Your spreading of your new program finally hit the DNS servers that I use on my EarthLink DSL. And at first blush it had all the appearances of browser hi-jacking.
So no matter how you paint it, you may not be technically "browser hi-jacking" but you accomplished the same thing.
Your blog claims you are doing this to enhance user experience. That's BS and you know it. The real motivation is ad/click revenue.
This feature is no different than when someone hacks a DNS server and repoints a domain.
The only acceptable course of action for EarthLink is to disable this "service" and issue an apology to users.