ICANN ended its fiscal 2016 with just shy of $400 million on its balance sheet, according to its just-released financial report.
As of June 30, the organization had assets of $399.6 million, up from $376.5 million a year earlier, the statement (pdf) says.
Its revenue for the year was actually down, at $194.6 million in 2016 compared to $216.8 million in 2015.
That dip was almost entirely due to less money coming in via “last-resort” new gTLD auctions.
The growth of the gTLD business led to $74.5 million coming from registries, up from $59 million in 2015.
Registrar revenue grew from $39.3 million to $48.3 million.
Money from ccTLD registries, whose contributions are entirely voluntary, was down to $1.1 million from $2.1 million.
Expenses were up across the board, from $143 million to $131 million, largely due to $5 million increases in personnel and professional services costs.
The results do not take into account the $135 million Verisign paid for .web, which happened after the end of the fiscal year.
Auction proceeds are earmarked for some yet-unspecified community purpose and sit outside its general working capital pool. Regardless, they’re factored into these audited financial reports.
ICANN has to date taken in almost a quarter of a billion dollars from auctions. Its board recently decided to diversify how the money is invested, so the pot could well grow.
Verisign could be running a “thick” Whois database for .com, .net and .jobs by mid-2017, under a new ICANN proposal.
A timetable published this week would see the final three hold-out gTLDs fully move over to the standard thick Whois model by February 2019, with the system live by next August.
Some people believe that Verisign might use the move as an excuse to increase .com prices.
Thick Whois is where the registry stores the full Whois record, containing all registrant contact data, for every domain in their TLD.
The three Verisign TLDs currently have “thin” Whois databases, which only store information about domain creation dates, the sponsoring registrar and name servers.
The model dates back to when the registry and registrar businesses of Verisign’s predecessor, Network Solutions, were broken up at the end of the last century.
But it’s been ICANN consensus policy for about three years for Verisign to eventually switch to a thick model.
Finally, ICANN has published for public comment its anticipated schedule (pdf) for this to happen.
Under the proposal, Verisign would have to start offering registrars the ability to put domains in its thick Whois by August 1 2017, both live via EPP and in bulk.
It would not become obligatory for registrars to submit thick Whois for all newly registered domains until May 1, 2018.
They’d have until February 1, 2019 to bulk-migrate all existing Whois records over to the new system.
Thick Whois in .com has been controversial for a number of reasons.
Some registrars have expressed dissatisfaction with the idea of migrating part of their customer relationship to Verisign. Others have had concerns that local data protection laws may prevent them moving data in bulk overseas.
The new proposal includes a carve-out that would let registrars request an exemption from the requirements if they can show it would conflict with local laws, which holds the potential to make a mockery out of the entire endeavor.
Some observers also believe that Verisign may use the expense of building and operating the new Whois system as an excuse to trigger talks with ICANN about increasing the price of .com from its current, frozen level.
Under its .com contract, Verisign can ICANN ask for a fee increase “due to the imposition of any new Consensus Policy”, which is exactly what the move to thick Whois is.
Whether it would choose to exercise this right is another question — .com is a staggeringly profitable cash-printing machine and this Whois is not likely to be that expensive, relatively speaking.
The proposed implementation timetable is open for public comment until December 15.
New gTLD portfolio player Radix has acquired the pre-launch TLD .fun from its original owner.
The company took over the .fun Registry Agreement from Oriental Trading Company on October 4, according to ICANN records.
Oriental is a party supplies company owned by Warren Buffett’s Berkshire Hathaway.
It won .fun in a private auction in April last year, beating off Google and .buzz operator DotStrategy.
It had planned to run it as a “closed generic” — keeping all the domains in .fun for itself — but those plans appeared to have been shelved by the time it signed its RA in January this year.
Evidently Oriental’s heart was not in it, and Radix made an offer for the string it found more attractive.
Radix business head Sandeep Ramchandani confirmed to DI today that .fun will be operated in a completely unrestricted manner, the same as its other gTLDs.
It will be Radix’s first three-letter gTLD, Ramchandani said. It already runs zones such as .online, .site and .space.
.fun is not yet delegated, but Radix is hoping for a December sunrise period, he said.
Almost 50 top-level domains were believed to be exposed to the massive distributed denial-of-service attack that hit Dyn on Friday, but the largest of the bunch said it managed to stay online throughout.
As has been widely reported in the mainstream and tech media over the last few days, DNS service provider Dyn got whacked by one of the biggest pieces of DDoS vandalism in the internet’s brief history.
Dyn customers including Netflix, Twitter, Spotify, PayPal and Reddit were reportedly largely inaccessible for many US-based internet users over the space of three waves of attack over about 12 hours.
It said that “10s of millions” of unique IP addresses were involved.
It has since emerged that many of the bots were actually installed on webcams secured with easily-guessable default passwords. XiongMai, a Chinese webcam manufacturer, has issued a recall.
In terms of the domain registry business, only about 50 TLDs use Dyn’s DynTLD service for DNS resolution, according to IANA records.
About half of these are tiny ccTLDs. They other half are Uniregistry’s portfolio of new gTLDs, including the like of .link, .car and .photo.
Uniregistry CEO Frank Schilling told DI that the Uniregistry TLDs did not go down as a result of the attack, pointing out that the company also uses its own in-house DNS.
“We like Dyn and think they have a great product but we did not go down because we also run our own DNS,” he said. “If we relied on them exclusively we would have gone down, but that is why we don’t do that.”
Top Level Spectrum has been accused today of running the gTLD .feedback in a “fraudulent and deceptive” manner.
Over a dozen famous brands, corralled by corporate registrar MarkMonitor, today formally complained to ICANN that .feedback is a “complete sham”.
They reckon that the majority of .feedback domains belong to entities connected to the registry, violate trademarks, and have been stuffed with bogus and plagiarized reviews.
TLS denies any involvement.
MarkMonitor clients Adobe, American Apparel, Best Buy, Facebook, Levi and Verizon are among those that today filed a Public Interest Commitments Dispute Resolution Policy complaint with ICANN.
PICDRP is the mechanism third parties can use to complain about new gTLD registries they believe are in breach of the Public Interest Commitments found in their registry contracts.
The 50-page complaint (pdf), which comes with hundreds of pages of supporting documentation spread over 36 exhibits, purports to show TLS engaging in an “escalating pattern of discriminatory, fraudulent and deceptive registry misconduct”.
While the allegations of wrongdoing are fairly broad, the most interesting appears to be the claim that TLS quietly registered thousands of .feedback names matching trademarks to itself and then filled them with reviews either ripped off from Yelp! or supplied by overseas freelancers working for pennies.
TLS denies that it did any of this.
The .feedback registry is closely tied to the affiliated entity Feedback SAAS, which offers a hosted social platform for product/company reviews. Pricing for .feedback domains is dependent on whether registrants use this service or not.
The complaint states:
the overwhelming majority of domain names registered and activated within the .FEEDBACK TLD — over seventy percent (70%) — are currently owned and operated by Respondent [TLS], and parties working in concert with Respondent
Respondent has solicited and paid numerous third parties, including professional freelance writers who offer to post a set number of words for a fee, to write fabricated reviews regarding Complainants’ products and services.
These ostensibly independent reviews from ordinary consumers are intended to give the appearance of legitimate commentary within .FEEDBACK sites, when, in fact, the reviews are a complete sham.
An investigation carried out by MarkMonitor (pdf) showed that of the 2,787 .feedback domains registered up to July 31, 73% were registered to just five registrants.
The top registrant, Liberty Domains LLC of Las Vegas, owned 47% of these domains.
MarkMonitor believes this company (which it said does not show up in Nevada company records) and fourth-biggest registrant Core Domains LLC (based at the same Vegas mail forwarding service) are merely fronts for TLS, though it has no smoking gun proving this connection.
TLS CEO Jay Westerdal denies the company is affiliated with Liberty.
The MarkMonitor investigation counted 27,573 reviews on these sites, but 22% of them purported have been written prior to the date the domain was registered, in some cases by years.
The company reckons hundreds of reviews can be traced to five freelance writers who responded to February job ads looking for people who could write and post 10 150-word reviews per hour.
Other reviews appear to have been copied wholesale from Yelp! (this can be easily verified by visiting almost any .feedback site and searching for exact-match content on Google).
Westerdal told DI last week that registrants can use an API to import reviews.
The brands’ complaint goes on to criticize TLS for its Free.feedback offering, a very odd, bare-bones web site which seems to offer free .feedback domains.
When you type a domain or email address into the form on Free.feedback, it offers to give you the equivalent .feedback domain for free, automatically populating a second form with the Whois record of the original domain.
According to the complaint, after somebody registers a free .feedback domain, Feedback SAAS starts contacting the person listed in the Whois about their “free trial registration” regardless of whether they were actually the person who signed up the the domain. The complaint states:
Complainants and multiple other trademark owners who received such email notifications from Feedback SAAS and TLS registrars never visited the FREE.FEEDBACK website, and they never requested a free trial registration in the .FEEDBACK TLD
I’ve been unable to fully replicate this experience in attempts to test Free.feedback.
The complaint alleges multiple breaches of the PICs in the .feedback ICANN Registry Agreement.
The brands want ICANN Compliance to conduct a thorough investigation of .feedback, for all Free.feedback domains with phony Whois to be terminated, and for affected trademark owners to get refunds. They also want their legal costs paid by TLS.
ICANN does not typically publish the outcome of PICDRP complaints. Indeed, this is only the second one I’m aware of. It’s difficult to judge what MarkMonitor’s posse’s chances of success are.