More than half of the remaining US presidential candidates could have risked losing their official campaign web sites under proposed Whois privacy rules.
Today I carried out Whois queries on all 18 candidates to discover that 10, or over 55%, use a Whois privacy service.
Of the three remaining Democrat candidates, only Bernie Sanders uses privacy. Martin O’Malley and Hillary Clinton do not.
Here’s a table of the Republican candidates and their chosen privacy services. N/A means their campaigns are using what appears to be genuine contact information.
The results are interesting because rules under discussion at ICANN earlier this year — which are apparently still on the table in other international fora — would have banned the use of privacy services for commercial web sites that allow financial transactions.
All 18 candidates — even Trump — solicit donations on their campaign sites, and many sell T-shirts, bumper stickers and such.
Back in May, a minority of ICANN’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) were in favor of banning privacy for such registrants.
The rationale was that criminals, such as those selling counterfeit drugs, should not be allowed to mask their Whois details.
Judging by a working group report at the ICANN meeting in Dublin last month, the proposed new rules have been killed off by the PPSAI after a deluge of comments — around 22,000 — that were solicited by registrars and civil rights groups.
However, according to the Electronic Frontier Foundation, at the exact same time as the PPSAI was revealing its change of heart, the US government was pushing for virtually identical policy at a meeting of the OECD, the Organization for Economic Cooperation and Development.
The EFF says the proposed OECD Recommendation “would require domain name registration information to be made publicly available for websites that are promoting or engaged in commercial transactions with consumers.”
It’s remarkable that the US government is apparently pushing for rules that are being violated by most of its own hopeful commanders-in-chief as part of the democratic process.
Clearly, fake pharmacies are not the only class of crook to find value in privacy.
A company with a track record of misleading conference attendees into booking hotels with higher fees appears to be targeting NamesCon.
This morning I received a phone call from somebody claiming to be from NamesCon, but he pronounced it “Name Escon”.
I asked him what company he worked for, and he continued to insist he worked for “Name Escon”.
So I indulged him for a while, and it turned out he was trying to book me into a Las Vegas hotel for the duration of the January 10-13 trade show.
He offered me a rate at the Tropicana of $99 per night, including breakfast. That’s actually not a bad rate — about $20 less than what Expedia is currently asking.
I kept him on the phone until he sent an email to an address he had on file for me (the one from DI’s About page, which I don’t use to sign up for anything).
It arrived immediately, from Exhibitors Housing Services (ehshousing.com), which appears to be a Los Angeles company, with a link to housing-portal.com.
The link led to a credit card authorization form, pre-tailored to my details and the rate offered, which included some terms and conditions I didn’t like the look of.
A simple web search revealed that the company is widely believed to be Bad News.
The same outfit appears to regularly target annual conferences using the exhibitor lists published on earlier conference web sites. Contact information appears to be taken from the exhibitor’s own site.
According to the likes of Affiliate Summit and The Physiological Society, and the Society of Trust and Estate Practitioners and the Agricultural & Applied Economics Association these guys may charge up-front processing fees and/or have a very unfavorable cancellation policy.
In fact, just Googling for “Exhibitors Housing Services” will return pretty much nothing but scam warnings from various conference organizers.
One chap even posted a YouTube video explaining what he thinks the scam is.
I’m pretty certain the company has nothing to do with NamesCon.
Welcome to my world, ICANN.
The organization on Friday opened its blog to commenters for the first time in years, allowing any registered user of the ICANN site to submit comments on its posts.
The switch appears to be retroactive on all previous posts on the platform.
The post announcing the move was immediately commented on by habitual, single-issue commenter Graham Schreiber, a name familiar to anyone who regularly reads the comments sections of industry blogs.
He’s the guy who unsuccessfully sued ICANN — for some reason — back in 2012 and has continued his tirade against the organization in social media ever since.
Trolling aside, it’s a good move by ICANN, something it should have done a long time ago.
While ICANN obviously accepts comments on pretty much everything it does, the usual format of emailed PDFs perhaps lacks some of the brevity, openness and immediacy of a two-way blog.
European domain registrars say they are facing increased costs of doing business due to a recent court ruling on privacy protection.
As a result, US data escrow giant Iron Mountain is likely to lose a lot of its ICANN business, as EU registrars defect to local alternatives such as UK-based NCC Group.
The ruling in question deals with the so-called “safe harbor” principles, under which European companies were able to transfer customers’ private data to US companies as long as the recipient promised to abide by EU privacy protection rules.
However, former spy Edward Snowden’s revelations of widespread privacy violations by the US government seemed to show that many US tech giants were complicit in handing over such data to US spooks.
And now the European Court of Justice has ruled the safe habor principles invalid.
This affects registrars because, under their ICANN contracts, they have to escrow registrant data on a weekly basis. That’s to prevent registrants losing their domains when registrars go out of business or turn out to be crooks.
While registrars have a choice of escrow agents, pretty much all of them use Iron Mountain, because ICANN subsidizes the service down to $0.
However, with the ECJ ruling, Euro-registrars have told ICANN that it would now be “illegal” to continue to use Iron Mountain.
In a recent letter (pdf) to ICANN, about 20 EU-based registrars said that non-European registrars would get a competitive advantage unless ICANN does something about it.
They want ICANN to start subsidizing one or more EU-based escrow agents, enabling them to switch without adding to costs.
the service fees of those [alternative] providers are not being supported by ICANN. Thus, the only solution for EU based registrars to comply with their local laws is to support this extra cost.
We are sure, you will agree this clearly constitutes an unfair disadvantage to a given category of a registrars.
This is why we ask ICANN to offer the same terms as it currently does to Iron Mountain to other RDE [Registrar Data Escrow] providers established in the European Economical Area to ensure a level playing field for registrars globally.
According to the registrars, they have until January to switch, so ICANN may have to move quickly to avoid unrest.
New gTLD registry XYZ.com has said it will not preemptively censor domain names based on the wishes of the Chinese government.
Over the last couple of days, CEO Daniel Negari has sought to “clarify” its plans to block and suspend domain names based on Chinese government requests.
It follows XYZ’s Registry Services Evaluation Request for a gateway service in the country, first reported by DI and subsequently picked up by the Electronic Frontier Foundation, a Wall Street Journal columnist, Fortune magazine and others.
The clarifications offered up by XYZ probably did more to confuse matters.
A blog post on Wednesday said that XYZ will not reserve any .xyz domain names from being registered, except those ICANN makes all new gTLD registries reserve.
Subsequent comments from Negari stated that XYZ will, as the RSEP stated, prevent names that have been banned in China from being registered.
However, there’s one significant difference.
Now, the registry is saying that it will only put those bans in place for domain names that have been specifically banned by the Chinese government when the name had already been registered by a Chinese registrant.
So, if I understand correctly, it would not preemptively ban anyone anywhere from registering [banned term].xyz.
However, if [banned term].xyz was registered to a Chinese resident and the Chinese government told the registry to suspend it, it would be suspended and nobody would be able to re-register it anywhere in the world.
Negari said in a blog comment yesterday:
if we receive a Chinese legal order tomorrow (before the gateway has launched) which requires disabling a domain name registered in China and properly under Chinese jurisdiction, then it will be disabled at the registry level, and not by the gateway. When the gateway launches the name will continue to be unavailable, and the gateway will not implement the action on a localized basis only in China. The normal registry system would continue to be the only system used to resolve the name globally. Again — the specific stability concern ICANN had was that we would use the Chinese gateway to make .xyz names resolve differently, depending on what country you are in. I completely agree that our [RSEP] re-draft to address that concern came out in a way that can be read in a way that we sincerely did not intend.
So there is a list of preemptively banned .xyz, .college, .rent, .security and .protection domains, compiled by XYZ from individual Chinese government requests targeting names registered to Chinese registrants.
Negari said in an email to DI yesterday:
To clarify the statement “XYZ will reserve domains,” we meant that XYZ will takedown domains in order to comply with “applicable law.” Unfortunately, the inaccuracies in your post caused people to believe that we were allowing the Chinese government to control what names could be registered or how they could be used by people outside of China. The idea that XYZ is going to impose Chinese law and prevent people outside of China from registering certain domain names is simply incorrect and not true. To be 100% clear, there is no “banned list.”
That was the first time anyone connected with XYZ had complained about the October 12 post, other than since-deleted tweets that corrected the size of the list from 40,000 domains to 12,000.
The RSEP (pdf) that causes all this kerfuffle has not been amended. It still says:
XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.
This fairly unambiguous statement is what XYZ says was “misinterpreted” by DI (and everyone else who read it).
However, it’s not just a couple of sentences taken out of context. The context also suggests preemptive banning of domains.
The very next sentence states:
When the Gateway is initially implemented we will not run into a problem whereby a Chinese registrant has already registered a name prohibited for registration by the Chinese government because Chinese registrars are already enforcing a prohibition on the registration of names that are in violation of Chinese law.
This states that Chinese residents are already being preemptively banned, by Chinese registrars, from registering domains deemed illegal in China.
The next few paragraphs of the RSEP deal with post-registration scenarios of domains being banned, clearly delineated from the paragraph dealing with pre-registration scenarios.
In his blog post, Negari said the RSEP “addressed the proactive abuse mitigation we will take to shut down phishing, pharming, malware, and other abuse in China”.
I can’t believe this is true. The consequence would be that if China sent XYZ a take-down notice about a malware or phishing site registered to a non-Chinese registrant, XYZ would simply ignore it.
Regardless, the takeaway today is that XYZ is now saying that it will not ban a domain before it has been registered, unless that domain has previously been registered by a Chinese resident and subsequently specifically banned by the Chinese government.
The registry says this is no different to how it would treat take-down notices issued by, for example, a US court. It’s part of its contractual obligation to abide by “applicable law”, it says.
Whether this is a policy U-turn or a case of an erroneous RSEP being submitted… frankly I don’t want to get into that debate.
Disclosure: during the course of researching this story, I registered .xyz domains matching (as far as this monoglot can tell) the Chinese words for “democracy”, “human rights”, “porn” and possibly “Tiananmen Square”. I have no idea if they have value and have no plans to develop them into web sites.