Domain Helper

On the topic of burying the web's complexity behind a "user friendly" interface:

If you are a Comcast user you may have noticed a change in your surfing: if you mistype a URL in the address bar at the top of your browser you are taken to a Comcast "search" page (powered by Yahoo!) that asks you if you want to try another search.

If you are a purist your head just exploded--the address bar is not a search engine nor should it be redirecting you to one!

Errors that lead to bogus search pages are the oldest trick in the web's rigged deck. Whether the search is functional doesn't matter--the "portal" page is essentially an ad.

Fortunately you can disable what Comcast calls its "Domain Helper": Log into your Comcast user account, go to

"My devices" / Domain Helper / status: ON

and turn the status to OFF. It takes 24 hours and a modem reboot before the change is effective.

You will feel less helpless and dependent on a big corporation to define your web experience and you might actually enjoy seeing what happens when you type "" or ""--just don't click any links on the non-Comcast search page you discover.

Other posts about this: 1 / 2 (opting out has gotten less complicated since this post but agreed that opt-out should be the default) / 3 ("typosquatting"- nice!) / 4

Update, Jan. 2012: Comcast has ceased using Domain Helper because it's incompatible with DNSSEC, which it just implemented. Their statement:

When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment -- now automatically protecting our customers...

Translation: (i) "We'll treat you like idiots until it's no longer in our interests to do so" and (ii) "I meant to do that."