Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
New gTLD filing deadline delayed again
It looks like new gTLD applicants are in for more delays after ICANN announced that it will not reopen its TLD Application System tomorrow as planned.
In a statement tonight, chief operating officer Akram Atallah said that the recently discovered data leakage vulnerability has been fixed, but the fix is still being tested.
We believe that we have fixed the glitch, and we are testing it to make sure.
ICANN is committed to reopening the application system as soon as we can confirm that the problem has been resolved and we have had proper time for testing.
We also want to inform all applicants, before we reopen, whether they have been affected by the glitch. We are still gathering information so we can do that.
Accordingly, the application system will not reopen tomorrow.
ICANN shut down TAS last Thursday, just 12 hours before the new gTLD application filing deadline, after discovering a persistent bug that allowed some applicants to see the names of files uploaded by other applicants.
It had planned to open TAS again tomorrow and close it on Friday. However, that’s looking increasingly unlikely.
Atallah said that ICANN “will provide an update on the timing of the reopening no later than Friday, 20 April at 23.59 UTC.”
While ICANN said yesterday that it was still targeting April 30 for its Big Reveal event, subject to change, that’s now looking like an ambitious goal.
ICANN will alert gTLD security bug victims
ICANN plans to inform each new top-level domain applicant whether they were affected by the security vulnerability in its TLD Application System, according to its latest update.
The organization has also confirmed that it is still targeting April 30 for the Big Reveal day, when it publishes (deliberately) the gTLDs being applied for and the names of the applicants.
This morning’s TAS status update, penned by chief operating officer Akram Atallah, does not add much that we did not already know about the data leakage bug. It states:
An intensive review has produced no evidence that any data beyond the file names and user names could be accessed by other users.
We are currently reviewing the data to confirm which applicants were affected. As soon as the data is confirmed, we will inform all applicants whether they were affected.
ICANN staff and outside consultants have been working all weekend to figure out what went wrong, who it affected, and how it can be fixed.
The organization still intends to announce tonight whether it has fixed the problem to the point where it’s happy to reopen TAS to registered users tomorrow. It’s also sticking to is Friday extended submission deadline.
MyTLD has spare TAS accounts for new gTLDs
The new gTLD consultancy MyTLD has some ICANN TLD Application System slots going begging.
If for some reason you need to file a gTLD application and you haven’t already registered in TAS, this is what MyTLD says it is now offering:
(i) gTLD application writing and submission (ii) TAS account for the gTLD application (iii) Newly formed company corresponding to the TAS account
The company is marketing it as a bundled service.
MyTLD is most closely associated with the most prominent .music application. It’s run by Music.us owner Constantine Roussos and former ICANN internationalized domain name expert Tina Dam.
The offer is fleshed out a bit more on MyTLD’s blog.
I hear the company was shopping these TAS slots around privately prior to April 12 too, so I don’t think that it is an effort to capitalize on the security-related delays ICANN is currently experiencing.
However, one has to ask why the offer is only being publicized after the original official deadline for new gTLD applications has already passed.
TAS is expected to re-open for business on Tuesday, and close on Friday.
ICANN reopens defensive registration debate
ICANN’s board of directors wants more policy work done on the problem of defensive domain name registrations.
In a resolution passed at a meeting on Tuesday, the board’s newly created New gTLD Program Committee, made up exclusively of non-conflicted directors, said it:
directs staff to provide a briefing paper on the topic of defensive registrations at the second level and requests the GNSO to consider whether additional work on defensive registrations at the second level should be undertaken
The decision was made following the debate about “defensive” gTLD applications ICANN opened up in February, prompted by a letter from US Department of Commerce assistant secretary Larry Strickling.
That in turn followed the two Congressional hearings in December, lobbied for and won by the Association of National Advertisers and its Coalition for Responsible Internet Domain Oversight.
So this week’s decision is a pretty big win for the intellectual property lobby. It’s managed to keep the issue of stronger second-level trademark protection in new gTLDs alive despite ICANN essentially putting it to bed when it approved the new gTLD program last June.
The GNSO could of course decide that no further work needs to be done, so the champagne corks should probably stay in place for the time being.
At the same meeting on Tuesday, the ICANN board committee voted to disregard the GNSO Council’s recent decision to grand extra protections to the International Olympic Committee, Red Cross and Red Crescent movements. The rationale for this decision has not yet been published.
ICANN knew about TAS security bug last week
ICANN has known about the data leakage vulnerability in its TLD Application System since at least last week, according to one new top-level domain applicant.
The applicant, speaking to DI on the condition of anonymity today, said he first noticed another applicant’s files attached to his gTLD application in TAS last Friday, April 6.
“I could infer the applicant/string… based on the name of the file,” said the applicant.
He immediately notified ICANN and was told the bug was being looked at.
ICANN revealed today that TAS has a vulnerability that, in the words of COO Akram Atallah, “allowed a limited number of users to view some other users’ file names and user names in certain scenarios.”
The actual contents of the files are not believed to have been visible.
But other applicants, also not wishing to be identified, today confirmed that they had uploaded files to TAS using file names containing the gTLD strings they were applying for.
It’s not yet known how many TAS users were able to see files belonging to others, or for how long the vulnerability was present on the system.
However, it now does not appear to be something that was accidentally introduced during yesterday’s scheduled TAS maintenance.
This kind of data leakage could prove problematic — and possibly expensive — if it alerted applicants to the existence of competing bids, or caused new competing bids to be created.
ICANN shut down TAS yesterday and does not expect to bring it back online until Tuesday.
The window for filing applications, which had been due to close yesterday, has been extended until 2359 UTC next Friday night.
April 14 Update
ICANN today released a statement that said in part:
we are sifting through the thousands of customer service inquiries received since the opening of the application submission period. This preliminary review has identified a user report on 19 March that appears to be the first report related to this technical issue.
Although we believed the issues identified in the initial and subsequent reports had been addressed, on 12 April we confirmed that there was a continuing unresolved issue and we shut down the system.
It’s worse than you thought: TAS security bug leaked new gTLD applicant data
The bug that brought down ICANN’s TLD Application System yesterday was actually a security hole that leaked data about new gTLD applications.
The vulnerability enabled TAS users to view the file names and user names of other applicants, ICANN said this morning.
COO Akram Atallah said in a statement:
We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users’ file names and user names in certain scenarios.
Out of an abundance of caution, we took the system offline to protect applicant data. We are examining how this issue occurred and considering appropriate steps forward.
Given the level of secrecy surrounding the new gTLD application process, this vulnerability ranks pretty highly on the This Is Exactly What We Didn’t Want To Happen scale.
It’s not difficult to imagine scenarios in which a TAS user name or file name contains the gTLD string being applied for.
This is important, competition-sensitive data. If it’s been leaked, serious questions are raised about the integrity of the new gTLD program.
How long was this vulnerability present in TAS? Which applicants were able to look at which other applicants’ data? Did any applicants then act on this inside knowledge by filing competing bids?
If it transpires that any company filed a gTLD application specifically in order to shake down applicants whose data was revealed by this vulnerability, ICANN is in for a world of hurt.
Facebook gTLD ruled out by ICANN director vote?
While Google recently confirmed its new top-level domain plans, an ICANN director has given a big hint that rival Facebook has not applied for any new gTLDs.
Director Erika Mann, head of EU policy at Facebook in Brussels, voted on ICANN’s “digital archery” method of batching new gTLD applications at the ICANN board meeting March 28.
Because ICANN’s new conflict of interest rules require directors to recuse themselves during votes on matters affecting their own businesses, this could be taken as a pretty strong indication that Facebook is not applying for a new gTLD.
If Mann was aware of a .facebook or other Facebook gTLD bid, I think there’s a pretty strong chance she would have not have participated in the digital archery decision.
At least one director whose employer is believed to have applied for a dot-brand gTLD, IBM’s Thomas Narten, did not attend the March 28 meeting.
Sébastien Bachollet, Steve Crocker, Bertrand de La Chapelle, Ram Mohan, George Sadowsky, Bruce Tonkin, Judith Vazquez, Suzanne Woolf and Kuo-Wei Wu also did not attend.
The March 28 board meeting was the first one with new gTLD program votes that Mann has participated in since the new conflict rules were introduced in December.
The news is obviously a couple of weeks old, but I think it’s worth mentioning now in light of the fact that social networking competitor Google revealed earlier this week that it will apply for some gTLDs.
ICM confirms three porn gTLD bids
ICM Registry has applied to ICANN for the new gTLDs .sex, .porn and .adult.
If its applications are successful, the company plans to automatically block any second-level domain that is already registered in .xxx, including the Sunrise B defensive registrations.
This means if you own example.xxx, the equivalent .sex, .porn and .adult domains would be reserved until you pay a “nominal” activation fee to activate them.
As well as trademark owners, that would probably be pretty good news for owners of “premium” .xxx domains.
According to ICM, the four domains will not be permanently linked, so if you own a good .xxx you’ll be able to pay a normal registration fee then activate and sell off the three “freebies”.
Because the domains would be permanently reserved, there would be no renewal fees until you choose to activate them, which could well be the same day you sell them.
There’s a good chance these gTLDs will be contested by other applicants and objected to by governments, of course.
I’ve written more on the announcement for The Register here.
TAS glitch “not an attack” says ICANN
ICANN’s decision this afternoon to shut down its TLD Application System until next Tuesday was not prompted by hackers, according to the organization.
“It’s not an attack,” a spokesperson told DI.
ICANN announced within the last hour that it has extended the window for new gTLD applications until next Friday as a result of unspecified “unusual behavior” in TAS.
Speculation as to the cause has already started on social media, with some pointing to the possibility of hacking, but according to ICANN we can rule out foul play.
The immediate reaction from stressed-out applicants has been split between those laughing, those crying, and those doing both.
TAS was down for scheduled maintenance for two hours last night. According to two applicants who logged in afterwards, it was running very slowly when it came back online.
UPDATE: ICANN has just confirmed: “No application data has been lost from those who have already submitted applications, so it should not pose problems for existing applicants.”
Breaking: ICANN extends new gTLD application window after technical glitch
ICANN has extended the deadline to file new generic top-level domain applications by more than a week after its TLD Application System experienced “unusual behavior”.
TAS will be down until next Tuesday while ICANN fixes the unspecified problem, ICANN said.
Here’s the meat of ICANN’s announcement:
Recently, we received a report of unusual behavior with the operation of the TAS system. We then identified a technical issue with the TAS system software.
ICANN is taking the most conservative approach possible to protect all applicants and allow adequate time to resolve the issue. Therefore, TAS will be shut down until Tuesday at 23:59 UTC – unless otherwise notified before that time.
In order to ensure all applicants have sufficient time to complete their applications during the disruption, the application window will remain open until 23:59 UTC on Friday, 20 April 2012.
What this means for the Big Reveal, currently scheduled for April 30, is not yet clear. More when we get it.
Recent Comments