Latest news of the domain name industry

Recent Posts

ICANN confirms domain privacy is for all

Kevin Murphy, January 22, 2016, 11:28:10 (UTC), Domain Policy

Commercial entities will not be excluded from buying domain privacy services, ICANN’s GNSO Council has confirmed.

The Council last night voted unanimously to approve a set of recommendations that would make it compulsory for privacy and proxy services to be accredited by ICANN for the first time.

The recommendations govern among other things how privacy services are expected to behave when they receive notices of trademark or copyright infringement.

But missing is a proposal that would have prevented the use of privacy for “transactional” web sites, something which caused a great deal of controversy last year.

The newly adopted recommendations clearly state that nobody is to be excluded from privacy on these grounds.

The Council voted to adopt the final, 93-page report of the Privacy and Proxy Services Accreditation Issues (pdf) working group, which states:

Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals. Further, P/P registrations should not be limited to private individuals who use their domains for non-commercial purposes.

The minority view that web sites that process financial transactions should not be able to use privacy came from intellectual property, anti-abuse and law enforcement community members.

However, opponents said it would infringe the privacy rights of home business owners, bloggers, political activists and others.

It could even lead to vicious “doxing”-related crimes, such as “swatting”, where idiots call in fake violent crime reports against rivals’ home addresses, some said.

It also turned out, as we revealed last November, that 55% of US presidential candidates operate transactional web sites that use privacy on their domains.

Two separate registrar initiatives, one backed by the Electronic Frontier Foundation, started letter-writing campaigns that resulted in over 20,000 comments being received on the the PPSAI’s initial report last July.

Those comments are acknowledged in the PPSAI final report that the GNSO Council just approved.

The adopted recommendations (which I’ll get into in a separate article) still have to be approved by the ICANN board of directors and have to undergo an implementation process that puts the rather broad policies into concrete processes and procedures.

Tagged: , , , , ,

Comments (6)

  1. FIX IT, ICANN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! says:

    This is not enough.

    I WANT TO TRANSFER OUT A DOMAIN WITHOUT HAVING TO REMOVE THE PRIVACY. THIS IS AN INCREDIBLE VIOLATION OF THE RIGHTS OF ANY CITIZEN, ENTREPRENEUR, ACTIVIST, ETC.

    YEARS AND YEARS OF PRIVACY thrown away just because you need to transfer a domain?!?!? F**K YOU, ICANNERS!!!

    And of course in the moment you are forced to remove the privacy all the other problems will come…(possible threats, competitors who will be able to easily follow your steps, etc.).

    You at ICANN know perfectly that there are also dozens and even more websites now out there that will promptly store all registrant’s data when he removes the privacy. Even if he will add immediately the privacy at the new registrar, everyone will be able to find very easily all his data.

    F**K ICANN!

    F I X I T !!!!!!!!!!!!!!!!!!!!!!!!!!!!

    • Rubens Kuhl says:

      How do you suggest the mechanisms of the inter-registrar transfer policy that deal with authorizations to work in this case ? Note that EPP code works fine when everything is OK, but when there are disputes or unauthorized transactions, there has to be some fall-back options.

      I’m not saying there is no solution to that; on the contrary, it’s quite possible there is a path forward. But it needs to be addressed also considering the needs of those who suffer domain hijacking.

  2. Ivan says:

    I don’t know, I am not an Icann member…
    Some thoughts:

    1) Escrow services MUST TAKE POSSES OF ANY DOMAIN when they act as intermediary, always. The 60 days period SHOULD NOT APPLY TO THEM.

    2) Domains stolen? Registrars or companies offering the privacy service will release official data if requested by the legitimate registrant (the old registrant in case of a dispute) or by an official authority.

    3) About the transfer process you can use many solutions, as I said I am not an Icann technician an I am not paid so much money as they are and still I am giving suggestions for free…Threaths, competitors following your steps, etc.are serious problems: do the steps that have to be done to avois that problems because those are the priorities.
    Furthermore, releasing registrant’s data can cost much much money to a domainer of course: let say a multibillion company wants your domain and it knows everything about you, maybe it knows you are completely broke…

    4) Cut all the issues and FOLLOW EURID’s METHOD. PERIOD. Their system works PERFECTLY and is absolutely the best among all the TLDs. I never ever received spam from my data visible at their whois, you are not forced to pay for the privacy, you can take the authcode by yourself whenever you want, you can force a transfer if a registrar is using tricks and you always can transfer a domain keeping the privacy in place and in less then 30 seconds.

    About how to manage privacy to avoid spam, use TUCOWS’ method (captcha in the middle…: spammers will be forced to bypass it… Impossible).

    Combine all the best practices and for sure you will find a new better method to manage everything and respect registrant’s privacy rights. Why, for instance, not giving to the registrant a chance to manage “by himself” the transfer? I mean: we know an email has to be sent when you transfer a domain, and that is a problem in case the admin email in under privacy. In case of the best privacy, the above mentioned Tucows method (used also by other registrars) the procedure can not be automatic, but the new registrar could offer a way to send the email by yourself, to send the email to the email address under privacy by solving the captcha. Of course this procedure will be done by another person if you are transferring the doamin to another person and not just to another registrar.

    After more then 20 years since when domaining became “popular” it’s time to manage everything seriously.

    Maybe someone at Namepros, for instance, could open a new thread about how to transfer doamins withiut removing the privacy, if Icann and all the technicians involved really need tips…(I doubt…).

    • Rubens Kuhl says:

      ICANN policy development is volunteer and unpaid, done by the community not by staff, so not being paid is not an excuse…
      … if escrow services could get exemption, everybody would become an escrow service themselves. For that not to happen escrow services would have to become so regulated that costs would go higher and innovation would vanish.

      Although I wasn’t part of the PPSAI WG, my recollection of the discussions from afar was that most of what you mentioned was already discussed… but since transfer policy is frequent being discussed, we might have an opportunity then to address the interaction between privacy/proxy and transfers.

      But if this is of great concern to you, I strongly suggest joining such a workgroup if/when it’s formed and make yourself heard. Having this issue unaddressed is possibly a consequence of letting other people advance their agendas while you waited for someone to act on this.

  3. Ivan says:

    “… if escrow services could get exemption, everybody would become an escrow service themselves. For that not to happen escrow services would have to become so regulated that costs would go higher and innovation would vanish.”

    maybe the 60 days rule could not apply only to REGULATED ESCROW SERVICES. I don’t see real issues for fair competition, the world is full of this type of “discriminations”, where regulated operator benefit a different tratment respect to not regulated operator….

    “But if this is of great concern to you, I strongly suggest joining such a workgroup if/when it’s formed and make yourself heard. Having this issue unaddressed is possibly a consequence of letting other people advance their agendas while you waited for someone to act on this.”

    Thank you for this suggestion, I hope someone in this industry (bloggers? the recently created domainer association?..) will do this battle too, since they will be in a much better position than me, I don’t even know Icann’s procedures, etc.

    Anyway, I also hope the registrars will do even better, offering the simplest solution even tomorrow, if they want. A couple of times in the past I was able to transfer my domains to different registrars without removing the privacy, but that was possible just because the new registrars kindly sent the transfer emails to the domain admin email addresses manually, bypassing TUCOWS’ privacy system. They will not do this manual procedure all the times, at least not for the same price of a standard domain transfer, so I think the registrars could simply offer the option to send manually the transfer email to the domain admin email address. This is all you need to transfer a domain without removing the privacy. They could also start tomorrow giving this option, maybe they can increase their standard transfer fees by 2 or 3 dollars to cover the expenses for the email message they must send manually. This is a really simple way to solve the problem of transferring domains without removing the privacy. If they don’t want to offer this option it means there are other undisclosed reasons….

  4. Edward says:

    It is worth noting that some Registries do NOT allow whois privacy or proxy services at all.

    “It also turned out, as we revealed last November, that 55% of US presidential candidates operate transactional web sites that use privacy on their domains”

    For example, in the political space .vote and .voto do not allow whois privacy.

Add Your Comment