Latest news of the domain name industry

Recent Posts

Registrars open floodgate of Whois privacy outrage

Kevin Murphy, June 26, 2015, Domain Policy

A letter-writing campaign orchestrated by the leading domain registrars has resulted in ICANN getting hit with over 8,000 pro-privacy comments in less than a week.

It’s the largest volume of comments received by ICANN on an issue since right-wing Christian activists deluged ICANN with protests about .xxx, back in 2010.

The comments — the vast majority of them unedited template letters — were filed in response to the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

That report attempts to bring privacy and proxy services, currently unregulated by ICANN, under ICANN’s contractual wing.

There are two problematic areas, as far as the registrars are concerned.

The first is the ability of trademark and copyright owners to, under certain circumstances, have the registrant of a privately registered name unmasked.

Upon receiving such a request, privacy services would have 15 days to obtain a response from their customer. They’d then have to make a call as to whether to reveal their contact information to the IP owner or not.

Possibly the most controversial aspect of this is described here:

Disclosure cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

In other words, the privacy services (in most cases, also the registrar) would be forced make a judgement on whether web site content is illegal, in the absence of a court order, before removing Whois privacy on a domain.

The second problematic area is an “additional statement” on domains used for commercial activity, appended to the PPSAI report, penned by MarkMonitor on behalf of Facebook, LegitScript, DomainTools, IP attorneys Smith, Gambreall & Russell, and itself.

Those companies believe it should be against the rules for anyone who commercially transacts via their web site to use Whois privacy.

Running ads on a blog, say, would be fine. But asking for, for example, credit card details in order to transact would preclude you from using privacy services.

The PPSAI working group didn’t even approach consensus on this topic, and it’s not a formal recommendation in its report.

Regardless, it’s one of the lynchpins of the current registrar letter-writing campaigns.

A page at SaveDomainPrivacy.org — the site backed by dozens of registrars big and small — describes circumstances under which somebody would need privacy even though they engage in e-commerce.

Home-based businesses, shelters for domestic abuse victims that accept donations, and political activists are all offered up as examples.

Visitors to the site are (or were — the site appears to be down right now (UPDATE: it’s back up)) invited to send a comment to ICANN supporting:

The legitimate use of privacy or proxy services to keep personal information private, protect physical safety, and prevent identity theft

The use of privacy services by all, for all legal purposes, regardless of whether the website is “commercial”

That privacy providers should not be forced to reveal my private information without verifiable evidence of wrongdoing

The content of the site was the subject of a sharp disagreement between MarkMonitor and Tucows executives last Saturday during ICANN 53. I’d tell you exactly what was said, but the recording of the relevant part of the GNSO Saturday session has not yet been published by ICANN.

Another site, which seems to be responsible for the majority of the 8,000+ comments received this week, is backed by the registrar NameCheap and the digital civil rights groups the Electronic Frontier Foundation and Fight For The Future.

NameCheap appears to be trying to build on the reputation it started to create for itself when it opposed the Stop Online Piracy Act a few years ago, going to so far as to link the Whois privacy reforms to SOPA on the campaign web site, which says:

Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

The EFF’s involvement seems to have grabbed the attention of many reporters in the general tech press, generating dozens of headlines this week.

The public comment period on the PPSAI initial report ends July 7.

If it continues to attract attention, it could wind up being ICANN’s most-subscribed comment period ever.

Do geeks care about privacy more than Christians care about porn? We’ll find out in a week and a half.

Puerto Rico to host ICANN meeting next year

Kevin Murphy, June 26, 2015, Domain Policy

ICANN is to host its first second ever public meeting on a Caribbean island.

The organization’s board of directors yesterday voted in favor of holding ICANN 57 in San Juan, Puerto Rico.

Technically, this fulfills ICANN’s commitment to hold the meeting in North America, even though physically Puerto Rico is in the Caribbean.

The island is one of those oddities in terms of territories in that it inherits its ICANN region from its political overlords.

Puerto Rico is a US territory, which puts it in ICANN’s North American region. The neighboring British Virgin Islands is, according to ICANN, in Europe.

ICANN 57 will be held from October 29 to November 4 2016, at the tail end of Puerto Rico’s hurricane season. It’s the second time ICANN has visited the island, the first since 2007.

There’s no word yet on where ICANN 56, June 2016, will be held. It’s a designated slot for an Latin American/Caribbean host nation.

ICANN 55 will be held in Marrakech next March, ICANN’s board confirmed yesterday, rescheduled from March this year due to the Ebola scare.

Dublin will host ICANN 54 this coming October.

Donuts: glitch revealed price we would pay for gTLDs

The recently discovered security vulnerability in one of ICANN’s web sites revealed how much Donuts was willing to pay for contested gTLDs at auction.

This worrying claim emerged during a meeting between registries and the ICANN board of directors at ICANN 53 in Buenos Aires yesterday.

“We were probably the largest victim of the data breach,” Donuts veep Jon Nevett told the board. “We had our financial data reviewed numerous times, dozens of times. We had our relative net worth of our TLDs reviewed, so it was very damaging information.”

He was referring to the misconfiguration in the new gTLD applicants’ portal, which allowed any user to view confidential application attachments belonging to any applicant.

ICANN discovered the problem in February, two years after the portal launched. The results of a security audit were revealed in late April.

But it was not until late May that it emerged that only one person, dotBerlin CEO Dirk Krischenowski, was suspected by ICANN of having deliberately viewed data belonging to others.

Nevett said communication should have been faster.

“We were in the dark for a number of weeks about who saw the data,” he told the board. “That was troubling, as we were going to auctions in that interim period as well.”

Donuts, which applied for over 300 new gTLDs, is known to have taken a strictly numbers-driven approach to string selection and auction strategy.

If a rival in a contention set had known how much Donuts was prepared to pay for a string, it would have had a significant advantage in an auction.

In response to Nevett’s concerns, ICANN CEO Fadi Chehade said that ICANN had to do a thorough investigation before it could be sure who saw what when.

ICANN bans closed generic gTLDs, for now

Kevin Murphy, June 24, 2015, Domain Policy

ICANN has slapped a de facto ban on so-called “closed generic” gTLDs, at least for the remaining 2012 round applicants.

The ICANN board’s New gTLD Program Committee passed a resolution Sunday that un-freezes the remaining new gTLD applications that envisage a namespace wholly controlled by the applicant.

The affected strings are .hotels, .dvr and .grocery, which are uncontested, as well as .food, .data and .phone, which are contested by one or two other applicants.

The NGPC said five strings are affected, but the ICANN web site currently shows these six.

The resolution allows the contested strings to head to dispute resolution or auction, but makes it clear that “exclusive generic gTLDs” will not be able to sign a registry contract.

Instead, they will either have to withdraw their applications (receiving a partial refund), drop their exclusivity plans, or have their applications carried over to the second new gTLD round.

The GNSO has been asked to develop a policy on closed generics for the second round, which is still probably years away.

It’s not clear whether other applicants would be able to apply for strings that are carried over, potentially making the close generic applicant fight two contention sets.

The NGPC decision comes over two years after the Governmental Advisory Committee advised that closed generics must serve “a public interest goal” or be rejected.

This weekend’s resolution sidesteps the “public interest” question altogether.

Freenom suspended for cybersquatting rival registrars

Freenom, the company behind .tk and other freebie ccTLDs, has had its ICANN registrar accreditation suspended for cybersquatting competing registrars including Go Daddy and Key-Systems.

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted.

I believe it’s the first time ICANN has suspended a registrar for this reason.

The suspension notice states:

ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest

That’s a long-winded way of saying “massive cybersquatting”.

ICANN is basing its claims on two UDRP cases that Freenom and its CEO, Joost Zuurbier, lost.

According to WIPO panelists in Key-Systems GmbH v. Joost Zuurbier, OpenTLD B.V. and NetEarth Group, Inc. v. Stichting OpenTLD WHOIS Proxy, the company squatted at least seven of its rivals’ trademarks.

The domains were netearthone.biz, rrpproxy.me, key-systems.cc, resellerclub.tk, resellbiz.biz, godaddy.cf and resello.ws.

According to the UDRP decisions, Freenom used the domains to try to entice resellers of the other registrars over to OpenTLD.

It bought the competing registrars’ trademarks as search keywords on Google’s advertising platform, a WIPO panelist found. If you searched Google for Key-Systems trademark “RRPproxy”, for example, you’d get an ad linking to rrpproxy.me.

In some cases the names were registered behind Freenom’s in-house privacy service. In others, Zuurbier and OpenTLD were listed plainly as the registrants.

The WIPO panelists also found that Freenon shirked its duties under the UDRP as registrar, deleting the squatted domains rather than locking them, which essentially amounted to “cyberflight”.

It all looks pretty bad for Freenom, which only gained its accreditation two years ago.

To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff.

Here’s the letter.