Latest news of the domain name industry

Recent Posts

Israeli registrar denies “arms dealer” claims

Israeli registrar GalComm has denied being involved in a widespread malware distribution scheme after being fingered by a security outfit.

Last month Awake Security accused the registrar, officially Communigal Communication Ltd, of being “at best complicit in malicious activity”.

The firm published a report entitled “The Internet’s New Arms Dealers: Malicious Domain Registrars” which linked GalComm to a network of malicious Chrome browser extensions the firm said can steal sensitive data from users who have them installed.

It identified 111 such plug-ins, which it said have been downloaded 33 million times, using over 15,000 domains registered via GalComm.

GalComm has around 48,000 domains registered in gTLDs at the last count, so that’s a sizable percentage of the registrar’s business.

Awake came to the conclusion that GalComm was well-aware of what its customers were up to.

Now, the registrar has sent a cease-and-desist notice to Awake, CC’d to ICANN (pdf), in which it denies all knowledge and responsibility for the malware.

GalComm’s line, to summarize, is that it’s just a registrar, and that it has no obligation to monitor how its customers use their domains.

It adds that the domains in question amount to 10% of its DUM. Still a pretty big chunk.

The company wants Awake to retract its report by today, which it has not yet done, or it will call in the lawyers.

An open question to the domain name industry about coronavirus

Kevin Murphy, March 24, 2020, Domain Policy

“Don’t worry. We’ve done this before.”

That was pretty much the first sentence out of my grandmother’s mouth when I called to wish her a happy Mother’s Day.

She was talking about World War II and the immediate post-war years. She’s 93, so she saw both.

She’s no Uncle Albert. I don’t think I’ve ever heard her talk about “The War” before. Not once. But when her grandson called her for the first time in embarrassing months, that was where her mind went straight away.

They couldn’t get oranges, for years, back then. If you were diabetic, you couldn’t get sugar, but they gave you extra butter instead. She developed an aversion to canned pineapple chunks that persists to this day. She still has her ration book, a souvenir of trying times, squirreled away somewhere.

She was in generally good spirits. She knows that Covid-19, if it gets through the front door of her granny flat, will very likely be the end of her. Her mind is fully intact, but her body is all kinds of fucked up. But she and the family members who bring her food are taking the proper precautions. And, she said, she’s been self-isolating since November anyway. What’s another 12 weeks?

The WWII comparison was not at all surprising to hear, of course. A lot of us have been thinking similar things. The media is currently resplendent with uplifting examples of what we Brits refer to as the “Blitz spirit” — unity and stoicism in the face of overwhelming adversity.

There are significant differences, of course.

The enemy now is not an identifiable political faction with a skull on its cap, but a remorseless, invisible beastie. The Allies are not a collection of like-minded liberal nations, but literally the entire human species.

The baddies don’t want to shoot you. They want to infiltrate your nasal cavity and make you accidentally kill your parents with a hug. You kill them with soap.

Back then, we required young men to travel overseas to kill and potentially die to serve the greater good. We asked the women they left behind to take to the factory floors and work traditionally male jobs. Now, all we ask of them is that they don’t go down the pub on a Saturday night, and apparently sometimes even that’s too big of an ask.

Society is asking me to work from home during the day and do nothing more than watch TV and play Xbox in the evenings. Fine. I can do that. I was doing that anyway. This, apparently, is how my generation gets to save lives.

It doesn’t feel like much of a sacrifice.

Worldwide, people are sitting alone at home, twiddling their thumbs, watching slightly-less-than-hi-def Netflix, and wondering how they can do more to make a positive difference in this civilizational battle.

In the domain industry, we’ve recently seen the Internet Commerce Association attempt to help out people who are financially struggling due to coronavirus with its #DomainAssist Twitter campaign.

I’m not sure how effective it’s going to be, but ICA members have money, are trying to make a difference, and I’m certainly not going to knock them for it.

But there is one battle that the domain industry is uniquely positioned, and maybe even obligated, to fight.

That’s the fight against misinformation.

The World Health Organization started alerting the world to the Covid-19 “infodemic” in early February.

“We’re not just fighting an epidemic; we’re fighting an infodemic,” WHO director-general Tedros Adhanom said at the Munich Security Conference February 15. “Fake news spreads faster and more easily than this virus, and is just as dangerous.”

Hear that? The world’s top doc says that misinformation is just as dangerous as something that could kill your grandmother.

Just as crime flourished in London during the Blitz, 21st century fraudsters have been quick to take advantage of the coronavirus panic.

The fake news ranges from the harmlessly satirical — a quarantined Tom Hanks being supplied with a volleyball for company — to the life-threatening — tales of how ingesting silver, taking cocaine or drinking bleach can protect your from the virus.

In India, fake news is persuading people to drink cow piss.

Some of these scammers are just conspiracy theorists raging against the Big Pharma machine. Others are actively trying to make money hawking bogus and dangerous fake vaccines and cures. In the era of pandemic, they’re just as bad as each other.

It’s serious stuff. An infected person who thinks they’ve ingested the magic cure is less likely to take the proper precautions and more likely to transmit the virus to others, who will transmit it to others, who will transmit it to others… and then a bunch of people die.

So far, the WHO and other health authorities have rightly been focused largely on the social media platforms where the majority of this bogosity spreads.

The likes of Facebook, Twitter and Google have made changes to their usage policies or content-promotion algorithms in response to the crisis.

Twitter has banned tweets that go against the official guidance on reducing the spread of the virus. Facebook is promoting authoritative news sources and fact-checking misinformation. Google searches for coronavirus return curated, science-based info embedded in the results page, and banned coronavirus-related advertising. YouTube is taking down videos peddling dangerous misinformation.

The social media side of the technology industry certainly seems to be backtracking on its usual “we just a neutral platform” stance.

But it’s not just happening on social media. Many of these posts lead to web sites that are harmful. Some are simple frauds and phishing attacks. Others promote fake cures or urge readers to ignore the official science-based advice.

These web sites use domain names. Thousands have been registered in recent weeks.

NewsGuard has identified dozens of web sites that are promoting coronavirus misinformation. Fact-checking sites such as the AFP and Snopes have identified many more.

So here’s my open question, which I pose to every registry, registrar and reseller reading this:

If you are told about a domain name under your management that is publishing dangerous misinformation, will you take it down?

I’d like to think I know the answer to this question already, but I’m not sure I do.

Registries and registrars are notoriously reluctant to act on complaints about the contents of web sites. Many require a court order before taking action.

During peace time, worthy principles such as free speech, privacy, and legal due process all play a role in this kind of decision-making.

The latest version of the Framework to Address DNS Abuse lists four types of content that its dozens of domain-industry signatories “should” (as opposed to “must”) act on — child sex abuse material, illegal opioid sales, human trafficking, and credible incitements to violence.

The underlying principle leading to this list is “the physical and often irreversible threat to human life”.

I’m reminded of the ethical conundrum faced by EasyDNS and CEO Mark Jeftovic back in 2014, when the company changed its usage policies after a guy died due to fake pharma bought via a domain under its management.

“In one case we have people allegedly pirating Honey Boo Boo reruns and on the other we have people dying. We don’t know where exactly, but the line goes somewhere in between there,” Jeftovic wrote at the time.

I don’t wish to pick on EasyDNS or Jeftovic — changing one’s mind in the face of new evidence is an admirable trait — but I think his quote poses the question quite well.

There’s a line where free speech ends and incitement to virological violence begins.

Figuring out where that line is is something the domain name industry is going to have to get to grips with, fast.