Latest news of the domain name industry

Recent Posts

Nominet takes down 32,000 domains for IP infringement

Kevin Murphy, November 21, 2018, Domain Registries

The number of .uk domains suspended by Nominet has doubled over the last year, almost entirely due to takedown requests concerning intellectual property.

The .uk registry said this week that it suspended 32,813 domains in the 12 months to October 31, up from 16,632 in the year-ago period.

It’s the fourth year in a row that the number of suspensions has more than doubled. In 2014, it was a paltry 948.

While Nominet has trusted notifier relationships with 10 law enforcement agencies, it’s the Police Intellectual Property Crimes Unit that is responsible for almost all of the takedown requests, 32,669 this year.

No court order or judicial review is required. Nominet simply carries out unspecified “administrative checks” then suspends the domain.

Only 114 domains did not make the cut this year, Nominet said, but that’s up considerably from 32 last year.

There’s an appeals mechanism that can be used by registrants to restore their domains, for example if they’ve removed the infringing content. It was used successfully 16 times in the year, up by one on last year.

The registry also reported that no domains were suspended due to its ban on incitement-to-rape domains, down from two last year, but that staff had to manually review 2,717 new registrations containing suspect strings.

Incel hate site jumps to Iceland after doMEn suspends .me domain

Kevin Murphy, November 21, 2018, Domain Registries

Incels.me, a web forum that hosts misogynist rants by “involuntarily celibate” men, has found a new home after .me registry doMEn suspended its domain.

The web site has reappeared, apparently unscathed, under Iceland’s .is domain, at incels.is.

doMEn said in a blog post yesterday that it had suspended incels.me at the registry level due to the owner “allowing part of its members to continuously promote violence and hate speech”.

The suspension happened October 15, and the site reappeared in .is not long after. It’s not entirely clear why doMEn chose to explain its decision over a month later. It said:

The decision to suspend the domain was made after the .ME Registry exhausted all other possibilities that could assure us that the registrant of incels.me domain and the owner of i
incels.me forum was able to remove the subject content and prevent the same or similar content from appearing on the forum again.

An “incel” is a man who has decided that he is too ugly, charmless, short, stupid or otherwise unattractive, and is therefore permanently unfuckable.

While that may provoke sympathetic thoughts, a great many of the incels frequenting sites like incels.me choose to channel their frustration into cartoonish misogyny ranging from the laughable to the extremely disturbing.

While the registry didn’t mention it, the site also has many threads that appear to encourage suicide.

doMEn seems to have turned off the domain because certain threads crossed the line from misogyny to incitement to violence against women.

The Montenegro-based company said it had been monitoring the site since May, after being told that “certain members” of the forum “might have been involved in or associated with” an attack in Toronto that killed 10 people in April, a charge the incels.is admin denies.

The second reason given — preventing content appearing in future — may be the crux here.

The site’s administrator said in a post on the new site that he had personally removed all of the threads highlighted by doMEN as being in violation of its registry policies.

He also posted a partial email thread between himself and his former registrar, China-based NiceNIC.net, in which he explains how difficult it is to monitor all the content posted by his users. He wrote on the forum:

They obviously weren’t going to give us a fair shake either way, and we’re not going to search through 1.6 MILLION posts nor do we have the technological capabilities to check to see if any of them are against their vague anti-abuse policy.

Domain registries have no place in enforcing arbitrary rules against domains that go against their ideology.

It seems from the thread that Afilias, 37%-owner of doMEn and .me back-end provider, had a hands-on role in the suspension.

Incels certainly isn’t the first controversial site to have to resort to TLD-hopping to stay alive.

The most notable example is piracy site KickAssTorrents, which bounced from ccTLD to ccTLD for years before finally being shut down by the US Feds.

The incels.is admin said he had confidence in Iceland’s registry due to “their stance as pro free-speech enforcers”.

But ISNIC is not above suspending domains when the associated sites break Icelandic law. Four years ago it took down some domains associated with ISIS.

The takedown comes not long after GoDaddy attracted attention for suspending the domain of far-right Twitter clone Gab.com, again due to claims of incitement to violence related to an act of domestic terrorism.

ICANN probing Donuts and Tucows over anti-Jewish web site

Kevin Murphy, November 16, 2018, Domain Policy

ICANN is investigating Tucows and Donuts over a web site that hosts antisemitic, white supremacist content.

CEO Goran Marby said in a letter published this week that he has referred a complaint about the web site judas.watch to ICANN’s Compliance department.

The web site in question says it is dedicated to documenting “anti-White traitors, agitators and subversives & highlighting Jewish influence.” It appears to be half database, half blog.

Its method of “highlighting Jewish influence” is possibly the most disturbing part — the site tags people it believes are Jewish with a yellow Star of David, mimicking the way the Nazis identified Jews during the Holocaust.

The site is quite liberal in how it applies these stars, going so far as to label UK Labour Party leader Jeremy Corbyn, who has been fighting off his own allegations of antisemitism for years, as Jewish.

Over 1,600 people and organizations are currently listed. Posts there also seem keen to highlight its subjects’ sexual orientation.

As far as I can tell, there are no direct calls to violence on the site, and the level of what you might call “hate speech” is pretty mild. It publishes the social media handles of its subjects, but I could not find any physical addresses or phone numbers.

The complaint to ICANN (pdf) came from WerteInitiative (“Values Initiative”), which appears to be a small, relatively new Jewish civil society group based in Germany.

WerteInitiative said judas.watch “poses a direct threat to the named persons with unforeseeable consequences for them, and especially so for the identified Jews”.

“We want this site banned from the Internet and ask for your help in doing so: can you help us to find out who behind this page is, so we can get it banned in Germany?” the letter concludes.

The domain has been behind Whois privacy since it was registered in 2014, so the registrant’s name was not public even prior to GDPR.

Marby, in response (pdf), says the complaint “raises a serious issue”.

While he goes to some lengths to explain that ICANN does not have the authority, contractual or otherwise, to demand the suspension of any domain name, he said he has nevertheless referred the complaint to Compliance.

Compliance has already reached out to the organization for more information, Marby said.

He also encouraged WerteInitiative to talk to .watch registry Donuts and judas.watch registrar eNom (owned by Tucows), as well as the hosting company, to see if that could help resolve the issue.

While ICANN is always adamant that it does not venture into content regulation, it strikes me that this exchange shows just what a tightrope it walks.

It comes against the backdrop of controversy over the suspension by GoDaddy of the domain Gab.com, a Twitter clone largely hosting far-right voices that have been banned from other social media platforms.

Uniregistry calls for domain Bill of Rights as Schilling says Gab.com was not booted

Kevin Murphy, November 9, 2018, Domain Services

Uniregistry has called for a “Domain Bill of Rights” to protect free speech in a world were domain takedowns can be used to de-platform controversial speakers.

Meanwhile, CEO Frank Schilling has told DI that the company did not expel the right-wing social network Gab.com from Uniregistry’s platform, and would have allowed it to stay.

In a press release this week, Uniregistry COO Kanchan Mhatre said that while the company rejects “hatred and bigotry”, free speech is an “inalienable” human right.

The company called for the new agreement “to guarantee every domain name owner a formal ‘due process’ when being faced with accusations and demands for censorship”.

Schilling said that Uniregistry’s idea for a Domain Bill of Rights is still in the early stages. It has sketched out 10 draft bullet points but is not ready to publish them yet.

The press release was issued to coincide with Tim Berners-Lee’s proposal for a “Contract for the Web”, a set of broad principles governing rights and responsibilities online.

But it also coincided with the ongoing controversy over Gab.com, the microblogging platform favored by right-wing voices, including many white supremacists, that have been kicked off Twitter.

The guy who murdered 11 people at a Synagogue in Pittsburgh last month used Gab, a back-breaking straw which prompted GoDaddy to inform the network it intended to suspend its domain unless it was immediately moved to another registrar.

It’s not the first time GoDaddy has shut down the far right for breaching its terms of service. Last year, it took the same action against a neo-Nazi site.

The Gab.com domain briefly wound up at Uniregistry, before Epik CEO Rob Monster stated publicly that he would offer Gab a home. Gab took him up on his offer, and transferred away from Uniregistry.

Uniregistry’s Schilling confirmed that “We did not ask gab.com to leave our platform… they were welcome to stay subject to law”.

Monster said in a blog post largely praising Gab and founder Andrew Torba that “De-Platforming is Digital Censorship”. He noted that for Gab, “there is a duty to monitor and lightly curate, keeping content within the bounds of the law”.

Google adds censorship workaround to Android devices

Kevin Murphy, October 5, 2018, Domain Tech

Google is using experimental DNS to help people in censorious regimes access blocked web sites.

Alphabet sister company Jigsaw this week released an Android app called Intra, which enables users to tunnel their DNS queries over HTTPS to compatible servers, avoiding common types of on-the-wire manipulation.

The company reportedly says it has been testing the app with Venezuelan dissidents recently.

The feature will also be built in to the next version of Android — known as Android 9 or Android Pie — where it will be called Private DNS.

The app is designed for people who for one reason or another are unable to update their device’s OS.

Intra and Private DNS use “DNS over HTTPS”, an emerging protocol Google and others have been working on for a while.

As it’s non-standard, end users will have to configure their devices or Intra apps to use a DoH-compatible DNS server. The public DNS services operated by Google (8.8.8.8) and Cloudflare (1.1.1.1) are both currently compatible.

The release comes even as Google faces controversy for allegedly kowtowing to the Chinese government’s demands for censored search and news results.

You may notice that the new app is being marketed via a .org web site, rather than Google’s own .app gTLD, but intra.app takes visitors directly to the Intra page on the Google Play store.

How .com became a restricted TLD

Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.

Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.

ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.

It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.

Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.

Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.

These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.

Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.

The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.

A Verisign spokesperson said the company “has implemented” the system.

The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.

Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.

Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.

Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.

Some have chosen to work with registration gateway providers in China to comply with the local rules.

Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.

Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.

Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.

This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.

It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.

However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.

GMO and Radix secure Chinese gTLD approval

Kevin Murphy, January 3, 2017, Domain Registries

GMO Registry and Radix have won Chinese government approval for their respective new gTLDs .shop and .site.

It’s the second batch of foreign new gTLDs to get the nod from China’s Ministry of Industry and Information Technology, following .vip, .club and .xyz in early December.

They’re also the first two Asian registries from outside China to get the right to flog their domains in China — GMO is Japanese and Radix is UAE-based with Indian roots.

Their new Chinese government licenses mean Chinese registrars will now be able to allow their customers to actually use .shop and .site domains to host web sites.

The registries in turn have had to agree to enforce China’s rather arbitrary and Draconian censorship policies on their Chinese customers.

The approvals were announced by MIIT December 29.

.site currently has about 570,000 domains in its zone file, making it a top-10 new gTLD by volume, while .shop, which launched much more recently, has over 100,000.

The ability for Chinese customers to develop their domains is no doubt good for the long-term health of TLDs, but it’s not necessarily a harbinger of shorter-term growth in a market where domains are often treated little more than meaningless baseball cards to be traded rather than commodities with intrinsic value.

.xyz, .club and .vip get the nod to sell in China

Kevin Murphy, December 5, 2016, Domain Registries

The Chinese government has granted licenses to operate in the country to its first tranche of new gTLDs — .vip, .club and .xyz.

The agreements mean that Chinese registrars will be able to give their Chinese customers the ability to actually use their domains for web sites.

It also means the companies will be obliged to censor domains the government does not like, but only those domains registered via Chinese registrars.

The Ministry of Industry and Information Technology announced the licenses, given to the Chinese subsidiaries of Minds + Machines, .CLUB Domains and XYZ.com respectively, today.

M+M CEO Toby Hall told DI that it’s “a great moment of support for Chinese registrars”, giving them a “very clear signal about which TLDs they can focus on”.

XYZ.com said in a blog post that some of its Chinese registrars (its biggest channel) are planning on offering discounts to celebrate the approval.

It’s always been possible for Chinese people to register new gTLD domains via Chinese registrars — it’s estimated that 42% of the 27 million new gTLD domains in existence today are Chinese-owned.

However, Chinese citizens need a government license if they want to launch a web site, and the government only issues licenses for domains in approved TLDs.

In addition to .cn and China-based gTLDs, which were the first to be given the nod, Verisign was approved earlier this year for .com.

Hall said that while .vip has been popular with Chinese domainers, the MIIT license means it can start to tap the small business market there too.

Obtaining the license means that the three registries, which are all based in the US or Europe, will have to comply with Chinese regulations when it comes to Chinese customers.

That basically means the Chinese government gets to censor pretty much anything it doesn’t like, up to and including sites that “spread rumors”.

Hall said that there’s no chance of this censorship bleeding out to affect non-Chinese customers.

M+M, along with XYZ and .CLUB, are using Chinese registry gateway ZDNS to act as a proxy between their own back-ends (Nominet for .vip, Neustar for .club and CentralNic for .xyz) and Chinese registrars.

“All of our Chinese web sites go through ZDNS, so only web sites going through ZDNS would be affected,” Hall said, referring to the censorship rules.

Hall added that he was “not aware” of there being a blocklist of politically sensitive strings that Chinese customers are not allowed to register.

China floats domain crackdown plans

Kevin Murphy, March 30, 2016, Domain Policy

The Chinese government is planning a crackdown on internet domains that could see mass censorship of non-Chinese names.

Draft rules floated for public comment this week are being widely reported as potentially blocking any domain that is not registered via a registry or registrar with a government license.

There are more than 50 provisions in the draft, but Article 37 is the one causing the most concern.

A translation published by Quartz yesterday has it reading like this:

Domain names engaging in network access within the borders shall have services provided by domestic domain name registration service bodies, and domestic domain name registration management bodies shall carry out operational management.

For domain names engaging in network access within the borders, but which are not managed by domestic domain name registration service bodies, Internet access service providers may not provide network access services.

At its worst, it suggests that every domain name not registered entirely through China-approved registries and registrars could be blocked from resolving in China.

You’d need a domain in .cn or a licensed gTLD, registered through a Chinese registrar, to access Chinese internet users, in other words.

But even Chinese locals who follow the issue closely are reportedly saying the regulations are vaguely worded, so it’s not clear exactly what would be blocked.

If you can read Chinese, the draft rules can be downloaded from this page. I’d be interested in hearing your take on them.

The rules also demand that domain name companies prevent domains carrying words deemed harmful from being registered.

There are additional controls on content — bans on porn, “rumor” and basically anything the Chinese government does not like — and registrant identity validation requirements.

The rules appear to be designed to replace the existing 2004 regulations that among other things force registrars and registries to obtain government licenses before the names they sell are allowed to resolve.

Those rules have led to several Western new gTLD registries, including Rightside, Famous Four Media and Minds + Machines, opening up corporate entities in China, in order to tap into the thriving market.

Local entities are of course subject to local laws — and ICANN contracts oblige them to abide by all applicable laws — which opens up the risk of Chinese regulations leaking out into the wider internet.

That almost happened with XYZ.com, which announced and then retracted (or clarified) an apparent plan to globally block domains deemed unsuitable by the Chinese censors.

It is inevitable that the proposals, which are open for public comment until April 25, will be used by US Congressional Republicans as a stick to beat ICANN and fight the imminent transition of IANA away from US government oversight.

High profile GOP politicians including presidential hopeful Ted Cruz have pointed to Chinese censorship as a risk of removing the USG from DNS root zone management.

But this isn’t really an ICANN problem as such. It’s a market forces problem.

Some new gTLD registries are seeing huge sales volume from Chinese registrants, who are trading many thousands of short, meaningless domains like baseball cards at the moment.

DI data shows that Chinese registrars accounted for 18.4 million gTLD domains in November 2015, up by 8.8 million domains in 12 months.

That number is likely to be several millions greater now, given the speculative activity of the last few months.

For registries, fully exploiting this market requires some sort of local presence, which in turn means exposing themselves to the already pretty bad Chinese censorship regime.

They’re going to have to be careful if they want to avoid China using the market to achieve the kind of back-door policy control it would never be able to obtain via ICANN.

Rape ban results in just one .uk takedown, but piracy suspensions soar

Kevin Murphy, February 19, 2016, Domain Registries

Nominet’s controversial policy of suspending domain names that appear to condone rape resulted in one .uk domain being taken down last year.

That’s according to a summary of take-downs published by Nominet yesterday.

The report (pdf) reveals that 3,889 .uk names were taken down in the 12 months to October 31, 2015.

That’s up on the the 948 domains suspended in the six months to October 31, 2014.

The vast majority — 3,610 — were as a result of complaints from the Police Intellectual Property Crime Unit. In the October 2014 period, that unit was responsible for 839 suspensions.

Unlike these types of suspensions, which deal with the allegedly illegal content of web sites, the “offensive names” ban deals purely with the words in the domain names.

Nominet’s systems automatically flagged 2,407 names as potentially in breach of the policy — most likely because they contained the string “rape” or similar — in the 12 months.

But only one of those was judged, upon human perusal, in breach.

In the previous 12 months period, 11 domains were suspended based on this policy, but nine of those had been registered prior to the implementation of the policy early in 2014.

The policy, which bans domains that “promote or incite serious sexual violence”, was put in place following an independent review by Lord Macdonald.

He was recruited for advice due to government pressure following a couple of lazy anti-porn articles, both based on questionable research by a single anti-porn campaigner, in the right-wing press.

Assuming it takes a Nominet employee five minutes to manually review a .uk domain for breach, it seems the company is paying for 200 person-hours per year, or 25 working days, to take down one or two domain names that probably wouldn’t have caused any actual harm anyway.

Great policy.