This is a long post but it’s worth the read. In short, Google and Dell have teamed up to install some software on Dell computers that borders on being spyware. I say spyware because it’s hard to figure out what it is and is even harder to remove. It also breaks all kinds of OpenDNS functionality. At the end, I’ll tell you what we’re doing about it.

About a year ago Google and Dell announced a partnership to include the Google Toolbar on new Dell computers. At the same time, Google was trying to convince the Department of Justice that changing the default search engine in the (then) new IE7 was too difficult (when in reality it’s really simple). Installing the toolbar meant that users would have Google as their default search engine in IE7. It also meant that Dell and Google would share some of the revenue from the advertising clicks that resulted from these installations, much like The Mozilla Foundation does with its Firefox browser.

The computer hardware business has razor-thin margins which means making a profit is tough. So the opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it’s huge. It also means a couple other things:

Dell and Google have an incentive to make it very hard for users to turn this off. Because users can’t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page.

They’re now doing both of these things.

The screenshot below shows what the Dell-branded Google search results page looks like when you make a typo in your address bar. You can’t even see the search results in the picture (800×600 resolution) because the entire top of the page and right side are plastered with ads.

This page isn’t being shown to Dell owners just because they have the Google Toolbar. In fact, uninstalling the Google Toolbar won’t get rid of it. Dell and Google are now installing a second program on computers that intercepts all sorts of queries that the browser would normally try to resolve. This program has no clear name and is very hard to uninstall. In some circles, people would call this spyware.

Google tries to explain the hidden software with this ambiguous statement:

Wow. Are you kidding me? In order for a user to get rid of this brokenness the person has to remove a piece of software called “Browser Address Error Redirector?” That barely makes sense to techies and it makes no sense to normal people. Would your Mom uninstall something with a name like that? I don’t think so.

Not only that, but due to some support inquiries we’ve gotten it seems like this software is being installed on older Dell computers that use some sort of automatic update service from Dell. Is this thing spreading? Ugh. How bad is it?

Let’s see what happens with certain queries and what shows up above the fold. For good measure, I’ve included what we do too, for comparison.

Typed Dell/Google OpenDNS Digg.xom Paid results Automatically typo-corrected Digg Paid results Shortcut / Search results Digg,com Paid results Search results

As an aside, for every single one of these pages, OpenDNS provides an unpaid link at the top of the page asking, “Did you mean Digg.com?” If Google and Dell were really trying to give users a good experience, they would offer that, at the very least. They are certainly smart enough.

Is Google being true to their roots?

I love Google’s technology, don’t get me wrong. But I think Google has turned a page here. They have now enabled a piece of software that is hard to remove and forces users to look at a really bad page. In fact, Google knows that this provides users with a dramatically worse experience.

Here’s a press release that talks about what people look at while using Google. (You can be sure Google uses similar technology internally.) Here’s a screenshot, with a red-line indicating what is below the fold.

The Dell-branded page doesn’t look anything like that at all. If you were to put a heatmap on the Dell-branded page… well, users can only look at ads. Dell and Google’s behavior here isn’t okay. Users never asked for this experience and they can’t get rid of it!

Moreover, this new “functionality” breaks things. Instead of making DNS requests, the address bar now sends single word queries to Google. This application breaks a lot of OpenDNS functionality our users love. Typo correction? Broken. Shortcuts? Broken. Google’s application breaks just about every user-benefiting feature we provide with client software that no user ever asked for.

We enjoy challenging problems at OpenDNS. But we’d rather spend our time making the Internet better rather than solving problems that shouldn’t have been created in the first place. We know that Google is capable of launching great products and services, but this isn’t one of them.

How is OpenDNS solving this problem?

Fortunately, we have a fix which does not require more client software. OpenDNS applies intelligence to the network, and we’ve stretched a bit beyond DNS itself to work around Google’s mis-directed efforts. Before I get into that, let me digress for a second:

Many of you have toolbars installed on your computer. Some of you have the Google toolbar, some have the Yahoo toolbar, and some of you have Zwinky (Don’t ask… I think little kids use it). These toolbars are able to see every single website you visit when you surf the web. Most report your surfing habits back to the company that operates the toolbar. Toolbars are something worthy to be concerned about, if only because so little attention is paid to them.

Okay, back to our solution. We did not want to enter the toolbar market. We don’t have any interest in it, and we don’t believe more software installations are the answer.

The solution to this problem was to route Google requests through a machine we run to check if the request is a typo or one of your shortcuts. If it is a typo or shortcut then we do what we always do, just fix the typo or launch your shortcut and send you off on your way. If it’s not one of those two things, we pass it on to Google for them to give you search results. This solution provides the best of both worlds: OpenDNS users get back the features that they love and Google continues to operate without problems.

I want people to know (and be sure) that we aren’t doing anything shady. We’re not spying on you. We don’t care what websites you visit. (Check our privacy policy.) Solving the issue like this allows us to fix the problems with Google (and future similar services) without having to route all your traffic through a toolbar or other service.

Below, there is a mini-FAQ.

Update: Danny Sullivan has a great write-up on this too.

Mini-FAQ

Will this make Google slower?

No. We are doing this URL redirection on all of our servers in all of our locations. Loading Google should take no longer than it took before we made this change. Also, all of Google’s other domains like like gmail.com and even subdomains like reader.google.com still work as they did before. We don’t re-route any of those.

Are you tracking or keeping a log of my searches?

No way. Absolutely not. We don’t keep copies of your cookies, your search history or anything else that would cause an AOL Search disaster. Any logs we have for technical debugging are wiped within an hour of the request, usually much sooner. We also aren’t in a position to log it for the government, and we aren’t a front for the CIA. “The Feds” already know that if they want to know what websites you visit they can just talk to your ISP, unfortunately.

Does this break anything?

Nope, but let us know if you see anything awry.

What about secure logins to Google? Can you see them?

No. Typically when people try to proxy SSL pages it creates an error. We didn’t want that to happen so we did something we think is pretty clever. We actually just forward your packets on to Google when you are doing anything that is secure. This keeps your data encrypted and ensures we can’t perform a Man in the middle attack on you.

Does Google know about this?

We contacted a couple of friends who work on the security side of things at Google to give them a friendly heads up. They said it’s not a technical or security problem on their end. Based on that we don’t think Google has any problem with it. The technology we’re using is pretty standard stuff.