Recent Posts
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
- Did somebody spend a million bucks on a Google domain hack?
Governments demand Whois reopened within a year
ICANN’s government advisers wants cops, trademark owners and others to get access to private Whois data in under a year from now.
The Governmental Advisory Committee wants to see “considerable and demonstrable progress, if not completion” of the so-called “unified access model” for Whois by ICANN66 in Montreal, a meeting due to kick off November 4 this year.
The demand came in a letter (pdf) last week from GAC chair Manal Ismail to her ICANN board counterpart Cherine Chalaby.
She wrote that the GAC wants “phase 2” of the ongoing Expedited Policy Development Process on Whois not only concluded but also implemented “within 12 months or less” of now.
It’s a more specific version of the generic “hurry up” advice delivered formally in last month’s Kobe GAC communique.
It strikes me as a ludicrously ambitious deadline.
Phase 2 of the EPDP’s work involves deciding what “legitimate interests” should be able to request access to unredacted private Whois data, and how such requests should be handled.
The GAC believes “legitimate interests include civil, administrative and criminal law enforcement, cybersecurity, consumer protection and IP rights protection”.
IP interests including Facebook want to be able to vacuum up as much data as they want more or less on demand, but they face resistance from privacy advocates in the non-commercial sector (which want to make access as restrictive as possible) and to a lesser extent registries and registrars (which want something as cheap and easy as possible to implement and operate that does not open them up to legal liability).
Ismail’s letter suggests that work could be sped up by starting the implementation of stuff the EPDP group agrees to as it agrees to it, rather than waiting for its full workload to be complete.
Given the likelihood that there will be a great many dependencies between the various recommendations the group will come up with, this suggestion also comes across as ambitious.
The EPDP group is currently in a bit of a lull, following the delivery of its phase 1 report to ICANN, which is expected to approve its recommendations next month.
Since the phase 1 work finished in late February, there’s been a change of leadership of the group, and bunch of its volunteer members have been swapped out.
Volunteers have also complained about burnout, and there’s been some pressure for the pace of work — which included four to five hours of teleconferences per week for six months — to be scaled back for the second phase.
The group’s leadership has discussed 12 to 18 months as a “realistic and desirable” timeframe for it to reach its Initial Report stage on the phase 2 work.
For comparison, it published its Initial Report for phase 1 after only six stressful months on the job, and not only have its recommendations not been implemented, they’ve not even been approved by ICANN’s board of directors yet. That’s expected to happen this Friday, at the board’s retreat in Istanbul.
With this previous experience in mind, the chances of the GAC getting a unified Whois access service implemented within a year seem very remote.
I hope that tradition is now set so the community can impose deadlines to GAC too.
If only there were some requirement for government representatives and LEA’s to act on reports of crime from registrars.
In 2017, I wrote to Ms. Ismail seeking a law enforcement contact in Egypt, based on confirmed information obtained from a registrar as to the identity of a person in Egypt responsible for a site posting child abuse material.
Since Ms. Ismail was the GAC representative for Egypt, one might think she has appropriate contacts in the Egyptian government. Specifically, I wrote to her on October 4, 2017, describing the information and the method by which it was obtained, to ask:
“I would like to know if there is an appropriate authority in Egypt to whom I might provide the information we obtained”
She received that email, viewed my LinkedIn profile, and sent no response whatsoever.
In view of her apparent desire for registrars to provide this information to law enforcement, I do not know what to make of her deciding to deliberately ignore a request to provide precisely that sort of information to law enforcement in her own country.
How did you wind up getting it sorted?
I gave up. Quite obviously, if the Egyptian government’s own representative is not interested in addressing criminal activity in Egypt, then I was obviously overestimating the degree of actual concern there might be about such things, in contrast to making a public show of concern.
But for her to pretend that her government is interested in identifying criminals is a joke.
Every group is selfishly driven by their mission. There simply isn’t one group advocating for the overall interests of all, driven by a genuine need to add value to the domain name space as part to the whole of the Internet.
There just isn’t any form of curiosity or genuine care at all if it doesn’t benefit the self and/or group. Why would ever think the industry will be a better place if the same folks lead it year over year, decade after decade, with the same troops behind, joking that nothing ever changes …so it would be realistic to not expect change.
Other registry’s like eurid from .eu can just be emailed if you need access to private whois information of a domain and if you have a legitimate interest. Everyone’s privacy is ensured and trademark lawyers have their information in no time. How hard can it be?
Just let Icann increase the price of domains by 1 cent and use it to hire a bunch of people to answer emails.
I do not understand this demand as they already have such access right now. Just send us an email detailing their legal rights to access the data and we will comply.
If however they have no legal right to the data or no adequate safequards to protect the data, they would not get the data in a new whois system either.
The EU commission was very clear in their letter to ICANN this month: Data access is ok, but it must be justified in every single case.
No more drinking from the fire hose, pick up your ordered drinks at the bar.
I think the problem is that there are no standards in place. Different registrars will have different views on what constitutes legal rights and will have different reporting requirements.
I think the truth here is a bit more complex. As you say, what constitutes legal rights? Add John Berryhill’s comments above.
Now add the recent IC3 report. Gary Warner did a brilliant summary and analysis of some of the numbers here: https://garwarner.blogspot.com/2019/04/ic3gov-bec-compromises-and-romance.html
The GDPR was meant to protect consumer privacy. If we have a system where somebody can buy a domain for a year, sometimes discounted to less that a dollar, then defraud consumers with it and law enforcement does not do anything, what do we do?
At this stage the ball is in the LEA court. But then again they are massively overwhelmed. “A 5 minute crime can take 3 years to prosecute” – the words of an Interpol member. A simple MLAT can take 6 months. So can we blame them if they are overwhelmed?
Many registrars claim they will not allow their services to be abused. Some live up to this, some don’t. The latest game is to insist on a court order for GDPR hidden WHOIS despite clear evidence of abuse. Just like proxies.
Refer to this lovely can of worms: https://blog.aa419.org/2019/02/04/what-protection-does-icann-offer-the-consumer/ – so the GDPR is now used as an excuse where the previous un-hidden WHOIS was fake to begin with? Complain at ICANN?
At another registrar the .US ccTLD (even though not an ICANN issue) gives us some insight as to what passes as acceptable for WHOIS. Yet for their other discounted domains they dish out free proxies. At a similar registrar anything goes, no details verified (already at ICANN Complaints office since Aug last year after Compliance considered totally junk WHOIS to be a content issue).
This leads to situations such as where the Reserve Bank of India can be spoofed over a hundred times with different domains, targeting consumers where law enforcement is not too efficient.
While commerce and government spends billions to protect themselves, fail and may have a reason to complain, ordinary consumers are the real losers in the whole GDPR-WHOIS debacle.
For those in Europe trying to make this off as US/Third World problems, search our database for Beninloan – Europe is squarely in the sights of criminals, each incident also leading to identity theft and privacy loss. While the GDPR may be great to protect consumers at legitimate businesses, the effect is devastating on consumers when it comes to fraud and the GDPR as implemented in the ICANN system.
So WHOIS or RDAP is not only important to consumers, it’s rather vital.
We need anonymity! Not for the bad, but for the good of the world. Sure the bad will still have it – but protecting the good is more important!
Do you perhaps also not mean privacy?
How do you give the good anonymity or privacy without giving the bad the same?
Also, what stops a bad actor in the DNS system from abusing the DNS system to deprive innocent people of their anonymity? Imagine buying at an online business and dealing in good faith, only to find out it’s a scam. What will stop your details from being stolen and abused? One bad domain can massively compromise the privacy of many people. An impressum on a website? How do you know it’s the real website or not a spoof? Many countries do not give access to company registration details. These are real world problems we see every day.
Just for fun, I’m currently looking at a website hosted on a malicious domain that has defrauded 271 people in a jurisdiction where law enforcement is not very mature, the malicious actor in another country. Previously the same content has also been used on two other domains. The content itself is claiming to be a bank – all very professional, stolen from a well known German bank. How would we stop this. The cost of the domain <$10. The cost of investigation, financial losses and loss of privacy to people who can ill afford it massive. This is a daily occurrence.
Asking questions are truly good thing if you are not understanding anything entirely, but this post presents
good understanding even.