Recent Posts
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
There’s really only one question about the return to face-to-face ICANN meetings
The struggles of remote working during unsociable hours and the possibility of a return to partially in-person meetings for Seattle in October were the subject of lots of well-deserved debate at the virtual ICANN 71 public meeting last week, but in reality I think there’s only one question that matters.
The question is posed by Americans to everyone else, and it goes like this: “You guys cool if we go ahead without you?”
Sure, lots of interesting and important questions were raised last week, particularly during the hour-long final session.
If ICANN decides to require proof of vaccination to attend in person, will it accept all brands of vaccine, or will it do a Bruce Springsteen and exclude those who have received the AstraZeneca jab, which is not currently approved in the US?
Is it a problem for overseas travelers that the number of vaccinated Americans currently appears to be plateauing, as ludicrous political divisions see primarily “red state” folks refuse to take their medicine?
What about attendees working for companies that have eliminated their travel budget for the rest of the year?
What if there’s a new flavor of Covid, worse than the current delta variant, in play in October? What if travel corridors into the US are still closed when ICANN 72 comes around? What if attendees have to self-isolate for weeks in expensive hotels upon their return to their home countries? Has ICANN done any research into this?
These are some of the questions that have been raised, and while they’re all very interesting I can’t help but feel that they’re completely irrelevant in the context of an ICANN meeting.
ICANN doesn’t know what the pandemic state of play internationally is going to be four months from now. Nobody does. Not the epidemiologists, not the healthcare leaders, not the governments.
ICANN isn’t a government. It isn’t the United Nations. It’s a technical and policy coordination body that sometimes appears to have a sense of its own importance as inflated as its budget. Its powers to assure an internationally diverse community can gather in literally the same room in October are close to non-existent.
But it’s a pretty safe bet that domestic travel in the US will still be permitted in October (did it ever even really stop?) and therefore it’s a pretty safe bet that community members based in America will be able to bump elbows in Seattle.
The only question remaining therefore is: how much of the rest of the world is ICANN willing to risk excluding to make that happen?
It’s a question its board of directors will answer in July. I don’t envy them the responsibility.
Registries unveil plan to tackle botnet abuse with mass takedowns
Domain name registries have thrown a bone to critics who say they’re not doing enough to tackle DNS abuse by revealing a framework for rapidly taking down domains associated with large-scale botnets.
In a nutshell, the new Framework on Domain Generating Algorithms (DGAs) Associated with Malware and Botnets (pdf) would enable registries to preemptively register potentially abusive names without paying ICANN fees.
It is hoped that the framework will give law enforcement an easier time in tackling botnets, and perhaps cool down some of the heat the domain name industry is taking over the DNS abuse problem.
Botnets, you’ll recall, are large networks of compromised computers that can be deployed to, for example, carry out damaging distributed denial of service attacks.
The endpoint malware on botted machines is often controlled by regularly pinging a predetermined domain name to ask for instructions.
Rather than a single domain name, which would be easy to block, the malware often use algorithms, seeded with the current time or date, to create apparently random, gobbledygook names.
Botnet controllers need only run the same algorithm at home to determine the appropriate domain to register at any given time.
Other times, lists of thousands of domains are generated in advance and hard-coded into the malware.
Either way, DGAs can give law enforcement a way to effectively shut down a botnet by having all the potential command and control domains blocked or registered, but only with the cooperation of the registries.
A notable example of such cooperation was during the Conficker crisis over a decade ago, which ultimately saw a broad coalition of LE, registries and security companies come together to reverse engineer and preemptively block the huge numbers of domains the malware was expected to generate.
The new framework, which was created by ICANN’s Registries Stakeholder Group in cooperation with the Governmental Advisory Committee, essentially formalizes and expedites that kind of countermeasure.
It’s not official ICANN consensus policy, nor is it binding on all registries. It’s purely voluntary.
It appears primarily concerned with reducing the administrative and financial burden on registries that choose to participate.
It asks law enforcement to submit takedown requests as part of “a well thought-out, comprehensive abuse disruption strategy” that gives registries sufficient time to implement them.
It further asks (and provides a template letter) that ICANN waives the fees it collects when registries register botnet domains, which with some DGAs could amount to many tens or hundreds of thousands of dollars.
It also lists several reasons why registries might refuse to comply with LE without a court order — such as when the names are already registered and need to be seized, or when they’ve been identified as potentially high-value domains.
For registries, offering up the framework appears to be low-hanging fruit in their ongoing conflict with governments, cops and security researchers that argue the industry should do more to tackle abuse.
What it doesn’t do is expand the current industry definition of “abuse”, which is currently limited to botnets, phishing, pharming and malware distribution. Spam can also be considered DNS abuse when it is used to perpetrate any of the other four malfeasances.
But that definition is also voluntary, and only a few dozen registries and registrars have signed up to it. ICANN contracts are pretty much toothless when it comes to abuse.
The fight about DNS abuse is pretty amorphous, and overlaps with intellectual property interests’ demand for more access to private Whois data and the issue of when to start the next new gTLD application round.
Next new gTLD round should be less English, says ICANN boss
The next round of new gTLDs should be less focused on the English-speaking world, ICANN CEO Göran Marby said yesterday.
Talking to ICANN’s Governmental Advisory Committee in a bilateral session at ICANN 71 yesterday, Marby said he believed the 2012 round — the last time anyone was able to apply for a new gTLD — was too English-centric.
We have so few identifiers on the internet, [which] I think is a problem. Most of them are in relation to the English language or translations of English words…
I think and I truly believe that the next round should be giving the ability for people to have identifiers on the internet that’s actually in correlation with their own local contexts, their own scripts, their own keyboards, their own narratives, so they can create their pwn communities on the internet…
We have to rethink a lot of things we have done previously, because last time we did a round it was very much about the English language and I don’t think that’s fair for the rest of the world.
He pointed out the need for universal acceptance — the technical and educational challenge of making sure all software and online services support non-Latin internationalized domain names.
While it’s true that the 2012 round of applications turned out very much English-heavy, it was not by design.
Broadening the gTLD space out to non-Latin scripts and non-English languages was one of the benefits frequently cited (often, I thought, to guilt-trip the naysayers) before opponents of new gTLDs — including governments — in the run-up to the 2012 round.
ICANN was tasked in 2011/12 with reaching out to potential applications in under-served areas of the world, but it’s generally considered to have done a pretty shoddy job of it.
In the 2012 round, 116 of the 1,930 total applications were for IDNs, and 97 of those at some point made it into the DNS root. There have been a further 61 IDN ccTLDs that came in through the IDN ccTLD Fast Track process.
IDN applicants were given special privileges in the 2012 round, such as prioritization in the lottery that selected the processing order for applications. The first delegated new gTLD was in Arabic.
The IDN gTLDs have had a mixed performance volume-wise, with the top 10 strings, which are mostly Chinese, having between 14,500 and 164,000 domains under management.
Only one has passed the 50,000-domain threshold where it has to start paying ICANN transaction fees.
The numbers are not thoroughly terrible by new gTLD standards, but they don’t make the case for huge demand, either.
Cade and Dammak win ICANN awards
Marilyn Cade and Rafik Dammak have been named joint winners of this year’s ICANN Community Excellence Award, formerly the Ethos Award.
The award acknowledges those community members deemed to have embodied ICANN’s values and devoted a lot of time to community work.
As I previously blogged, policy consultant Cade, who died last year to a wide outpouring of tributes, was pretty much a shoo-in.
“This award is not intended to be a memorial. Instead, it is a well-deserved recognition of Marilyn’s contributions and commitment to ICANN and our multistakeholder community,” the awards selection committee noted.
Dammak has for over a decade contributed “countless volunteer hours” on various ICANN policy working groups, mainly in the GNSO, the committee noted. His impartiality was called out by the selection committee for praise.
He last year stepped in to fill a leadership vacuum in the working group devoted to reviewing Whois privacy policy.
ICANNers itching to get back to face-to-face shindigs
A majority of ICANN community members want a return to in-person meetings as soon as possible, and overwhelmingly don’t care how many pandemic-related restrictions are put in place to get it done.
That’s according to the results of an online survey ICANN carried out, which ultimately had 665 responses, or 514 if you exclude responses from ICANN staff.
The survey found that over half of all respondents were keen to fling open the doors for ICANN 72 in Seattle this October, even if it meant reduced attendance and global diversity due to pandemic restrictions on travel.
There was even greater acceptance of — and indeed demand for — health measures such as social distancing, face masks, proof of vaccination, and on-site testing.
None of these proposed measures attracted less than 72% support, and no more than 11% of respondents objected to any individual measure.
While the majority of the respondents were from North America or Europe — which I think it’s fair to say are broadly considered to be well-vaccinated and in the closing days of their pandemic restrictions — ICANN has helpfully broken down some of the responses by geography.
Perhaps unsurprisingly, North Americans and Europeans were far more likely to approve of vaccination-related attendance rules, at 73% and 66% respectively. But a majority of those from Latin America, Asia and Africa were also tolerant of such restrictions.
North Americans were also much less likely to fear travel restrictions — ICANN 72 will be held on home turf, after all.
While the survey results show a clear inclination for reopening in-person meetings, with an online component for those unable to make it, the decision will be made by the ICANN board of directors next month.
The full survey results can be viewed here (pdf).
How awful would ICANN 72 have to be for you to stay at home?
ICANN is seriously considering holding its ICANN 72 public meeting with a face-to-face component in Seattle this October. But it wants to know what would make you stay at home.
The org is surveying community members to see how they would respond to stuff like temperature checks, rapid testing, compulsory mask wearing, , vaccine certificates, physical distancing and even physical tracking.
Do community members want this stuff to make them feel safe? Or would it make them steer clear of the meeting for the sheer annoyance and intrusion? Is the community made up of bleeding-heart liberal wokesters, or hardline dunderhead deniers?
And if it turned out that the meeting would be predominately populated with vaxxed-up North Americans and Western Europeans, with few attendees from less well-off parts of the world, would that make you stay away in solidarity?
These are among the questions asked in the 10-page survey, sent out in advance of this week’s ICANN 71 public meeting, which had been due to take place in The Hague but instead will be ICANN’s fifth consecutive online-only gathering.
There’s going to be a live discussion about the possibility of a return to hybrid in-person meetings on Thursday.
The ICANN board is due to make a call on the location of 72 at some point in July.
And it’s not just a decision about health and global representation.
While the survey does not cover this, ICANN meetings are not cheap, and to set the ball rolling now with poor visibility into the pandemic situation a few months in advance would incur costs that could not be recouped.
More non-rules proposed for Whois privacy
An ICANN working group has come up with some extra policy proposals for how registries and registrars handle Whois records, but they’re going to be entirely optional.
The ongoing Expedited Policy Development Process team has come up with a document answering two questions: whether registrars should differentiate between people and companies, and whether there should be a system of uniform, anonymized email addresses published in Whois records.
The answer to both questions is a firm “Maybe”.
The EPDP working group seems to have been split along the usual party lines when it comes to both, and has recommended that contracted parties should get to choose whether they adopt either practice.
Under privacy laws, chiefly GDPR, protections only extend to data on natural persons — people — and not to legal persons such as companies, non-profits and other amorphous entities.
Legally, registries and registrars are not obliged to fully redact the Whois records of domains belonging to companies, but many do anyway because it’s easier than putting systems in place to differentiate the two types of registrant.
There’s also the issue that, even if the owner of the domain is a company, the contact information may belong to a named, identifiable person who is protected by GDPR. So ICANN’s contracted parties may reduce their potential liability by redacting everything, no matter what type of entity the domain belongs to.
The EPDP’s has decided to stick to the status quo it agreed to in an earlier round of policy talks: “Registrars and Registry Operators are permitted to differentiate between registrations of legal and natural persons, but are not obligated to do so”.
Contracted parties will get the option to ask their registrants if they’re a natural person (yes/no/not saying) and capture that data, but they’ll have to redact the answer from public Whois output.
They’d have to “clearly communicate” to their customers the fact that their data will be treated differently depending on the choice they make.
On the second question, related to whether a system standardized, published, anonymized email addresses is feasible or desirable, the EPDP is also avoiding any radical changes:
The EPDP Team recognizes that it may be technically feasible to have a registrant-based email contact or a registration-based email contact. Certain stakeholders see risks and other concerns that prevent the EPDP Team from making a recommendation to require Contracted Parties to make a registrant-based or registration-based email address publicly available at this point in time.
Again, the working group is giving registries and registrars the option to implement such systems or not.
The benefit (or drawback, depending on your perspective) of giving each registrant a single anonymous email address that is published in all their Whois records is that it makes it rather easy to reverse-engineer that registrant’s entire portfolio.
If you’re a political insider running a whistle-blower blog, a bar owner who also moderates a forum for closeted gays in a repressive regime, or a domain name news blogger running a furry porn site on the side, you might not want your whole collection of domains to be easily doxxed.
But if you’re a trademark lawyer chasing cybersquatters or a security researcher tracking spammers, being able to take action against a ne’er-do-well’s entire portfolio at once could be hugely useful.
So the EPDP working group proposes to leave it up to individual registries and registrars to decide whether to implement such a system, basically telling these companies to talk to their lawyers.
The EPDP Team recommends that Contracted Parties who choose to publish a registrant- or registration-based email address in the publicly accessible RDDS should ensure appropriate safeguards for the data subject in line with relevant guidance on anonymization techniques provided by their data protection authorities and the appended legal guidance in this recommendation
An appendix to the recommendations, compiled by the law firm Bird & Bird, says there’s “a high likelihood that the publication or automated disclosure of such email addresses would be considered to be the processing of personal data”.
The EPDP recommendations are now open for public comment until July 19, and could become binding if they make it through the rest of the ICANN policy development system.
ICANN 71 — now with added bearded men!
What’s better than a flabby, bearded, middle-aged man lecturing you about DNS policy in a Zoom window? Why, up to 25 flabby, bearded, middle-aged men lecturing you about DNS policy in the same Zoom window, of course!
That appears to be an added benefit (to beard fans, at least) of upgrades ICANN has made to its remote participation platform ahead of this month’s ICANN 71 public meeting, which will be taking place virtually.
The org has implemented a new Zoom feature called Immersive View, which permits the illusion that everyone on a given panel or committee is sitting in the same room, by pasting their images in real-time to the same fake background image.
From Zoom’s blog announcing the feature earlier this year:
The feature supports up to 25 participants, which should be sufficient to accommodate every member of ICANN’s various committees and the board of directors.
While I’m making light of it, I do see some value to observers of being able to see all session speakers simultaneously. As an inveterate nose-picker, I’m not sure I’d be quite as happy about it as a participant.
Other useful features announced by senior engineering veep Ashwin Rangan yesterday include real-time captioning in English of non-English speakers and a return to one-on-one rooms for people wishing to have private meetings.
ICANN has also linked its meeting registration system with its regular web site login accounts, Rangan said.
Barrett to replace Da Silva on ICANN board
South African internet pioneer Alan Barrett is to replace Ron Da Silva as one of the Address Supporting Organization’s members of ICANN’s board of directors, the ASO’s Address Council said yesterday.
The pick comes after multiple rounds of interviews, which whittled down an initial slate of 10 nominees to a long list of eight, and then a short list of four, which included Da Silva.
It’s a selection, rather than an election, with the Address Council doing the hiring.
The handover will happen following ICANN 72nd public meeting, taking place this October either in Seattle or virtually, at the conclusion of Da Silva’s second three-year term on the board.
According to his bio, Barrett was co-founder of South Africa’s first commercial ISP in the early 1990s. He has served as a software consultant for the last 14 years and was CEO of Afrinic until 2019.
There are currently two other directors on the ICANN board, which has geographic regional quotas, hailing from Africa. Da Silva represents the North America region.
American Gen Z not interested in ICANN?
ICANN seems to be having trouble recruiting American youngsters into its cult community.
The org today said that it’s extended the deadline for its NextGen program, which is trying to attract and throw money at a dozen under-30s from North America to attend its October public meeting.
It’s the second North American meeting in a row before which ICANN has had to extend the deadline for applications.
Ordinarily, the NextGen program offers 18-30 years-old students and academics in the internet policy field free travel and lodgings for an ICANN meeting, along with up to $200 for a visa and $500 to cover incidentals.
ICANN typically picks 12 to 15 participants for each meeting. Successful applicants have “mentors” and are obliged to actually participate, giving a short presentation on their relevant academic work.
It’s currently fifty-fifty whether ICANN 72 goes ahead in Seattle this October or becomes the sixth meeting in a row to be held on Zoom, so pandemic-related travel restrictions probably have some bearing on interest in the NextGen program.
But pre-pandemic ICANN 66, the last to be held in the USA, also had to extend its application deadline and ultimately attracted only 11 successful applicants, one below the usual minimum threshold.
(It’s quite difficult, incidentally, to get quality statistics on the NextGen program. The list of North American participants for ICANN 66 is just a copy-paste of the African participants for ICANN 65, and the out-of-date numbers on the official stats page incorrectly have Mexico, Central America and the Caribbean islands categorized as North American (which they’re not, according to ICANN’s geographic regions policy).)
So what is it keeping younger North Americans away from ICANN?
If anything, one would assume a greater interest from academics in the region, given ICANN’s historical connection to the US government and its uniquely interesting position under the law.
Recent Comments