Latest news of the domain name industry

Recent Posts

ICA rallies the troops to defeat .org price hikes. It won’t work

Kevin Murphy, April 25, 2019, Domain Registries

Over 100 letters have been sent to ICANN opposing the proposed lifting of price caps in .org, after the Internet Commerce Association reached out to rally its supporters.

This is an atypically large response to an ICANN public comment period, and there are four days left on the clock for more submissions to be made, but I doubt it will change ICANN’s mind.

Almost all of the 131 comments filed so far this month were submitted in the 24 hours after ICA published its comment submission form earlier this week.

About a third of the comments comprise simply the unedited ICA text. Others appeared to have been inspired by the campaign to write their own complaints about the proposal, which would scrap the 10%-a-year .org price increase cap Public Interest Registry currently has in place.

Zak Muscovitch, ICA’s general counsel, told DI that as of this morning the form generates different template text dynamically. I’ve spotted at least four completely different versions of the letter just by refreshing the page. This may make some comments appear to be the original thoughts of their senders.

This is the original text, as it relates to price caps:

I believe that legacy gTLDs are fundamentally different from for-profit new gTLDs. Legacy TLDs are essentially a public trust, unlike new gTLDs which were created, bought and paid for by private interests. Registrants of legacy TLDs are entitled to price stability and predictability, and should not be subject to price increases with no maximums. Unlike new gTLDs, registrants of legacy TLDs registered their names and made their online presence on legacy TLDs on the basis that price caps would continue to exist.

Unrestrained price increases on the millions of .org registrants who are not-for-profits or non-profits would be unfair to them. Unchecked price increases have the potential to result in hundreds of millions of dollars being transferred from these organizations to one non-profit, the Internet Society, with .org registrants receiving no benefit in return. ICANN should not allow one non-profit nearly unlimited access to the funds of other non-profits.

The gist of the other texts is the same — it’s not fair to lift price caps on domains largely used by non-profits that may have budget struggles and which have built their online presences on the old, predictable pricing rules.

The issues raised are probably fair, to a point.

Should the true “legacy” gTLDs — .com, .net and .org — which date from the 1980s and pose very little commercial risk to their registries, be treated the same as the exceptionally risky gTLD businesses that have been launched since?

Does changing the pricing rules amount to unfairly moving the goal posts for millions of registrants who have built their business on the legacy rules?

These are good, valid questions.

But I think it’s unlikely that the ICA’s campaign will get ICANN to change its mind. The opposition would have to be broader than from a single interest group.

First, the message about non-profits rings a bit hollow coming from an explicitly commercial organization whose members’ business model entails flipping domain names for large multiples.

If a non-profit can’t afford an extra 10 bucks a year for a .org renewal, can it afford the hundreds or thousands of dollars a domainer would charge for a transfer?

Even if PIR goes nuts, abandons its “public interest” mantra, and immediately significantly increases its prices, the retail price of a .org (currently around $20 at GoDaddy, which has about a third of all .orgs) would be unlikely to rise to above the price of PIR-owned .ong and .ngo domains, which sell for $32 to $50 retail.

Such an increase might adversely affect a small number of very low-budget registrants, but the biggest impact will be felt by the big for-profit portfolio owners: domainers.

Second, letter-writing campaigns don’t have a strong track record of persuading ICANN to change course.

The largest such campaign to date was organized by registrars in 2015 in response to proposals, made by members of the Privacy and Proxy Services Accreditation Issues working group, that would have would have essentially banned Whois privacy for commercial web sites.

Over 20,000 people signed petitions or sent semi-automated comments opposing that recommendation, and ICANN ended up not approving that specific proposal.

But the commercial web site privacy ban was a minority position written by IP lawyers, included as an addendum to the group’s recommendations, and it did not receive the consensus of the PPSAI working group.

In other words, ICANN almost certainly would not have implemented it anyway, due to lack of consensus, even if the public comment period had been silent.

The second-largest public comment period concerned the possible approval of .xxx in 2010, which attracted almost 14,000 semi-automated comments from members of American Christian-right groups and pornographers.

.xxx was nevertheless approved less than a year later.

ICANN also has a track record of not acceding to ICA’s demands when it comes to changes in registry agreements for pre-2012 gTLDs.

ICA, under former GC Phil Corwin, has also strongly objected to similar changes in .mobi, .jobs, .cat, .xxx and .travel over the last few years, and had no impact.

ICANN seems hell-bent on normalizing its gTLD contracts to the greatest extent possible. It’s also currently proposing to lift the price caps on .biz and .info.

This, through force of precedent codified in the contracts, could lead to the price caps one day, many years from now, being lifted on .com.

Which, let’s face it, is what most people really care about.

Info on the .org contract renewal public comment period can be found here.

Privacy could be a million-dollar business for ICANN

Kevin Murphy, March 22, 2018, Domain Registrars

ICANN has set out the fees it plans to charge to officially accredit Whois proxy and privacy services, in the face of resistance from some registrars.

VP of finance Becky Nash told registrars during a session at ICANN 61 last week that they can expect to pay $3,500 for their initial accreditation and $4,000 per year thereafter.

Those are exactly the same fees as ICANN charges under its regular registrar accreditation program.

Registrars that also offer privacy should expect to see their annual ICANN flat fees double, in other words. Per-domain transaction fees would be unaffected.

The up-front application fee would be reduced $2,000 when the privacy service is to be offered by an accredited registrar, but it would stay at $3,500 if the company offering service is merely “affiliated” with the registrar.

Nash said all the fees have been calculated on a per-accreditation basis, independent of the volume of applications ICANN receives.

Director of registrar services Jennifer Gore said that while ICANN has not baked an estimate of the number of accredited providers into its calculations, registrars have previously estimated the number at between 200 and 250 companies.

That would put the upper end of annual accreditation fees at $1 million, with $875,000 up-front for initial applications.

Volker Greimann, general counsel of the registrar Key-Systems, pointed out during the session that many registrars give away privacy services for free or at cost.

“This just adds cost to an already expensive service that does not really make money for a lot of providers,” he said.

He suggested that the prices could lead to unexpected negative consequences.

“Pricing this in this region will just lead to a lot of unaccredited providers that will switch names every couple months, an underground that we don’t really want,” he said. “We want to have as many people on board as possible and the way to do that is to keep costs low.”

“Pricing them out of the market is not the way to attract providers to join this scheme,” he said.

Nash responded that registrars are forbidden under the incoming privacy/proxy policy from accepting registrations from unaccredited services.

She added that the fees have been calculated on a “cost-recovery” basis. Costs include the initial background checks, outreach, contract admin, compliance, billing and so on.

But some registrars expressed skepticism that the proposed fees could be justified, given that ICANN does not plan to staff up to administer the program.

Another big question is whether proxy/privacy services are going to continue to have value after May this year, when the European Union’s General Data Protection Regulation kicks in.

The current ICANN plan for GDPR compliance would see individual registrants have all of their private information removed from the public Whois.

It’s not currently clear how many people and what kinds of people will continue to have access to unmasked Whois, so there are likely still plenty of cases where individuals might feel they need an extra layer of protection — if they live in a dictatorship and are engaged in rebellious political speech, for example.

There could also be cases where companies wish to mask their details ahead of, say, a product launch.

And, let’s face it, bad actors will continue to want to use privacy services on domains they intend to misuse.

The proxy/privacy policy came up through the formal GNSO Policy Development Process and was approved two years ago. It’s currently in the implementation phase.

According to a presentation from the ICANN 61 session, ICANN hopes to put the final implementation plan out for public comment by the end of the month.

Pirates lose privacy rights under new ICANN rules

Kevin Murphy, January 22, 2016, Domain Registrars

People operating piracy web sites would have a harder time keeping their personal information private under new ICANN rules.

ICANN’s GNSO Council last night approved a set of recommendations that lay down the rules of engagement for when trademark and copyright owners try to unmask Whois privacy users.

Among other things, the new rules would make it clear that privacy services are not permitted to reject requests to reveal a domain’s true owner just because the IP-based request relates to the content of a web site rather than just its domain name.

The recommendations also contain safeguards that would allow registrants to retain their privacy if, for example, their safety would be at risk if their identities were revealed.

The 93-page document (pdf) approved unanimously by the Council carries a “Illustrative Disclosure Framework” appendix that lays out the procedures in some depth.

The framework only covers requests from IP owners to proxy/privacy services. The GNSO was unable to come up with a similar framework for dealing with, for example, requests from law enforcement agencies.

It states flatly:

Disclosure [of the registrant’s true Whois details] cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the Request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

This fairly explicitly prevents privacy services (which in most cases are registrars) using the “we don’t regulate content” argument to shoot down disclosure requests from IP owners.

Some registrars were not happy about this paragraph in early drafts, yet it remains.

Count that as a win for the IP lobby.

However, the new recommendations spend a lot more time giving IP owners a quite strict set of guidelines for how to file such requests in the first place.

If they persistently spam the registrar with automated disclosure requests, the registrar is free to ignore them. They can even share details of spammy IP owners with other registrars.

The registrar is also free to ignore requests that, for example, don’t give the exact or representative URL of an alleged copyright infringement, or if the requester has not first attempted to contact the registrant via an email relay service, should one be in place.

The registrant also gets a 15-day warning that somebody has requested their private details, during which, if they value their privacy more than their web site, they’re able to relinquish their domain and remain anonymous.

If the registrant instead uses that time to provide a good reason why they’re not infringing the requester’s rights, and the privacy service agrees, the request can also be denied.

The guidelines would make it easier for privacy service operators to understand what their obligations are. By formalizing the request format, it should make it easier to separate legit requests from the spurious requests.

They’re even allowed to charge IP owners a nominal fee to streamline the processing of their requests.

While these recommendations have been approved by the GNSO Council, they need to be approved by the ICANN board before becoming the law of the ‘net.

They also need to pass through an implementation process (conducted by ICANN staff and GNSO members) that turns the recommendations into written procedures and contracts which, due to their complexity, I have a hunch will take some time.

The idea is that the rules will form part of an accreditation program for privacy/proxy services, administered by ICANN.

Registrars would only be able to use P/P services that agree to follow these rules and that have been accredited by ICANN.

It seems to me that the new rules may be quite effective at cracking down on rogue, “bulletproof” registrars that automatically dismiss piracy-based disclosure requests by saying they’re not qualified to adjudicate copyright disputes.

ICANN confirms domain privacy is for all

Kevin Murphy, January 22, 2016, Domain Policy

Commercial entities will not be excluded from buying domain privacy services, ICANN’s GNSO Council has confirmed.

The Council last night voted unanimously to approve a set of recommendations that would make it compulsory for privacy and proxy services to be accredited by ICANN for the first time.

The recommendations govern among other things how privacy services are expected to behave when they receive notices of trademark or copyright infringement.

But missing is a proposal that would have prevented the use of privacy for “transactional” web sites, something which caused a great deal of controversy last year.

The newly adopted recommendations clearly state that nobody is to be excluded from privacy on these grounds.

The Council voted to adopt the final, 93-page report of the Privacy and Proxy Services Accreditation Issues (pdf) working group, which states:

Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals. Further, P/P registrations should not be limited to private individuals who use their domains for non-commercial purposes.

The minority view that web sites that process financial transactions should not be able to use privacy came from intellectual property, anti-abuse and law enforcement community members.

However, opponents said it would infringe the privacy rights of home business owners, bloggers, political activists and others.

It could even lead to vicious “doxing”-related crimes, such as “swatting”, where idiots call in fake violent crime reports against rivals’ home addresses, some said.

It also turned out, as we revealed last November, that 55% of US presidential candidates operate transactional web sites that use privacy on their domains.

Two separate registrar initiatives, one backed by the Electronic Frontier Foundation, started letter-writing campaigns that resulted in over 20,000 comments being received on the the PPSAI’s initial report last July.

Those comments are acknowledged in the PPSAI final report that the GNSO Council just approved.

The adopted recommendations (which I’ll get into in a separate article) still have to be approved by the ICANN board of directors and have to undergo an implementation process that puts the rather broad policies into concrete processes and procedures.

Most US presidential hopefuls use Whois privacy despite begging for cash

Kevin Murphy, November 9, 2015, Domain Policy

More than half of the remaining US presidential candidates could have risked losing their official campaign web sites under proposed Whois privacy rules.

Today I carried out Whois queries on all 18 candidates to discover that 10, or over 55%, use a Whois privacy service.

Of the three remaining Democrat candidates, only Bernie Sanders uses privacy. Martin O’Malley and Hillary Clinton do not.

Here’s a table of the Republican candidates and their chosen privacy services. N/A means their campaigns are using what appears to be genuine contact information.

CandidateDomainPrivacy Service
Ben Carsonbencarson.comN/A
Bobby Jindalbobbyjindal.comN/A
Carly Fiorinacarlyforpresident.comDreamHost.com
Chris Christiechrischristie.comDomainDiscreet.com
Donald Trumpdonaldjtrump.comN/A
George Patakigeorgepataki.comDomainsByProxy.com
Jeb Bushjeb2016.comContactPrivacy.com
Jim Gilmoregilmoreforamerica.comN/A
John Kasichjohnkasich.comDomainPrivacyGroup.com
Lindsey Grahamlindseygraham.comN/A
Marco Rubiomarcorubio.comDomainsByProxy.com
Mike Huckabeemikehuckabee.comDomainsByProxy.com
Rand Paulrandpaul.comWhoisPrivacyServices.com.au
Rick Santorumricksantorum.comN/A
Ted Cruztedcruz.orgDomainsByProxy.com

The results are interesting because rules under discussion at ICANN earlier this year — which are apparently still on the table in other international fora — would have banned the use of privacy services for commercial web sites that allow financial transactions.

All 18 candidates — even Trump — solicit donations on their campaign sites, and many sell T-shirts, bumper stickers and such.

Back in May, a minority of ICANN’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) were in favor of banning privacy for such registrants.

The rationale was that criminals, such as those selling counterfeit drugs, should not be allowed to mask their Whois details.

Judging by a working group report at the ICANN meeting in Dublin last month, the proposed new rules have been killed off by the PPSAI after a deluge of comments — around 22,000 — that were solicited by registrars and civil rights groups.

However, according to the Electronic Frontier Foundation, at the exact same time as the PPSAI was revealing its change of heart, the US government was pushing for virtually identical policy at a meeting of the OECD, the Organization for Economic Cooperation and Development.

The EFF says the proposed OECD Recommendation “would require domain name registration information to be made publicly available for websites that are promoting or engaged in commercial transactions with consumers.”

It’s remarkable that the US government is apparently pushing for rules that are being violated by most of its own hopeful commanders-in-chief as part of the democratic process.

Clearly, fake pharmacies are not the only class of crook to find value in privacy.

  • Page 1 of 2
  • 1
  • 2
  • >