Latest news of the domain name industry

Recent Posts

Did I find a murder weapon in a zone file?

Kevin Murphy, December 4, 2023, 17:01:59 (UTC), Domain Policy

Registrars are usually very reluctant to police the content of web sites by taking down domains they manage, but they quite often make an exception when the web site in question calls for violence. But what if the site itself attempts to physically harm visitors through their screens?

It sounds a bit mad, but I think I’ve found such a site.

I recently randomly came across a domain name that caught my eye while scrolling through a zone file. I’m not going to reveal the domain here, but it consisted of three words across the dot and could be taken as an instruction to “murder” a specific, but unnamed, individual.

Expecting humor, I visited the domain out of curiosity and was confronted by a blank page that rapidly flashed between two background colors, creating a strobe effect. There was no other content.

My first impression was that the site had been created in order to trigger seizures in photosensitive epileptics. The CSS seemed to confirm that the strobe effect fell within the frequency range that the charity Epilepsy Action says can cause such seizures.

This raised an interesting question: could this be considered “DNS abuse”?

The DNS Abuse Institute’s definition (pdf) says DNS Abuse consists of “malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse)”.

DNSAI says registries and registrars “must” act on these five categories of abuse, but it adds that there are some categories of web content where registrars “should” take action. Its Framework to Address Abuse, which has been endorsed by dozens of registries and registrars, states:

Specifically, even without a court order, we believe a registry or registrar should act to disrupt the following forms of Website Content Abuse: (1) child sexual abuse materials (“CSAM”); (2) illegal distribution of opioids online; (3) human trafficking; and (4) specific and credible incitements to violence. Underlying these Website Content Abuses is the physical and often irreversible threat to human life.

Epileptic seizures can be fatal. A school friend of mine did not make it out of his teens due to one. Even when non-fatal, they are dangerous and clearly unpleasant.

So if a site encouraging physical violence “should” be taken down, what about a site that seems designed to actively physically attack individuals, no incitement required? That’s a reasonable question, right?

I filed an abuse report with the registrar managing the domain and was told it did not violate its acceptable use policies.

Attacking epileptics with flashing images sent online has been a criminal offence in the UK since October 26, when the controversial Online Safety Act 2023 was enacted.

A component of the Act is named Zach’s Law, after an eight-year-old boy who in 2020 was attacked with flashing images by internet wankers after he carried out a sponsored walk for the Epilepsy Society.

The Act makes it illegal to send a flashing image to somebody you know is epileptic with the intent to harm them. You can get up to five years imprisonment and a fine.


Comments (2)

  1. Hi Kevin, a correction:
    The Framework to Address Abuse predates the creation of the DNS Abuse Institute, and is not a product of the Institute. The Framework was created by a number of registrars and registries (including myself, at my previous employer) and is a collective output without any formal relationship to the Institute. The Institute was created by PIR as a logical extension of that work.

  2. Matthias Pfeifer says:

    Allthough the case has some funny aspects, it is no DNS abuse since the DNS worked as expected.

    The DNS Abuse question is a big mess since we have to discussed that with LEA and Lawyer folk.

    And the DNS abuse institute was just another waste of time to say that messy thing again and again.

    We have SO much problems out there and there are simple reasons: Partys who simply don’t care (some well known Registrars and Registys) and the money who is not spend in investigation.

    Would ICANN driven by facts we would have MUCH less security incidents at all.

Add Your Comment