Latest news of the domain name industry

Recent Posts

Hebrew .com off to a slow start

Kevin Murphy, November 21, 2018, Domain Registries

The Hebrew transliteration of .com has only sold a couple hundred domains since it went into general availability.

Verisign took the new gTLD קום. (Hebrew is a right-to-left script, so the dot comes after the string) to market November 5, when it had about 3,200 domains in its zone file. It now stands around the 3,400 mark.

The pre-GA domains are a combination of a few hundred sunrise regs and a few thousand exact-match .coms that were grandfathered in during a special registration period.

It’s not a stellar performance out of the gates, but Hebrew is not a widely-spoken language and most of its speakers are also very familiar with the Latin script.

There are between seven and nine million Hebrew speakers in the world, according to Wikipedia. It doesn’t make the top 100 languages in the world.

The ccTLD for Israel, where most of these speakers live, reports that it currently has 246,795 .il domains under management. That’s a middling amount when compared to similarly sized countries such as Serbia (about 100,000 names) and Switzerland (over 2 million).

Verisign’s original application for this transliteration had to be corrected, from קום. to קוֹם. If you can tell the difference, you have better eyesight than me.

In the root, the gTLD is Punycoded as .xn--9dbq2a.

Incel hate site jumps to Iceland after doMEn suspends .me domain

Kevin Murphy, November 21, 2018, Domain Registries

Incels.me, a web forum that hosts misogynist rants by “involuntarily celibate” men, has found a new home after .me registry doMEn suspended its domain.

The web site has reappeared, apparently unscathed, under Iceland’s .is domain, at incels.is.

doMEn said in a blog post yesterday that it had suspended incels.me at the registry level due to the owner “allowing part of its members to continuously promote violence and hate speech”.

The suspension happened October 15, and the site reappeared in .is not long after. It’s not entirely clear why doMEn chose to explain its decision over a month later. It said:

The decision to suspend the domain was made after the .ME Registry exhausted all other possibilities that could assure us that the registrant of incels.me domain and the owner of i
incels.me forum was able to remove the subject content and prevent the same or similar content from appearing on the forum again.

An “incel” is a man who has decided that he is too ugly, charmless, short, stupid or otherwise unattractive, and is therefore permanently unfuckable.

While that may provoke sympathetic thoughts, a great many of the incels frequenting sites like incels.me choose to channel their frustration into cartoonish misogyny ranging from the laughable to the extremely disturbing.

While the registry didn’t mention it, the site also has many threads that appear to encourage suicide.

doMEn seems to have turned off the domain because certain threads crossed the line from misogyny to incitement to violence against women.

The Montenegro-based company said it had been monitoring the site since May, after being told that “certain members” of the forum “might have been involved in or associated with” an attack in Toronto that killed 10 people in April, a charge the incels.is admin denies.

The second reason given — preventing content appearing in future — may be the crux here.

The site’s administrator said in a post on the new site that he had personally removed all of the threads highlighted by doMEN as being in violation of its registry policies.

He also posted a partial email thread between himself and his former registrar, China-based NiceNIC.net, in which he explains how difficult it is to monitor all the content posted by his users. He wrote on the forum:

They obviously weren’t going to give us a fair shake either way, and we’re not going to search through 1.6 MILLION posts nor do we have the technological capabilities to check to see if any of them are against their vague anti-abuse policy.

Domain registries have no place in enforcing arbitrary rules against domains that go against their ideology.

It seems from the thread that Afilias, 37%-owner of doMEn and .me back-end provider, had a hands-on role in the suspension.

Incels certainly isn’t the first controversial site to have to resort to TLD-hopping to stay alive.

The most notable example is piracy site KickAssTorrents, which bounced from ccTLD to ccTLD for years before finally being shut down by the US Feds.

The incels.is admin said he had confidence in Iceland’s registry due to “their stance as pro free-speech enforcers”.

But ISNIC is not above suspending domains when the associated sites break Icelandic law. Four years ago it took down some domains associated with ISIS.

The takedown comes not long after GoDaddy attracted attention for suspending the domain of far-right Twitter clone Gab.com, again due to claims of incitement to violence related to an act of domestic terrorism.

Afilias sues India to block $12 million Neustar back-end deal

Kevin Murphy, August 27, 2018, Domain Registries

Afilias has sued the Indian government to prevent it awarding the .in ccTLD back-end registry contract to fierce rival Neustar.

The news emerged in local reports over the weekend and appears to be corroborated by published court documents.

According to Moneycontrol, the National Internet Exchange of India plans to award the technical service provider contract to Neustar, after over a decade under Afilias, but Afilias wants the deal blocked.

The contract would also include some 15 current internationalized domain name ccTLDs, with another seven on the way, in addition to .in.

That’s something Afilias reckons Neustar is not technically capable of, according to reports.

Afilias’ lawsuit reportedly alleges that Neustar “has no experience or technical capability to manage and support IDNs in Indian languages and scripts and neither does it claim to have prior experience in Indian languages”.

Neustar runs plenty of IDN TLDs for its dot-brand customers, but none of them appear to be in Indian scripts.

NIXI’s February request for proposals (pdf) contains the requirement: “Support of IDN TLDs in all twenty two scheduled Indian languages and Indian scripts”.

I suppose it’s debatable what this means. Actual, hands-on, operational experience running Indian-script TLDs at scale would be a hell of a requirement to put in an RFP, essentially locking Afilias into the contract for years to come.

Only Verisign and Public Interest Registry currently run delegated gTLDs that use officially recognized Indian scripts, according to my database. And those TLDs — such as Verisign’s .कॉम (the Devanagari .com) — are basically unused.

Neither Neustar nor Afilias have responded to DI’s requests for comment today.

.in has over 2.2 million domains under management, according to NIXI.

Neustar’s Indian subsidiary undercut its rival with a $0.70 per-domain-year offer, $0.40 cheaper than Afilias’ $1.10, according to Moneycontrol.

That would make the deal worth north of $12 million over five years for Afilias and over $7.7 million for Neustar.

One can’t help but be reminded of the two companies’ battle over Australia’s .au, which Afilias sneaked out from under long-time incumbent Neustar late last year.

That handover, the largest in DNS history, was completed relatively smoothly a couple months ago.

Chaotic scenes as ‘Grumpies’ lose auDA board fight

Three directors of .au registry auDA managed to keep their seats on the board despite losing the “popular vote” of members late last week.

The vote happened at the conclusion of an occasionally chaotic three-hour meeting that saw former AusRegistry chief Adrian Kinderis kicked out of the room barely a minute into proceedings.

The results in each of the three votes to fire directors Suzanne Ewart, Sandra Hook and chair Chris Leptos were 57 or 58 in favor and 51 or 52 against, which would have been a narrow win for the so-called “Grumpies” who originally called for the sackings.

However, auDA rules require, Leptos said, a simple majority of both “Supply” and “Demand” classes of members, and the Supply class (ie, registrars) voted against the motions by 30 to 2 or 31 to 1.

Therefore, all three directors get to keep their jobs.

auDA noted in a statement that a greater proportion of Supply class members (the substantially smaller constituency) turned out to vote compared to Demand class, adding:

It is time now for all members to get behind the reform of auDA as demanded by the federal government.

auDA is not the plaything of a small group of self-interested parties.

It can no longer be run as a club type organisation with a small membership who wield undue influence.

A “club type organization” was pretty much what came across during the meeting, which was audio-only webcast Friday morning. ICANN, auDA ain’t.

I was left with the impression of something a bit like Nominet circa 2010 or my first ICANN meeting back in 1999. Not so much herding cats, as [RACIST JOKE ALERT] herding wallabies.

At times it felt like an ICANN Public Forum, with an infinite number of Paul Foodys lining up at the mic.

At the same time, the meeting was chaired by somebody who, despite never losing his cool, seemed set on limiting criticism from members to the greatest extent possible.

There was controversy from the very outset, with the former CEO of former .au back-end provider AusRegistry (now part of Neustar) getting kicked out in the opening minute.

Kinderis, who no longer works for Neustar and has vowed publicly to be a thorn in auDA’s side, said he was “unlawfully removed” from the meeting by venue security, at the instruction of Leptos.

Leptos disputed Kinderis’ claim that he was there as a proxy for a legit member and said he believed he had acted “entirely appropriately” in ordering his removal.

There was no suggestion of physical force being used. His exit was recorded by chief Grumpy Josh Rowe, who then posted a brief video to Twitter.

Leptos then threatened to throw out fellow Grumpy Jim Stewart, who was protesting Kinderis’ removal, before warning non-member attendees that they would not be permitted to ask questions.

Forty-five minutes later, he repeatedly threatened to kick out Stewart for live-streaming video of the meeting from his phone, having apparently received complaints from other members.

Fifteen minutes later, the threats returned after Stewart and another member attempted to engage Leptos in an argument about auDA’s member recruitment policy.

The words “take a seat Mr…” were a recurring meme throughout the meeting.

The original reasons for the call for the directors to be fired were myriad, ranging from lack of transparency to projects such as the Neustar-Afilias registry transition and auDA’s desire to start selling direct second-level .au domains.

But the bulk of the meeting was taken up with discussions, and attempted discussions, about auDA’s recent membership spike.

The Grumpies have audited the new member list — which has grown from 300-odd to 1,345 in just a few weeks — and found that the vast majority of new members are employees of just three registrars and one registry (Afilias, the new back-end).

They reckon these new members, many of whom do not live in Australia, represent an attempt by auDA leadership to capture the voting community, and that foreigners are not technically members of the “Australian internet community” that auDA is supposed to represent.

Leptos responded to such criticisms by saying that employees of Australia-focused registrars are indeed members of the Australian internet community, regardless of their country of residence.

He added that auDA is under the instruction of the Australian government to diversify its membership — he said that registrars have no board representation currently — and that the recently added members are a first step on that path.

The Grumpies had shortly before the meeting started making accusations that the membership influx amounts to “potential cartel behaviour”.

Leptos addressed this directly during the meeting, saying they had “accused the CEO of criminal conduct” and categorically denying any wrongdoing.

auDA later issued a statement saying:

This is a very serious allegation to have been made and auDA strongly disagrees that by encouraging others to join the auDA membership, or by approving membership applications which satisfy its constitutional requirements, auDA or its officers have engaged in cartel behaviour or otherwise acted improperly.

All Cyrillic .eu domains to be deleted

Eurid has announced that Cyrillic domain names in .eu will be deleted a year from now.

The registry said that it’s doing so to comply with the “no script mixing” recommendations for internationalized domain names, which are designed to limit the risk of homograph phishing attacks.

The deletions will kick in May 31, 2019, and only apply to names that have Cyrillic before the dot and Latin .eu after.

Cyrillic names in Eurid’s Cyrillic ccTLD .ею will not be affected.

The plan has been in place since Eurid adopted the IDNA2008 standard three years ago, but evidently not all registrants have dropped their affected names yet.

Bulgaria is the only EU member state to use Cyrillic in its national language.

How all 33 European ccTLDs are handling GDPR

Kevin Murphy, May 25, 2018, Domain Policy

Happy GDPR Day everyone!

Today’s the day that the European Union’s not-quite-long-enough-awaited General Data Protection Regulation comes into effect, giving registries and registrars the world over the prospect of scary fines if they don’t keep their registrants’ Whois data private.

So I thought today would be the perfect day to summarize what each EU or European Economic Area ccTLD has said they are doing about GDPR as it pertains to Whois.

There are 33 such ccTLDs, arguably, and I’ve checked the public statements and web sites of each to hit the key changes they’ve announced.

Because ccTLDs are not governed by ICANN contracts, they had to figure out GDPR compliance for themselves (though some did take note of ICANN guidance).

So I’ve found there are differing interpretations of key points such as whether it’s kosher to continue to publish contact email addresses, and where the line between “natural persons” (ie humans) and “legal persons” (ie companies and other organizations) should be drawn.

Some have also been quite specific about when they will release private data to third parties with so-called “legitimate purposes”; others are more vague.

Note that some of the 33 do not appear to have published anything about GDPR. It’s possible this is because they didn’t need to make any changes. It’s also possible that I simply could not find the information because I’m rubbish.

I should also note that I did the majority of this research yesterday, so additional statements may have been made in the meantime.

Anyway, here’s the list, in alphabetical order.

Austria (.at)

In Austria, from last week public Whois records only show the domain name and technical information when the domain is owned by natural persons. Company-owned domains are unchanged. Any registrant can opt in to having their data published. Only verified “law enforcement agencies, lawyers or people who contact nic.at following domain disputes and who can prove that their rights have been infringed” are allowed to access full records.

Belgium (.be)

DNS.be has not been publishing personal info of natural person registrants, other than their email address, since 2000. As of last week, email addresses are not being published either. It’s also removed the contact name (though not the organization) for domains owned by legal persons. A web form is available to contact anonymized registrants.

Bulgaria (.bg)

There’s not currently any information on the registry web site to indicate any GDPR-related changes, at least in English, that I could find.

Croatia (.hr)

No info on GDPR to be found here either.

Cyprus (.cy)

Ditto.

Czechia/Czech Republic (.cz)

Nic.cz has new rules (pdf) coming in tomorrow that specify which Whois fields will or may be “hidden”, but the English version of the document is too confusing for me to follow. It appears as if plenty of contact information will be masked, and that the registry will only make it available to those who contact it directly with a good enough reason (and it may charge for access). It may also release historical records to those with legitimate purposes.

Denmark (.dk)

Remarkably, there will be NO CHANGE to Whois in .dk after tomorrow, according to an article published on the registry’s web site today. DIFO, the registry, is subject to a Danish law that makes publication of Whois mandatory so, the company said, “we will continue to publish the information – for the benefit of those who need to know who is behind a given domain name. Regardless of whether it is because you want to protect your brand, investigate a crime, do research or just satisfy your curiosity.” Wow!

European Union (.eu)

Eurid’s current Whois policy (pdf) states that only the email address of natural persons will be published publicly. Registrants get the option from their registrars to have this address anonymized. Private data can be released to those who show they have a legitimate interest in accessing it.

Estonia (.ee)

The Estonian Internet Foundation Council approved its GDPR changes (pdf) back in March. They say that no personal information on natural persons will be published, though it appears there will be a way to get in contact with them via the registry itself.

Finland (.fi)

The Finnish registry, FICORA, is a governmental entity that has published remarkably little about GDPR on its site. Its Whois shows the name of the registrant, even when they’re a natural person. Registrants can also opt in to reveal more information about themselves.

France (.fr)

Afnic didn’t have to do much to comply with RGPD (tut!) as it has been hiding the personal info of natural-person registrants since it started allowing them to register .fr names back in 2006. Likewise, it already has a procedure to enable the likes of trademark owners to get their hands on contact info in the event of a dispute, which involves filling out a form (pdf) and promising to only use the data acquired for the purposes specified.

Germany (.de)

DENIC, Europe’s largest ccTLD registry said a few months back that it would expunge personal data from its public Whois and implement a semi-automated system for requesting full records. It’s also adding two “non-personalized” contact email addresses for general and technical inquiries, which will be managed by the registrar in question.

Greece (.gr)

I couldn’t find any GDPR-related information on the registry web site, but its Whois appears to not output contact details for any registrant anyway.

Hungary (.hu)

Currently outputs “private registrant” as the registrant’s name when they’re a natural person, along with a technical contact email and no other personal information. Legal persons get their full contact info published. It’s not entirely clear how recent this policy is.

Iceland (.is)

Iceland’s ISNIC is one of the ccTLD registries to announce that it will continue to publish registrants’ email addresses, though no other contact info, until it is told to stop. In a somewhat defiant post last month, the registry said that GDPR as applied to Whois “will lead to less transparency in domain registrations and less trust in the domain registration system in general”.

Ireland (.ie)

IEDR will not publish contact information for any registrant, though it will publish their name if they’re a legal person. It will only disclose personal information to law enforcement, under court order, for technical matters, or to help a dispute resolution partner resolve a cybersquatting claim.

Italy (.it)

The current version of Registro.it’s Whois policy, dated September 2016, says it will publish all contact information over port 43 and a subset of some contact info (including phone and email) over the web query tool. There’s no mention I could find on its site of GDPR-related changes, though its 2016 policy acknowledges some might be needed.

Latvia (.lv)

Under its post-GDPR policy (pdf), Nic.lv will not publish any personal info about natural persons in its public Whois, and only law enforcement and the government can request the records. Legal-person registrants continue to have their full contact data published.

Liechtenstein (.li)

Liechtenstein is managed by Switzerland’s SWITCH and appears to have the same policies.

Lithuania (.lt)

DomReg’s new privacy policy (pdf) gives natural persons an opt-in to have their personal data published, but otherwise it will all be private. There’s an email-forwarding option. Lawyers with claims against registrants can pay the registry for the Whois record if the registrant has not responded to their forwarded emails within 15 days.

Luxembourg (.lu)

.lu registry RESTENA Foundation said it will cut all personal information for natural-person registrants and make a web-based form available for contact purposes. There will be an opt-in for those who want their data published at a later date. Legal persons continue to have their data published. The registry will make current and historical records available for those with legit purposes, and will create automated blanket access system for national authorities that require regular access.

Malta (.mt)

NIC(Malta)’s current Whois policy, which is only six months old, allows any registrant to opt out of having their personal data published in Whois, but appears to require than a “Administrative Agent” be appointed to take their place in the public database. There’s no info on its web site about any upcoming changes due to GDPR.

Netherlands (.nl)

SIDN explains in a recent paper (pdf) that it didn’t have to make many changes to its Whois service because personal information was already pretty much redacted. The biggest change appears to be more throttling of Whois queries applied to registrars when they’re querying domains they don’t already sponsor.

Norway (.no)

Norid said this week that it will publish the email address of private individual registrants, and full contact info for companies. It’s also the only European ccTLD I’m aware of to have a third class of registrant, the sole proprietorship, which will also see their organization names and numbers published. There does not appear to be an in-house email anonymization or forwarding service, for which Norid encourages registrants to look elsewhere.

Poland (.pl)

NASK has no GDPR related info on its web site, but its evidently quite old Whois policy states that the private information of individuals is not published.

Portugal (.pt)

DNS.pt has a comprehensive set of documents on its site explaining its pre- and post-GDPR policies. From today, natural-person registrants are given the option to provide their “informed, willing, and express consent” to having their data published. If they don’t give consent, it will be redacted from public records and email addresses may be replaced with an anonymized address. This is not available to legal entities. ARBITRARE, a local arbitration center tasked with handle IP disputes, will be able to have access to full records.

Romania (.ro)

RoTLD said yesterday that it would no longer publish private information of individuals, but that it may release such data to “carefully verified” third parties with legitimate interests. It also encouraged registrants to use non-personally-indentifying email addresses if they wish to have a further degree of privacy.

Slovakia (.sk)

SKNIC, now owned by UK-based CentralNic, has an interesting definition of the type of natural person you have to be to have your data protected — a “natural person non-enterpreneur” — according to its helpfully redlined policy update (pdf), suggesting that offering commercial services might void your right to natural-person status. (UPDATE: SKNIC tells me that “natural person–entrepreneur is a legal definition of a specific version of legal person” in Slovakia). There’s a carve-out that allows the registry to provide private data to third parties with legal claims, or to its cybersquatting dispute handler.

Slovenia (.si)

Register.si said this week that it will shortly publish its post-GDPR privacy policy, but it does not appear to have yet done so.

Spain (.es)

I could find no GDPR-related information on the Dominios.es site.

Sweden (.se)

IIS has not published the private fields of Whois records for natural persons since 2013. From today, it will also redact the contact name and email address from the records of legal-person registrants, as it may be considered “personal” data under the law.

Switzerland (.ch)

I don’t think GDPR actually applies to Switzerland, which is not an EEA member, but the .ch registry, SWITCH, also runs Liechtenstein’s .li, so I’m including it here. SWITCH says on both of its sites that it is required by Swiss law to publish Whois records, though they’re subject to an acceptable use policy that includes throttling. When I attempted to do a single Whois query via the SWITCH site today I was told I had already exceeded my quota. Shrug.

United Kingdom (.uk)

UK registry Nominet has long had a two-tier Whois, where private individuals do not have their contact information published in the public Whois. But as of this week it has started redacting all registrant contact information. It’s also going to be offering a paid-for searchable Whois service and a free data request service with a one-day turnaround.

Domainers not welcome in this Whois database

Inquiries from domain investors are specifically barred under one registry’s take on GDPR compliance.

The Austrian ccTLD registry, nic.at, yesterday stopped publishing the personal information of human registrants in its public Whois database, unless the registrant has opted to have their data public.

The company said it will provide thick Whois records only to “people who provide proof of identity and are able to prove a legitimate interest for finding out who the domain holder is”.

But this specifically excludes people who are trying to buy the domain in question.

“A buying interest or the wish to contact the domain holder is definitely no legitimate interest,” the company said in a statement.

It quotes its head of legal, Barbara Schlossbauer, saying: “I am also not able to investigate a car driver’s address over his license number just because I like his car and want to buy it.”

She said that those able to access records include “law enforcement agencies, lawyers or people who contact nic.at following domain disputes and who can prove that their rights have been infringed”.

While nic.at is bound by GDPR, as a ccTLD registry it is not bound by the new GDPR-compliant Whois policy announced by ICANN overnight, where who will be able to request thick Whois records is still an open question.

Now South Africa looks to second-level domain sales

Kevin Murphy, March 13, 2018, Domain Registries

South Africa looks to be the next country to start letting people register domains directly at the second level of its ccTLD.

Local registry authority ZADNA this week opened a policy consultation on allowing registrants access to direct, second-level .za names.

Currently, if you want a .za you have to register at the third level under the likes of .co.za or .net.za.

But ZADNA says second-level names will help it continue to compete in a market now populated by hundreds of new gTLDs.

The company said it has been “inundated” by calls for such a move.

The policy shift would see South Africa follow the the path beaten in recent years by UK, New Zealand, Kenya and (probably) Australia, which have all changed policy to allow second-level names.

But these things are never without controversy.

Domain investors are typically resistant to such moves, fearing dilution and the possible devaluing of their portfolios.

There are often also intellectual property concerns, and concerns about priority “grandfathering” rights when matching .co.za and .org.za names, for example, have different owners.

ZADNA is floating the possibility of auctions to resolve these kinds of conflicts.

The proposal (pdf) is open for comment until April 16.

Domain universe grows almost 1% in 2017 despite new gTLD slump

Kevin Murphy, February 16, 2018, Domain Registries

The total number of registered domain names in all TLDs was up 0.9% in 2017, despite a third-quarter dip, according to the latest data compiled by Verisign.

The latest Domain Name Industry Brief, published yesterday, shows that there were 332.4 million domains registered at the end of the year.

That’s up by 1.7 million names (0.5%) on the third quarter and up 3.1 million names (0.9%) on 2016.

Growth is growth, but when you consider that 2015-2016 growth was 6.8%, under 1% appears feeble.

The drag factors in 2017 were of course the 2012-round new gTLDs and Verisign’s own .net, offset by increases in .com and ccTLDs.

New gTLD domains were 20.6 million at the end of the year, down by about 500,000 compared to the third quarter and five million names compared to 2016.

As a percentage of overall registrations, new gTLDs dropped from 7.8% at the end of 2016 to 6.2%.

The top 10 new gTLDs now account for under 50% of new gTLD regs for the first time.

The numbers were primarily affected by big declines in high-volume spaces such as .xyz, which caused the domain universe to actually shrink in Q3.

Verisign’s own .com fared better, as usual, with .net suffering a decline.

The year ended with 131.9 million .com names, up by five million names on the year, exactly offsetting the shrinkage in new gTLDs.

But .net ended up with 14.5 million names, a 800,000 drop on 2016.

In the ccTLD world, total regs were up 1.4 million (1%) quarterly and 3.4 million (2.4%) annually.

Excluding wild-card ccTLD .tk, which never deletes domains and for which data for 2017 was not available to Verisign, the growth was a more modest 0.7 million (0.5%) quarterly and 2.3 million (1.8%) annually.

The DNIB report for Q4 2017 can be downloaded here (pdf).

Roberts elected to ICANN board

Kevin Murphy, December 4, 2017, Domain Policy

Channel Islands ccTLD operator Nigel Roberts has been elected to ICANN’s board of directors.

He gathered an impressive 67% of the votes in an anonymous poll of ccNSO members conducted last week.

He received 60 votes versus the 29 cast for his only opponent, Pierre Ouedraogo, an internet pioneer from Burkina Faso.

Roberts, a Brit, runs ChannelIsles.net, registry manager for .gg (for the islands Guernsey, Alderney and Sark) and .je (for Jersey). These are the independent UK dependencies found floating between England and France.

He’s been in the ICANN community since pretty much day one.

His election still has to be formally confirmed by the ccNSO Council and then the ICANN Empowered Community.

Roberts will not take his seat on the ICANN board until October next year, at the end of public meeting in Barcelona.

He will replace Mike Silber, the South African who’s currently serving his ninth and therefore final year as a director.

The other ccNSO seat is held by Australian ICANN vice chair Chris Disspain, who is also term-limited and will leave at the end of 2019.