Latest news of the domain name industry

Recent Posts

Registrars open floodgate of Whois privacy outrage

Kevin Murphy, June 26, 2015, Domain Policy

A letter-writing campaign orchestrated by the leading domain registrars has resulted in ICANN getting hit with over 8,000 pro-privacy comments in less than a week.

It’s the largest volume of comments received by ICANN on an issue since right-wing Christian activists deluged ICANN with protests about .xxx, back in 2010.

The comments — the vast majority of them unedited template letters — were filed in response to the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

That report attempts to bring privacy and proxy services, currently unregulated by ICANN, under ICANN’s contractual wing.

There are two problematic areas, as far as the registrars are concerned.

The first is the ability of trademark and copyright owners to, under certain circumstances, have the registrant of a privately registered name unmasked.

Upon receiving such a request, privacy services would have 15 days to obtain a response from their customer. They’d then have to make a call as to whether to reveal their contact information to the IP owner or not.

Possibly the most controversial aspect of this is described here:

Disclosure cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

In other words, the privacy services (in most cases, also the registrar) would be forced make a judgement on whether web site content is illegal, in the absence of a court order, before removing Whois privacy on a domain.

The second problematic area is an “additional statement” on domains used for commercial activity, appended to the PPSAI report, penned by MarkMonitor on behalf of Facebook, LegitScript, DomainTools, IP attorneys Smith, Gambreall & Russell, and itself.

Those companies believe it should be against the rules for anyone who commercially transacts via their web site to use Whois privacy.

Running ads on a blog, say, would be fine. But asking for, for example, credit card details in order to transact would preclude you from using privacy services.

The PPSAI working group didn’t even approach consensus on this topic, and it’s not a formal recommendation in its report.

Regardless, it’s one of the lynchpins of the current registrar letter-writing campaigns.

A page at SaveDomainPrivacy.org — the site backed by dozens of registrars big and small — describes circumstances under which somebody would need privacy even though they engage in e-commerce.

Home-based businesses, shelters for domestic abuse victims that accept donations, and political activists are all offered up as examples.

Visitors to the site are (or were — the site appears to be down right now (UPDATE: it’s back up)) invited to send a comment to ICANN supporting:

The legitimate use of privacy or proxy services to keep personal information private, protect physical safety, and prevent identity theft

The use of privacy services by all, for all legal purposes, regardless of whether the website is “commercial”

That privacy providers should not be forced to reveal my private information without verifiable evidence of wrongdoing

The content of the site was the subject of a sharp disagreement between MarkMonitor and Tucows executives last Saturday during ICANN 53. I’d tell you exactly what was said, but the recording of the relevant part of the GNSO Saturday session has not yet been published by ICANN.

Another site, which seems to be responsible for the majority of the 8,000+ comments received this week, is backed by the registrar NameCheap and the digital civil rights groups the Electronic Frontier Foundation and Fight For The Future.

NameCheap appears to be trying to build on the reputation it started to create for itself when it opposed the Stop Online Piracy Act a few years ago, going to so far as to link the Whois privacy reforms to SOPA on the campaign web site, which says:

Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

The EFF’s involvement seems to have grabbed the attention of many reporters in the general tech press, generating dozens of headlines this week.

The public comment period on the PPSAI initial report ends July 7.

If it continues to attract attention, it could wind up being ICANN’s most-subscribed comment period ever.

Do geeks care about privacy more than Christians care about porn? We’ll find out in a week and a half.

Europeans digging new gTLD more than Americans?

Are European registrants more likely to register new gTLD domain names than those in the US and elsewhere?

That’s the view of Tucows, which sees more new gTLD action from its European OpenSRS resellers than it does from others.

In a blog post last week, OpenSRS blogger Gustavo Arruda noted that Americans are still stuck in a .com mindset:

Our European resellers are leading the charge. We expected the European market to be more open to new gTLDs and that prediction proved correct. It’s a market used to ccTLDs so having a couple hundred more new gTLDs was not a big deal.

North American resellers are lagging behind. It continues to be a very .COM-centric market that is still skeptical about too much choice.

South American and Asian resellers complain about the English-centric nature of new gTLDs. A lot of the new gTLDs we have launched do not make sense in these markets so adoption has been slow.

The post came as OpenSRS recorded its 100,000th new gTLD domain sale.

One reason for the Euro-slant in the market could be the relatively good performance of city gTLDs, most of which are European, and which are easily grasped concepts for buyers familiar with ccTLDs.

Hover, Tucows’ retail registrar, is geo-targeting which TLDs it offers visitors. As DI is based in London, I get offered .london domains prominently when searching for domains there.

The only US geo-gTLDs available to date are .vegas and .nyc.

Tucows and Namecheap exit $14m .online deal

Tucows and Namecheap have both pulled out of their joint venture with Radix to run the .online registry.

Tucows revealed the move, which will see Radix run .online solo, in a press release yesterday.

Both Tucows and Namecheap are registrars, whereas Radix is pretty much focused on being a registry nowadays.

While financial terms have not been disclosed, Tucows CEO Elliot Noss had previously said that each of the three companies had funded the new venture to the tune of $4 million to $5 million.

I estimate that this puts the total investment in the deal — which includes the price of winning .online at auction — at $13 million to $14 million.

Noss has also hinted that the gTLD sold for much more than the $6.8 million paid for .tech.

.online has not yet been delegated.

Noss hints at winning .online auction bid

Kevin Murphy, November 13, 2014, Domain Registries

A triumvirate of domain name companies led by Radix paid well over $7 million for the .online new gTLD, judging by comments made by Tucows CEO in an analysts call yesterday.

As the company reported its third-quarter financial numbers, Noss said of .online, which was recently auctioned:

While we are bound by confidentiality with respect to the value of the transaction, we can point to amounts paid in other gTLDs’ auctions in the public domain — like $6.8 million for .tech, $5.6 million for .realty, or the $4.6 million that Amazon paid for .buy — and let you decide what you think .online should be valued, relative to those more narrowly targeted extensions.

Radix won the private auction with financial backing from Tucows and NameCheap.

The three companies intend to set up a new joint venture to manage the .online registry, as we reported yesterday, with each company contributing between $4 million and $5 million.

Assuming at least one company is contributing $4 million and at least one is contributing $5 million, that works out to a total of $13 million to $14 million, earmarked for the auction and seed funding for the new venture.

Based on that knowledge, an assumption that the new company will want a couple of million to launch, and Noss’s comments yesterday, I’d peg the .online sale price in the $10-12 million range.

Radix business head Sandeep Ramchamdani told us yesterday that the company plans to market .online with some “hi-decibel advertising” and participation in events such as Disrupt and South by Southwest.

Are Whois email checks doing more harm than good?

“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.

These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.

Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.

The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.

There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.

Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.

Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.

“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.

Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.

At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.

“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”

Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.

Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.

The exact Chehade line, from the Durban public forum transcript, was:

law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.

Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”

Speaking at greater length, director Mike Silber said:

What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.

So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?

It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.

I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.

But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.

They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.

Law enforcement may be about to find itself on the back foot in this long-running debate.