Latest news of the domain name industry

Recent Posts

David and Goliath? DotMusic confirms .music win

Kevin Murphy, April 12, 2019, Domain Registries

Cyprus-based registry upstart DotMusic Ltd has confirmed that it has secured the rights to the .music gTLD.

Founder and CEO Constantinos Roussos tweeted the news overnight.

It is not known how much DotMusic paid for the string, which I believe was auctioned in late March.

DotMusic fought off competition from seven other applicants, including some heavy-hitters: Google, Amazon, Donuts, Radix, Far Further, Domain Venture Partners and MMX.

MMX’s application was the last to be withdrawn, last night.

It’s not impossible that .music could launch before the end of the year, after DotMusic has completed the remaining pre-delegation steps such as signing its ICANN registry contract.

There will also be a couple of launch phases that give priority to members of the music industry.

Even when it goes to general availability, it won’t be a free-for-all, however.

DotMusic, in its efforts to secure support from the piracy-fearful music industry, proposed relatively strict “enhanced safeguards” for .music.

Registrants will have to verify their identity by phone as well as email in order to register a domain. They’ll also be restricted to strings matching their “their own name, acronym or Doing Business As”.

I don’t think the policies as outlined will be enough to prevent speculation, but they will add friction, possibly throttling sales volume.

In other news, it turns out Dewey did in fact defeat Truman.

Nominet takes down 32,000 domains for IP infringement

Kevin Murphy, November 21, 2018, Domain Registries

The number of .uk domains suspended by Nominet has doubled over the last year, almost entirely due to takedown requests concerning intellectual property.

The .uk registry said this week that it suspended 32,813 domains in the 12 months to October 31, up from 16,632 in the year-ago period.

It’s the fourth year in a row that the number of suspensions has more than doubled. In 2014, it was a paltry 948.

While Nominet has trusted notifier relationships with 10 law enforcement agencies, it’s the Police Intellectual Property Crimes Unit that is responsible for almost all of the takedown requests, 32,669 this year.

No court order or judicial review is required. Nominet simply carries out unspecified “administrative checks” then suspends the domain.

Only 114 domains did not make the cut this year, Nominet said, but that’s up considerably from 32 last year.

There’s an appeals mechanism that can be used by registrants to restore their domains, for example if they’ve removed the infringing content. It was used successfully 16 times in the year, up by one on last year.

The registry also reported that no domains were suspended due to its ban on incitement-to-rape domains, down from two last year, but that staff had to manually review 2,717 new registrations containing suspect strings.

US “threatens” Costa Rica over Pirate Bay domains

Kevin Murphy, June 16, 2017, Domain Policy

The US government has been threatening to “close down” Costa Rica’s .cr registry over its refusal to take down a Pirate Bay domain name, according to the registry.

Representatives of the US embassy in Costa Rica have been badgering NIC.cr to take down thepiratebay.cr since 2015, according to a letter from Pedro León Azofeifa, president of Academia Nacional de Ciencias, which runs the registry.

The letter claims:

These interactions with the United States Embassy have escalated with time and include great pressure since 2016 that is exemplified by several phone calls, emails and meetings urging our ccTLD to take down the domain, even though this would go against our domain name policies

According to the letter, a US official “has mentioned threats to close our registry, with repeated harassment regarding our practices and operation policies and even personal negative comments directed to our Executive Director”.

The letter was sent to the chair of ICANN’s Governmental Advisory Committee 10 days ago, CC’d to senior ICANN, Costa Rican and US governmental figures, and has been circulated this week in the Latin American domain name community.

The form of the alleged threats to close the registry is not clear, but it should be noted that prior to October 1 last year the US Department of Commerce, via its now-relinquished oversight of ICANN, played a key role in the administration of the DNS root zone.

The Pirate Bay is of course a popular directory of BitTorrent links largely used to disseminate pirated copies of movies and music, much of it American-made.

The site has been TLD-hopping for years, as registries around the world shut down its domains for violations of their own local rules. It has been live on thepiratebay.cr since December 2014, when its Swedish operation was shut down by authorities.

The NIC.cr letter says that its own policies follow international “best practices” and allow it to take down domains when presented with a Costa Rican court order, but that “the pressure and harassment [from the US] to take down the domain name without its proper process and local court order persists”.

The US Department of Commerce even pressured its Costa Rican counterpart to investigate NIC.cr, but that probe concluded that the registry was acting within its procedures, according to the letter.

It’s not the first attempt to get rid of the Pirate Bay this year.

Public Interest Registry in February announced a “UDRP for copyright” proposal that would allow copyright holders to have piracy disputes heard by independent arbitrators. It looked like a way to get unloved thepiratebay.org domain taken down without PIR having to take unilateral action.

That proposal was shelved after an outcry from the industry and civil rights watchdogs.

In April, one of the Pirate Bay’s founders launched a piracy-friendly domain registration service.

Just this week, the European Court of Justice ruled, after seven years of legal fights, that the Pirate Bay infringes copyright, raising the possibility of the site being blocked in more European countries.

The NIC.cr letter is dated June 6. It has not yet been published by ICANN or the GAC.

Pirate Bay founder launches piracy-friendly domain privacy service

Kevin Murphy, April 19, 2017, Domain Registrars

The founder of controversial BitTorrent search engine The Pirate Bay has entered the domain name market with a new proxy service.

It’s called Njalla, it’s based in a Caribbean tax haven, and it says it offers a higher level of privacy protection than you get anywhere else.

The company described itself in its inaugural blog post today like this:

Think of us as your friendly drunk (but responsibly so) straw person that takes the blame for your expressions. As long as you keep within the boundaries of reasonable law and you’re not a right-wing extremist, we’re for promoting your freedom of speech, your political weird thinking, your kinky forums and whatever.

Founder Peter Sunde was reluctant to describe Njalla as a proxy registration service, but it’s difficult to think of another way of describing it.

When you buy a domain via the company’s web site, the name is registered by Njalla for itself. You can still use the domain as you would with a regular registrar, but the name is “owned” by Njalla (1337 LLC, based in Saint Kitts & Nevis).

The company is a Tucows reseller via OpenSRS, and it supports almost all gTLDs and several ccTLDs (it’s declined to support Uniregistry due to recent price increase announcements).

Prices are rather industry standard, with a .com setting you back €15 ($16).

The big difference appears to be that the service doesn’t want to know anything about its registrants. You can sign up with just an email address or, unusually, an XMPP address. It doesn’t want to know your name, home address, or anything like that.

This means that whenever Njalla receives a legal request for the user’s identity, it doesn’t have much to hand over.

It’s based on Nevis due to the strong privacy laws there, Sunde said.

Under what circumstances Njalla would suspend service to a customer and hand over their scant private information appears to be somewhat vague and based on the subjective judgement or politics of its management.

“As long as you don’t hurt anyone else, we’ll let you do your thing,” Sunde said.

Child abuse material is verboten. Spam is in a “gray zone” (although forbidden by Njalla’s terms of service).

Copyright infringement appears to be just fine and dandy, which might not be surprising. Sunde founded The Pirate Bay in 2003 and spent time in prison in Sweden for assisting copyright infringement as a result.

“You don’t hurt people by putting a movie online,” Sunde said. “You do hurt someone by putting child porn or revenge porn or stuff like that… If you look at any statistics on file sharing, it proves that the more people file-share the more money goes into the ecosystem of the media.”

While this is likely to upset the IP lobby within the domain name community, I think there’s a possibility that existing ICANN policy will soon have an impact on Njalla’s ability to operate as it hopes.

ICANN is in the process of implementing a privacy/proxy services accreditation program that will require registrars to only work with approved, accredited proxy services.

Sunde thinks Njalla doesn’t fall into the ICANN definition of a proxy service, and said his lawyers agree.

Personally, I can’t see the distinction. I expect ICANN Compliance will probably have to make a call one way or the other one day after the accreditation system comes online.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.

The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.

And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.

This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.

Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.

The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.

But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).

The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.

That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.

But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.

Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.

Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.

Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.

Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.

While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.

“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”

Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Nominet suspends over 8,000 “criminal” domains as IP complaints double

Kevin Murphy, November 15, 2016, Domain Policy

Police claims of intellectual property infringement led to the number of .uk domains suspended doubling in 2016, according to Nominet.

Statistics released today show that the .uk registry suspended 8,049 domains in the 12 months to October 31, compared to 3,889 in the year-ago period.

It’s an almost tenfold increase on 2014, when just 948 domains were taken down.

Nominet suspends domains when law enforcement agencies tell it the domains are being used in crime. No court order is required and Nominet rarely refuses a request.

Registrants can have the suspension lifted if they can show to law enforcement that the allegedly criminal behavior has stopped.

The vast majority of the complaints in 2016 again came from the Police Intellectual Property Crime Unit, which asked for and got 7,617 names suspended.

Just 13 suspensions were reversed, Nominet said. Most of these were due to sites selling so-called “legal highs” being slow to respond to a change in the law.

The controversial ban on “rape” domains resulted in just one suspension among the 2,407 domains automatically flagged for containing rapey substrings.

Nominet published the following infographic with more stats:

Nominet infographic

Domain-hopping torrent site seized, founder arrested

Kevin Murphy, July 22, 2016, Domain Policy

A joint US-Polish law enforcement operation has led to the arrest of the alleged owner of the piracy-focused BitTorrent links site KickAssTorrents.

The US Department of Justice announced yesterday that Ukrainian national Artem Vaulin has been arrested in Poland and that it will seek to extradite him to Chicago to face criminal copyright infringement charges.

The site, which has been banned at the ISP level in countries including the UK, provides links to download and share copyrighted works such as movies and music from other BitTorrent users.

But it’s perhaps best known in the domain name industry for regularly jumping from one TLD to another as its domains are terminated by local authorities.

According to the DoJ, it has been seen on kickasstorrents.com, kat.ph (Philippines), kickass.to (Tonga), kickass.so (Somalia) and kat.cr (Costa Rica).

The department said it has seized seven domain names as part of its operation.

According to my records, there are 20 examples of kickasstorrents.example domains in the Alexa one million, all in new gTLDs (though I’ve no idea whether they’re part of the same operation).

The DoJ reckons KAT makes annual revenue of between $12.5 million to $22.3 million from advertising accompanying its links.

Fight as ICANN “backtracks” on piracy policing

Kevin Murphy, July 1, 2016, Domain Policy

ICANN has clarified that it will not terminate new gTLD registries that have piracy web sites in their zones, potentially inflaming an ongoing fight between domain companies and intellectual property interests.

This week’s ICANN 56 policy meeting in Helsinki saw registries and the Intellectual Property Constituency clash over whether an ICANN rule means that registries breach their contract if they don’t suspend piracy domains.

Both sides have different interpretation of the rule, found in the so-called “Public Interest Commitments” or PICs that can be found in Specification 11 of every new gTLD Registry Agreement.

But ICANN chair Steve Crocker, in a letter to the IPC last night, seemed to side strongly with the registries’ interpretation.

Spec 11 states, among other things, that:

Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.

A literal reading of this, and the reading favored by registries, is that all registries have to do to be in compliance is to include the piracy prohibitions in their Registry-Registrar Agreement, essentially passing off responsibility for piracy to registrars (which in turn pass of responsibility to registrants).

Registries believe that the phrase “consistent with applicable law and related procedures” means they only have to suspend a domain name when they receive a court order.

Members of the IPC, on the other hand, say this reading is ridiculous.

“We don’t know what this clause means,” Marc Trachtenberg of the IPC said during a session in Helsinki on Tuesday. “It’s got to mean something. It can’t just mean you have to put a provision into a contract, that’s pointless.”

“To put a provision into a contract that you’re not going to enforce, has no meaning,” he added. “And to have a clause that a registry operator or registrar has to comply with a court order, that’s meaningless also. Clearly a registry operator has to comply with a court order.”

Some IPC members think ICANN has “backtracked” by introducing the PICs concept then failing to enforce it.

IPC members in general believe that registries are supposed to not only require their registrars to ban piracy sites, but also to suspend piracy domains when they’re told about them.

Registries including Donuts have started doing this recently on a voluntary basis with partners such as the Motion Picture Association of America, but believe that ICANN should not be in the business of content policing.

“[Spec 11] doesn’t say what some members of the IPC think it says,” Donuts VP Jon Nevett said during the Helsinki session. “To say we’re in blatant violation of that PIC and that ICANN is not enforcing that PIC is problematic.”

The fight kicked off face-to-face in Helsinki, but it has been happening behind the scenes for several months.

The IPC got mad back in February when Crocker, responding to Governmental Advisory Committee concerns about intellectual property abuse, said the issue “appears to be outside of our mandate” (pdf).

That’s a reference to ICANN’s strengthening resolve that it is not and should not be the internet’s “content police”.

In April (pdf) and June (pdf) letters, IPC president Greg Shatan and the Coalition for Online Accountability’s Steve Metalitz called on Crocker to clarify this statement.

Last night, he did, and the clarification is unlikely to make the IPC happy.

Crocker wrote (pdf):

ICANN will bring enforcement actions against Registries that fail to include the required prohibitions and reservations in its end-user agreements and against Registrars that fail to main the required abuse point of contact…

This does not mean, however, that ICANN is required or qualified to make factual and legal determinations as to whether a Registered Name Holder or website operator is violating applicable laws and governmental regulations, and to assess what would constitute an appropriate remedy in any particular situation.

This seems pretty clear — new gTLD registries are not going to be held accountable for domains used for content piracy.

The debate may not be over however.

During Helsinki there was a smaller, semi-private (recorded but not webcast live) meeting of the some registries, IPC and GAC members, hosted by ICANN board member Bruce Tonkin, which evidently concluded that more discussion is needed to reach a common understanding of just what the hell these PICs mean.

Radix joins the Hollywood content police

Radix has become the second major gTLD registry to announce a content policing deal with the movie industry.

It today said it has signed an agreement with the Motion Picture Association of America similar to the one Donuts announced in February.

Like Donuts, Radix will treat the MPAA as a “trusted notifier” for the purposes of taking down “large-scale pirate websites”.

Radix said the deal “imposes strict standards for such referrals, including that they be accompanied by evidence of clear and pervasive copyright infringement, and a representation that the MPAA has first attempted to contact the registrar and hosting provider for resolution.”

Donuts described its notifier program in this document (pdf). Radix said its arrangement is “similar”.

The Donuts-MPAA deal proved somewhat controversial.

The Electronic Frontier Foundation invoked the slippery slope argument, saying of it:

The danger in agreements like this is that they could become a blanket policy that Internet users cannot avoid. If what’s past is prologue, expect to see MPAA and other groups of powerful media companies touting the Donuts agreement as a new norm, and using it to push ICANN and governments towards making all domain name registries disable access to an entire website on a mere accusation of infringement.

The EFF said these kinds of deals could ultimately lead to legal freedom of speech being curtailed online.

We’re not quite there yet — right now we have two gTLD registries (albeit covering over 200 gTLDs) and one trusted notifier — but I expect more similar deals in future, branching out into different industries such as music and pharamaceuticals.

The deals stem in part from the Domain Name Association’s Healthy Domains Initiative, which aims to avoid ICANN/government regulation by creating voluntary best practices for the industry.

The advantage of a voluntary arrangement is that there’s no risk of a terminal sanction — such as losing your registry contract — if you fail to live up to its terms.

Radix’s portfolio includes .website, .space, .online and .tech. It’s also a .music and .web applicant.

Rape ban results in just one .uk takedown, but piracy suspensions soar

Kevin Murphy, February 19, 2016, Domain Registries

Nominet’s controversial policy of suspending domain names that appear to condone rape resulted in one .uk domain being taken down last year.

That’s according to a summary of take-downs published by Nominet yesterday.

The report (pdf) reveals that 3,889 .uk names were taken down in the 12 months to October 31, 2015.

That’s up on the the 948 domains suspended in the six months to October 31, 2014.

The vast majority — 3,610 — were as a result of complaints from the Police Intellectual Property Crime Unit. In the October 2014 period, that unit was responsible for 839 suspensions.

Unlike these types of suspensions, which deal with the allegedly illegal content of web sites, the “offensive names” ban deals purely with the words in the domain names.

Nominet’s systems automatically flagged 2,407 names as potentially in breach of the policy — most likely because they contained the string “rape” or similar — in the 12 months.

But only one of those was judged, upon human perusal, in breach.

In the previous 12 months period, 11 domains were suspended based on this policy, but nine of those had been registered prior to the implementation of the policy early in 2014.

The policy, which bans domains that “promote or incite serious sexual violence”, was put in place following an independent review by Lord Macdonald.

He was recruited for advice due to government pressure following a couple of lazy anti-porn articles, both based on questionable research by a single anti-porn campaigner, in the right-wing press.

Assuming it takes a Nominet employee five minutes to manually review a .uk domain for breach, it seems the company is paying for 200 person-hours per year, or 25 working days, to take down one or two domain names that probably wouldn’t have caused any actual harm anyway.

Great policy.