Latest news of the domain name industry

Recent Posts

Looks like .fans has a new Chinese owner

It appears that the struggling new gTLD .fans has changed ownership for the second time in a year.

According to ICANN’s web site, the .fans Registry Agreement was assigned to a company called ZDNS International on June 28.

Since August 2018, the contract had been in the hands of a CentralNic subsidiary called Fans TLD, having been originally operated by Asiamix Digital.

ZDNS International appears to be a newish Hong Kong subsidiary of major China-based DNS service provider ZDNS.

ZDNS provides DNS services for more than 20 TLDs, mostly Chinese-language, but as far as I can tell it is not the contracted party for any.

It’s also known for providing registry gateway services for non-Chinese registries that want to set up shop in the country.

CentralNic took over .fans last year after Asiamix failed to get the TLD’s sales to take off.

.fans had about 1,700 domains under management at the time, and it’s been pretty much flat ever since. I don’t think CentralNic has been promoting it.

Over the same period, singular competitor .fan, which Donuts acquired from Asiamix last year, has gone from 0 to almost 3,000 registrations.

If CentralNic, a public company, made a profit on the flip it does not appear to have been material enough to require disclosure to shareholders.

Can NameCheap reverse .org price cap scrap?

Kevin Murphy, July 25, 2019, Domain Policy

NameCheap has taken it upon itself to fight ICANN’s decision to remove price increase caps on .org. But does it stand a snowball’s chance in hell of winning?

The registrar has filed a Request for Reconsideration with ICANN, appealing the organization’s signing of a Registry Agreement with Public Interest Registry that allows PIR to raise prices by however much it wants, more or less whenever that it wants.

NameCheap, which had over 390,000 .org domains under management at the last count, says it is fighting for 700-odd of its customers whose comments, filed with ICANN, were allegedly not taken into account when the decision was made, along with registrars and everyone else that may be adversely impacted by unfettered .org price increases.

NameCheap thinks its business could be harmed if price increases are uncapped, with customers perhaps letting their domains expire instead of renewing. It’s RfR states:

The decision by ICANN org to unilaterally remove the price caps when renewing legacy TLDs with little (if any) evidence to support the decision goes against ICANN’s Commitments and Core Values, and will result in harm to millions of internet users throughout the world.

Unrestricted price increases for legacy TLDs will stifle internet innovation, harm lesser served regions and groups, and significantly disrupt the internet ecosystem. An incredible variety of public comments was submitted to ICANN from all continents (except Antarctica) imploring ICANN to maintain the legacy TLD price caps — which were completely discounted and ignored by ICANN org.

Before the new contract was signed, PIR was limited to a 10% increase in its .org registry fee every year. It didn’t always exercise that right, and has said twice in recent months that it still has no plans to increase its prices.

The new contract — which has already been signed and is in effect — was subjected to a public comment period that attracted over 3,200 comments, almost all of them expressing support for maintaining the caps.

Despite not-for-profit PIR’s protestations, many commenters came from the position that giving PIR the power to increase its fee without limit would very possibly lead to price gouging.

That ICANN allegedly “ignored” these comments is the key pillar of NameCheap’s RfR case.

The public comment period was a “sham”, the registrar claims.

But is this enough to make ICANN change its mind and (somehow) unsign the .org contract?

There are three ways, under ICANN’s bylaws, to win an RfR.

Requestors can show that the board or staff did something that contradicts “ICANN’s Mission, Commitments, Core Values and/or established ICANN policy(ies)”

They also win if they can show the decision was was taken “without consideration of material information” or with “reliance on false or inaccurate relevant information”.

It’s quite a high bar, and most RfRs are rejected by the Board Accountability Mechanisms Committee, which is the court of first instance for reconsideration requests.

Requestors rarely show up with sufficient new information sufficiently persuasive to kick the legs from under ICANN’s original decision, and the question of something contradicting ICANN’s core principles is usually a matter of interpretation.

For example, in this case, NameCheap is arguing that failing to side with the commenters who disagreed with the removal of price caps amounts to a breach of ICANN’s Core Value to make all decisions in consultation with stakeholders:

The ICANN org will decide whether to accept or reject public comment, and will unilaterally make its own decisions — even if that ignores the public benefit or almost unanimous feedback to the contrary, and is based upon conclusory statements not supported by the evidence. This shows that the public comment process is basically a sham, and that ICANN org will do as it pleases in this and other matters.

But one of ICANN’s stated reasons for approving the contract was to abide by its Core Value to depend “on market mechanisms to promote and sustain a competitive environment in the DNS market”. It doesn’t want to be a price regulator, in other words.

So we have a clash of Core Values here. It will be pretty easy for ICANN’s lawyers — who drafted the contract and will draft the resolutions of the BAMC and the full board — to argue that the Core Values were respected.

I think NameCheap is going to have a hard time here.

Even if it were to win, how on earth does one unsign a contract? As far as I can tell, ICANN has no termination rights that would apply here.

Where the RfR will certainly succeed is to force the ICANN board itself to take ownership, on the record, of the .org contract decision.

As ICANN explained to DI earlier this month, while the board was very much kept in the loop on the state of negotiations, it was senior staff that made all the calls on the new contract.

But an RfR means that the BAMC, which comprises five directors, will first have to raise their hands to confirm the .org decision was kosher.

NameCheap will then get a chance to file a rebuttal before the BAMC decision is handed to the full ICANN board for a confirmatory vote.

While the first two board discussions of the .org contract were not minuted, the bylaws contain an interesting feature related to RfRs that I’d never noticed before today:

If the Requestor so requests, the Board shall post both a recording and a transcript of the substantive Board discussion from the meeting at which the Board considered the Board Accountability Mechanisms Committee’s recommendation.

I sincerely hope NameCheap invokes this right, as I think it’s pretty important that we get some additional clarity on ICANN’s thinking here.

ICANN’s new conferencing software has a webcam security bug

Kevin Murphy, July 10, 2019, Domain Tech

ICANN can’t catch a break when it comes to remote participation security, it seems.

Having just recently made the community-wide switch away from Adobe Connect to Zoom, partly for security reasons, now Zoom has been hit by what many consider to be a critical zero-day vulnerability.

Zoom (which, irrelevantly, uses a .us domain) pushed out an emergency patch for the vulnerability yesterday, which would have allowed malicious web sites to automatically turn on visitors’ webcams without their consent.

Only users of the installable Mac client were affected.

According to security researcher Jonathan Leitschuh, who discovered the problem, Zoom’s Mac client was installing a web server on users’ machines in order to bypass an Apple security feature that requires a confirmatory click before the webcam turns on.

This meant a web site owner could trick a user into a Zoom session, with their camera turned on by default, without their knowledge or consent.

If you’re in the habit of keeping your webcam lens uncovered, that’s potentially a big privacy problem, especially if you do most of your remote coverage of ICANN meetings from the toilet.

It appears that Leitschuh, who reported the problem to Zoom three months ago, took issue with what he saw as the company’s ambivalent attitude to fixing it in a timely fashion.

When he finally blogged about it on Monday, after giving Zoom a 90-day “responsible disclosure” period to issue a patch, the problem still hadn’t been fully resolved, he wrote.

But, following media coverage, Zoom’s new patch apparently removes the covert web server completely. This removes the vulnerability but means Apple users will have to click a confirmation button before joining Zoom meetings in future.

Zoom is used now for all of ICANN’s remote participation, from sessions of its public meetings to discussions of its policy-making working groups.

I really like it. It feels a lot less clunky than Adobe, and it’s got some nifty extra features such as the ability to skip around in recordings based on an often-hilarious machine-transcription sidebar, which makes my life much easier.

One of the reasons ICANN made the switch was due to a bug found in Adobe Connect last year that could have been used to steal confidential information from closed meetings.

ICANN actually turned off Adobe Rooms for remote participants halfway through its public meeting in Puerto Rico due to the bug.

The switch to Zoom was hoped to save ICANN $100,000 a year.

ICANN explains how .org pricing decision was made

ICANN has responded to questions about how its decision to lift price caps on .org, along with .biz and .info, was made.

The buck stops with CEO Göran Marby, it seems, according to an ICANN statement, sent to DI last night.

ICANN confirmed that was no formal vote of the board of directors, though there were two “consultations” between staff and board and the board did not object to the staff’s plans.

The removal of price caps on .org — which had been limited to a 10% increase per year — proved controversial.

ICANN approved the changes to Public Interest Registry’s contract despite receiving over opposing messages from 3,200 people and organizations during its open public comment period.

Given that the board of directors had not voted, it was not at all clear how the decision to disregard these comments had been made and by whom.

The Internet Commerce Association, which coordinated much of the response to the comment period, has since written to ICANN to ask for clarity on this and other points.

ICANN’s response to DI may shed a little light.

ICANN staff first briefed the board about the RA changes at its retreat in Los Angeles from January 25 to 28 this year, according to the statement.

That briefing covered the reasons ICANN thinks it is desirable to migrate legacy gTLD Registry Agreements to the 2012-round’s base RA, which has no pricing controls.

The base RA “provides additional safeguards and security and stability requirements compared to legacy agreements” and “creates efficiencies for ICANN org in administration and compliance enforcement”, ICANN said.

Migrating old gTLDs to the standardized new contract complies with ICANN’s bylaws commitment “to introduce and promote competition in the registration of domain names and, where feasible and appropriate, depend upon market mechanisms to promote and sustain a competitive environment in the DNS market”, ICANN said.

They also contain provisions forcing the registry to give advance notice of price changes and to give registrants the chance to lock-in prices for 10 years by renewing during the notice period, the board was told.

After the January briefing, Marby made the call to continue negotiations. The statement says:

After consultation with the Board at the Los Angeles workshop, and with the Board’s support, the CEO decided to continue the plan to complete the renewal negotiations utilizing the Base RA. The Board has delegated the authority to sign contracts to the CEO or his designee.

A second board briefing took place after the public comment periods, at the board’s workshop in Marrakech last month.

The board was presented with ICANN’s staff summary of the public comments (pdf), along with other briefing documents, then Marby made the call to move forward with signing.

Following the discussion with the Board in Marrakech, and consistent with the Board’s support, the CEO made the decision for ICANN org to continue with renewal agreements as proposed, using the Base gTLD Registry Agreement.

Both LA and Marrakech briefings “were closed sessions and are not minuted”, ICANN said.

But it appears that the board of directors, while not voting, had at least two opportunities to object to the new contracts but chose not to stand in staff’s way.

At the root of the decision appears to be ICANN Org’s unswerving, doctrinal mission to make its life easier and stay out of price regulation to the greatest extent possible.

Reasonable people can disagree, I think, on whether this is a worthy goal. I’m on the fence.

But it does beg the question: what’s going to happen to .com?

CEO lost millions on Manhattan apartment deal just days before AlpNames went dark

The CEO of AlpNames lost his $2.1 million deposit on a $10.6 million Manhattan apartment just days before his company went belly-up earlier this year, DI can reveal.

ApartmentsA New York District Court judge in February found in favor of property developer Highline Associates, which had sued Iain Roache for his deposit after he failed to pay the balance of the luxury residence’s purchase price in 2017.

The ruling appears to have been published February 25 this year. By March 7, just 10 days later, ICANN had already started compliance proceedings against AlpNames.

The timing could just be a coincidence. Or it might not.

According to Judge Robert Sweet (in what appears to be one of his final decisions before his death at 96 in March this year), Roache agreed in December 2015 to buy a condo, parking space and storage unit at 520 West 28th St, a then under-development luxury apartment complex designed by award-winning architect Zaha Hadid, in Manhattan’s fashionable Chelsea district.

The purchase price of the one-bedroom apartment was an eye-watering $9.8 million. Another $770,000 for the parking space and storage unit brought the total agreed price to $10,565,000. Roache plunked $2,113,000 of that into escrow as a deposit.

At that time, AlpNames, majority-owned by Roache, was quite a young company.

It was on the cusp of selling its millionth domain, and had got to that milestone in just over a year in business. Earlier in 2015, it had been bragging about how it was second only to GoDaddy in terms of new gTLD domains sold.

Famous Four Media, the new gTLD registry that Roache also led (also no longer a going concern), had already launched 10 of its eventual 16 TLDs. In total, the portfolio had roughly 1.5 million domains under management. It was one of the leaders, volume-wise, of the new gTLD industry.

When the apartment was finally ready to move into, in June 2017, Highline approached Roach to close the deal.

According to the court’s findings, Roache declined to immediately pay and seems to have given the developer the runaround for several months, requesting and receiving multiple extensions to the closing date.

It wasn’t until early 2018 that Highline, apparently determining that it was never going to see the money, terminated the contract and attempted to take ownership of the $2.1 million deposit.

But Roache’s lawyers instructed the escrow agent not to release the funds without a court order. Obligingly, Highline sued in February 2018.

During the case, Roache argued among other things that he had been verbally duped into signing the purchase agreement, but the judge wasn’t buying it.

He noted that Roache is a “sophisticated businessman” who had hired an experienced New York real estate lawyer to advise him on the purchase.

He also noted that the contract specifically said that the buyer is buying based on the contents of the agreement and specifically not any prior verbal representations (nice clause for all those bullshit-happy real estate agents out there, I reckon).

The judge finally decided that Highline, and not Roache, was rightfully owed the $2.1 million deposit.

It wasn’t long after the ruling that AlpNames customers started experiencing issues.

I first reported that the web site was offline, and had been offline for at least a few days, on March 12 this year. A NamePros thread first mentioned the downtime March 10.

It later emerged (pdf) that ICANN had already started calling AlpNames on March 7, after receiving complaints from AlpNames’ customers that the site was down.

On March 15, after receiving no response from Roache, ICANN made the decision to immediately terminate its Registrar Accreditation Agreement.

A couple of weeks later, CentralNic took over AlpNames’ customer base and around 600,000 domain names, under ICANN’s De-Accredited Registrar Transition Procedure.

That’s the timeline of events.

Am I saying that there was a causal link between Roache’s real estate deal going south and AlpNames going AWOL within a couple of weeks? Nope. I don’t have any evidence for that.

Am I saying it’s possible? Yup. The timing sure does look fishy, doesn’t it?