Failure to live up to promised quality of service is one obvious "evil" to be added to the article.
ISP does not even have to be "deliberately" evil to underinvest in their network and oversell their capacity. Measure your latencies and actual bandwidth throughput and often you might smell a rat. This is not even necessarily by malicious intent, the infrastructure of ISPs could be sufficiently complex that some subtle mis-configuration somewhere in the upstream router could kill your performance for certain operations.
ISPs act as Internet gatekeepers and have enormous power over its clients/users. With this great power should come great responsibility.
What if I offered you an ISP that did these things (NX redirecting, clickstream tracking, ad swapping, affiliate redirection) but made it explicit with a 20% reduction in your monthly bill? 30%? 50%?
Most people don't care about these things - it's evil because it is done by stealth.
It baffles me that Seattle and the PNW in general are such hubs for technologically-oriented people, yet really good Internet access isn't available. There's pockets of it (CondoInternet.net, for example) but nothing widespread. I had five choices for Internet service (and five for television, though these didn't fully overlap) in my previous state, but only two for anything above 768kbps now. Is the market up here really happy with Comcast, CenturyLink, and Frontier doesn't-really-want-to-sell-FiOS?
Silicon Valley is much the same way. I finally gave up waiting a couple years ago and now pay Comcast a bunch of money for an overpriced but functional 50/10 business connection to my house. It's pretty pathetic.
Actually, putting an affiliate link into a sensible "I'm feeling lucky"-style address bar doesn't sound that bad to me. They did provide a useful service after all. Better than the spammy, crap search engine pages ISPs usually provide.
As for the correct thing being to return NXDOMAIN, browsers could have started providing helpful error pages for NXDOMAIN, perhaps with searches, years ago. They didn't, so ISPs provided a useful service, which happens to conflict with a 13 year old RFC.
Certainly though, the big evil is handing over customer data without fighting or even so much as a warrant.
The problem is that, in order for this to work, your computer doesn't get an NXDOMAIN, it gets a "valid" domain with IP address. It does this for any DNS query, not just web browser queries. As for "happening to conflict with a 13 year old RFC", imagine if ISPs decided to interpret RFC 793 any way they liked. "We're not intercepting traffic your honor. We're just interpreting RFC 793 in our own way."
For most internet users, web browser queries are the only hand-crafted DNS queries they make (except I suppose for their ISP mail servers but they are a set-up once thing), so there is relatively little wrong with breaking all their DNS queries to missing domains.
You're right about the RFCs and I think I made my point badly: I'm not saying ISPs should interpret them any way they like, I'm saying that they deal with a commercial reality and real end-users who just want things to work, and that sometimes the best is the enemy of the good.
In reality, a technically incorrect DNS server can easily work better (help them get their stuff done) for a naive user than a conforming one. Believing anything else is just geek self-delusion.
The right way to solve this is to improve browsers so that NXDOMAIN causes them to show a search page—which is exactly what they have started doing, so hopefully ISPs will stop doing this in future.
"commercial reality" appears to be "if we can make money from this then lets do it, and RFCs be damned". If we accept that ISPs can interpret RFCs any way they chose, then I propose a new interpretation of RFC 793 (TCP).
Specifically, whereas formerly the TCP protocol was a request for a connection between two computers, I am now going to interpret the four byte destination address as follows:
"Customer provides this information to us for use as we see fit. We may, if we so choose, route the packets to this address, or we may choose to route it somewhere else, including our own servers, or to a Value Added provider of our choice."
After all, consumers don't know about TCP do they? So its quite alright to define TCP as whatever the fuck we want, and therefore do, entirely legally, whatever we want with that "communication". Right? There's relatively little wrong with that right? I'm sure Google does a better job of search than your little start-up, so its in the customers best interest.
Same for all telephony traffic too. If we want to route it via the local gestapo we don't need a wiretap warrant for that: we just interpret RFC 3261 (Session Initiation Protocol) our own way. After all, who says these bytes arriving at our router have any meaning at all?
That RFC wasn't 13 years old when ISPs started not returning NXDOMAIN when they should, and the age of an RFC has nothing to do with how not following it breaks other things.
The author of the "Five Levels" article is the CEO of Sonic.