Latest news of the domain name industry

Recent Posts

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.

The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.

As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.

The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.

However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.

“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.

The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.

Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.

Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.

PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.

No other registry has publicly stated similar plans to my knowledge.

The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.

The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.

And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.

This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.

Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.

The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.

But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).

The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.

That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.

But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.

Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.

Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.

Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.

Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.

While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.

“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”

Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Afilias retains .org back-end deal

Kevin Murphy, November 15, 2016, Domain Registries

Public Interest Registry is sticking with Afilias to run the .org registry back-end.

The announcement came yesterday after a open procurement process that lasted for most of 2016.

Over 20 back-end providers from 15 nations — basically the entire industry — responded to PIR’s February request for proposals, we reported back in March.

Afilias retaining the contract is not a huge surprise. The bidding process was widely believed to be a way for non-profit PIR to reduce its costs, believed to be among the highest in the industry.

PIR said yesterday:

Afilias was selected as the best value solution based on the objective criteria and requirements set forth in Public Interest Registry’s procurement process. It is anticipated that Afilias will commence operations under the new contractual agreement on Jan. 1, 2018.

It’s very likely that the new deal will be worth a lot less to Afilias than the current arrangement, which costs PIR about $33 million per year.

In 2013, the last year for which we have Afilias’ financials, .org brought in $31 million of its $77 million revenue.

It’s believed that PIR is currently paying about $3 per domain per year, but Kieren McCarthy at The Register, citing unnamed industry sources, reckons that’s now been bumped down to $2, saving PIR about $10 million per year.

The .org gTLD has about 11.2 million domains under management, but its numbers have been slipping for several months, according to registry reports.

People are forgetting .com exists — ICANN survey

Kevin Murphy, September 22, 2016, Domain Policy

Have you ever heard of .com, .net and .org?

That question was posed to 3,349 domain name registrants in 24 countries by market research firm Nielsen this June and guess what — awareness of all three cornerstone gTLDs was down on a comparable 2015 survey.

Unbelievably, only 85% of respondents professed to be aware of .com’s existence, compared to 86% in 2015.

Equally unbelievably, awareness of .net and .org fell from 76% to 69% and from 70% to 65% respectively between 2015 and 2016, the survey found.

Those are just three among many hundreds of findings of the Nielsen survey, which was carried out in order to inform ICANN’s Competition, Consumer Trust & Consumer Choice Review.

The CCT is one of the reviews deemed mandatory before ICANN is able to launch the next round of new gTLD applications.

A great many of the numbers revealed by the survey are seriously open to question — some could even be empirically proven wrong.

But David Dickinson, project lead for Nielsen on the survey, told DI yesterday that the numbers themselves are less important than the trends, or lack thereof, that they might represent.

Nielsen carried out two surveys in 2015 — one of consumers and one of registrants — then repeated both surveys again a year later.

Respondents were selected from a pool of people who have at some point indicated to third-party market research companies that they are available to take surveys online, Dickinson said. They are usually compensated via some kind of redeemable loyalty points scheme.

The registrant surveys were limited to those who said they have registered a domain name. The consumer survey was limited to those who said they spend more than five hours a week online.

While the number of respondents were measured in the low thousands, the idea is that they provide a representative sample of all internet users and domain name registrants.

But there’s a lot of weirdness in the numbers.

Dickinson said that the 85% awareness number for .com could be due partly to random “mechanical errors” — people clicking the wrong buttons on their survey form — but said that lack of awareness was more common among younger respondents who were more likely to be aware of newer, less generic TLDs.

The surveys also highlighted a bizarre split in TLD awareness between consumers and registrants.

Given that registrants are a subset of consumers, and given that they are by definition more familiar with domain names, you’d expect respondents to the registrant surveys to show higher TLD awareness than those responding to the consumer surveys.

But the opposite was true.

The surveys found, for example, that 95% of consumers knew about .com, but only 85% of registrants did. For .net and .org the numbers were 88%/69% and 83%/65% respectively. None of it makes any sense.

Dickinson said that the 2015 consumer/registrant awareness numbers were “almost identical”.

“My only real conclusion here is that [in 2016] there was some systematic difference in the diligence that the registrants selected these names on these awareness questions, and that a large portion of that is just due to random variation,” he said.

“However, when we do look at those people who are registering new gTLDs, they tended to have much lower awareness of those legacy gTLDs than those people who were unaware or had not registered those new gTLDs,” he said.

“The people who said they did not recognize any of those new gTLDs at all the are very very centric on the legacy gTLDs and in particular .com,” he said.

“I think the data is overstated because of the random variation but there is a learning here when we break it down… that those legacy domains are becoming less relevant or less noticed by the younger people and the people who are registering these new gTLDs,” he said.

“I think there is a shift going on, but it’s not as big as what is stated here [in the numbers],” he said.

The surveys also looked at awareness and registration levels for new, 2012-round gTLDs, but again the numbers probably don’t accurately reflect reality.

For example, 39% of registrants claimed to have heard of .email domain names and 15% claimed to have actually registered one.

Again, these numbers don’t seem plausible. There are fewer than 60,000 .email domains in existence today. Even if there were only one million domain registrants in the world, 15% registration rate would mean at least 150,000 names should have been sold.

Dickinson said that this number could have been higher due to selection bias. The survey took about half an hour on average to fill out, so people more personally interested or invested in internet or domain name related stuff might have been more likely to stick around and complete it.

Interestingly, new gTLD awareness rates in North America were substantially lower than awareness elsewhere in the world. For example, only 25% of North Americans professed to have heard of .news, but that grew to 42% in Asia where most languages use a different script.

My sense here is that respondents — which all took the surveys in their native languages — may have just been clicking to confirm English words they recognized, rather than TLDs they had seen in the wild.

Nielsen clearly suspected that there would be an element of “false recall” among respondents because it actually included some fake TLDs among the real ones.

This led to findings such as: 26% of Africans have heard of .cairo, 17% of North Americans have heard of .toronto and 21% of South Americans have heard of .bogota.

None of those city TLDs exist.

Dickinson explained this as “assumed familiarity”.

“What very much seems to happen is that if something has an implied ‘face validity’ — it seems to make sense or seems to be readily interpretable — then those ones will get higher stated awareness than the ones that are just random letters, such as .xyz,” he said.

Indeed, while there are over six million .xyz domains out there today, with high-profile registrants including Google, only 13% of respondents claimed to be aware of it.

“The more implied familiarity or sense of familiarity there is, the more likely people are to feel like they’ve been there or seen it, so it’s definitely a false recall, but the learning from that is that the more interpretable… those things are then they have more easy acceptance by consumers than things that are not interpretable,” Dickinson said.

The surveys did not only cover awareness and registration patterns. There are literally hundreds of data points in there covering different perceptions of TLDs new and old. I’ve just focused here on the ones that made me question whether the survey was worth the time, expense and paper it was written on.

But Dickinson said that the raw numbers are not necessarily what the ICANN review teams should be looking at.

“Maybe the absolute number is not exactly dead-on, but what are the relationships between the numbers?” he said.

“I tend to look at the relationships, so for example one of the objectives of doing this survey was to see if the new gTLD program impacted the perception of the industry in any way, or trustworthiness in the industry,” he said.

“For example, we can say we’re not sure it improved — the numbers didn’t change significantly in that direction to allow us to definitively say it improved — but it certainly did not decline,” he said. “We can rule out that it declined.”

“Overall, we can say that the new gTLD program is emerging with fairly strong awareness, relative,” he said.

“We can also say with certainty that none of those new gTLDs are anywhere approaching the awareness of the legacy gTLDs, and even if there is some erosion in the legacy gTLDs it’s going to take a long time for those to reach parity, if they ever do,” he said.

The Nielsen surveys are one input to the work of the volunteer CCT Review Team, which intends to publish its preliminary report before the end of the year.

CCT-RT chair Jonathan Zuck recently published a blog post on the ICANN web site giving a progress report on recent work.

Nominet has sights set on .org after M+M deal

Nominet chief Russell Haworth is hopeful that its new outsourcing deal with Minds + Machines will help it win a much more lucrative back-end contract — .org.

The company is among the 20-plus companies that have responded to Public Interest Registry’s request for proposals, as its back-end deal with Afilias comes to an end.

Nominet is one of a handful of companies — which would also include Verisign, Afilias, CNNIC and DENIC — that currently handles zones the size or larger than .org, which at over 10 million names is about the same size as .uk.

It, like PIR, is also a not-for-profit entity that donates excess funds to good causes, which could count in its favor.

But Haworth told DI today that showing the ability to handle a complex TLD migration may help its bid.

“I personally think that it would stand us in good stead, but we’ll have to see how the process plays out,” he told DI today. “With .org there’s 19-odd players pitching for that, so it’s a fairly competitive field.”

If the migration were to happen today, we’d be looking at around 300,000 domains changing hands. It’s likely to be a somewhat larger number by the time it actually happens.

Collectively, it will be one of the largest back-end transitions to date, though the largest individual affected gTLD, .work, currently has fewer than 100,000 names in its zone.

Haworth said that the plan is to migrate M+M’s portfolio over to Nominet’s systems one at a time.

He was hesitant to characterize the migration process as “easy”, but said Nominet already has such systems in place due to its role as one of ICANN’s Emergency Back-End Registry Operators.

Earlier this year, Nominet temporarily took over defunct dot-brand .doosan, in order to test the EBERO process.

A back-end migration primarily covers DNS resolution and EPP systems.

It sounds like the EPP portion may be the more complex. Some of M+M’s gTLDs have restrictions and tiered pricing that may require EPP extensions Nominet does not currently use in its TLDs.

But the DNS piece may hold the most risk — if something breaks, registrants names stop resolving and web sites go dark.

Haworth said Nominet is also talking to other new gTLD registries about taking over back-end operations. Registries signed three, five or seven-year contracts with their RSPs when the 2012 application round opened, and some are coming up for renewal soon, he said.

Nominet says it will become a top ten back-end after the M+M migration is done.