Latest news of the domain name industry

Recent Posts

After Zoom trolling, ICANN 68 will be password-protected

Kevin Murphy, May 6, 2020, Domain Policy

If you want to show up to ICANN 68, which will be held online next month, you’re going to need a password.

ICANN said this week that it’s updating its Zoom software and standard configuration to require passwords. In a blog post outlining a number of changes to its Zoom instance, ICANN said:

The most impactful change is the new requirement that all meetings be secured with a password. This is the first step recommended by security professionals to keep meetings secure, and one which we had largely adopted org-wide prior to making it a requirement for all. We will make another announcement in the coming weeks regarding how this may impact joining meetings during ICANN68, as we work towards the best overall solution.

Quite how this could work while maintaining the usual openness of ICANN’s public meetings — which have always been free to attend basically anonymously — remains to be seen.

At ICANN 67, Zoom sessions that were open to the public simply required you to enter a name. Any name. At in-person public meetings, I don’t think you even need to show ID to get a hall pass.

The changes come in the wake of a “Zoombombing” incident during a minor meeting in March, during which trolls showed up via a publicly-posted link and flooded the session with “inappropriate and offensive” audio and imagery.

ICANN meeting got “Zoombombed” with offensive material

Kevin Murphy, April 27, 2020, Domain Policy

An ICANN meeting held over the Zoom conferencing service got “Zoombombed” by trolls last month.

According to the organization, two trolls entered an ICANN 67 roundup session for Spanish and Portuguese speakers on March 27 and “shared inappropriate and offensive audio and one still image” with the legitimate participants.

The session was not password protected (rightly) but the room had (wrongly) not been configured to mute participants or disable screen-sharing, which enabled the offensive material to be shared.

The trolls were quickly kicked and the loopholes closed, ICANN said in its incident report.

ICANN appears to have purged the meeting entirely from its calendar and there does not appear to be an archive or recording, so I sadly can’t share with you the gist of the shared content.

Zoombombing has become an increasingly common prank recently, as the platform sees many more users due to the coronavirus-related lockdowns worldwide.

ICANN to consider cancelling ICANN 68 tomorrow

Kevin Murphy, April 7, 2020, Domain Policy

ICANN is to consider whether to cancel its in-person ICANN 68 gathering at a meeting of its board of directors tomorrow.

The agenda for its meeting tomorrow has one line item: “Impact of COVID-19 on ICANN68”.

The four-day Policy Forum is currently scheduled to take place from June 22 in Kuala Lumpur, Malaysia.

I think the chances of this event going ahead in the midst of the coronavirus pandemic are zero point zero.

March’s ICANN 67 meeting was replaced with a series of virtual Zoom rooms on February 19, when cases of Covid-19 had been reported in just 26 countries and it was still widely thought of as a Chinese problem.

According to today’s data from the European Centre For Disease Prevention and Control, coronavirus cases have been reported in 204 countries and territories. That’s pretty much all of them.

Even if some currently hard-hit countries in North America and Europe are over the hump by June, you can guarantee that somewhere in the world there’ll be a horrific Biblical epidemic going on. I can’t see ICANN taking the risk of opening its doors to the world at a time like that.

Frankly, I think ICANN 69, the annual general meeting slated for Hamburg in October, has a big question mark hanging over it as well.

Germany may have been handling its crisis relatively well compared to other nations, but ICANN has participants from 150 countries and it may well have to make its call based not on the strongest national response but the weakest.

At ICANN 67, nobody knew you’re a dog

Kevin Murphy, March 16, 2020, Gossip

Want to see what your fellow ICANN 67 attendees looked like on the other side of the Zoom chat room?

The meeting may have been held entirely remotely, but that hasn’t stopped the ICANN org from populating its Flickr page with a big wedge of photos, one of which seems to prove the old adage that “On the internet, nobody know’s you’re a dog.”

Virtual Photo Gallery #42

Photo credit: @icannphotos

At regular, face-to-face ICANN meetings, there’s a professional photographer doing the rounds, doing his or her level best to make jet-lagged, bearded. middle-aged men sitting in circles at laptops look thrusting and dynamic.

This time, it was largely up to remote participants to submit their own mug shots, taken in their home offices, kitchens, and lounges, for your viewing delight. And what a jolly nice bunch of people they look.

The batch of photos from 67 also includes a number taken on-site at ICANN’s Los Angeles headquarters, which had been hastily rigged up to act as the meeting’s hub after the face-to-face meeting in Cancun, Mexico was cancelled over coronavirus fears.

Here.

WE’RE ALL GONNA DIE! In other news, ICANN 67 was… “muted”

Kevin Murphy, March 13, 2020, Domain Policy

Without wishing to scaremonger about Covid-19, I don’t mind admitting that I’ve never been so terrified of anything as much in my adult life.

I have relatives in their nineties or with existing lung conditions, and I’m generally a pretty unhealthy middle-aged bloke myself. In the last few days, I’ve become increasingly concerned that not every member of the clan is going to make it out of 2020 alive.

I’m sure many readers are feeling the same way right now.

The UK government’s response may or may not be scientifically sound, but it seems to me the underlying strategy is not to prevent people from getting the disease, which may well no longer be possible, but rather to spread out infections over as long a period as possible, so as to reduce the peak strain on the National Health Service.

My feeling, which I don’t think is particularly paranoid, is that Boris Johnson, in apparent contrast to other world leaders, has made the call to throw a generation of British grannies under the bus in the name of herd immunity.

We’re living in dark times, and it’s going to get worse before it gets better.

I hope all my readers stay safe. And, in all seriousness, keep washing those hands and stay at home if you start coughing!

Awkward segue incoming.

There was little doubt in my mind that ICANN made the correct decision three weeks ago when it cancelled the in-person Cancun public meeting and quickly organized a much-truncated online-only ICANN 67 instead. There seemed a possibility that it was acting through an over-abundance of caution.

But, given the developments in the coronavirus pandemic since ICANN pulled the plug on Cancun, all such doubt has surely been eliminated. ICANN made entirely the right call.

That’s not to say that 67 was a roaring success. It suffered from the entirely predictable and unavoidable limitations of online conferencing.

When I say it was “muted”, I mean that in two senses of the word.

Watching the American late-night talk show hosts last night performing to empty audiences this morning was a surreal experience. Like watching survivors of the zombie apocalypse broadcasting a plaintive SOS into an eerily silent ether.

I kinda felt the same listening to ICANN 67.

While I’m no stranger to remote participation — that’s how I experience most ICANN meetings — there’s usually a detectable sense of place, of a jostling community on the other side of the Zoom room. I hesitate to use a word as strong as “vibrancy”, but you probably know what I’m getting at.

There was none of that at 67, which largely played out in much the same way as a regular policy working group call.

And that’s when we get to the other sense of the word “muted” — I lost count of the amount of time squandered to technical issues such as dropped or laggy connections, background noise, and, most commonly, people not realizing that they have to unmute their lines before speaking.

I don’t think a single session I attended was not plagued by periods of uncomfortable silence.

As I said, this was entirely predictable and largely unavoidable. I don’t think the fact that each session’s Zoom room appeared to be configured differently helped, but it’s probably a problem that will be mitigated as people become more accustomed to the Zoom platform.

The next ICANN meeting, numbered 68, is currently still scheduled to take place in Kuala Lumpur, Malaysia, from June 22, but I think that it’s almost inevitable that we’ll be looking at another online-only session.

Malaysia currently has 158 confirmed cases of coronavirus, suggesting that it’s still in the relatively early stages of the pandemic compared to, say, Europe.

With UK experts predicting peak infections here around late May, it’s entirely possible ICANN 68 would take place while Malaysia’s problem is significantly worse than it is today.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.

Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.

In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.

In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.

Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.

The complaint is very similar to one filed against OnlineNIC (pdf) in October.

And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.

Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.

Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.

The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.

Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.

Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.

The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.

ICANN chair: “all options open” on .org deal

Kevin Murphy, March 10, 2020, Domain Policy

ICANN has not yet decided to approve the acquisition of Public Interest Registry by Ethos Capital, but has not ruled out rejecting the deal either.

That’s according to chair Maarten Botterman, speaking to his Governmental Advisory Committee this evening.

At the online-only ICANN 67 meeting, he was asked by GAC chair Manal Ismail whether ICANN is considering withholding its consent for the $1.13 billion deal, which would see the .org registry return to for-profit hands for the first time in 18 years.

“At this moment all options remain open. We are open-minded to taking all input into account before it is time for us to decide,” Botterman replied.

“ICANN will consider the request based upon the totality of the information received,” he also said.

ICANN has the ability, under its registry agreement with PIR, to reject a change of control such as an acquisition, if it believes it’s not in the public interest.

Critics of the deal believe it would allow private equity firm Ethos and its anonymous backers to price-gouge non-profits such as charities, which need the money more.

But Ethos has offered to cap price increases at 10% per year on average for the next seven years, reimposing a price cap that PIR negotiated its way out of last year.

Could .org debate bring back the glory days of ICANN public forums?

Kevin Murphy, March 5, 2020, Domain Policy

ICANN is going to devote 90 minutes to discussing the controversial acquisition of Public Interest Registry by Ethos Capital on Monday, and the sparks could fly.

It’s actually going to be the first formal session of the abridged, online-only ICANN 67 meeting, which had been due to take place in Cancun but will now be carried out fully online. The customary opening ceremony has been scrapped.

Seventy minutes will be devoted to taking questions and comments from the “room”. ICANN 67 is sticking to Cancun’s time zone and the .org session starts at 1400 UTC, which would have been 0900 at the venue.

ICANN warned that the sessions is devoted to the process ICANN is using to approve, or not, the acquisition, and that it “cannot address questions and comments that relate to the ISOC, PIR, Ethos Capital, or other parties involved in the proposed transfer”.

The deal is controversial largely because critics believe Ethos, as a private equity company, is much more likely to start to rip off .org registrars with price hikes than not-for-profit ISOC. But Ethos has offered to bake conditions into its contract that limit it to 10% increases per year on average.

Given the vast amount of interest in the .org deal from outside the usual ICANN community, we could see the kind of robust debate that was common in the ICANN public forum sessions during the birth throes of the new gTLD program, but which has been sadly lacking in recent years.

Newcomers wishing to get involved might like to first familiarize themselves with ICANN’s Expected Standards of Behavior. Anyone dropping the F-bomb or calling the deal “gay”, as happened during the recent .com comment period, will very likely be kicked and banned. Just imagine you’re talking to Titania McGrath and you should be okay.

Yup. ICANN cancelled Cancun

Kevin Murphy, February 20, 2020, Domain Policy

ICANN has cancelled its public meeting in Cancun, Mexico, due to fears over Covid-19, aka Coronavirus.

Late this evening, the organization said that the ICANN 67 meeting, scheduled for March 7 to March 12, will now take place purely online.

In a statement, the org said:

Each ICANN Public Meeting attracts thousands of attendees from more than 150 countries. With cases in at least 26 of those countries, there is the potential of bringing the virus to Cancún and into the ICANN meeting site. If this were to happen, there could be accidental exposure of the virus to attendees, staff, and others who come in contact with an infected individual.

ICANN had been putting in place measures to mitigate the risk of the disease arriving and spreading.

The decision to cancel the face-to-face meeting was made by the ICANN board of directors today.

It’s going to be the first ICANN meeting to take place fully online. It’s not clear at all that ICANN knows how to do this. ICANN is very good at enabling remote participation, but it’s never run a fully remote week-long meeting with a few thousand participants before.

It seems virtually certain that there will be problems and complaints.

ICANN wants to take your temperature before letting you into ICANN 67

Kevin Murphy, February 18, 2020, Domain Policy

Face masks, hand-sanitizer stations, and nurses taking your temperature on the doors… these are some of the measures ICANN plans to deploy at its upcoming public meeting in Cancun next month, in an effort to mitigate the risk of a Covid-19 outbreak.

That’s assuming the meeting goes ahead at all, which is still undecided.

Speaking to community leaders in a teleconference this evening, ICANN staffers outlined the following precautionary measures they expect to put in place:

  • A doctor from International SOS will be on site, alongside the usual two medics.
  • A team of nurses will be deployed at the venue’s two entrances to check attendees’ temperatures (via the forehead, you’ll be pleased to hear) as they enter the building.
  • “Anyone registering a fever will be escorted to the doctor for assessment.”
  • ICANN is “stockpiling” face masks and is already shipping some to the venue. This is complicated by the global supply shortage. Attendees will be encouraged to source their own before leaving home.
  • Hand sanitizer facilities will be dotted around, particularly at large meeting rooms and outside bathrooms.
  • A Mexican familiar with the local public health service will be available.
  • It will be up to the local Mexican authorities to determine how to respond to a confirmed case. It’s not particularly clear what the policy would be on quarantine and the dreaded “cruise ship scenario”. There have been no cases in Mexico yet.

The temperature checks will be daily. One would assume that people leaving the venue for lunch, or a cigarette or something will be checked more frequently.

ICANN has yet to decide whether the meeting is going to go ahead. Its board of directors will meet on Wednesday to make a call, but CEO Göran Marby noted that should the situation with Covid-19 change there’s always the possibility it could be cancelled at a later date.

The meeting could also be cancelled if a large enough number of ICANN support staff refuse to go.

Some companies have already informed ICANN that they won’t be sending employees to the meeting. Marby said that if it looks like only 600 or 700 people are going to show up, the meeting probably won’t go ahead.

Governmental Advisory Committee chair Manal Ismail said on the call that only 30 GAC members have so far indicated that they’re going to attend. That’s about half of the usual level, she said.

If it were to be cancelled, the meeting would go ahead online. All ICANN meetings allow remote participation anyway, but ICANN has been prepping for the possibility that its online tools will need much greater capacity this time.

The audio recording of the call can be found here. Thanks to Rubens Kuhl for the link.

Are you going to go to Cancun, or will you cancel due to Covid? Let me know in the comments.

  • Page 1 of 2
  • 1
  • 2
  • >