Latest news of the domain name industry

Recent Posts

Now new gTLDs are being scapegoated for child abuse material (rant)

The guy responsible for getting the string “rape” closely restricted for no reason in .uk domain names is now gunning for ICANN and new gTLDs with a very similar playbook.

Campaigner John Carr, secretary of the little-known Children’s Charities’ Coalition on Internet Safety, wants ICANN to bring in strict controls to prevent convicted pedophiles registering domains in child-oriented domains such as .kids.

He’s written to the UK prime minister, the two other ministers with the relevant brief, the US federal government and the California attorney general to make these demands.

That’s despite the fact that he freely acknowledges that he does not have any evidence of a problem in existing kid-oriented TLDs and that he does not expect there to be a problem with .kids, should it be delegated, in future.

Regardless, ICANN comes in for a bit of a battering in the letter (pdf), with Carr insinuating that it and the domain industry are quite happy to throw child safety under the bus in order to make a quick buck. He writes:

ICANN has definitely not been keeping the internet secure for children. On the contrary ICANN shows complete indifference towards children’s safety. This has led to real dangers that ICANN could have prevented or mitigated.

ICANN, the Registries and the Registrars have an obvious financial interest in increasing the number of domain names being sold. Their interest in maximising or securing their revenues appears sometimes to blind them to a larger obligation to protect the weak and vulnerable e.g. in this instance children.

Despite this worrying premise, Carr admits in an accompanying paper (pdf) that the Russian version of .kids (.дети), which has been live for three years and only has about 1,000 registrations, does not seem to have experienced a deluge of sex offenders.

Nevertheless, he says ICANN should have forced the .дети registry to do criminal background checks on all registrants to make sure they did not have a record of sexual offences.

While at the time of writing we have no information which suggests anything untoward has happened with any Russian .kids websites, and we understand the volume of sales has been low so far, the matter should never have been left open in that way. When ICANN let the contract it could have included clauses which would have made it a contractual obligation to carry out the sort of checks mentioned. The fact that ICANN did not do this illustrates a degree of carelessness about children’s well-being which is tantamount to gross negligence.

Quite how a domain registry would go about running criminal records checks on all of its customers globally, and what the costs and the benefits would be, Carr does not say.

The letter goes on to state incorrectly that Amazon and Google are in contention for .kids.

In fact, Google applied for the singular .kid. While the two strings are in contention due to an adverse String Confusion Objection, there’s also a second applicant for .kids, the DotKids Foundation, which proposes to keep .kids highly restricted and which Carr is either unaware of or deliberately omits from his letter.

Based on his assumption that .kids is a two-horse race between Amazon and Google, he says:

while I am sure both Google and Amazon will choose to do the right thing, whichever one is the eventual winner of the contract, the point is matters of this kind should never have been left as an option

So not only does Carr not have any evidence that extant “.kids” domains are currently being abused years after delegation, he’s also sure that .kids won’t be in future.

But he wants Draconian background checks implemented on all registrants anyway.

His letter coincides with the release of and heavily cites the 2016 annual report (pdf) of the Internet Watch Foundation — the organization that coordinates the takedown of child abuse material in the UK and elsewhere.

That report found that new gTLD domains are being increasingly used to distribute such material, but that Verisign-run TLDs such as .com are still by far the most abused for this purpose.

The number of takedowns against new gTLD domains in 2016 was 272 (226 of which were “dedicated to distributing child sexual abuse content”) the IWF reported, a 258% increase on 2015.

That’s 272 domains too many, but averages out at about a quarter of a domain per new gTLD.

There were 2,416 domains being used to distribute this material in 2016, IWF said. That means new gTLDs accounted for about 11% of the total child abuse domains — higher than the 7.8% market share that new gTLDs command (according to Verisign’s Q4 industry brief).

But the IWF report states that 80% of the total abuse domains are concentrated in just five TLDs — .com, .net, .se, .io, and .cc. Even child abusers are not fans of new gTLDs, it seems.

Despite the fact that two of these domains are operated under ICANN contract, and the fact that .io is operated by a British company representing a British overseas territory, Carr focuses his calls for action instead on new gTLDs exclusively.

And his calls are receiving attention.

A The Times article this week cries “New internet domain is magnet for paedophiles, charities warn”, while tabloid stable sister The Sun reported on “fears predators are exploiting new website addresses to hide indecent material”.

This is how it started with Carr’s campaign to get “rape” domains banned in the UK.

Back in 2013, he wrote a blog post complaining that it was possible to register “rapeher.co.uk” — not that it had been registered, only that it could be registered — and managed to place a couple of stories in the right-leaning press calling for Nominet to do more to prevent the registration of “depraved and disgusting” domains such as the one he thought up.

This led to a government minister calling for an independent policy review, an actual review, and a subsequent policy that sees some poor bastard at Nominet having to pore over every .uk registration containing rapey strings to see if they’re potentially advocating or promoting actual rape.

Implementation of that policy has so far confirmed that Carr’s worries were, as I said in my 2013 rant, baseless.

In 2016, there were 2,407 registrations of domains containing the string “rape”, but just one of them was found to be using it in the context of sexual assault and was suspended, according to Nominet stats.

In 2015, the number of suspensions was the same. One.

The same story is playing out now — a single Don Quixote with a tenuous grasp of the systems he’s criticizing calling for ludicrous policies to prevent a problem that he freely admits does not exist and probably won’t exist in future.

Still, at least he gets to wave some headlines in front of his employers to pretend he’s actually earning his salary.

Donuts sticks with Rightside despite Google support

Kevin Murphy, February 8, 2017, Domain Registries

Donuts has renewed its back-end registry services contract with Rightside, Rightside has announced.

That’s despite indications a few months ago that it might have been preparing for a switch to Google’s new Nomulus platform.

Rightside said yesterday that the deal, which has seen Rightside handle the registry for Donuts’ portfolio of almost 200 gTLDs for the last five years, has been extended.

It’s a “multi-year” deal, but the length of the extension has not been revealed.

Donuts had suggested last October that it might be ready to move to Nomulus instead.

The company revealed then that it had been quietly working with Google for 20 months on the software, which uses Google’s cloud services and is priced based on resource usage.

Then-CEO Paul Stahura said Nomulus “provides Donuts with an alternative back-end with significant benefits.”

Now-CEO Bruce Jaffe said yesterday that “Rightside’s registry platform has the right combination of innovative features, ease-of-operation, scalability, and highly responsive customer support”.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.

Verisign likely $135 million winner of .web gTLD

Kevin Murphy, August 1, 2016, Domain Registries

Verisign has emerged as the likely winner of the .web gTLD auction, which closed on Thursday with a staggering $135 million winning bid.

The shell company Nu Dot Co LLC was the prevailing applicant in the auction, which ran for 23 rounds over two days.

Just hours after the auction closed, Domain Name Wire scooped that Verisign had quietly informed investors that it has committed to pay $130 million for undisclosed “contractual rights”.

In its Securities and Exchange Commission quarterly report, filed after the markets closed on Thursday, Verisign said:

Subsequent to June 30, 2016, the Company incurred a commitment to pay approximately $130.0 million for the future assignment of contractual rights, which are subject to third-party consent. The payment is expected to occur during the third quarter of 2016.

There seems to be little doubt that the payment is to be made to NDC (or one of its shell company parents) in exchange for control of the .web Registry Agreement.

The “third-party consent” is likely a reference to ICANN, which must approve RA reassignments.

We speculated on July 14 that Verisign would turn out to be NDC’s secret sugar daddy, which seems to have been correct.

Rival .web applicant Donuts had sued ICANN for an emergency temporary restraining order, claiming it had not done enough to uncover the identity of NDC’s true backers, but was rebuffed on multiple grounds by a California judge.

Donuts, and other applicants, had wanted the contention set settled privately, but NDC was the only hold-out.

Had it been settled with a private auction, and the $135 million price tag had been reached, each of the seven losing applicants would have walked away with somewhere in the region of $18.5 million in their pockets.

This draws the battle lines for some potentially interesting legal fallout.

It remains to be seen if Donuts will drop its suit against ICANN or instead add Verisign in as a defendant with new allegations.

There’s also the possibility of action from Neustar, which is currently NDC’s named back-end provider.

Assuming Verisign plans to switch .web to its own back-end, Neustar may be able to make similar claims to those leveled by Verisign against XYZ.com.

Overall, Verisign controlling .web is sad news for the new gTLD industry, in my view.

.web has been seen, over the years, as the string that is both most sufficiently generic, sufficiently catchy, sufficiently short and of sufficient semantic value to provide a real challenge to .com.

I’ve cooled on .web since I launched DI six years ago. Knowing what we now know about how many new gTLD domains actually sell, and how they have to be priced to achieve volume, I was unable to see how even a valuation of $50 million was anything other than a long-term (five years or more) ROI play.

Evidently, most of the applicants agreed. According to ICANN’s log of the auction (pdf) only two applicants — NDC and another (Google?) — submitted bids in excess of $57.5 million.

But for Verisign, .web would have been a risk in somebody else’s hands.

I don’t think the company cares about making .web a profitable TLD, it instead is chiefly concerned with being able to control the impact it has on .com’s mind-share monopoly.

Verisign makes about a billion dollars a year in revenue, with analyst-baffling operating margins around 60%, and that’s largely because it runs .com.

In 2015, its cash flow was $651 million.

So Verisign has dropped a couple of months’ cash to secure .web — chickenfeed if the real goal is .com’s continued hegemony.

In the hands of a rival new gTLD company’s marketing machine, in six months we might have been seeing (naive) headlines along the lines of “Forget .com, .web is here!”.

That won’t happen now.

I’m not privy to Verisign’s plans for .web, but its track record supporting the other TLDs it owns is not fantastic.

Did you know, or do you remember, that Verisign runs .name? I sometimes forget that too. It bought it from Global Name Registry in late 2008, at the high point of its domains under management in this chart.

.name

I don’t think I expect Verisign to completely bury .web, but I don’t think we’re going to see it aggressively promoted either.

It will never be positioned as a competitor to .com.

If .web never makes $135 million, that would be fine. Just as long as it doesn’t challenge the perception that you need a .com to be successful, Verisign’s purchase was worth the money.

Google offers reseller widget, signs first partners

Google’s registrar, Google Domains, has started offering a widget to make it easier to become a reseller.

The Google Domains widget has already been deployed by five web site builders — Big Cartel, Duda, Selz, Square and Webflow — the company said.

These companies have evidently embedded the software — a chunk of Javascript — into their web sites.

Google said it handles payment and DNS configuration — pointing the newly registered domains to the appropriate service — on behalf of its partners.

More details are here and here. For some reason Google is using domains.withgoogle.com for this program, even though it has a perfectly serviceable dot-brand in the root.