Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
You won’t need a password for ICANN 68 after all
ICANN has ditched plans to require all ICANN 68 participants to enter a password whenever they enter one of the Zoom sessions at the meeting next week.
The org said today that it will use URLs with embedded passwords, removing the need for user input, after reviewing changes Zoom made last month.
These included features such as a waiting room that enables meeting hosts to vet participants manually before allowing them to enter the meeting proper.
ICANN said: “Please use these links cautiously, only share them on secure channels such as encrypted chat or encrypted e-mail, and never post them publicly.”
ICANN had said last month, before the Zoom changes, that it would require passwords in order to limit the risk of Zoombombing — where trolls show up and spam the meeting with offensive content. One ICANN Zoom session had been trolled in this way in March.
The org also said today that participants will be asked to give their consent to be recorded upon entry to a session.
“It is our hope that this small change empowers attendees by providing quick access and more control over the acceptance of our policies as it relates to attending virtual meetings,” ICANN lied, to cover for the obvious piece of legal ass-covering.
Refuse consent and see how far you get.
After Zoom trolling, ICANN 68 will be password-protected
If you want to show up to ICANN 68, which will be held online next month, you’re going to need a password.
ICANN said this week that it’s updating its Zoom software and standard configuration to require passwords. In a blog post outlining a number of changes to its Zoom instance, ICANN said:
The most impactful change is the new requirement that all meetings be secured with a password. This is the first step recommended by security professionals to keep meetings secure, and one which we had largely adopted org-wide prior to making it a requirement for all. We will make another announcement in the coming weeks regarding how this may impact joining meetings during ICANN68, as we work towards the best overall solution.
Quite how this could work while maintaining the usual openness of ICANN’s public meetings — which have always been free to attend basically anonymously — remains to be seen.
At ICANN 67, Zoom sessions that were open to the public simply required you to enter a name. Any name. At in-person public meetings, I don’t think you even need to show ID to get a hall pass.
The changes come in the wake of a “Zoombombing” incident during a minor meeting in March, during which trolls showed up via a publicly-posted link and flooded the session with “inappropriate and offensive” audio and imagery.
ICANN meeting got “Zoombombed” with offensive material
An ICANN meeting held over the Zoom conferencing service got “Zoombombed” by trolls last month.
According to the organization, two trolls entered an ICANN 67 roundup session for Spanish and Portuguese speakers on March 27 and “shared inappropriate and offensive audio and one still image” with the legitimate participants.
The session was not password protected (rightly) but the room had (wrongly) not been configured to mute participants or disable screen-sharing, which enabled the offensive material to be shared.
The trolls were quickly kicked and the loopholes closed, ICANN said in its incident report.
ICANN appears to have purged the meeting entirely from its calendar and there does not appear to be an archive or recording, so I sadly can’t share with you the gist of the shared content.
Zoombombing has become an increasingly common prank recently, as the platform sees many more users due to the coronavirus-related lockdowns worldwide.
Kuala Lumpur meeting cancelled and ICANN 68 could be even trickier online
ICANN has as expected cancelled its in-person ICANN 68 meeting, which had been due to take place in Kuala Lumpur in June, due to the coronavirus pandemic.
The decision, which was never really in any doubt, was taken by its board of directors yesterday. The board considered:
Globally, a high number of people are under some form of a “stay at home” or lock-down order, directed to avoid contact with others except to receive essential services such as medical care or to purchase supplies. Schools and offices are closed, gatherings are prohibited, and international travel is largely on pause. We do not know when travel or in-person meetings will be authorized or possible. As it relates to Kuala Lumpur, Malaysia has a Movement Control Order in force at least until 14 April 2020 that prohibits meetings such as ICANN68. The duration of the Movement Control Order has already been extended once.
It appears that the four-day meeting, which will instead go ahead virtually (presumably on the Zoom conferencing service) might be even more disjointed than ICANN 67.
ICANN 67, which took place online in March, did have a centralized component — a bunch of ICANN staffers on location at its headquarters in Los Angeles — but that may not be possible this time around.
The board said that “due to current social distancing requirements, ICANN org is unable to execute a virtual meeting from a single location, and that a decentralized execution model might necessitate changes to the format.”
It added that there is support for “a flexible, modified virtual meeting format that focuses on cross-community dialogues on key policy topics, supplemented by a program of topical webinars and regular online working meetings scheduled around the key sessions.”
While there has been a lot of criticism of the Zoom platform in recent weeks due to security and privacy concerns, ICANN indicated this week that it’s not particularly concerned and will carry on using the service.
ICANN’s new conferencing software has a webcam security bug
ICANN can’t catch a break when it comes to remote participation security, it seems.
Having just recently made the community-wide switch away from Adobe Connect to Zoom, partly for security reasons, now Zoom has been hit by what many consider to be a critical zero-day vulnerability.
Zoom (which, irrelevantly, uses a .us domain) pushed out an emergency patch for the vulnerability yesterday, which would have allowed malicious web sites to automatically turn on visitors’ webcams without their consent.
Only users of the installable Mac client were affected.
According to security researcher Jonathan Leitschuh, who discovered the problem, Zoom’s Mac client was installing a web server on users’ machines in order to bypass an Apple security feature that requires a confirmatory click before the webcam turns on.
This meant a web site owner could trick a user into a Zoom session, with their camera turned on by default, without their knowledge or consent.
If you’re in the habit of keeping your webcam lens uncovered, that’s potentially a big privacy problem, especially if you do most of your remote coverage of ICANN meetings from the toilet.
It appears that Leitschuh, who reported the problem to Zoom three months ago, took issue with what he saw as the company’s ambivalent attitude to fixing it in a timely fashion.
When he finally blogged about it on Monday, after giving Zoom a 90-day “responsible disclosure” period to issue a patch, the problem still hadn’t been fully resolved, he wrote.
But, following media coverage, Zoom’s new patch apparently removes the covert web server completely. This removes the vulnerability but means Apple users will have to click a confirmation button before joining Zoom meetings in future.
Zoom is used now for all of ICANN’s remote participation, from sessions of its public meetings to discussions of its policy-making working groups.
I really like it. It feels a lot less clunky than Adobe, and it’s got some nifty extra features such as the ability to skip around in recordings based on an often-hilarious machine-transcription sidebar, which makes my life much easier.
One of the reasons ICANN made the switch was due to a bug found in Adobe Connect last year that could have been used to steal confidential information from closed meetings.
ICANN actually turned off Adobe Rooms for remote participants halfway through its public meeting in Puerto Rico due to the bug.
The switch to Zoom was hoped to save ICANN $100,000 a year.
ICANN waves goodbye to Adobe Connect over security, pricing
ICANN has decided to dump its longstanding web conferencing service provider, Adobe Connect, in favor of rival Zoom.
The organization reckons it could save as much as $100,000 a year, and mitigate some security fears, by making the switch.
Adobe has been the standard remote participation tool for not only ICANN’s public meetings, but also its policy-development working groups, for at least seven or eight years.
It enables video, audio, screen-sharing, public and private chat, voting and so on. ICANN says that Zoom has “nearly all of the same features”.
But some of ICANN’s more secretive bodies — including the Security and Stability Advisory Committee and Board Operations — have been using Zoom for a little over a year, after an SSAC member discovered a vulnerability in Adobe that allowed potentially sensitive information to be stolen.
A clincher appears to be Zoom’s voice over IP functionality, which ICANN says will enable it to drop Premiere Global Services Inc (PGi), its current, $500,000-a-year teleconferencing provider, which participants use if they dial in from on the road.
“Based on feedback, Zoom’s voice connectivity and overall experience seem to be superior to equivalent Adobe Connect experiences,” ICANN said.
As somebody who has lurked on more than his fair share of Adobe Connect rooms, I’ve noticed that people losing their voice connection is a very common occurrence, which can delay and break the flow of discussions, though it’s not usually clear where the blame lies.
According to a Zoom feature list (pdf) provided by ICANN, Zoom currently lacks many features on its web client, but updates are expected to bring the feature set in line with the mobile apps and PC/Mac executables by the end of the year.
ICANN expects to use Zoom exclusively by ICANN 65, in Marrakech this June. In the meantime, it will provide training to community members.
The cynic in me wants to say “expect teething troubles”, but the ICANN meetings team runs a pretty tight ship. The switch might be surprisingly smooth.
Recent Comments