Latest news of the domain name industry

Recent Posts

ICANN abandons face-to-face plan for Puerto Rico

Kevin Murphy, November 5, 2021, Domain Policy

ICANN has canceled its plans for a “hybrid” ICANN 73, saying this morning that the meeting will go ahead as an online-only virtual meeting.

Its board of directors yesterday voted to abandon efforts to have a face-to-face component in Puerto Rico as originally planned, as I predicted a few days ago.

ICANN of course said it’s because of the coronavirus pandemic, and more particularly the associated travel restrictions and the lack of access to vaccines in some parts of the world from which its community members hail.

The US Centers for Disease Control currently rates Puerto Rico as its second-highest risk level, meaning ICANN’s meetings staff have been unable to travel there to do on-site planning. ICANN said:

While there has been progress that might make it feasible to plan for and convene a meeting in San Juan, Puerto Rico in March 2022, the current risks and uncertainties remain too high to proceed with an in-person meeting or with an in-person component.

Its board resolution stated:

Between the global inequity in vaccine availability across the world, continuing restrictions on persons from many countries or territories being allowed to enter the U.S., and backlogs in visa processing for those who are able to enter the U.S., ICANN org cannot estimate with any confidence the ability for attendees outside of the U.S. to attend ICANN73.

So 73 will be Zoom again. The time zone will remain UTC-4, Puerto Rico local time, which should make it less problematic for Europeans to attend.

The dates are still slated for March 5 to March 10 next year, but it seems likely that we’ll be looking at a March 7 kick-off, as March 5 is a Saturday and people don’t like working weekends if not somewhere they can also work on their tans.

ICANN said it “affirmed its intent” to attempt the hybrid model again for the mid-year ICANN 74 meeting, which is due to take place in The Hague, Netherlands, next June.

It’s bad news for ICANN participation, which has been declining in the new era of virtual meetings, but good news for its bank account. Virtual meetings cost a few million dollars less than in-person ones.

If you guessed Facebook’s “Meta” rebrand, you’re probably still a cybersquatter

Kevin Murphy, November 3, 2021, Domain Policy

Guessing that Facebook was about to rebrand its corporate parent “Meta” and registering some domain names before the name was officially announced does not mean you’re not a cybersquatter.

Donuts this week reported that its top-trending keyword across its portfolio of hundreds of TLDs was “meta” in October. The word was a new entry on its monthly league table.

We’re almost certainly going to see the same thing when Verisign next reports its monthly .com keyword trends.

The sudden interest in the term comes due to Facebook’s October 28 announcement that it was calling its company Meta as part of a new focus on “metaverse” initiatives.

The announcement was heavily trailed following an October 19 scoop in The Verge, with lots of speculation about what the name change could be.

Many guessed correctly, no doubt leading to the surge in related domain name registrations.

Unfortunately for these registrants, Facebook is one of the most aggressive enforcers of its trademark out there, and it’s pretty much guaranteed that Meta-related UDRP cases will start to appear before long.

While Facebook’s “Meta” trademark was only applied for in the US on October 28, the same date as the branding announcement, the company is still on pretty safe ground, according to UDRP precedent, regardless of whether the domain was registered before Facebook officially announced the switch.

WIPO guidelines dating back to 2005 make it clear that panelist can find that a domain was registered in bad faith. The latest version of the guidelines, from 2017, read:

in certain limited circumstances where the facts of the case establish that the respondent’s intent in registering the domain name was to unfairly capitalize on the complainant’s nascent (typically as yet unregistered) trademark rights, panels have been prepared to find that the respondent has acted in bad faith.

Such scenarios include registration of a domain name: (i) shortly before or after announcement of a corporate merger, (ii) further to the respondent’s insider knowledge (e.g., a former employee), (iii) further to significant media attention (e.g., in connection with a product launch or prominent event), or (iv) following the complainant’s filing of a trademark application.

Precedent for this cited by WIPO dates back to 2002.

So, if you’re somebody who registered a “meta” name after October 19, the lawyers have had your number for the better part of two decades, and Facebook has a pretty good case against you. If your name contains strings such as “login” or similar, Facebook’s case for bad faith is even stronger.

Of course, “meta” is a dictionary word, and “metaverse” is a term Facebook stole from science fiction author Neal Stephenson, so there are likely thousands of non-infringing domains, dating back decades, containing the string.

That doesn’t mean Facebook won’t sic the lawyers on them anyway, but at least they’ll have a defense.

Whois rule changes that nobody likes get approved anyway

Kevin Murphy, November 3, 2021, Domain Services

ICANN’s Generic Names Supporting Organization Council has approved a handful of changes to Whois policy, despite the fact that pretty much nobody was fully on-board with the proposals and how they were made.

The new recommendations call for a new field in Whois records to flag up whether the registrant is a private individual, whose privacy is protected by law, or a legal entity like a company, which have no privacy rights.

But the field will be optional, with no obligation for registries or registrars to use it in their Whois services, which has angered intellectual property interests, governments and others.

The working group that came up with the recommendations also declined to find that Whois records should come with an anonymized registrant email address as standard. This absence of change was also adopted by the Council, causing more disappointment.

In short, nothing much is happening to Whois records for the foreseeable future as a result of these policy changes.

But the process to arrive at this conclusion has highlighted not just the deep divisions in the ICANN community but also, some argue, deficiencies in the ICANN process itself.

The Expedited Policy Development Process working group that has since 2018 been looking at the interaction between Whois and privacy protection law, primarily the European Union’s General Data Protection Regulation, had been asked two final questions earlier this year, to wrap up its long-running work.

First, should registrars and registries be forced to distinguish between legal and natural persons when deciding what data to publish in Whois?

Second, should there be a registrant-based or registration-based anonymized email published in Whois to help people contact domain owners and/or correlate ownership across records?

The answer on both counts was that it’s up to the registry or registrar to decide.

On legal versus natural, the EPDP decided that ICANN should work with the technical community to create a new field in the Whois standard (RDAP), but that there should be no obligation for the industry to use it.

On anonymized email addresses, the working group recommendations were even hand-wavier — they merely refer the industry to some legal advice on how to implement such a system in a GDPR-compliant way.

While this phase of the EPDP’s work was super-fast by ICANN standards (taking about nine months) and piss-weak with its output, it nevertheless attracted a whole lot of dissent.

While its tasks appeared straightforward to outsiders, it nevertheless appears to have inherited the simmering tensions and entrenched positions of earlier phases and turned out to be one of the most divisive and fractious working groups in the modern ICANN period.

Almost every group involved in the work submitted a minority statement expressing either their displeasure with the outcome, or with the process used to arrive at it, or both. Even some of the largely positive statements reek of sarcasm and resentment.

EPDP chair Keith Drazek went to the extent of saying that the minority statements should be read as part and parcel of the group’s Final Report, saying “some groups felt that the work did not go as far as needed, or did not include sufficient detail, while other groups felt that certain recommendations were not appropriate or necessary”.

This Final Report constitutes a compromise that is the maximum that could be achieved by the group at this time under our currently allocated time and scope, and it should not be read as delivering results that were fully satisfactory to everyone.

The appears to be an understatement.

The Intellectual Property Constituency and Business Constituency were both the angriest, as you might expect. They wanted to be able to get more data on legal persons, and to be able to reverse-engineer domain portfolios using anonymous registrant-baed email addresses, and they won’t be able to do either.

The Governmental Advisory Committee and Security and Stability Advisory Committee both expressed positions in line with the IPC/BC, dismayed that no enforceable contract language will emerge from this process.

Councilor Marie Pattullo of the BC said during the GNSO Council vote last Wednesday that the work “exceeds what is necessary to protect registrant data” and that the EPDP failed to “preserve the WHOIS database to the greatest extent possible”.

The “optional differentiation between legal and natural persons is inadequate”, she said, resulting in “a significant number of records being needlessly redacted or otherwise being made unavailable”. The approved policies contain “no real policy and places no enforceable obligations on contracted parties”, she said.

IPC councilor John McElwaine called the EPDP “unfinished work” because the working group failed to reach a consensus on the legal/natural question. The IPC minority statement had said:

Requiring ICANN to coordinate the technical community in the creation of a data element which contracted parties are free to ignore altogether falls far short of “resolving” the legal vs. natural issue. And failing to require differentiation of personal and non-personal data fails to meet the overarching goal of the EPDP to “preserve the WHOIS database to the greatest extent possible” while complying with privacy law.

But McElwaine conceded that “a minority of IPC members did favor these outputs as being minor, incremental changes that are better than nothing”.

The BC and IPC both voted against the proposals, but that was not enough to kill them. They would have needed support from at least one councilor on the the other side of the GNSO’s Non-Contracted Parties House, the Non-Commercial Stakeholders Group, and that hand was not raised.

While the NCSG voted “aye”, and seemed generally fine with the outcome, it wasn’t happy with the process, and had some stern words for its opponents. It said in its minority statement:

The process for this EPDP has been unnecessarily long and painful, however, and does not reflect an appreciation for ICANN’s responsibility to comply with data protection law but rather the difficulty in getting many stakeholders to embrace the concept of respect for registrants’ rights…

With respect to the precise issues addressed in this report, we have stressed throughout this EPDP, and in a previous PDP on privacy proxy services, that the distinction between legal and natural is not a useful distinction to make, when deciding about the need to protect data in the RDS. It was, as we have reiterated many times, the wrong question to ask, because many workers employed by a legal person or company have privacy rights with respect to the disclosure of their personal information and contact data. The legal person does not have privacy rights, but people do.

While welcoming the result, the Registrars Stakeholder Group had similar concerns about the process, accusing its opponents of trying to impose additional legal risks on contracted parties. Its minority statement says:

it is disappointing that achieving this result was the product of significant struggle. Throughout the work on this Phase, the WG revisited issues repeatedly without adding anything substantially new to the discussion, and discussed topics which were out of scope. Perhaps most importantly, the WG was on many occasions uninterested in or unconcerned with the legal and financial risks that some proposed obligations would create for contracted parties in varying jurisdictions or of differing business models, or the risks to registrants themselves.

The Registries Stakeholder Group drilled down even more on the “out of scope” issue, saying the recommendation to create a new legal vs natural field in Whois went beyond what the working group had been tasked with.

They disagreed with, and indeed challenged, Drazek’s decision that the discussion was in-scope, but reluctantly went ahead and voted on the proposals in Council in order to finally draw a line under the whole issue.

The question of whether the legal vs natural question has been in fact been resolved seems to be an ongoing point of conflict, with the RySG, RrSG and NCSG saying it’s finally time to put the matter to bed and the IPC and BC insisting that consensus has not yet been reached.

The RySG wrote that it is “well past time to consider the issue closed” and that the EPDP had produced a “valuable and acceptable outcome”, adding:

The RySG is concerned that some have suggested this issue is not resolved. This question has been discussed in three separate phases of the EPDP and the result each time has been that Contracted Parties may differentiate but are not required to do so. This clearly demonstrates that this matter has been addressed appropriately and consistently. A perception that this work is somehow unresolved could be detrimental to the ICANN community and seen as undermining the effectiveness of the multistakeholder model.

Conversely, the BC said the report “represents an unfortunate failure of the multistakeholder process” adding that “we believe the record should state that consensus opinion did not and still does not exist”.

The IPC noted “a troubling trend in multistakeholder policy development”, saying in a clear swipe at the contracted parties that “little success is possible when some stakeholders are only willing to act exclusively in their own interests with little regard for compromise in the interest of the greater good.”

So, depending on who you believe, either the multistakeholder process is captured and controlled by intransigent contracted parties, or it’s unduly influenced by those who want to go ultra vires to interfere with the business of selling domains in order to violate registrant privacy.

And in either case the multistakeholder model is at risk — either “agree to disagree” counts as a consensus position, or it’s an invitation for an infinite series of future policy debates.

Business as usual at the GNSO, in other words.

Donuts shuts down 14 registrars, but it’s “not related to DropZone”

Kevin Murphy, October 20, 2021, Domain Registrars

Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.

ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.

This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.

But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.

DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.

But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:

We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.

It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.

I had a stroke

Kevin Murphy, September 21, 2021, Gossip

Of the four men in the room, Tony has it worst. A very elderly gent, he spends six hours a day catatonic, and the rest of his time sleeping, stirring every few minutes to wail loudly as if in horrific pain or equally horrific sexual ecstasy.

He’s fully stroked-up.

When the nurses come to wash him and clean up his shitted bed, which is every three or four hours, he hurls barely comprehensible insults and threats and tries to strike them with flailing palms he cannot form into fists.

They work away uncomplainingly, soothingly, like he’s their favorite granddad. Observing them work at 4am on my second unsleeping night makes me cry for the first of two times during my hospital stay. These guys are the closest thing reality has to angels, and I hope Boris chokes to death on his 3% while waiting for an ambulance.

There’s an octogenarian in the next bed, Trevor.

He’s white, but the full top half of his face is shining ebony from where a piece of furniture intercepted it when he briefly blacked out and fell during some kind of cardiac event. He looks demonic, but he’s the sweetest guy you could ever hope to meet.

They’ve put him in an elaborate medical collar and told him he can’t take it off for the next two months, not even to shower. One wrong move and his spine might snap like a twig and he’ll spend the rest of his life worse off than Tony.

At least he won’t have to dress up for Halloween, he grimly muses.

Then there’s the youngster, Tim, who reels off a laundry list of his ailments, many of which he thinks will soon kill him, not least of which is the fact the he just accidentally proposed to his short-term girlfriend, who said yes.

He has an upcoming try-out for a local sports team, but his deepest wish is to have both his legs amputated.

In this room of four, I feel like the lucky one.

And I’ve just had a stroke at 44.

*

It happened at some point during the evening of the 13th into the following morning.

There was no pain — no physical sensation at all, not even a headache — I simply woke up disabled and oblivious to that fact.

My first inkling that something was amiss came when I found I couldn’t double-click my mouse with my right index finger. I had a general weakness in my right arm, but I chalked this down to having slept on it funny.

I felt a bit off for most of the day, but it wasn’t until the evening, when I tried to insult my cat, that I realized something was terribly wrong. Even after three attempts, the words got garbled on the way out of my brain and slipped and slurred out of my mouth. I could see the cat didn’t look offended in the least.

I knew that I’d had or was having a stroke, and I was in a taxi to the hospital 20 minutes later.

All the NHS TV spots about strokes focus on teaching the viewer how to spot the symptoms of stroke in others, presumably because the victims themselves are usually too addled and confused to recognize them in themselves.

This gave me comfort. I was totally lucid, in thought if not in speech.

Three doctors, one consultant and a CT scan subsequently — after many terrifying hours of uncertainty — confirmed I’d had a “mild” or “small” stroke, buggering up my dominant right arm and leg as well as my speaking voice.

My face was mercifully spared. Still a straight-up 10, ladies.

This all happened due to a combination of recent stresses and two prior decades of hedonistic, borderline arrogant devil-may-care intemperance. Too much booze, too many fags, not enough self-control.

I’ve known I have hypertension for the best part of a decade, and done precisely fuck-all about it. Getting stroked was not so much predictable as inevitable. I have nobody to blame but myself, and this list of people (pdf).

*

My right leg is probably the injured member I’m least concerned about.

I can walk in a straight line easily enough, albeit with a noticeable limp, but my brain currently finds some usually straightforward perambulatory maneuvers surprisingly tricky.

I haven’t fallen over or tripped, not once, since the stroke. But, like Zoolander, I can’t turn left.

My hand is altogether more worrying. My stroke was on the left side of my brain, meaning the right side of my body was affected. I’m right-handed.

I can use the hand to open a door, pick things up, flush a toilet — I even assembled a piece of flat-pack furniture yesterday — but anything requiring more than basic coordination is challenging.

I can’t write using a pen without significant effort. I tried writing out my first name in caps on Thursday morning. The four attempts in this image took about five minutes to produce. And it was painful.

There’s no cognitive problem here, it’s purely a case of not being able to physically control my hand the way I could a week ago. It feels heavy, and I have trouble controlling the vertical axis with any degree of finesse.

I can slice bread but I can’t easily butter it. The second time I cried was on Friday when I managed to get my buttering time down to under a minute per slice. Bittersweet rather than self-pitying.

There are a few things I’d like to do with my dick that are no longer possible.

But, more pertinent to this blog, I can’t double-click a mouse and can’t tap a touchscreen. The fingers are just not fast enough to get the correct timing right now.

Typing on a keyboard is challenging, with my hands trying to cooperate across two different time zones. If you spot any typos here, they will likely be letters on the right side of the keyboard. My backspace key is getting the workout of its life.

And then there’s my speaking.

Right now, I’d say I’m comprehensible 95% of the time at peak, with my performance slipping as the conversation progresses and the fatigue kicks in.

My voice is more gravelly, sometimes a little slurry. I sometimes stammer or trip over my tongue.

People who have heard my pillow talk the morning after a boozy night out would recognize this voice. Everyone else now gets to hear it without experiencing the horrors of the night before.

But let’s look for some silver linings, shall we?

*

Silver lining number one: my opinions are no longer worthless on social media.

A week ago I was just a straight white able-bodied cis male, and therefore of no value whatsoever. Today, I am Disabled, and my point of view matters. I now have a card to play in the identity politics game.

Ricky Gervais better watch his fucking back, and if the next ICANN meeting is anything less than 100% accessible, I may hire a lawyer.

I know, I know, I’m not saying I’m as good as Gay or Black or Trans, but I reckon I’m at least as good as half-Jewish (on my father’s side, maybe?).

Silver lining number two: no more guilt using the disabled toilets.

Silver lining number three: I probably qualify for a Blue Badge, which in the UK gives you priority access to convenient parking.

These things are so coveted that I’m even tempted to buy a car.

Silver lining number four: the stroke seems to have severed the part of my brain that makes me want to drink alcohol. I sincerely hope it lasts, but right now I have no desire to touch a drop of the stuff any more.

I’d go so far as to now say I think I’ve “completed” Alcohol, in much the same way as one completes a video game.

I’ve done all of the side quests, gathered all the collectibles, visited all the secret locations, done all the stranger missions, partaken of all the optional activities, maxed out all my stats, been awarded all the achievements…

I’ve partied. I’ve met interesting people in unusual places. I’ve had one-night stands with 9s and 2s. I’ve danced like nobody was looking, and sang karaoke like nobody was listening. I’ve sent all the embarrassing texts. I’ve hooked up with ambiguously gendered bar girls in Bangkok, been robbed by a hooker in Vegas, begged for coins with a homeless guy in Shoreditch. I even found the secret naked French pool party at the mansion in Vietnam.

I’m now at 99% completion, and taking on the final story mission, but the last big boss battle turns out to be a race with my five-year-old niece to see who can tie their shoelaces the fastest.

I believe there’s some DLC that extends the story, but it’s called “Cirrhosis”, and I don’t like the sound of that.

The fact that I’m now a sober man condemned to live in a body that looks and sounds perpetually drunk is a cosmic irony so on-the-nose that it would make a Greek god blush.

This must be what it’s like to be Scottish.

*

Silver lining number five: I’m told that, with patience and practice, this is fixable. That’s my focus right now.

I honestly don’t know how this is going to affect DI in the coming weeks.

I do know it’s currently less than seven days since a doctor first used the word “stroke” in my presence, and that almost everything I do, even the simple things like typing, is tiring. I had to take a break for a nap three times during the writing of this piece.

I intend to continue to work, just don’t expect to see many long-form analytical or editorial pieces in the near future. If a story is causing me stress, I’ll spike it sooner than risk another health crisis.

I doubt I’ll be booking any speaking engagements any time soon.

I have some other ideas too, but I’ll get to those later.

Thanks for reading.

DropCatch raises antitrust concerns about Donuts’ Dropzone proposal

Kevin Murphy, September 8, 2021, Domain Registrars

TurnCommerce, the company behind DropCatch.com and hundreds of accredited domain name registrars, reckons Donuts’ proposed Dropzone service would be anticompetitive.

Company co-founder Jeff Reberry has written to ICANN to complain that Dropzone would introduce new fees to the dropping domains market, raising the costs involved in the aftermarket.

He also writes that Donuts’ ownership of Name.com, a registrar that DropCatch competes with in the drop market, would have an “unfair competitive advantage” if Dropzone is allowed to go ahead:

Donuts is effectively asking every entity in the ICANN ecosystem to bear the costs of introducing a new service with no benefit outside of a financial benefit to itself, while forcing all registrars to spend more money and resources to register available domain names.

Donuts is proposing Dropzone across its whole portfolio of 200+ gTLDs. It’s a parallel registry infrastructure that would exist just to handle dropping domains in more orderly fashion.

Today, companies such as TurnCommerce own huge collections of shell registrars that are used to ping registries with EPP Create commands around the time valuable domains are going to delete.

Under Dropzone, they’d instead submit create requests with the Dropzone service, and Donuts would give out the rights to register the domains in question on a first-come, first-served basis.

While ICANN had approved a similar request from Afilias before it was acquired by Donuts, the Dropzone proposed by Donuts has one major difference — it proposes a new fee for accessing the system.

No details about this fee have been revealed, which has TurnCommerce nervous.

Donuts is asking for Dropzone via the Registry Services Evaluation Process and ICANN has not yet approved it.

Reberry says ICANN should consult with the relevant governmental competition authorities before it approves the proposal.

You can read Reberry’s letter here (pdf) and our original article about Dropzone here.

Domain industry SHRINKS again… except of course it doesn’t

Kevin Murphy, September 3, 2021, Domain Registries

Verisign has published its latest Domain Name Industry Brief, once again showing growth numbers thrown off wildly by a single factor.

The second quarter closed with 367.3 million registrations across all TLDs, down by 2.8 million over the same point last year, the DNIB states.

But the entirety of that decline can be attributed to a single TLD. It’s Tokelau again!

.tk was down by 2.8 million domains compared to the year-ago quarter also. This decline was first recorded by Verisign in the fourth quarter last year, where it had a similarly depressing effect on the overall picture.

The ccTLD is operated by Dutch company Freenom, which gives away most of its domains for free, often on a monthly basis, and monetizes residual traffic whenever a name expires or is suspended for abuse.

It’s quite possible that most of its names are registry-owned, so it’s in Freenom’s discretion to keep hold of its entire inventory or periodically purge its database, which may be what happened in Q4.

It’s debatable, in other words, whether .tk’s numbers is really any reflection or guide on the rest of the domain name industry. To it’s credit, Verisign breaks out the non-.tk numbers separately.

The DNIB reports a rosier quarterly growth comparison — total internet-wide regs were up by 3.8 million names, or 1.0%.

The company’s own .com did well, growing by 2.4 million names to end June at 157 million. Even .net did better than usual, adding a net of a couple hundred thousand names, to 13.6 million.

All the top 10 ccTLDs were flat sequentially after rounding, with the exception of Brazil’s .br, which was up by 200,000 names.

Total ccTLD regs were 157.7 million, up 1.2 million sequentially but down 2.4 million year-over year. Factoring out .tk, the increases were 1.2 million and 400,000 respectively.

The second quarter of last year was a bit of a boom time for many registries due largely to the lockdown bump, which saw businesses in many countries rush to get online to survive pandemic restrictions.

Tokelau can not be blamed for the whopping 8.8 million decline in new gTLD registrations between the Junes, of course.

About six million of the plummet can be blamed on heavily discounted .icu, which saw its first junk drop begin about a year ago, and another two million seem to be attributable to .top.

Quarterly, the picture was a little brighter — Verisign says new gTLDs were up by under 100,000 compared to Q1 at 22.9 million.

NameSilo says it’s growing too fast to be acquired

Kevin Murphy, August 31, 2021, Domain Registrars

NameSilo Technologies has called off talks to sell its registrar, also called NameSilo, saying the company is growing too fast to exit right now.

The Canadian company grew its domains under management by 578,000 between April 2020 and April this year, when it stood at 3.9 million domains. It says it has since crossed 4.3 million.

The prospective deal, with Dutch acquisition vehicle WGH Holdings was announced last December.

But NameSilo’s CEO Paul Andreola said in a press release:

We believe that the value of Namesilo has grown significantly since the discussions with the prospective buyer began and feel that there is more value to be unlocked over the near to medium term for shareholders.

At the same time, the company reported revenue of $8.4 million for the second quarter, up $900,000 on the same period last year, with adjusted EBITDA of $435,344.

Bookings were up to $9.9 million from $7.6 million.

It was the company’s debt that first spurred acquisition talks. NameSilo says that debt has been reduced from $4.7 million to $3.85 million since March.

More privacy headaches? UK to withdraw from GDPR

Kevin Murphy, August 26, 2021, Domain Policy

The UK is to craft its own privacy legislation, after Brexit enabled it to extricate itself from the EU’s General Data Protection Regulation, potentially causing headaches for domain name companies.

While it’s still in the very early pre-consultation stages, the government announced today that it wants “to make the country’s data regime even more ambitious, pro-growth and innovation-friendly, while still being underpinned by secure and trustworthy privacy standards.”

The country looks to be heading to a new privacy regime that registries and registrars doing business there will have to comply with, particular with regard to Whois services, in other words.

But it might not be too bad — the government is talking up plans to make “data adequacy” deals with third countries to enable the easy, legal transfer of private data across borders, which is always useful in the context of domain names.

While the UK is no longer in the EU, most EU laws including GDPR were grandfathered in and are still in effect.

As Kabul falls, Whois could present a danger to ordinary Afghans

Kevin Murphy, August 19, 2021, Domain Policy

With Afghanistan falling to the Taliban this week, there’s potential danger to .af registrants — both in terms of losing domain services and of Whois being used for possibly deadly reprisals.

At time of writing, it’s been four days since the fall of Kabul. The uneasy truce between NATO and Taliban forces has failed to prevent scenes of chaos at the city’s main airport and the PR machine of so-called “Taliban 2.0” is in full bluster.

The new Taliban is, its spokespeople suggest, more tolerant of western liberal values and more supportive of human rights than its brutal, pre-9/11 incarnation.

Few believe this spin, and there have been multiple reports of 1990s-style oppression, including revenge killings and the suppression of women’s rights, across the country.

With all that in mind, a blog post about .af domain names may seem trivial, but it’s not my intention to trivialize.

I’m as appalled as any right-minded observer by the situation on the ground in Afghanistan and the neglect that led to it. But I believe .af could prove a learning moment in the ongoing conversation about Whois privacy.

The .af ccTLD has been managed since not long after the US-led invasion by the country’s Ministry of Communications and IT as the Afghanistan Network Information Center.

The registry had previously been managed for free from London by NetNames, with an admin contact in Kabul, according to the report of the 2003 IANA redelegation, which happened at a time when Afghanistan was still under a transitional government heavily overseen by the foreign governments behind the invasion.

Domain policy for .af was created in 2002, and it includes provisions for an open, freely available Whois database that is still in effect today.

Domains registered via overseas registrars appear to be benefiting from the impact of the EU’s General Data Protection Regulation, which redacts personal information, but this obviously does not apply in Afghanistan.

This means the names, addresses, phone numbers and email addresses of .af registrants are available for querying via various Whois interfaces, including the registry’s own, which is managed by New Zealand-based back-end CoCCA.

Using a combination of web searches and Whois queries, it is possible to find personally identifiable information of registrants, including names and addresses, at local human rights groups, as well as local news media and technology providers supportive of human rights causes.

If the reports of Taliban fighters conducting house-to-house searches for enemies of the new state are accurate, the easy availability of this personal data could be a serious problem.

To a great extent, this could be a case study in what privacy advocates within the ICANN community are always warning about — public access to Whois data gives oppressive regimes a tool to target their oppression.

And as we have seen this week, oppressive regimes can appear almost literally overnight.

While it seems unlikely there’s anyone from the old Afghan ministry still in control of the registry, I think .af back-end provider CoCCA, as well as Whois aggregators such as DomainTools, should have a long think about whether it’s a good idea to continue to provide open access to .af Whois records at this time.

Fortunately, there doesn’t appear to be a great many .af domains under management. DomainTools reckons it’s under 7,000.

At the other end of the scale of seriousness, overseas .af registrants may also see issues with their names due to the Taliban takeover.

It seems incredible today, but in 2001 a Taliban decree restricted internet access to a single computer at a government ministry. Others in government could apply to use this computer by sending a fax to the relevant minister.

While it seems impossible that such a Draconian restriction could be reintroduced today, it still seems likely that the Taliban will crack down on internet usage to an extent, including introducing morality or residency restrictions to .af regs.

.af is currently open to registrants from anywhere in the world, with no complex restrictions and .com-competitive prices.

Many multinational corporations have registered .af names for their local presence.

The string “af” has in recent years become social media shorthand for “as fuck”, and a small number overseas registrants appear to be using it as a domain hack in that context — type “corrupt.af” into your browser and see what happens.

Others seem to be using .af, where short domains are still available, as shortcuts to their social media profiles.

I don’t believe ICANN will need to get directly involved in this situation. Its Whois query tool does not support .af, and IANA presumably won’t need to get involved in terms of redelegation any more than it would following a general election or a coup d’état.