Latest news of the domain name industry

Recent Posts

ICANN waves goodbye to Adobe Connect over security, pricing

Kevin Murphy, April 4, 2019, Domain Policy

ICANN has decided to dump its longstanding web conferencing service provider, Adobe Connect, in favor of rival Zoom.

The organization reckons it could save as much as $100,000 a year, and mitigate some security fears, by making the switch.

Adobe has been the standard remote participation tool for not only ICANN’s public meetings, but also its policy-development working groups, for at least seven or eight years.

It enables video, audio, screen-sharing, public and private chat, voting and so on. ICANN says that Zoom has “nearly all of the same features”.

But some of ICANN’s more secretive bodies — including the Security and Stability Advisory Committee and Board Operations — have been using Zoom for a little over a year, after an SSAC member discovered a vulnerability in Adobe that allowed potentially sensitive information to be stolen.

A clincher appears to be Zoom’s voice over IP functionality, which ICANN says will enable it to drop Premiere Global Services Inc (PGi), its current, $500,000-a-year teleconferencing provider, which participants use if they dial in from on the road.

“Based on feedback, Zoom’s voice connectivity and overall experience seem to be superior to equivalent Adobe Connect experiences,” ICANN said.

As somebody who has lurked on more than his fair share of Adobe Connect rooms, I’ve noticed that people losing their voice connection is a very common occurrence, which can delay and break the flow of discussions, though it’s not usually clear where the blame lies.

According to a Zoom feature list (pdf) provided by ICANN, Zoom currently lacks many features on its web client, but updates are expected to bring the feature set in line with the mobile apps and PC/Mac executables by the end of the year.

ICANN expects to use Zoom exclusively by ICANN 65, in Marrakech this June. In the meantime, it will provide training to community members.

The cynic in me wants to say “expect teething troubles”, but the ICANN meetings team runs a pretty tight ship. The switch might be surprisingly smooth.

ICANN found a zero-day hole in Adobe Connect

Kevin Murphy, April 23, 2018, Domain Tech

It’s looking like ICANN may have found a zero-day vulnerability in Adobe Connect, until recently its default collaboration tool.

The organization on Friday announced the results of a “forensic investigation” into the bug, and said it has reported its findings to Adobe, which is now “working on a software fix to address the root cause of the issue”.

If Adobe didn’t know about it, it looks rather like ICANN — or at least the unnamed member of the security advisory committee who found it — has bagged itself a zero-day.

ICANN had previously said that the glitch “could possibly lead to the disclosure of the information shared in an ICANN Adobe Connect room”.

The review found that the only person who exploited the bug was the person who discovered and disclosed it.

AC is used not only in ICANN’s public meetings but also, I understand, in closed sessions of ICANN staff, board and committees, where secret information is most likely to be shared.

After the bug was discovered, ICANN shut off the system and started using alternatives such as WebEx, to a mixed reception.

In the absence of an immediate patch from Adobe, ICANN has been testing workarounds and said it hopes to have two working ones deployed by May 3.

This would allow the tool to come back online in time for its board workshop, GDD Summit and ICANN 62, the organization said.

Are new gTLD registries ripping off brands with unfair sunrise fees?

Forget .sucks — several less controversial new gTLD registries have come under fire from the likes of Google, Facebook and Adobe for charging sunrise fees as high as $17,000 for domains matching famous trademarks.

According to figures supplied to DI by ICANN’s Business Constituency, the domain instagram.love carries a $17,610 “Premium Name Fee” during the current sunrise period.

Instagram is of course the photo sharing service belonging to Facebook, and to the best of my knowledge not a dictionary word.

The domain facebook.love has a $8,930 fee, these figures show, while google.love costs $6,610, both in addition to sunrise fees of $350 and annual fees of $60.

The regular sunrise fee for .love comes in at $265 at some registrars.

The new gTLDs .design, .video, .wang, .wein, .rich and .top also seem to carry very high fees for brands such as Facebook, according to the BC’s numbers.

Google recently filed a public comment with ICANN which warned:

some registry operators are taking advantage of rights owners during Sunrise by charging exorbitant and extortionate Sunrise registration fees. Although such pricing policies are not strictly within the ICANN compliance mandate, they contravene the spirit of the RPMs [rights protection mechanisms], damage ICANN’s reputation, harm consumers in contravention of ICANN’s mandate to promote the public interest, and create disincentives for rights owners to take advantage of the Sunrise period

Similar comments were sent by the Intellectual Property Constituency, BC, and others.

The issue of registries charging super-high “premium” fees for trademarked names has been on the radar of the BC and the IPC since at least 2013.

It seems that in at least some cases, trademark owners are being hit with the higher fees because their marks are dictionary words that the registry has identified as premium due to their regular meaning.

For example, adobe.design is on the list of names provided by the BC, carrying a $1,175 registration fee.

But Andrew Merriam, director of business development at .design registry Top Level Design, denied that the software company is being targeted. Instead, he said “adobe” refers to the material used in architecture — its dictionary meaning.

He said: “Stucco.design, concrete.design, wood.design, granite.design (and many other materials and building styles) are all on the premium list, at varying prices. In fact, adobe.design is priced on the lower end of all these materials.”

Merriam said the registry’s premium fee for adobe.design is actually $250 and speculated that $1,175 could be the price quoted by Adobe’s brand protection registrar post-markup. It was $349 at Go Daddy, he said.

In other cases, trademarks may have found their way on to premium lists due to a lack of manual vetting by the registry, rather than nefarious targeting.

In the case of instagram.love, Evatt Merchant of .love registry Merchant Law Group told DI that Facebook can buy the name for the normal sunrise fee if it wants.

He told DI that trademark owners should contact the registry if they believe their marks have been wrongly given premium prices. He said:

While it is possible that some brand terms that are frequently googled have ended up on the premium list, valued based on their Google search frequency, there is a simple solution. During the sunrise period, brands seeking non-dictionary trademarked domain names can contact the registry so that a review of individual sunrise pricing can occur. As has already occurred, such requests will often result in the .LOVE TLD voluntarily offering to reduce their sunrise application cost to the base sunrise price and that would certainly be the case for Instagram.

ICANN’s does not regulate pricing in new gTLDs, but nevertheless the IPC and BC and their members have asked ICANN to include premium pricing of trademarked names in its upcoming review of rights protection mechanisms.