Latest news of the domain name industry

Recent Posts

IWF finds 3,401 “commercial” child porn domains

Kevin Murphy, April 28, 2021, Domain Registries

The Internet Watch Foundation last year found child sexual abuse material on 3,401 domains that it says appeared to be commercial sites dedicated to distributing the illegal content.

The UK-based anti-CSAM group said in its annual report, published last week, that it found 5,590 domains containing such material in 2020, and 61% were “dedicated commercial sites… created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.”

That’s a 13% increase in domains over 2019, the report says. It compares to 1,991 domains in 2015.

IWF took action on 153,369 URLs containing CSAM last year, the report says.

For example, the TLD with the most CSAM abuse is of course .com, with 90,879 offending URLs in 2020, 59% of the total. That compares to 69,353 or 52% in 2019.

But because those 90,000 URLs may include, for example, pages on image-hosting sites that use .com domains, the number of unique .com domains being abused will be substantially lower.

Same goes for the other TLDs on the top 10 list — .net, .ru, .nz, .fr, .org, .al, .to, .xyz and .pw.

.co, .cc and .me were on the 2019 list but not the 2019 list, being replaced by .al, .org and .pw.

The most disturbing part of the report, which is stated twice, is the alarming claim that some TLDs exist purely to commercially distribute CSAM:

We’ve also seen a number of new TLDs being created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.

We first saw these new gTLDs being used by websites displaying child sexual abuse imagery in 2015. Many of these websites were dedicated to illegal imagery and the new gTLD had apparently been registered specifically for this purpose.

I can only assume that IWF is getting confused between a top-level domain and a second-level domain.

The alternative would be that the organization believes one or more TLD registries are purposefully catering primarily to commercial child pornographers, and for some reason it’s declining to do anything about it.

I’ve put in a request for clarification but not yet received a response.

IWF is funded by corporate donations from primarily technology companies. Pretty much every big domain registry is a donor. Verisign is a top-tier, £80,000+ donor. The others are all around the £5,000 to £10,000 mark.

UPDATE May 26: IWF has been in touch to clarify that it was in fact referring to SLDs, rather than TLDs, in its claims about dedicated commercial CSAM sites quoted above. It has corrected its report accordingly.

Criminal .uk suspensions down this year

Kevin Murphy, November 26, 2019, Domain Registries

Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.

The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.

That’s 0.22% of all .uk names, Nominet said.

As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.

The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.

Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.

The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.

There were no requests from the Internet Watch Foundation to take down child sexual abuse material.

Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.

These five TLDs contain 80% of all child abuse images

Online child abuse watchdog the Internet Watch Foundation has released its 2018 annual report, and it fingers the five TLDs that host four in five cases of child sexual abuse images and videos.

The TLDs in question are Verisign’s .com and .net, Neustar’s repurposed Colombian ccTLD .co, Russia’s .ru and Tonga’s .to.

IWF found the illegal content in 3,899 unique domains, up 3% from 2017’s 3,791 domains, in 151 different TLDs.

Despite the apparent concentration of illegal web pages in just five TLDs, it appears that this is largely due to the prevalence of image-hosting and file-sharing “cyberlocker” sites in these TLDs.

These are sites abused by the purveyors of this content, rather than being specifically dedicated to abuse.

It would be tricky for a registry to take action against such sites, as they have substantial non-abusive uses. It would be like taking down twitter.com whenever somebody tweets something illegal.

In terms of domains being registered specifically for the purpose of distributing child abuse material, the new gTLDs created since 2012 come off looking much worse.

IWF said that last year it found this material on 1,638 domains across 62 new gTLDs. That’s 42% of the total number of domains used to host such content, compared to new gTLDs’ single-figures overall market share.

The number of URLs (as opposed to domains) taken down in new gTLD web sites was up 17% to 5,847.

IWF has a service that alerts registries when child abuse material is found in their TLDs.

Its 2018 report can be found here (pdf).

Child abuse becoming big problem for new gTLDs

Kevin Murphy, April 18, 2018, Domain Policy

There were 3,791 domain names used to host child sexual abuse imagery in 2017, up 57%, according to the latest annual report from the Internet Watch Foundation.

While .com was the by far the worst TLD for such material in terms of URLs, over a quarter of the domains were registered in new gTLDs.

Abuse imagery was found on 78,589 URLs on 3,791 domains in 152 TLDs, the IWF said in its report.

.com accounted for 39,937 of these URLs, a little over half of the total, with .net, .org, .ru and .co also in the top five TLDs. Together they accounted for 85% of all the abuse URLs found. The 2016 top five TLDs included .se, .io and .cc.

New gTLDs accounted for a small portion of the abuse URLs — just over 5,000, up 221% on 2016 — but a disproportionate number of domains.

The number of new gTLD domains used for abuse content was 1,063, spread over 50 new gTLDs. Equivalent numbers were not available in the 2016 report and IWF does not break down which TLDs were most-abused.

According to Verisign’s Q4 Domain Name Industry Brief (pdf), new gTLDs account for just 6.2% of all existing domain names, and yet they account for over 28% of the domains where IWF found child abuse imagery.

IWF said that the increasing number of domains registered to host abuse imagery can be linked to what it calls “disguised websites”.

These are sites “where the child sexual abuse imagery will only be revealed to someone who has followed a pre-set digital pathway — to anyone else, they will be shown legal content.”

Presumably this means that registries and registrars spot-checking domains they have under management could be unaware of their true intended use.