". They
have no more right to the bogusapple.com domain than they have a right to a
box of [fruit] apples from your local grocer.

Will they get the domain if they wish it? Are mega-corps in control of the law
in the USA?

WIPO - they've erred before and will do so again I feel; they appear to have a
presumption that the world belongs to corporations and don't have an interest
in protecting the rights of citizens. Not unlike some governments it seems.

~~~
wilfra
The Apple in this domain refers to the trademarked Apple. He doesn't even
attempt to hide that on the page, referring directly to the company himself.
That is where the proof for willful trademark infringement comes from. If he
had owned this domain for years and it was a blog about his favorite fruit,
then he'd have a strong case to keep it.

Given the way he's using it I doubt Apple would ever do anything more than ask
him for the domain. But if he were to do something like put up a porn site or
even run ads, they might be pissed off enough to sue him for the domain +
damages - and they'd likely win.

~~~
pbhjpbhj
Use of a company name is not trademark infringement - trademarks indicate the
origin of goods or services. Unless he's convincing anyone that what he's
presenting is a service from Apple Computers then he's not infringing their
trademark, wilfully or otherwise.

Moreover reading the page [as it was presented to me] shows he's clearly not
intending to infringe the mark with the content of the website either. IIRC he
makes it clear that he/the page doesn't have an association with Apple
Computers.

If he puts up a porn site it will be even more obvious that he's not selling
computers or consumer electronics. The actual ability to infringe Apple's
marks would decrease hugely. Big name corps get special additional protections
in some jurisdictions however that ignore things like the actualities of the
situation.

If they sue him they'd probably win regardless of the spirit of the particular
statutes that apply.

Do you think that these guys - <http://www.usapple.org/> \- are infringing
Apple's trademarks too?

~~~
wilfra
usapple.org is obviously not infringing.

Apple is a tricky word because it's also generic. It's easier to discuss this
when we're talking about an obvious trademark.

See: [http://www.zdnet.com/blog/facebook/facebook-
disputes-21-squa...](http://www.zdnet.com/blog/facebook/facebook-
disputes-21-squatter-domain-names/986)

Those domains and bogusapple.com, as it is used here, are identical - and they
are frequently lost by their owners whenever the people who own the trademarks
go after them.

As DannyBee alluded to, when those corporations go up against deep pocketed
squatters with good domain lawyers, they can sometimes be outsmarted and not
get the domains. But the vast majority of the time they are successful.

~~~
pbhjpbhj
> _they are frequently lost by their owners whenever the people who own the
> trademarks go after them_ //

People get scared by legal threats from massive corporations - that doesn't
mean that proper legal process requires [or should require] that such domains
are handed over.

~~~
wilfra
So if I own ggoogle.com you think I should be able to keep that domain and
serve ads on it and profit from all of that traffic that is trying to find
Google? Google should not be able to take that domain away from me?

That's an interesting viewpoint, but not one supported by the law.

~~~
pbhjpbhj
Ha-ha-ha.

Ggoogle is typo squatting. There's nothing inherently wrong with you using
that domain but serving ads or having a search engine there would be most
likely trademark infringements. If you had similar livery to Google then you'd
probably be 'passing off' (in the legal sense).

Personally I find nothing morally or legally wrong as long as you make it
clear that the origin of the domain content is not Google Inc. and that you
don't use the domain commercially (in the copyright law sense of commercial).

Perhaps you can explain how a non-commercial use of that domain harms Google
and indicate which laws prevent such a use.

Google wisely own ggoogle.

There are live examples of similar named sites: moogle, agoogle are domain-
squatted, foogle hosts a business, etc..

------
bking
They just needed a placeholder to send it to and I would assume they would
send it there to reduce any possible strain on their servers.

Why not send it there is the question on my mind.

~~~
corwinstephen
Because they have no control over the content on that site. The owner could
easily throw up some raunchy content, which would make for a weird experience
when it comes to discussions like this one.

~~~
reeses
Or, quite legitimately (I slay me), between RTM and pushing out the update,
someone could have registered the domain and used it for content, then see
their site hammered by irresponsible software publishers.

------
keikun17
a development/test code that got into the build?

