Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
Million-euro Tucows GDPR lawsuit may not be ICANN’s last
ICANN has filed a lawsuit against a Tucows subsidiary in Germany in an effort to resolve a disagreement about how new European privacy law should be interpreted, and according to ICANN’s top lawyer it may not be the last.
The organization said late Friday that it is taking local registrar EPAG to court in Bonn, asking that the registrar be forced to continue collecting administrative and technical contact information for its Whois database.
According to an English translation of the motion (pdf), and to conversations DI had with ICANN general counsel John Jeffrey and Global Domains Division president Akram Atallah over the weekend, ICANN also wants an injunction preventing Tucows from deleting these fields from current Whois records.
At its core is a disagreement about how the new General Data Protection Regulation should be interpreted.
Tucows plans to continue collecting the registrant’s personal information, but it sees no reason why it should also collect the Admin-C and Tech-C data.
Policy director Graeme Bunton argues that in the vast majority of cases the three records are identical, and in the cases they are not, the registrar has no direct contractual relationship with the named individuals and therefore no business storing their data.
ICANN counters that Admin-C and Tech-C are vital when domain owners need to be contacted about issues such as transfers or cyber-attacks and that the public interest demands such records are kept.
Its new Temporary Policy — which is now a binding contractual commitment on all registries and registrars — requires all this data to be collected, but Tucows feels complying with the policy would force it to break European law.
“Strategically, we wanted to make sure we don’t let the Whois and the pubic interest get harmed in a way that can’t be repaired,” Atallah said.
“The injunction is to actually stop any registrar from not collecting all the data and therefore providing the opportunity for the multistakeholder model to work and come up with a long-term plan for Whois,” he said. “”We don’t want to have a gap.”
Jeffrey said that the suit was also necessary because ICANN has not received sufficient GDPR guidance from data protection authorities in the EU.
EPAG is not the only registrar planning to make the controversial changes to data collection. There are at least two others, at least one of which is based in Germany, according to Jeffrey and Atallah.
The German ccTLD registry, DENIC, is not under ICANN contract but has also said it will no longer collect Admin-C and Tech-C data.
They may have all taken their lead from the playbook (pdf) of German industry group eco, which has been telling ICANN since at least January that admin and tech contacts should no longer be collected under GDPR.
That said, Tucows chief Elliot Noss is a vocal privacy advocate, so I’m not sure how much leading was required. Tucows was also a co-developer (pdf) of the eco model.
The injunction application was filed the same day GDPR came into effect, after eleventh-hour talks between ICANN legal and Tucows leadership including chief legal officer Bret Fausett hit an impasse.
Tucows has agreed to freeze its plan to delete its existing Admin-C and Tech-C stored data, however.
The suit has a nominal million-euro value attached, but I’m convinced ICANN (despite its budget crunch) is not interested in the money here.
It’s my sense that this may not be the last time we see ICANN sue in order to bring clarity to GDPR.
Recently, Jeffrey said that ICANN would not tolerate contracted parties refusing to collect full Whois data, and also that it would not tolerate it when they decline to hand the data over to parties with legitimate interests.
The German lawsuit does not address this second category of non-compliance.
But it seems almost certain to me that intellectual lawyers are just days or weeks away from starting to file compliance tickets with ICANN when they are refused access to this data, which could lead to additional litigation.
“Whether it would result in a lawsuit is yet to be determined,” Jeffrey told DI yesterday. “The normal course would be a compliance action. If people aren’t able to gain access to information they believe that they have a legitimate right to access they will file compliance complaints. Those compliance complaints will be evaluated.”
“If it’s a systematic decision not to provide that access, that would violate the [Temporary Policy],” he said. “If they indicated it was because of their interpretation of the law, then it could result in us asking questions of the DPAs or going to court if that’s the only action available.”
The injunction application is a “one-sided filing”, which Jeffrey tells me is a feature of German law that means the court could issue a ruling without requiring EPAG/Tucows to appear in court or even formally respond.
The dispute therefore could be resolved rather quickly — this week even — by the court of first instance, Jeffrey said, or it could be bounced up to the European Court of Justice.
Given how new GDPR is, and considering the wider implications, the latter option seems like a real possibility.
How all 33 European ccTLDs are handling GDPR
Happy GDPR Day everyone!
Today’s the day that the European Union’s not-quite-long-enough-awaited General Data Protection Regulation comes into effect, giving registries and registrars the world over the prospect of scary fines if they don’t keep their registrants’ Whois data private.
So I thought today would be the perfect day to summarize what each EU or European Economic Area ccTLD has said they are doing about GDPR as it pertains to Whois.
There are 33 such ccTLDs, arguably, and I’ve checked the public statements and web sites of each to hit the key changes they’ve announced.
Because ccTLDs are not governed by ICANN contracts, they had to figure out GDPR compliance for themselves (though some did take note of ICANN guidance).
So I’ve found there are differing interpretations of key points such as whether it’s kosher to continue to publish contact email addresses, and where the line between “natural persons” (ie humans) and “legal persons” (ie companies and other organizations) should be drawn.
Some have also been quite specific about when they will release private data to third parties with so-called “legitimate purposes”; others are more vague.
Note that some of the 33 do not appear to have published anything about GDPR. It’s possible this is because they didn’t need to make any changes. It’s also possible that I simply could not find the information because I’m rubbish.
I should also note that I did the majority of this research yesterday, so additional statements may have been made in the meantime.
Anyway, here’s the list, in alphabetical order.
Austria (.at)
In Austria, from last week public Whois records only show the domain name and technical information when the domain is owned by natural persons. Company-owned domains are unchanged. Any registrant can opt in to having their data published. Only verified “law enforcement agencies, lawyers or people who contact nic.at following domain disputes and who can prove that their rights have been infringed” are allowed to access full records.
Belgium (.be)
DNS.be has not been publishing personal info of natural person registrants, other than their email address, since 2000. As of last week, email addresses are not being published either. It’s also removed the contact name (though not the organization) for domains owned by legal persons. A web form is available to contact anonymized registrants.
Bulgaria (.bg)
There’s not currently any information on the registry web site to indicate any GDPR-related changes, at least in English, that I could find.
Croatia (.hr)
No info on GDPR to be found here either.
Cyprus (.cy)
Ditto.
Czechia/Czech Republic (.cz)
Nic.cz has new rules (pdf) coming in tomorrow that specify which Whois fields will or may be “hidden”, but the English version of the document is too confusing for me to follow. It appears as if plenty of contact information will be masked, and that the registry will only make it available to those who contact it directly with a good enough reason (and it may charge for access). It may also release historical records to those with legitimate purposes.
Denmark (.dk)
Remarkably, there will be NO CHANGE to Whois in .dk after tomorrow, according to an article published on the registry’s web site today. DIFO, the registry, is subject to a Danish law that makes publication of Whois mandatory so, the company said, “we will continue to publish the information – for the benefit of those who need to know who is behind a given domain name. Regardless of whether it is because you want to protect your brand, investigate a crime, do research or just satisfy your curiosity.” Wow!
European Union (.eu)
Eurid’s current Whois policy (pdf) states that only the email address of natural persons will be published publicly. Registrants get the option from their registrars to have this address anonymized. Private data can be released to those who show they have a legitimate interest in accessing it.
Estonia (.ee)
The Estonian Internet Foundation Council approved its GDPR changes (pdf) back in March. They say that no personal information on natural persons will be published, though it appears there will be a way to get in contact with them via the registry itself.
Finland (.fi)
The Finnish registry, FICORA, is a governmental entity that has published remarkably little about GDPR on its site. Its Whois shows the name of the registrant, even when they’re a natural person. Registrants can also opt in to reveal more information about themselves.
France (.fr)
Afnic didn’t have to do much to comply with RGPD (tut!) as it has been hiding the personal info of natural-person registrants since it started allowing them to register .fr names back in 2006. Likewise, it already has a procedure to enable the likes of trademark owners to get their hands on contact info in the event of a dispute, which involves filling out a form (pdf) and promising to only use the data acquired for the purposes specified.
Germany (.de)
DENIC, Europe’s largest ccTLD registry said a few months back that it would expunge personal data from its public Whois and implement a semi-automated system for requesting full records. It’s also adding two “non-personalized” contact email addresses for general and technical inquiries, which will be managed by the registrar in question.
Greece (.gr)
I couldn’t find any GDPR-related information on the registry web site, but its Whois appears to not output contact details for any registrant anyway.
Hungary (.hu)
Currently outputs “private registrant” as the registrant’s name when they’re a natural person, along with a technical contact email and no other personal information. Legal persons get their full contact info published. It’s not entirely clear how recent this policy is.
Iceland (.is)
Iceland’s ISNIC is one of the ccTLD registries to announce that it will continue to publish registrants’ email addresses, though no other contact info, until it is told to stop. In a somewhat defiant post last month, the registry said that GDPR as applied to Whois “will lead to less transparency in domain registrations and less trust in the domain registration system in general”.
Ireland (.ie)
IEDR will not publish contact information for any registrant, though it will publish their name if they’re a legal person. It will only disclose personal information to law enforcement, under court order, for technical matters, or to help a dispute resolution partner resolve a cybersquatting claim.
Italy (.it)
The current version of Registro.it’s Whois policy, dated September 2016, says it will publish all contact information over port 43 and a subset of some contact info (including phone and email) over the web query tool. There’s no mention I could find on its site of GDPR-related changes, though its 2016 policy acknowledges some might be needed.
Latvia (.lv)
Under its post-GDPR policy (pdf), Nic.lv will not publish any personal info about natural persons in its public Whois, and only law enforcement and the government can request the records. Legal-person registrants continue to have their full contact data published.
Liechtenstein (.li)
Liechtenstein is managed by Switzerland’s SWITCH and appears to have the same policies.
Lithuania (.lt)
DomReg’s new privacy policy (pdf) gives natural persons an opt-in to have their personal data published, but otherwise it will all be private. There’s an email-forwarding option. Lawyers with claims against registrants can pay the registry for the Whois record if the registrant has not responded to their forwarded emails within 15 days.
Luxembourg (.lu)
.lu registry RESTENA Foundation said it will cut all personal information for natural-person registrants and make a web-based form available for contact purposes. There will be an opt-in for those who want their data published at a later date. Legal persons continue to have their data published. The registry will make current and historical records available for those with legit purposes, and will create automated blanket access system for national authorities that require regular access.
Malta (.mt)
NIC(Malta)’s current Whois policy, which is only six months old, allows any registrant to opt out of having their personal data published in Whois, but appears to require than a “Administrative Agent” be appointed to take their place in the public database. There’s no info on its web site about any upcoming changes due to GDPR.
Netherlands (.nl)
SIDN explains in a recent paper (pdf) that it didn’t have to make many changes to its Whois service because personal information was already pretty much redacted. The biggest change appears to be more throttling of Whois queries applied to registrars when they’re querying domains they don’t already sponsor.
Norway (.no)
Norid said this week that it will publish the email address of private individual registrants, and full contact info for companies. It’s also the only European ccTLD I’m aware of to have a third class of registrant, the sole proprietorship, which will also see their organization names and numbers published. There does not appear to be an in-house email anonymization or forwarding service, for which Norid encourages registrants to look elsewhere.
Poland (.pl)
NASK has no GDPR related info on its web site, but its evidently quite old Whois policy states that the private information of individuals is not published.
Portugal (.pt)
DNS.pt has a comprehensive set of documents on its site explaining its pre- and post-GDPR policies. From today, natural-person registrants are given the option to provide their “informed, willing, and express consent” to having their data published. If they don’t give consent, it will be redacted from public records and email addresses may be replaced with an anonymized address. This is not available to legal entities. ARBITRARE, a local arbitration center tasked with handle IP disputes, will be able to have access to full records.
Romania (.ro)
RoTLD said yesterday that it would no longer publish private information of individuals, but that it may release such data to “carefully verified” third parties with legitimate interests. It also encouraged registrants to use non-personally-indentifying email addresses if they wish to have a further degree of privacy.
Slovakia (.sk)
SKNIC, now owned by UK-based CentralNic, has an interesting definition of the type of natural person you have to be to have your data protected — a “natural person non-enterpreneur” — according to its helpfully redlined policy update (pdf), suggesting that offering commercial services might void your right to natural-person status. (UPDATE: SKNIC tells me that “natural person–entrepreneur is a legal definition of a specific version of legal person” in Slovakia). There’s a carve-out that allows the registry to provide private data to third parties with legal claims, or to its cybersquatting dispute handler.
Slovenia (.si)
Register.si said this week that it will shortly publish its post-GDPR privacy policy, but it does not appear to have yet done so.
Spain (.es)
I could find no GDPR-related information on the Dominios.es site.
Sweden (.se)
IIS has not published the private fields of Whois records for natural persons since 2013. From today, it will also redact the contact name and email address from the records of legal-person registrants, as it may be considered “personal” data under the law.
Switzerland (.ch)
I don’t think GDPR actually applies to Switzerland, which is not an EEA member, but the .ch registry, SWITCH, also runs Liechtenstein’s .li, so I’m including it here. SWITCH says on both of its sites that it is required by Swiss law to publish Whois records, though they’re subject to an acceptable use policy that includes throttling. When I attempted to do a single Whois query via the SWITCH site today I was told I had already exceeded my quota. Shrug.
United Kingdom (.uk)
UK registry Nominet has long had a two-tier Whois, where private individuals do not have their contact information published in the public Whois. But as of this week it has started redacting all registrant contact information. It’s also going to be offering a paid-for searchable Whois service and a free data request service with a one-day turnaround.
After outcry, ICANNWiki to get ICANN funding next year
ICANNWiki will continue to get funding from its namesake, after community members complained about ICANN’s plan to abandon its $100,000 annual grant.
The independent wiki project will get $66,000 instead in the year beginning July 1, which will drop to $33,000 in ICANN’s fiscal 2020.
The funding will then disappear completely.
It’s a slight reprieve for ICANNWiki, which uses the money not only for its 6,000-article web site but also in-person outreach at events around the world.
The organization had complained about the plans to drop funding back in December, and fans of the site later called on ICANN to change its mind.
Supporters say the site fulfills a vital educational service to the ICANN community.
ICANNWiki also receives over $60,000 a year from corporate sponsors.
ICANN has also offered a reprieve to its Fellowship program in the new draft budget, reducing the number of people accepted into the program by fewer than expected.
It said in January it would slash the program in half, from 60 people per meeting to 30. That number will now drop to 45, at a cost of $151,000.
As discussed in this February article, the community has differing opinions about whether the program is an important way to on-board volunteers into ICANN’s esoteric world, or a way for freeloaders to vacation in exotic locations around the globe.
ICANN slashes new gTLD income forecast AGAIN
ICANN has yet again been forced to lower its funding expectations from new gTLDs, as the industry continues to face growth challenges.
In its latest draft fiscal year 2019 budget, likely to be approved at the end of the month, it’s cut $1.7 million from the amount it expects to receive in new gTLD transaction fees.
That’s even after cutting its estimates for fiscal 2018 in half just a few months back.
New gTLD registry transaction fees — the $0.25 collected whenever a new gTLD domain is registered, renewed or transferred, provided that the gTLD has over 50,000 domains under management — are now estimated at $5.1 million for FY19
That’s up just $500,000 from where it expects FY18, which ends June 30 this year, to finish off.
But it’s down $900,000 or 15% from the $6 million in transaction fees it was forecasting just four months ago.
It’s also still a huge way off the $8.7 million ICANN had predicted for FY18 in March 2017.
Registrar new gTLD transaction fees for FY19, paid by registrars regardless of the size of the TLD, are now estimated to come in at $4.3 million, up $400,000 from the expect FY18 year-end sum.
But, again, that number is down $800,000 from the $5.1 million in registrar fees that ICANN was forecasting in its first-draft FY19 budget.
In short, even when it was slashing its FY18 expectations in half, it was still over-confident on FY19.
On the bright side, at least ICANN is predicting some growth in new gTLD transactions.
And the story is almost exactly reversed when it comes to pre-2012 gTLDs.
For legacy gTLD registry transaction fees — the majority of which are paid by Verisign for .com and .net — ICANN has upped its expectations for FY19 to $49.6 million, compared to its January estimate of $48.7 million (another $900,000 difference, but in the opposite direction).
That growth will be offset by lower growth at the registrar level, where transaction fees for legacy gTLDs are now expected to be $30.2 million for FY19, compared to its January estimate of $30.4 million, a $200,000 deficit.
None of ICANN’s estimates for FY18 transaction fees have changed since the previous budget draft.
But ICANN has also slashed its expectation in terms of fixed fees from new gTLD registries — the $25,000 a year they all must pay regardless of volume.
The org now expects to end FY18 with 1,218 registries paying fees and for that to creep up slightly to 1,221 by the end of FY19.
Back in January, it was hoping to have 1,228 and 1,231 at those milestones respectively.
Basically, it’s decided that 10 TLDs it expected to start paying fees this year actually won’t, and that they won’t next year either. These fixed fees kick in when TLDs are delegated and stop when the contract is terminated.
It now expects registry fixed fees (legacy and new) of $30.5 million for FY19, down from expected $30.6 million for FY18 and and down from its January prediction of $31.1 million.
ICANN’s budget documents can be downloaded here.
Sedo’s cunning GDPR workaround
With full Whois records set to disappear from public view for most domain names this Friday, auction house Sedo has had to resort to some technical trickery to enable its users to prove they own the domains they list for sale.
Until now, when listing a domain at Sedo, the company has checked whether the Whois record matches the data it has on file for the customer.
With that no longer possible in many cases, Sedo told users yesterday it instead wants them make updates to their DNS records, which will obviously remain public data post-GDPR.
Sedo will give each customer a personal identification number, which they will have to add to the all-purpose TXT field of their domain’s DNS record.
That’s a fairly straightforward process at most registrars, though volume domainers had better hope their registrar of choice allows DNS changes to be made in bulk.
Sedo’s calling the process “Owner Self-Verification”.
Customers who do not use the system will have to wait three business days before their names are verified. Sedo said it will manually spot-check domains and may ask for other forms of proof of ownership.
UPDATE: Many thanks to all the people on Twitter telling me this system has been in place for years. You’re all very clever. Your cookies/cigars are in the mail.
ICANN board talking GDPR “litigation”
ICANN’s board of directors is meeting today to discuss its “litigation strategy” concerning the General Data Protection Regulation, the EU privacy legislation due to make Whois unrecognizable come Friday.
Those two words are basically the only item on its agenda for a special board meeting today.
I’ve been unable to squeeze any further information out of ICANN, but I can speculate about a few different things it could mean.
The first thing that springs to mind is a blog post by CEO Goran Marby dated April 12, in which he wrote:
Without a moratorium on enforcement, WHOIS will become fragmented and we must take steps to mitigate this issue. As such, we are studying all available remedies, including legal action in Europe to clarify our ability to continue to properly coordinate this important global information resource. We will provide more information in the coming days.
To my knowledge, no additional information on this “legal action in Europe” has ever been released.
Could ICANN be ready to take a data protection authority to court preemptively, as a test case to insulate the industry against enforcement action from DPAs? Your guess is as good as mine at this stage.
Another possibility, still in speculative territory, is that the board will be discussing the many calls from the industry for some kind of legal or financial indemnification against GDPR-related regulatory actions. I’d assign a relatively low probability to that idea.
A third notion that springs to mind, slightly more realistically, is that the board could simply be discussing how ICANN would defend itself from incoming litigation related to its GDPR response.
It usually takes ICANN a few days to post the results of its board meetings, but on important hot topics it’s not hugely unusual to see same-day publication.
Failure to launch: 10 years-old gTLDs that are still dormant
Over six years after the last new gTLD application window closed, more than one in 10 new gTLDs have yet to launch, even though some have been delegated for over four years.
Once you filter out duplicates, withdrawals and terminations from the original 1,930 applications, there were a maximum of roughly 1,300 potential new gTLDs from the 2012 round.
But, by my calculations, 144 of those have yet to even get around to their sunrise period. Most of those haven’t even filed their launch plans with ICANN yet.
Here’s 10 from that list I’ve picked based on how interesting they appear to me, in no particular order.
Yes, DI is doing listicles now. Hate-mail to the usual address.
.forum
This one’s owned by Jay Westerdal’s Top Level Spectrum, the same company behind .feedback, .realty and others. I quite like the potential of this string — the internet is chock-full of forums due to the easy availability of open-source forum software — but so far nobody’s gotten to register one. It was delegated back in June 2015 and doesn’t have a published launch plan as yet. An FAQ reading just saying “Jay was here !!!!! Test deploy..delete me later…” has been up on its site since at least last September. TLS is also sitting on .contact and .pid (for “personal ID”) with no launch dates in sight.
.scholarships
Owned by Scholarships.com, there’s a whiff of the defensive about this one. It’s been in the root since March 2015 but its site states the registry “is still finishing launch plans and will provide updates as they become available”. Scholarships.com is a site that connects would-be higher education students to potential sources of funding. It’s difficult to imagine many ways the matching gTLD could possibly help in that mission.
.giving
JustGiving, the UK-based charity campaign aggregator, won this gTLD and had it delegated in August 2015, but seemingly still hasn’t figured out what it wants to do with it. It’s not a dot-brand, so it’s presumably mulling over ways to give .giving domains to fundraisers in a way that does not compromise credibility. Whatever its plans, it’s taking its sweet time over them.
.cancerresearch
This is a weird one. Delegated four years ago, the Australian Cancer Research Foundation rather quickly went live with a bunch of interlinked .cancerresearch web sites, using its contractually permitted allotment of promotional domains. Contractually, it’s not a dot-brand, but it’s basically acting like one, having never actually given ICANN any info about sunrise, eligibility, trademark claims, general availability, etc. Technically, it’s still pre-launch, and I can’t see any reason why it would want to budge from that status. Huge loophole in the ICANN rules?
.beauty
Another whiff of gaming here. International woman-shaming powerhouse L’Oreal still has no announced plans to launch .beauty, .skin or .hair, which it had originally wanted to run as so-called “closed generics” (presumably to keep the keywords out of the hands of competitors). Of its small portfolio of generic gTLDs, delegated in 2016, it has actually launched .makeup already, with a $6,000 retail price and a strategy seemingly based on registry-owned domains matching the names of makeup-focused social media influencers. At least it’s actually selling names, even if nobody’s bought one yet.
.budapest
One of three city TLDs that were delegated back in 2014 but have yet to start selling domains. MMX is to run it in partnership with the local government of the Hungarian city, if it ever gets off the ground. Madrid (.madrid) and Zurich (.zuerich) have both also yet to roll out, although Zurich has settled on early 2019 for its launch.
.fan
Regular DI readers won’t be surprised to see this one on the list. In what may turn out to be a shocking waste of money, .fans registry Asiamix Digital acquired the singular .fan from Donuts back in 2015 and promptly let it sit idle for the next three years. Currently, with .fans turning out to be a flop, Asiamix has money troubles and I wouldn’t be surprised to see it under new ownership before too long. It’s not a terrible string, so there’s some potential there.
.ком, etc
.ком is one of 11 internationalized domain name transliterations of .com — .कॉम, .ком, .点看, .คอม, .नेट, .닷컴, .大拿, .닷넷, .コム, .كوم and .קוֹם — that Verisign had delegated back in 2015. To date, only the Japanese .コム has launched, and the registry reportedly arsed it up quite badly. Records show .コム peaked at over 28,000 names and sits at fewer than 7,000 today. None of the remaining IDNs have launch dates attached.
Anything owned by Google or Amazon
When it comes to sitting on dormant gTLDs, you can’t top Google and Amazon for sheer numbers. Google has 19 strings in pre-launch states right now, while Amazon has a whopping 34. Amazon is letting the likes of .free, .wow, .now, .deal, .save and .secure sit idle, while Google is still stroking its chin on the likes of .eat, .meme, .fly and .channel. At the snail’s pace these companies roll out gTLDs, I wouldn’t be surprised if some of these strings never hit the market.
.bom
Portuguese for “.good”, .bom was delegated to local ccTLD registry Nic.br in 2015 but has no published launch dates and no content on its nic.bom registry web site. I’d say more, but I expect a certain prolific DI commenter could do a better job of it, so I’ll turn it over to him…
EnCirca partners with PandoraBots to push .bot names to brands
Specialist registrar EnCirca has partnered with bot development framework vendor PandoraBots to market .bot domains at big brands.
The two companies are pushing their wares jointly at this week’s International Trademark Association annual meeting in Seattle.
In a press release, the companies said that PandoraBots is offering bot-creation “starter kits” for brand owners that tie in with .bot registration via EnCirca.
Bots are rudimentary artificial intelligences that can be tailored to answer customer support questions over social media. Because who wants to pay a human to answer the phones?
Amazon Registry’s .bot gTLD is a tightly restricted space with strict preregistration verification rules.
Basically, you have to have a live, functioning bot before you can even request a domain there.
Only bots created using Amazon Lex, Botkit Studio, Dialogflow, Gupshup, Microsoft Bot Framework, and Pandorabots are currently eligible, though Amazon occasionally updates its list of approved frameworks.
The .bot space has been in a limited registration period all year, but on May 31 it will enter a six-month sunrise period.
Despite not hitting general availability until November, it already has about close to 1,800 domains in its zone — most of which were registered via EnCirca — and hundreds of live sites.
EnCirca currently offers a $200 registration service for brand owners, in which the registrar handles eligibility for $125 and the first year reg for $75.
Donuts freezes .place gTLD ahead of new geofencing rules
Donuts has taken its .place gTLD temporarily off the market as it repurposes the space as a restricted zone for “geofencing” related uses.
That’s right, the biggest gTLD portfolio play and historically staunch advocate of open gTLDs is actually planning to introduce eligibility requirements into a currently unrestricted TLD.
Details are light ahead of a formal announcement, but I’m told all new .place registrants will have to agree to use their domains for geofencing purposes.
This looks a bit like it could be a taste of the “innovation” we were all promised from the new gTLD program.
Geofencing refers to systems that divide the world up into fenced-off virtual parcels of land based on GPS coordinates, enabling location-based services.
It’s an area Donuts has been looking at for a while, having invested in early-stage geofencing company GeoFrenzy, since rebranded as Geo.Network, two years ago.
While Donuts puts its new .place model in place — ICANN and registrars have been given the heads-up — it should not be possible to register any new .place domains.
Major registrars such as GoDaddy, Namecheap, Uniregistry and Donuts-owned Name.com were not returning results for .place domains on their storefronts when I checked over the weekend.
Other registrars did still appear to be offering the names, but I did not attempt to register one to check whether the sale would complete.
I gather that the new eligibility requirements will not apply retroactively, so anyone who currently owns a .place name will get to keep it on an unrestricted basis.
There are around 7,000 active .place domains currently.
Registrars want six-month stay on new Whois policy
Registrars representing the majority of the gTLD industry want ICANN to withhold the ban hammer for six months on its new temporary Whois policy.
As I reported earlier today, ICANN has formally approved an unprecedented Temporary Policy that seeks to bring the Whois provisions of its contracts into compliance with the EU’s General Data Protection Regulation.
It comes into effect next Friday, May 25, but it contains a fair few items that will likely take longer for registrars to implement.
While ICANN’s top lawyer has indicated that ICANN Compliance will act as reasonably as possible about enforcing the new policy, registrars want a moratorium of at least six months.
In a letter (pdf) dated May 16 (before the policy was voted through, but while its contents were broadly known), Registrar Stakeholder Group chair Graeme Bunton wrote:
Any temporary specification adopted now that significantly deviates from previously held expectations and models will be far too late for us to accommodate for a May 25, 2018 implementation date.
For this reason, we ask that any temporary specification include a formal ICANN compliance moratorium, not shorter than six (6) months, providing us an opportunity to conform, to the extent possible, our GDPR implementation with the GDPR-compliant aspects of any ICANN temporary specification
He added that some registrars may need even more time, so they should have the right ask for an extension if necessary.
The letter is signed by Endurance, GoDaddy, Tucows, Blacknight, 1&1, United Domains, NetEarth One and Cloudflare, which together account for most gTLD domains.
Recent Comments