Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Have your say on police domain takedown powers
The UK Parliament wants your input on a new proposed law that would give the police powers to take down domain names and IP addresses.
The broad-ranging Criminal Justice Bill 2023 (pdf) would give police the ability to obtain court orders requiring registries and registrars to suspend domains believed to be used in criminal activity.
Accompanying explanatory notes say that these court orders could be applied internationally against domain companies in other countries via various means.
The clock is ticking for submissions — the Public Bill Committee of Parliament is due to sit to consider evidence from December 12 and issue its report with suggested amendments by January 30.
The committee advises submitting evidence as soon as possible to maximize the time spent considering it.
France gets more domain takedown powers
Afnic, the French ccTLD registry, has updated its policies to make it easier for the government to take down .fr domain names, and has banned names that could be used for government-related phishing.
The company has incorporated provisions of a 2020 national law that allows the General Directorate for Competition Policy, Consumer Affairs and Fraud Control to instruct the registry to suspend domains believed to be used in fraud.
It sounds similar to the set-up in the neighboring UK, where consumer protection agencies have a deal with Nominet to take down domains used for things like counterfeiting and piracy.
Afnic has also banned all domains where the second-level string ends in “-gouv”.
In France, official government domains end in .gouv.fr, but fraudsters could register the similar-looking -gouv.fr to trick citizens into thinking they were visiting a legit government web site. Not any more.
Domain firms plan “Trusted Notifier” takedown rules
Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.
Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.
Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.
It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.
ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.
The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.
It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.
It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.
Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.
Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.
Vaccine agency to get more domain takedown powers next year
The UK’s health regulator is going to be added to a Nominet pilot program enabling the speedy takeover of suspected criminal .uk domains next year, according to the registry.
The Medicines and Healthcare products Regulatory Agency will become the second government agency after the Police Intellectual Property Crime Unit of the City of London Police to be added to the program.
The program is an expansion of the years-old takedown procedure coordinated between Nominet and law enforcement agencies, under which domains suspected by LEA of being used in criminal activity such as counterfeiting are promptly suspended by the registry.
In the pilot, when a domain is suspended it will bounce users to this informational image, rather than merely not resolving.
MHRA is the agency responsible for approving vaccines for, among everything else, COVID-19, so it’s bound to see nefarious activity next year as vaccines actually start hitting the market.
The news of its involvement was first announced in March as the pandemic took hold of the country but, like so much else in the UK government’s technology response to coronavirus, it looks like it’s going to be a year late and a quid short.
Belgium to crack down on fraud domains
DNS Belgium says it will shortly implement a new policy that will see it take down .be domains associated with fraud within 24 hours of discovering them.
The new scheme, which comes into effect December 1, essentially grants the Belgian government’s ministry of the economy — FPS Economy or Federal Public Service Economy in local parlance — a trusted notifier status when it comes to takedowns.
Previously, requests had to go through public prosecutors and took about two weeks, giving attackers a longer window to milk their victims.
Under the old regime, FPS Economy could only request a suspension in cases where the Whois data was inaccurate.
The registry said it will only suspend domains that are involved in “serious crimes”, including phishing and fraudulent web stores.
Registrants will have two weeks to appeal their suspensions. After six months, the domains will be deleted.
Several hundred .be domains per year are expected to be affected.
Donuts took down 11 domains for Hollywood last year
Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.
The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.
The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.
Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.
For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.
“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.
Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:
Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.
Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.
The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”
It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.
Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.
The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.
Grogan hopeful of content policing clarity within “a few weeks”
ICANN may be able to provide registrars, intellectual property interests and others with clarity about when domain names should be suspended as early as next month, according to compliance chief Allen Grogan.
With ICANN 53 kicking off in Buenos Aires this weekend, Grogan said he intends to meet with a diverse set of constituents in order to figure out what the Registrar Accreditation Agreement requires registrars to do when they receive abuse complaints.
“I’m hopeful we can publish something in the next few weeks,” he told DI. “It depends to some extent on what direction the discussions take.”
The discussions center on whether registrars are doing enough to take down domains that are being used, for example, to host pirated content or to sell medicines across borders.
Specifically at issue is section 3.18 of the 2013 RAA.
It requires registrars to take “reasonable and prompt steps to investigate and respond appropriately” when they receive abuse reports.
The people who are noisiest about filing such reports — IP owners and pharmacy watchdogs such as LegitScript — reckon “appropriate action” means the domain in question should be suspended.
The US Congress heard these arguments in hearings last month, but there were no witnesses from the ICANN or registrar side to respond.
Registrars don’t think they should be put in the position of having to turn off what may be a perfectly legitimate web site due to a unilateral complaint that may be flawed or frivolous.
ICANN seems to be erring strongly towards the registrars’ view.
“Whatever the terms of the 2013 RAA mean, it can’t really be interpreted as a broad global commitment for ICANN to enforce all illegal activity or all laws on the internet,” Grogan told DI.
“I don’t think ICANN is capable of that, I don’t think we have the expertise or resources to do that, and I don’t think the ICANN multistakeholder community has ever had that discussion and delegated that authority to ICANN,” he said.
CEO Fadi Chehade recently told the Washington Post that it isn’t ICANN’s job to police web content, and Grogan has expanded on that view in a blog post last week.
Grogan notes that what kind of content violates the law varies wildly from country to country — some states will kill you for blasphemy, in some you can get jail time for denying the Holocaust, in others political dissent is a crime.
“Virtually everybody I’ve spoken with has said that is far outside the scope of ICANN’s remit,” he said.
However, he’s leaving some areas open for discussion,
“There are some constituents, including some participants in the [Congressional] hearing — from the intellectual property community and LegitScript — who think there’s a way to distinguish some kinds of illegal activities from others,” he said. “That’s a discussion I’m willing to have.”
The dividing line could be substantial risk to public health or activities that are broadly, globally deemed to be illegal. Child abuse material is the obvious one, but copyright infringement — where Grogan said treaties show “near unanimity” — could be too.
So is ICANN saying it’s not the content police except when it comes to pharmacies and intellectual property?
“No,” said Grogan. “I’m saying I’m willing to engage in that dialogue and have that conversation with the community to see if there’s consensus that some activities are different to others.”
“In a multistakeholder model I don’t think any one constituency should control,” he said.
In practical terms, this all boils down to 3.18 of the RAA, and what steps registrars must take to comply with it.
It’s a surprisingly tricky one even if, like Grogan, you’re talking about “minimum criteria” for compliance.
Should registrars, for example, be required to always check out the content of domains that are the subject of abuse reports? It seems like a no-brainer.
But Grogan points out that even though there could be broad consensus that child abuse material should be taken down immediately upon discovery, in many places it could be illegal for a registrar employee to even check the reported URL, lest they download unwanted child porn.
Similarly, it might seem obvious that abuse reports should be referred to the domain’s registrant for a response. But what of registrars owned by domain investors, where registrar and registrant are one and the same?
These and other topics will come up for discussion in various sessions next week, and Grogan said he’s hopeful that decisions can be made that do not need to involve formal policy development processes or ICANN board action.
An English new gTLD restricted to Germans?
Reading through the policies of new gTLD registries has given me cause to double-take several times, but .voting has to be one of the oddest yet.
Ostensibly an English-language gTLD, managed by a registry based in Switzerland, .voting domains will be essentially restricted to residents of Germany, according to its policies.
[UPDATE: The policy was actually submitted by mistake. See this story for an update.]
The Domain Name Registration Policy (pdf) submitted to ICANN by the registry, Valuetainment, states:
Registrants are obliged to supply an individual resident in the Federal Republic of Germany as contact person for all registered domains. This contact is generally described as the administrative contact (Admin-C). The registrant ca name himself as Admin-C.
My German isn’t great, and I’m aware that German speakers are very relaxed about adopting English words into common usage, but I’m pretty sure the language has its own verb for voting.
What makes the Germans-only admin contact policy weirder is that Valuetainment is Swiss and its policies state that the registration agreement is subject to Swiss law.
The .voting policy only states that the Administrative contact in Whois has to be German, which means that the main Registrant contact could technically be based in any country.
But if that registrant can’t name a German as an Administrative contact, technically they’ll be in violation of the rules.
It’s possible that registrars will be able to supply a local proxy in Germany, if they have one or want to go to the expense of setting one up, but it seems like a hassle.
There are a few other oddities in .voting’s policies.
Notably, Valuetainment is not just selling you a domain name, it’s granting you a license to use its “.voting” European Community trademark. Its Eligibility Policy (pdf) states:
For the duration of the registration, the Registry grants the user of a . VOTING domain a right of use with regard to the European Community Trade Mark No. 1111568 (. VOTING]. The license fees are included in the registration fee.
Registrants will be banned from charging for their services — .voting web sites must all be provided free of charge unless they’re providing “statistical voting evaluations”.
They’ll also be banned from offering directories of .voting sites, because Valuetainment intends to offer such a service and doesn’t want any competition.
Also, presumably so the registry can comply with local laws, any attempt to deny the Holocaust will cause your domain to be yanked under the company’s Rapid Takedown Policy (pdf).
Gripe sites and PPC banned in new gTLD
New gTLD registry Plan Bee expects to ban gripe sites in its forthcoming .build registry.
Its Acceptable Use and Takedown Policy (pdf), published this week, is among the strictest I’ve seen.
The gTLD was delegated last weekend. It’s going to be an open space targeted at the construction industry, but its AUP bans a lot of stuff.
As might be expected, any form of malicious hacking or spamming behavior is verboten, as is child abuse material.
Activities more often regulated today by registrar user agreements — such as piracy and counterfeiting — are also prohibited.
But the policy goes on to ban activities that are typically permitted in other TLDs, including “gripe sites” and “pay-per-click”. The AUP reads (I’ve emphasized some oddities):
Further abusive behaviors include, but are not limited to: cybersquatting, front-running, gripe sites, deceptive and⁄or offensive domain names, fake renewal notices, cross-gTLD registration scam, name spinning, pay-per-click, traffic diversion, false affiliation, domain kiting⁄tasting, fast-flux, 419 scams or if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the Registry, or any of its Registrar partners and ⁄or that may put the safety and security of any registrant or user at risk.
Domains deemed abusive can be suspended or deleted by Plan Bee, under the policy.
I can see why a niche gTLD might want to build up loyalty in its associated industry by suspending gripe sites targeting construction companies, but banning “pay-per-click” is a baffling decision.
Will .build registrants be prohibited from using Google Adsense to support their sites?
The .build launch dates have not yet been revealed but it’s likely to be a matter of weeks.
Cartier sues Nominet hoping to set global domain name take-down precedent
Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.
The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.
We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.
Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.
In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:
seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.
It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.
Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.
According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.
None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.
Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.
Graham actually gave Nominet’s lawyers over a week’s notice that the lawsuit was incoming, writing his letter (pdf) on October 22 and filing the complaint (pdf) with the courts November 4.
Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.
Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:
Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.
Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.
Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.
As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.
Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.
Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:
Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.
That seems to me to be among the most important parts of the defense.
If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.
Indeed, that seems to be what Cartier is going for here.
Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:
Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.
I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.
In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.
Recent Comments