Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
Marby ponders emergency powers to avoid fragmented Whois
ICANN could invoke emergency powers in its contracts to prevent Whois becoming “fragmented” after EU privacy laws kick in next month.
That’s a possibility that emerged during a DI interview with ICANN CEO Goran Marby yesterday.
Marby told us that he’s “cautiously optimistic” that European data protection authorities will soon provide clear guidance that will help the domain industry become compliant with the General Data Protection Regulation, which becomes fully effective May 25.
But he said that a lack of such guidance will lead to a situation where different companies provide different levels of public Whois.
“It’s a a high probability that Whois goes fragmented or that Whois will be in a sort of ‘thin’ model in which very little information is collected and very little information is displayed,” he said. “That’s a sort of worst-case scenario.”
I should note that the interview was conducted yesterday before news broke that Afilias has become the first major gTLD registry to announce its Whois output will be essentially thin — eschewing all registrant contact data — from May 25.
Marby has asked European DPAs for two things.
First, guidance on whether its “Cookbook” proposal for a dramatically scaled-back, GDPR-compliant Whois is in fact GDPR-compliant.
Second, an enforcement moratorium while registries and registrars actually go about implementing the Cookbook.
“If we don’t get guidance that’s clear enough, we will see a fragmented Whois. If we get guidance that is clear enough we can work it out,” Marby said.
A moratorium could enable Whois to carry on in its current state, or something close to it, while ICANN goes about creating a new policy that fits with the DPA’s guidance.
If the DPAs refuse a moratorium, we’re looking at a black hole of indeterminate duration during which nobody — not even law enforcement or self-appointed trademark cops — can easily access full Whois records.
“It’s not something I can do anything about, it’s really in the hands of the DPAs,” Marby said. “Remember that it’s the law.”
While ICANN has expended most of its effort to date on creating a model for the public Whois, there’s a parallel effort to create an accreditation program that would enable organizations with “legitimate purposes” to access full, or at least more complete, Whois records.
It’s the IP lawyers that are driving this effort, primarily, terrified that their ability to hunt down cybersquatters and bootleggers will be diminished come May 25.
ICANN has so far resisted calls to endorse the so-called “Cannoli” draft accreditation model, with Marby publicly saying that it needs cross-community support.
But the organization has committed staff support resources to discussion of Cannoli. There’s a new mailing list and there will be a community conference call this coming Friday at 1400 UTC.
Marby said that he shares the worries of the IP community, adding: “If we get the proper guidance from the DPAs, we will know how to sort out the accreditation model.”
He met with the Article 29 Working Party, comprised of DPAs, last week; the group agreed to put Whois on its agenda for its meeting next week, April 10-11.
The fact that it’s up for discussion is what gives Marby his cautious optimism that he will get the guidance he needs.
Assuming the DPAs deliver, ICANN is then in the predicament of having to figure out a way to enforce, via its contracts, a Whois system that is compliant with the DPAs’ interpretation of GDPR.
Usually, this would require a GNSO Policy Development Process leading to a binding Consensus Policy.
But Marby said ICANN’s board of directors has other options, such as what he called an “emergency policy”.
This is a reference, I believe, to the “Temporary Policies” clauses, which can be found in the Registrar Accreditation Agreement and Registry Agreement.
Such policies can be mandated by a super-majority vote of the board, would have to be narrowly tailored to solve the specific problem at hand, and could be in effect no longer than one year.
A temporary policy could be replaced by a compatible, community-created Consensus Policy.
It’s possible that a temporary policy could, for example, force Afilias and others to reverse their plans to switch to thin Whois.
But that’s perhaps getting ahead of ourselves.
Fact is, the advice the DPAs provide following their Article 29 meeting next week is what’s going to define Whois for the foreseeable future.
If the guidance is clear, the ICANN organization and community will have their direction of travel mapped out for them.
If it’s vague, wishy-washy, and non-committal, then it’s likely that only the European Court of Justice will be able to provide clarity. And that would take many years.
And whatever the DPAs say, Marby says it is “highly improbable” that Whois will continue to exist in its current form.
“The GDPR will have an effect on the Whois system. Not everybody will get access to the Whois system. Not everybody will have as easy access as before,” he said.
“That’s not a bug, that’s a feature of the legislation,” he said. “That’s not ICANN’s fault, it’s what the legislator thought when it made this legislation. It is the legislators’ intention to make sure people’s data is handled in a different way going forward, so it will have an effect.”
The community awaits the DPAs’ guidance with baited breath.
“a black hole of indeterminate duration”? No worry, we’re used to this đ
Göran is absolutely right when he describes this as a feature, not a bug. This result was intended by legislators as data privacy rights have been ignored for too long by too many players.
What are most of the domain registrations for?
The idea that the majority are for individuals to put up their own personal web pages is a naĂŻve world view, itâs about as bright as putting up a cookie notice page on every website.
If ICANN is not very careful there will be a loss of confidence in the domain name system then registration numbers will collapse.
Nonsense. Whois – and the personal information contained therein – has nothing to do with confidence in the DNS. Confidence in the DNS is lost by man-in-the-middle-attacks, DDOSes and redirection attacks.
Most regular users of the DNS (I am not specifying any specific subgroup, eh Graeme?) have never once looked at the whois and instead rely on the data on the website or references on other websites to tell them how trustworthy a certain operator is.
>to tell them how trustworthy a certain operator is.
You have it backwards.
Its not about my confidence in someone else’s website.
Its about my confidence to invest my time and effort to building a website that I can’t easily prove I OWN. The the confidence is in my retaining control and ownership.
That this escapes peoples understanding is staggering.
As a thought experiment, lets say all your “important records” are burned and lost. Remind me, why was it you considered them “important records”? It is because having them in your hand proved something important?
Even temporary policies can’t go against the law, so invoking them doesn’t solve the problem. Only clear cut determinations of what is lawful and what is not can achieve that, and in light of such determination, contracted parties won’t need any further guidance of what to do, they will follow the contracts to the maximum extent the law allows.
Will they?
Yes, Compliance will make sure of that. The grey area now is exactly in defining what is the law; GDPR is both a shield and a sword. If there is no threat (sword) to do something specified in the contract, then contracted parties lose the shield to do things the way they choose.
>go against the law
Someone explain to me how it is that world borders are now out the window and being in the US I am now required to follow “the law” of another country?
How is it the EU has now been lifted to definer of “the law” around the world?
Welcome to world government and loss of individual sovereignty, not to mention property rights.
At this moment I can’t think of a better why to have destroyed domain value, and the domain secondary market.
While the context is domains, this will apply to other industries as well. In any case that a public document/registration has served to establish ownership, that proof of ownership has now been lost. Lets see what happens with land recorders around the world …. Or did they somehow get a pass on implementing this in their systems? If someone in the EU buys a home I’m my county will my county be liable for making that record public? Can I obtain EU citizenship and then use that to force my country records to hide my land ownership details thus preventing liens from being placed against my house? How about using EU citizenship to force the credit agencies to make all my records disappear, as this would be the ultimate in identity theft protection as my identity would no longer exists.
Yeah, this is a great idea ….
EU is not the first jurisdiction to apply its laws everywhere. Courts all over the world have prosecuted foreign citizens and corporations for a long time, the only difference in GDPR is in scale, not in principle.
Land registries are specifically required under EU law to be public, if I recall correctly… so while people keep comparing domains to real estate, that does not hold when it comes to law. It suggests though that there are situations where the benefit of public record outweighs privacy rights, and getting EU legislators to pass something in that direction would solve lots of problems for a lot of people.
>It suggests though that there are situations
>where the benefit of public record outweighs
>privacy rights,
Says who? When and where did domain registrants get to have a say in the matter?
http://www.miamiherald.com/news/nation-world/national/article47702025.html
“In a scam that authorities say has proliferated in recent years, Cleland fell victim to swindlers who used bogus quitclaim deeds to secretly strip her of the property, then sold the home to a Pembroke Pines investment firm.”
âItâs just too easy to steal somebodyâs property by filing a fraudulent quitclaim deed,â Miami-Dade Inspector General Mary Cagle told the Miami Herald”
The GDPR can be summed up in one word: responsibility.
Privacy is about having control of your data.
The current WHOIS is zero control.
And that clashes in a hard way. But with the new fines, who is going to take that risk?
It isnât about responsibility it is just the opposite! It is about not having to take responsibility in an exchange for a transfer of power and then expecting a whole bunch of other people to do the heavy lifting to mitigate the damage.
>The current WHOIS is zero control.
I’ve not had problems with it in 20 years.
Its shown exactly what I put in there. And when I have clicked “privacy” its also shows exactly what I wanted.
Are we even talking about the same thing?
gpmgroup
Charles
UN artilce 12
It is in the ICANN bylaws.
Right.
Not Civil Law, not Criminal, and not Legislative Law. Not any law that I have a say in or have the ability to vote on those creating these pretty pieces of paper with pretty writing on them.
ADMINISTRATIVE LAW.
Where any bureaucrat gets to craft a pretty piece of paper with pretty writing and the world is required to follow it.
Ok so lets try a thought experiment. I hope it has not escaped anyones noticed that China is particularly intrusive regarding its citizens. So we are ignoring the fact that we can’t serve two masters, and now the EU overrules my US laws/rights. What happens if China passes “a law” that has the same penalties for NOT providing full whois without and the ability to use privacy?
Do I flip a coin, or can I say, I live in the US and that is not law here. The issue of the US gov not telling the EU to fly a kite has not escaped my notice.
I hope people understand that in the case of domain names the GDPR is destroying rights not enhancing them in any way.
Anybody that wanted to hide their whois can select privacy whois. Its been that way for about 16 years. Not if you want to use the Whois to protect yourself you can’t. No where in GDPR does it say I am not allowed to display me whois if I want to. But this is where everyone has decided to go.
Put the WHOIS information into the DNS, possibly as a new RR (optional.)
That puts the information entirely under the domain owner’s control.
Then registries/registrars/ICANN can manage domain registration information according to generally accepted business practices independent of WHOIS.