Latest news of the domain name industry

Recent Posts

As Kabul falls, Whois could present a danger to ordinary Afghans

Kevin Murphy, August 19, 2021, Domain Policy

With Afghanistan falling to the Taliban this week, there’s potential danger to .af registrants — both in terms of losing domain services and of Whois being used for possibly deadly reprisals.

At time of writing, it’s been four days since the fall of Kabul. The uneasy truce between NATO and Taliban forces has failed to prevent scenes of chaos at the city’s main airport and the PR machine of so-called “Taliban 2.0” is in full bluster.

The new Taliban is, its spokespeople suggest, more tolerant of western liberal values and more supportive of human rights than its brutal, pre-9/11 incarnation.

Few believe this spin, and there have been multiple reports of 1990s-style oppression, including revenge killings and the suppression of women’s rights, across the country.

With all that in mind, a blog post about .af domain names may seem trivial, but it’s not my intention to trivialize.

I’m as appalled as any right-minded observer by the situation on the ground in Afghanistan and the neglect that led to it. But I believe .af could prove a learning moment in the ongoing conversation about Whois privacy.

The .af ccTLD has been managed since not long after the US-led invasion by the country’s Ministry of Communications and IT as the Afghanistan Network Information Center.

The registry had previously been managed for free from London by NetNames, with an admin contact in Kabul, according to the report of the 2003 IANA redelegation, which happened at a time when Afghanistan was still under a transitional government heavily overseen by the foreign governments behind the invasion.

Domain policy for .af was created in 2002, and it includes provisions for an open, freely available Whois database that is still in effect today.

Domains registered via overseas registrars appear to be benefiting from the impact of the EU’s General Data Protection Regulation, which redacts personal information, but this obviously does not apply in Afghanistan.

This means the names, addresses, phone numbers and email addresses of .af registrants are available for querying via various Whois interfaces, including the registry’s own, which is managed by New Zealand-based back-end CoCCA.

Using a combination of web searches and Whois queries, it is possible to find personally identifiable information of registrants, including names and addresses, at local human rights groups, as well as local news media and technology providers supportive of human rights causes.

If the reports of Taliban fighters conducting house-to-house searches for enemies of the new state are accurate, the easy availability of this personal data could be a serious problem.

To a great extent, this could be a case study in what privacy advocates within the ICANN community are always warning about — public access to Whois data gives oppressive regimes a tool to target their oppression.

And as we have seen this week, oppressive regimes can appear almost literally overnight.

While it seems unlikely there’s anyone from the old Afghan ministry still in control of the registry, I think .af back-end provider CoCCA, as well as Whois aggregators such as DomainTools, should have a long think about whether it’s a good idea to continue to provide open access to .af Whois records at this time.

Fortunately, there doesn’t appear to be a great many .af domains under management. DomainTools reckons it’s under 7,000.

At the other end of the scale of seriousness, overseas .af registrants may also see issues with their names due to the Taliban takeover.

It seems incredible today, but in 2001 a Taliban decree restricted internet access to a single computer at a government ministry. Others in government could apply to use this computer by sending a fax to the relevant minister.

While it seems impossible that such a Draconian restriction could be reintroduced today, it still seems likely that the Taliban will crack down on internet usage to an extent, including introducing morality or residency restrictions to .af regs.

.af is currently open to registrants from anywhere in the world, with no complex restrictions and .com-competitive prices.

Many multinational corporations have registered .af names for their local presence.

The string “af” has in recent years become social media shorthand for “as fuck”, and a small number overseas registrants appear to be using it as a domain hack in that context — type “corrupt.af” into your browser and see what happens.

Others seem to be using .af, where short domains are still available, as shortcuts to their social media profiles.

I don’t believe ICANN will need to get directly involved in this situation. Its Whois query tool does not support .af, and IANA presumably won’t need to get involved in terms of redelegation any more than it would following a general election or a coup d’état.

Nominet to charge brands for no-name Whois access

Kevin Murphy, April 23, 2018, Domain Registries

Nominet has become the second major registry to announce that trademark lawyers will have to pay for Whois after the EU General Data Protection Regulation comes into effect next month.

The company said late last week that it will offer the intellectual property community two tiers of Whois access.

First, they can pay for a searchable Whois with a much more limited output.

Nominet said that “users of the existing Searchable WHOIS who are not law enforcement will continue to have access to the service on a charged-for basis however the registrant name and address will be redacted”.

Second, they can request the full Whois record (including historical data) for a specific domain and get a response within one business day for no charge.

Approved law enforcement agencies will continue to get unfettered access to both services — with “enhanced output” for the searchable Whois — for no charge, Nominet said.

These changes were decided upon following a month-long consultation which accepted comments from interested parties.

Other significant changes incoming include:

  • Scrapping UK-presence requirements for second-level registrations.
  • Doing away with the current privacy services framework, offloading GDPR liability to registrars providing such services.
  • Creating a standard opt-in mechanism for registrants who wish for their personal data to be disclosed in public Whois.

Nominet is the second registry I’m aware of to say it will charge brand owners for Whois access, after CoCCA 10 days ago.

CoCCA has since stated that it will sell IP owners a PDF containing the entire unredacted Whois history of a domain for $3, if they declare that they have a legitimate interest in the domain.

It also said they will be able to buy zone file access to the dozens of TLDs running on the CoCCA platform for $88 per TLD.

CoCCA to charge trademark owners for Whois access

Kevin Murphy, April 14, 2018, Domain Registries

CoCCA has become the first domain registry to publicly announce that it will charge trademark owners for access to Whois records.

The company said it plans to release an updated version of its software and registry service, containing a range of features for ensuring General Data Protection Regulation compliance, on April 20.

The public Whois records of affected TLDs will have the name, email, phone and physical address of the registrant omitted, but only if the registrant is an EU resident or uses an EU-based registrar or reseller.

There will be ways to opt-out of this, for registrants who want their information public.

The changes will come into effect first at .af, .cx, .gs, .gy, .ht, .hn, .ki, .kn, .sb, .tl, .kn, .ms and .nf, CoCCA said.

But the registry runs almost 40 gTLDs on its shared infrastructure and has almost 20 more running its software. They’re all pretty small zones, mostly ccTLDs.

CoCCA said that it will give access to private data to law enforcement and members of the Secure Domain Foundation, a DNS reputation service provider.

But trademark owners will get hit in the wallet if they want the same privileges. CoCCA said:

intellectual property owners or other entities who have a legitimate interest in redacted data will be able to order historical abstracts online for a nominal fee (provided they sign an attestation).

While the affected TLDs are probably small enough that the IP lobby won’t be overly concerned today, if CoCCA’s policy becomes more widespread in the industry — which it well could — expect an outcry.

CoCCA withdraws from APTLD over support for AusRegistry “monopoly”

Kevin Murphy, October 24, 2012, Domain Registries

Registry services provider CoCCA has pulled out of the Asia Pacific Top Level Domain Association after APTLD gave support to AusRegistry in its campaign to continue to run .au.

The company claims that APTLD — the Hong Kong-based association of ccTLD operators from the region — backed AusRegistry because AusRegistry is one of its largest donors.

The allegations center on a consultation run by AuDA, the policy overseer for Australia’s .au domain.

AuDA is currently deciding whether to renegotiate AusRegistry’s longstanding registry back-end contract — which is its preferred option — or open it up to public tender.

Draft recommendations published for comment last month suggest that the contract should remain with AusRegistry when it expires in 2014, albeit with renegotiated terms.

CoCCA is mad with APTLD for submitting a comment in support of these recommendations without first consulting its membership, suspecting AusRegistry’s sponsorship of APTLD might have something to do with it.

(October 24 Update: APTLD has submitted a revised comment here. The original submission can be found here.)

In an email to APTLD last week, CoCCA director Garth Miller said:

That AusRegistry, a large for-profit company that is an associate member of APTLD can simply make a phone call to a board member and get the board to make a public submission on behalf of all members that a scheduled public tender be cancelled and AusRegistry be awarded the contract – worth as much as several hundred million dollars, because they have made substantial contributions to the APLTD in the past and are likely to do so in the future if awarded the contract is, in my view, disturbing.

CoCCA, which already provides registry services for a few ccTLDs in the region and runs the .cx (Christmas Island) ccTLD, reckons the .au back-end contract should be opened to competitive bidding.

Judging by the other submissions to AuDA’s consultation, which are published here, it’s a minority view.

Every other comment — most of which were sent by .au registrars, even newcomers such as Go Daddy — supports the recommendation that AusRegistry should keep the deal.

And AusRegistry says that everything is above board. CEO Adrian Kinderis said in a statement sent to DI:

AusRegistry has been actively seeking acknowledgments and recommendations from valued partners and industry leaders over the past month. This included an approach to APTLD to seek a reference from them to acknowledge the positive industry engagement and continued support and participation of AusRegistry in the Asia Pacific domain name industry. APTLD responded positively to our request. AusRegistry has made no secret of such, and to suggest that clandestine calls have taken place is simply not true.

APTLD also denied that it has done anything wrong, though it does not appear to be denying that AusRegistry contributions may have played a part in its decision.

In a statement, APTLD told DI:

The allegation on APTLD must be a misunderstanding and is untrue. APTLD has no comments to make on the tendering process and whether a public tender should be conducted. APTLD does not have sufficient local knowledge to provide any constructive comments. All APTLD can provide is a reference for AusRegistry as an active and positive player in the domain name industry in the Asia Pacific region. Past contributions to APTLD is just one of the many factors when the Board considers whether to provide a reference to a particular member.

AusRegistry has been running the .au registry under contract with AuDA since 2001. It’s used its experience to launch ARI Registry Services, a pretty big player in the new gTLD back-end market.

Last time its .au deal was renegotiated, prices came down.

Dispute over ‘confusing’ new gTLD company names

Kevin Murphy, July 19, 2012, Domain Services

Is this the first “confusing similarity” fight to emerge from ICANN’s new gTLD program?

Two new UK outfits are involved in a dispute about their very similar company names, it has emerged.

TLD Registry Services seems to have come first. It’s an offshoot of Island Networks, the registry manager for the Channel Islands country-code TLDs .gg and .je.

According to co-founder Nigel Roberts, the company plans to offer registry services to existing TLDs using the CoCCA platform and has already made headway with a few potential clients.

TLD Registrar Services, on the other hand, is affiliated with CentralNic, the relatively successful new gTLD registry back-end provider.

Judging by its placeholder web site, this company plans to offer white-label registrar services to new gTLD operators such as dot-brands.

Roberts is irked that CentralNic picked a name for its company so similar to his own, particularly given that “registry” and “registrar” are often used interchangeably outside of the domain industry.

“We’ve recently asked the Secretary of State to look into how this situation came to pass,” he said. “It’s less than ideal for both parties. We are sure they are just as keen not to be confused with us, as we are keen not to be confused with them.”

Ben Crawford, CEO of CentralNic and chairman of TLD Registrar Services, said he was not aware of a dispute over the name.

“One of our employees was approached at Prague by someone from a company called TLD Registry Services – a company nobody in our business had ever heard of before,” he said.

“They expressed concern that our company names are too similar to each others’. We will consider their concerns and our options in due course.”

With both companies barely out of stealth mode, it’s probably something of a squall in a teacup at the moment, but it does highlight how tricky it can be to find a descriptive company name in this industry.

We could of course just be looking at a profound lack of imagination here, and I’m just as guilty as the rest.

DI is published by TLD Research Ltd, which appears directly after TLD Registrar Services Ltd and TLD Registry Services LLP in the UK’s Companies House register of companies.

Joint venture bids for Aussie city gTLDs

Kevin Murphy, November 21, 2011, Domain Registries

Cloud Registry, CoCCA and Sedari have teamed up to bid for the proposed Australian city top-level domains .melbourne and .sydney.

Sedari announced today that it has responded to the recently closed requests from proposals, which were opened by the state governments of New South Wales and Victoria a month ago.

The bid would see Cloud Registry operate the registry back-end itself, with Sedari handling back-office functions such as the ICANN contracts. CoCCA is on board for its country-code TLD experience.

While Sedari is UK-based, the venture has links to the continent.

CoCCA is based in New Zealand and has a NOC in Sydney, Cloud Registry is based in Sydney, and Sedari founder Liz Williams was once a board member of .au administrator auDA.

While no other firms have announced bids, you can expect that the usual suspects in the registry service provider market will have also applied.

I’d be surprised if local firm ARI Registry Services (formerly AusRegistry International), whose parent runs .au, is not a strong contender.

M+M offers .brand gTLDs from $25k

Kevin Murphy, September 21, 2011, Domain Registries

Minds + Machines is promoting its gTLD registry services to brand owners at the International Trademark Association meeting in Washington DC, revealing prices as low as $25,000 a year.

Its .brand package covers preparing and filing the application with ICANN and then running the technical back-end.

The company also appears to have introduced a price ceiling of $100,000 a year for .brand clients, according to a press release.

M+M is even offering to throw in a private, ICANN-accredited registrar. I believe the company may be the first registry to publicize this kind of bundled service.

The company is targeting brand owners that may not be convinced by the attractiveness of a .brand, and may have no clue what to do with one, but which nevertheless do not want to be left behind in the event that the second round of new gTLD applications is delayed for many years.

M+M CEO Antony Van Couvering is quoted as saying:

There are a lot of innovative ways for brands to use new gTLDs, but most brands want to first secure their gTLD for a reasonable price, and maybe use it internally, before deciding on the next step.

M+M, which hired former ICANN chair Peter Dengate Thrush as chairman in June, has been among the most aggressive marketers of new gTLDs (which are, after all, it’s entire raison d’etre).

Its enthusiasm has already caused a couple of raised eyebrows.

A teaser announcement from M+M earlier this week, which mentioned how its “registry platform is connected with all major registrars, including MarkMonitor” caused MarkMonitor to issue a clarification stating that it has “no business relationship” with the company.

While MarkMonitor is plugged into CoCCA, the registry platform that handles dozens of ccTLDs, it is not plugged into Espresso, which is M+M’s in-house version of the open-source CoCCA software, the company said in a blog post.

(UPDATE: M+M’s Antony Van Couvering notes in the comments below that MarkMonitor accepts .fm registrations, and that the .fm registry uses Espresso)

CoCCA itself felt compelled to issue a statement in July, clarifying that CoCCA and M+M are not working together on Espresso, as some had inferred from an M+M interview.