Latest news of the domain name industry

Recent Posts

Neustar to keep .us for another decade

Neustar has secured a renewal of its contract to run the United States’ ccTLD until up to 2029.

The company and the National Telecommunications and Information Administration announced the new contract last week.

The initial term of the deal runs until August 2021, but there are four two-year renewal options after that.

Neustar has been running .us since 2001. It doesn’t pay NTIA for the privilege, nor does the NTIA pay Neustar.

There are currently around two million registered .us domain names. The TLD appears to be still growing, but not especially fast.

Comment Tagged: , , ,

MMX to pay $5.1 million to get out of terrible .london deal

Minds + Machines will pay its partner on .london roughly $5.1 million in order to put the catastrophic deal to bed for good.

That’s a reduction from the $7.9 million liability it had previously estimated.

The company said last week that it will pay an unspecified partner the $5.1 million “as full and final settlement for any further liability or contractual spend” after renegotiating the contract.

In April, MMX said that the deal had cost it $13.7 million since the outset.

While MMX has never publicly fingered the contract in question, which has been a pair of concrete boots for years, its deal with .london’s London & Partners is the only one that fits the bill.

The registry secured L&P, the marketing arm of the London Mayor’s office, as a client during the mayoral reign of Boris Johnson, the man set to be anointed the UK’s next prime minister this week.

It agreed to make millions of dollars in guaranteed payments over the duration of the contract, because it expected to sell a shedload of .london domains.

That never happened. The gTLD peaked at 86,000 names in March 2018 and was down to 54,000 a year later, evidently a fraction of what MMX had planned for.

The renegotiated deal — I believe at least the second time the deal has been amended — is “in principle” for now, with formal approval expected soon.

In its trading statement last week, MMX also said that the first half of the year ended with a 19% increase in regs, ending June at about 1.82 million.

It said it has “stabilised” declining billings in its acquired ICM Registry portfolio of porn-themed TLDs at $2.8 million, and that it has a “clear pathway” to growth from the four zones.

It’s hoping “further new initiatives” — likely a reference to a new trademark-blocking service — will help out in the current half.

MMX also said that it’s spending $1 million of its cash reserves on a stock buyback.

Comment Tagged: , , , , , ,

ZADNA boss canned for “misconduct”

The CEO of South African ccTLD manager ZADNA has been fired after a “misconduct” investigation lasting over half a year.

Vika Mpisane had been suspended from the role since early December, according to local reports, with Peter Madavhu taking his place.

Madavhu will continue as acting CEO until further notice, ZADNA told its members last week. A July 17 letter from chair Motlatjo Ralefatane, seen by DI, said:

Members would recall that Mr Vika Mpisane was on suspension pending the disciplinary hearing, which has been concluded.

Stemming from those disciplinary actions, Mr Vika Mpisane’s employment as the Chief Executive Officer of ZADNA has been terminated with effect from 16 July 2019.

The specifics of Mpisane’s alleged wrongdoings are not known. The fact that he had been suspended was not even public knowledge until MyBroadband scooped the story in May.

It has previously been reported that he was suspended for “for serious hybrid acts of misconduct including mismanagement of ZADNA funds”.

A disciplinary process that kicked off in January has reportedly been delayed multiple times, during which time Mpisane continued to draw a salary.

Comment Tagged: , ,

ICANN’s new conferencing software has a webcam security bug

Kevin Murphy, July 10, 2019, Domain Tech

ICANN can’t catch a break when it comes to remote participation security, it seems.

Having just recently made the community-wide switch away from Adobe Connect to Zoom, partly for security reasons, now Zoom has been hit by what many consider to be a critical zero-day vulnerability.

Zoom (which, irrelevantly, uses a .us domain) pushed out an emergency patch for the vulnerability yesterday, which would have allowed malicious web sites to automatically turn on visitors’ webcams without their consent.

Only users of the installable Mac client were affected.

According to security researcher Jonathan Leitschuh, who discovered the problem, Zoom’s Mac client was installing a web server on users’ machines in order to bypass an Apple security feature that requires a confirmatory click before the webcam turns on.

This meant a web site owner could trick a user into a Zoom session, with their camera turned on by default, without their knowledge or consent.

If you’re in the habit of keeping your webcam lens uncovered, that’s potentially a big privacy problem, especially if you do most of your remote coverage of ICANN meetings from the toilet.

It appears that Leitschuh, who reported the problem to Zoom three months ago, took issue with what he saw as the company’s ambivalent attitude to fixing it in a timely fashion.

When he finally blogged about it on Monday, after giving Zoom a 90-day “responsible disclosure” period to issue a patch, the problem still hadn’t been fully resolved, he wrote.

But, following media coverage, Zoom’s new patch apparently removes the covert web server completely. This removes the vulnerability but means Apple users will have to click a confirmation button before joining Zoom meetings in future.

Zoom is used now for all of ICANN’s remote participation, from sessions of its public meetings to discussions of its policy-making working groups.

I really like it. It feels a lot less clunky than Adobe, and it’s got some nifty extra features such as the ability to skip around in recordings based on an often-hilarious machine-transcription sidebar, which makes my life much easier.

One of the reasons ICANN made the switch was due to a bug found in Adobe Connect last year that could have been used to steal confidential information from closed meetings.

ICANN actually turned off Adobe Rooms for remote participants halfway through its public meeting in Puerto Rico due to the bug.

The switch to Zoom was hoped to save ICANN $100,000 a year.

Comment Tagged: , , , ,

ICANN explains how .org pricing decision was made

ICANN has responded to questions about how its decision to lift price caps on .org, along with .biz and .info, was made.

The buck stops with CEO Göran Marby, it seems, according to an ICANN statement, sent to DI last night.

ICANN confirmed that was no formal vote of the board of directors, though there were two “consultations” between staff and board and the board did not object to the staff’s plans.

The removal of price caps on .org — which had been limited to a 10% increase per year — proved controversial.

ICANN approved the changes to Public Interest Registry’s contract despite receiving over opposing messages from 3,200 people and organizations during its open public comment period.

Given that the board of directors had not voted, it was not at all clear how the decision to disregard these comments had been made and by whom.

The Internet Commerce Association, which coordinated much of the response to the comment period, has since written to ICANN to ask for clarity on this and other points.

ICANN’s response to DI may shed a little light.

ICANN staff first briefed the board about the RA changes at its retreat in Los Angeles from January 25 to 28 this year, according to the statement.

That briefing covered the reasons ICANN thinks it is desirable to migrate legacy gTLD Registry Agreements to the 2012-round’s base RA, which has no pricing controls.

The base RA “provides additional safeguards and security and stability requirements compared to legacy agreements” and “creates efficiencies for ICANN org in administration and compliance enforcement”, ICANN said.

Migrating old gTLDs to the standardized new contract complies with ICANN’s bylaws commitment “to introduce and promote competition in the registration of domain names and, where feasible and appropriate, depend upon market mechanisms to promote and sustain a competitive environment in the DNS market”, ICANN said.

They also contain provisions forcing the registry to give advance notice of price changes and to give registrants the chance to lock-in prices for 10 years by renewing during the notice period, the board was told.

After the January briefing, Marby made the call to continue negotiations. The statement says:

After consultation with the Board at the Los Angeles workshop, and with the Board’s support, the CEO decided to continue the plan to complete the renewal negotiations utilizing the Base RA. The Board has delegated the authority to sign contracts to the CEO or his designee.

A second board briefing took place after the public comment periods, at the board’s workshop in Marrakech last month.

The board was presented with ICANN’s staff summary of the public comments (pdf), along with other briefing documents, then Marby made the call to move forward with signing.

Following the discussion with the Board in Marrakech, and consistent with the Board’s support, the CEO made the decision for ICANN org to continue with renewal agreements as proposed, using the Base gTLD Registry Agreement.

Both LA and Marrakech briefings “were closed sessions and are not minuted”, ICANN said.

But it appears that the board of directors, while not voting, had at least two opportunities to object to the new contracts but chose not to stand in staff’s way.

At the root of the decision appears to be ICANN Org’s unswerving, doctrinal mission to make its life easier and stay out of price regulation to the greatest extent possible.

Reasonable people can disagree, I think, on whether this is a worthy goal. I’m on the fence.

But it does beg the question: what’s going to happen to .com?

4 Comments Tagged: , , , , , , , , ,