How Protect IP will get you hacked

Kevin Murphy, July 14, 2011, Domain Policy

The collection of DNS experts opposing the Protect IP Act today held a press conference to outline exactly why the proposed US piracy protection legislation is dangerous.

Protect IP, currently making its may through Congress, would force ISPs to intercept and redirect domain name look-ups for proscribed piracy sites.

It’s the latest in a series of attempts by the IP lobby to push through legislation aimed at curbing the widespread bootlegging of digital content such as music and movies.

But ICANN chair Steve Crocker, DNS uber-hacker Dan Kaminsky, David Dagon of Georgia Tech, VeriSign’s Danny McPherson and BIND supremo Paul Vixie all think the Act will have unintended and dangerous consequences.

They published a white paper explaining their concerns in May, which I wrote about here, and today ramped up the campaign by talking to reporters in Washington, DC.

Here’s the problem as they see it:

Today, the vast majority of internet users take the default DNS service from their ISP. Usually, the servers are configured automatically when you’re installing the ISP’s software.

Many users are also aware of alternative DNS providers such as Google and OpenDNS. Whatever you think of these services, you can be pretty confident they’re not out to steal your identity.

What Crocker et al are worried about is that content pirates will set up services similar to OpenDNS in order to enable users to visit domains that are blocked by Protect IP in their country.

Users can configure such a service in just 30 seconds, with a single click, the experts said. If they want access to the latest movies and music, they may do so without considering the consequences.

But if you sign up to use a DNS server provided by a bunch of movie pirates, you don’t necessarily have the same reassurances you have with OpenDNS or Google.

You’re basically signing up to pass all your domain name look-up data to proven rogues, what Kaminsky referred to during the press conference as “unambiguously bad guys”.

These bad guys may well direct you to the correct server for the Pirate Bay, but they may also hand you over to a spoof web site when you try to visit your bank.

You’ll think you’re looking at your bank’s site, and your computer will think it got a genuine IP address in response to its DNS query, but you’re really handing your login credentials to a crook.

DNS blocking already takes place with respect to content such as child pornography, of course, but it has not to date created a huge reaction with millions of users taking their DNS overseas.

“The scale of the reaction is what we fear,” Kaminsky said. Vixie added: “To the extent that the content is extremely popular the bypass mechanisms will also be popular.”

The measures proposed by Protect IP would also break DNSSEC, but that’s still pretty much pie-in-the-sky stuff, so the press conference did not spend much time focusing on that.

1 Comment Tagged: , ,

Last chance to tell ICANN how to plug new gTLDs

“How Do We Raise Global Awareness of New gTLDs?”

ICANN asked that question a month ago and tomorrow is your last chance to respond to the public comment period it set up to gather suggestions.

So far, the number of responses is in the single figures.

I quite like Danny Younger’s suggestion: “It might be wise for a communications plan to include a warning to the general public about misleading ‘pre-registration’ schemes.”

A press release containing such a warning would almost certainly gather headlines – hacks love a bit of conflict – but it could also risk making the new gTLD process look a bit slapdash.

Easily the most laughable suggestion filed with ICANN so far comes from 4U Systems:

I would like to offer the use of .4U.com in your campaign. For example, New-gTLDs.4U.com, Domains.4U.com,Internet-Innovations.4U.com, new-domains.4U.com, Internet-expansions.4U.com, ICANN-applications.4U.com, TLD-launch.4U.com, ICANN-facts.4U.com, podcasts.4U.com, social-media.4U.com…the possibilities are limitless… the avenues to the information, countless. Therefore, we would like to talk further about how we may assist in the gTLD campaign with 4U.

Has any reader ever encountered a more fundamentally badly judged or desperation-smacking piece of business development outreach?

1 Comment Tagged: , ,

Ambitious .app project seeks funding

A community initiative to apply to ICANN for the .app top-level domain is looking for expert assistance and, more importantly, financial backers.

The .app Project sprung up in late June, after ICANN approved the new gTLD program. It hopes to raise a total of $535,000 to support the application, via memberships and sponsorship.

It appears to have been launched and is being coordinated by Matthew Baxter-Reynolds, director of a British mobile software consultancy called AMX Software.

The project’s site, at dotappapp.com, says:

Our aim is to keep the .app gTLD open and accessible such that it becomes an entity that properly support the app software development community, particularly in areas of intellectual property protection.

To raise money for the $185,000 ICANN fee, it’s selling memberships for between $25 and $100, which include a number of “free” .app domains if the application is approved.

It hopes to later raise an additional $350,000 for the technical infrastructure through sponsorship and investment.

I say the project is “ambitious” because I fully expect .app to be a contested TLD with multiple serious bidders that may well wind up duking it out at auction.

The iPhone platform alone already has over 400,000 third-party apps in the Apple App Store, so .app is a string that could potentially be a modest commercial success.

Comment Tagged: , , , ,

Anti-.jobs coalition keeps up pressure on ICANN

The .JOBS Charter Compliance Coalition, which wants ICANN to rein in .jobs registry Employ Media, has sent a couple of stern letters to ICANN recently.

Neither are especially exciting, but as ICANN has yet to publish them on its correspondence page I thought I’d make them available here.

The first (pdf), sent July 5, demands to know why ICANN has not yet provided an update to its forthcoming arbitration with Employ Media, which was due a few weeks ago.

ICANN and the registry are set to face off at the International Chamber of Commerce over the disputed Universe.jobs service, which ICANN believes was launched in breach of the .jobs Charter.

My understanding is that the arbitration is going ahead, but that ICANN has been granted an extension to the deadline to file its reply.

The second letter (pdf) notes that .jobs’ IANA listing was recently updated with language more friendly to Employ Media’s position that not only human resources managers qualify for .jobs domains.

It asks why this change was made, invoking the Documentary Information Disclosure Policy.

The Coalition is made up of independent jobs site operators unhappy that Employ Media appears to be using its position as the .jobs registry to compete with them.

Comment Tagged: , , ,

Sedo launches domain pricing index

Kevin Murphy, July 13, 2011, Domain Sales

Sedo has launched Internet Domain Name Index, a research project that shows long-term domain pricing trends and compares the data to larger economic trends.

Using January 2006 prices as a baseline, the IDNX index will be updated monthly showing how much, relatively, domains are selling for on the secondary market.

Currently, domains are valued at 183% of January 2006 prices, for example.

The index uses something called a “hedonic repeat sales methodology” to come up with its numbers. No, I don’t know what that means either.

However the numbers are arrived at, the conclusions are quite interesting, showing that domain prices rise and fall in lockstep with the financial markets.

In this graph, the green line is the IDNX number and the blue one represents the value of the Nasdaq 100.

Sedo Domain Index

“The strong correlation shows that domain name buyers and sellers make economically motivated price decisions,” researcher Thies Lindenthal concludes. “Domain markets are not a cloud-cuckoo-land where dreamers trade esoteric goods at imaginary prices.”

Sedo expects domainers to use the index to adjust their portfolios’ changing values over time.

Comment Tagged: , ,