Recent Posts
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
ICM gives away .xxx domains to porn stars (video)
It seems that pretty much every time I’ve written about .xxx over the last five or six years the article has been mentioned, or focussed on, how the porn business hates it.
For a change, here’s a shameless propaganda video (possibly NSFW) that ICM Registry produced during a recent, evidently quite boozy, party at Platinum Lace, a strip joint in London.
Context: ICM was sponsoring the party.
The people heard supporting .xxx are either porn actresses who’ve just been given their .xxx domains, employees of the Paul Raymond stable of top-shelf men’s magazines, or domain registrars.
One of the interviewers is “Mario”, a Z-lister known for being annoying on the TV show Big Brother last year. I figured his 15 minutes were already up, but I guess not.
The other is ICM’s sales director Vaughn Liley. He’s the one who starts interviews with the question “So, do you think .xxx will be good for the industry, or great?”
Watch out, David Frost.
Also seen posing, though not speaking, is Ben Dover, pretty much the only mainstream-famous porn video producer ever to come out of the UK.
Bit-squatting – the latest risk to domain name owners
Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.
This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.
Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.
According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.
Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.
To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.
The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.
The binary for the string “microsoft” is:
011011010110100101100011011100100110111101110011011011110110011001110100
and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):
011011010110100101100011001100100110111101110011011011110110011001110100
Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.
I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.
But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:
To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.
…
I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.
His conference presentations will also discuss possible hardware and software solutions.
For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.
I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.
The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.
Kaminsky is not discussing DNS this year, judging by the agendas.
The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.
Final gTLD Applicant Guidebook expected this week
It’s been over a month since ICANN approved its new top-level domains program, but we still don’t have a final-final version of the Applicant Guidebook.
The resolution approving the program ICANN passed in Singapore called for a number of amendments to be made to the 352-page tome.
The current draft was published May 30, and so far ICANN has not said when the next version – likely to be the version used in the first round of applications – will be released.
I inquired, and now word has come from on high that ICANN’s new gTLD team hopes to have the English version of the new Guidebook published by the end of July – this coming weekend.
The Singapore resolution called for changes to the government Early Warning and Advice processes, added protection for Olympic and Red Cross trademarks, and a modification of the Uniform Rapid Suspension cybersquatting policy.
One has to wonder if the changes outlined in the resolution are the only changes that we’ll see – a month seems like a long time to make just a few fairly minor edits.
The resolution said the board “authorizes staff to make further updates and changes to the Applicant Guidebook as necessary and appropriate”.
The first round of new gTLD applications is set to open January 12.
Could .om become the next typo TLD?
Will Oman’s .om domain follow in the footsteps of .co? Or .cm? Or neither?
The country-code top-level domain is set to be transferred to a new manager following an ICANN vote this coming Thursday.
The redelegation is one item on a unusually light agenda for the board’s July 28 telephone meeting. It’s on the consent agenda, so it will likely be rubber-stamped without discussion.
The domain is currently assigned to Oman Telecommunications Company, but the new owner is expected to be the national Telecommunications Regulatory Authority or an affiliated entity.
The Omani TRA was given authority over the nation’s domain names by Royal Decree in 2002.
It has already successfully had the Arabic-script ccTLD .عمان approved by ICANN for use as an internationalized domain name, but the IDN has not yet been delegated.
AusRegistry International this March won a $1.3 million contract with the TRA to provide software and services for the .om and .عمان registries.
At the time, the TRA said it planned to market both Latin and Arabic extensions to increase the number of domain registrations.
The .om ccTLD is of course a .com typo, like .co and .cm, but squatting is not currently possible due to its strict registration policies.
Only Omani entities may register .om domains today, and only third-level domains (such as example.com.om and example.net.om) may be registered. Domains may not be resold.
I have no particular reason to believe this situation will change under new stewardship, but it will certainly be worth keeping an eye on the TLD for possible policy changes.
When Cameroon’s .cm opened up, it implemented a widely vilified blanket wildcard in an attempt to profit from .com typos.
Colombia’s .co of course took the responsible route, disowning wildcards and embracing strong anti-squatting measures, even if its mere existence was still a headache for some trademark owners.
ICANN fights government gTLD power grab
ICANN has opposed a US move to grant governments veto power over controversial new top-level domain applications.
Cutting to the very heart of Obama administration internet governance policy, ICANN has told the National Telecommunications and Information Administration that its recent proposals would “undermine the very principle of the multi-stakeholder model”.
The stern words came in ICANN’s response to the NTIA’s publication of revisions to the IANA contract, the contract that allows ICANN to retain its powers over the domain name system root.
The NTIA’s Further Notice Of Inquiry contained proposed amendments to the contract, including this:
For delegation requests for new generic TLDS (gTLDs), the Contractor [ICANN] shall include documentation to demonstrate how the proposed string has received consensus support from relevant stakeholders and is supported by the global public interest.
This was widely interpreted as a US attempt to avoid a repeat of the .xxx scandal, when ICANN approved the porn gTLD despite the unease voiced by its Governmental Advisory Committee.
As I noted in June, it sounds a lot like code for “if the GAC objects, you must reject”, which runs the risk of granting veto powers to the GAC’s already opaque consensus-making process.
In his response to the FNOI (pdf), ICANN chief Rod Beckstrom says that the NTIA’s proposal would “replace” the “intensive multi-stakeholder deliberation” that created the newly approved Applicant Guidebook.
He also pointed out the logical inconsistency of asking IANA to remain policy-neutral in one part of the proposed contract, and asking it to make serious policy decisions in another:
The IANA functions contract should not be used to rewrite the policy and implementation process adopted through the bottom-up decision-making process. Not only would this undermine the very principle of the multi-stakeholder model, it would be inconsistent with the objective of more clearly distinguishing policy development from operational implementation by the IANA functions operator.
NTIA head Larry Strickling has been pounding the “multistakeholderism” drum loudly of late, most recently in a speech in Washington and in an interview with Kieren McCarthy of .nxt.
In the .nxt interview, Strickling was quite clear that he believes ICANN should give extra authority to governments when it comes to approving controversial strings.
The NTIA concern – shared by other government entities including the European Commission – is that controversial strings could lead to national blocking and potentially internet fragmentation.
While Strickling declined to comment on the specific provisions of the IANA contract, he did tell .nxt:
If the GAC as a consensus view can’t support a string then my view is that the ICANN Board should not approve the string as to do so in effect legitimizes or sanctions that governments should be blocking at the root zone level. And I think that is bad for the Internet.
Where you’re dealing with sensitive strings, where you’ve engaged the sovereignty of nations, I think it is appropriate to tip the hat a little bit more to governments and listen to what they say. On technical issues it wouldn’t be appropriate but on this particular one, you’ve got to listen a little bit more to governments.
He also indicated that the US would not necessarily stand up for its principles if confronted by substantial objections to a string from other governments:
So we would be influenced – I can’t say it would be dispositive – if a large number of countries have a problem with a particular string, even if it was one that might not be objectionable to the United States government.
And that is out of interest of protecting the Internet’s root from widespread blocking at the top-level by lots of governments.
Does this mean that the US could agree to a consensus GAC objection to a .gay gTLD? A .porn? A .freespeech? It certainly sounds like it.
Olympics make more new gTLD demands
The International Olympic Committee, fresh from its big win at ICANN Singapore, is pushing for more special protections in the new top-level domains program.
ICANN only approved the new gTLD program last month with the proviso that Olympic and Red Cross strings – .redcross and .olympic for example – would be banned as gTLDs in the first round.
The decision was a pretty obvious piece of political bone-throwing to the Governmental Advisory Committee, which had backed the IOC’s cause.
Now the IOC wants to ensure ICANN will ban .olympic and .olympiad in eight additional languages, including four non-Latin scripts, as well as “confusingly similar” strings such as .olympics.
I expect ICANN will probably grant this concession, even though the idea that somebody other than the IOC could successfully apply for .olympics under existing rules has always been ludicrous.
The IOC has probably already spent just as much money lobbying for these changes as it would have cost to file a slam-dunk legal rights objection, as already allowed by the Guidebook.
And that would only have been necessary, of course, in the vanishingly improbable scenario where somebody was stupid enough to pay $185,000 to apply for .olympics in the first place.
But the IOC now also wants all of its brands banned at the second level in all new gTLDs. This seems like a bigger ask, given that ICANN resolved to protect the Olympic marks “for the top level only”.
In a July 1 letter to ICANN (pdf), published today, an IOC lawyer includes suggested text for the Applicant Guidebook, to be included in the default registry agreement, stating:
In recognition of legislative and treaty protection for the Olympic designations, the labels “OLYMPIC” and “OLYMPIAD” shall be initially reserved at the second level. The reservation of an Olympic designation label string shall be released to the extent Registry Operator reaches agreement with the International Olympic Committee.
This would give the Olympic brand as much protection as country names at the second level.
The problem with this, of course, is that it sets the precedent for a specially protected marks list, which ICANN has resisted and which the GAC specifically has not asked for.
It’s a problem ICANN has arguably brought on itself, of course, given that it already specially protects “icann”, “iana” and a number of other strings on spurious technical stability grounds.
Lego overtakes Microsoft in cybersquatting cases
Lego has now filed more complaints against cybersquatters than Microsoft.
The maker of the popular building block toys has filed 236 cases using the Uniform Dispute Resolution Policy since 2006, the vast majority of them since July 2009.
That’s one more than Microsoft, about 50 more than Google and twice as many as Viagra maker Pfizer.
Lego has been particularly aggressive recently. As I’ve previously blogged, Lego lately files a UDRP complaint on average every three days.
The company is usually represented in these cases by Melbourne IT Digital Brand Services, the online trademark enforcement arm of the Aussie registrar.
The 236 cases equates to over $350,000 in WIPO fees alone. I’d be surprised if Lego has spent less than $1 million on UDRP cases over the last few years.
Lego has annual revenue of about $1.8 billion.
It has never lost a case. The company either wins the dispute, or the complaint is terminated before a finding is made.
It’s picked up some oddities along the way, notably including legogiraffepenis.com and legoporn.com.
Yet Lego does not appear to have the most UDRP cases under its belt. I believe that honor may go to AOL, which has filed at least 277 cases over the last decade.
If 41% of .co is parked, how many domains will expire today?
Today is the one-year anniversary of the .co top-level domain entering general availability.
As you may recall, .co got off to a flying start, selling about 100,000 names in its first half hour and over 200,000 registrations during its first day.
The question is: how many of those domains will start expiring today and drop over the next few months?
A recent HosterStats survey, from June 1, apparently found that approximately 41% of the 593,622 .co domains it was able to detect were presumed parked.
The survey was not exhaustive, as .CO Internet reports over one million registered .co domains today, and HosterStats acknowledged that its breakdown may differ from the actual numbers.
Still, the data suggests that .co is likely just as heavily speculated as other TLDs, and that some short-term speculators will let their domains expire over the coming days and weeks.
HosterStats’ John McCormac wrote in a comment on an earlier DI post:
What typically happens just after a Landrush anniversary is that the percentage of PPC in a new TLD falls as many speculative domains that could not be flipped or monetised are dropped. The developed websites percentage increases but getting development started in a new TLD is a slow process and takes a few years.
Of course, .CO Internet is all about encouraging development. It has pumped millions into marketing the TLD as somewhere for entrepreneurs to get a good name for their sites.
But with a substantial base of speculative registrations, it seems inevitable that .CO is going to take a hit today, as the first-wave land-grab begins to die out.
I’m not sure whether this will massively impact the number of domains .CO Internet reports, however.
My estimate is that .co currently stands at over 1.1 million domains. It grew from around 600,000 in late December to one million in May, according to registry publicity.
Even if it starts to lose tens of thousands of speculative domains this week, I don’t think .CO will have to stop saying it has more than a million registrations any time soon.
The company does not publish its exact numbers. Chief executive Juan Calle has stated that he thinks registration volume is a poor metric for judging the “success” of a TLD.
UPDATE: The original version of this article stupidly used the word “drop” quite a lot, when “expire” was the more correct word.
Go Daddy and Joan Rivers win .CO awards
The .co registry .CO Internet has announced the winners of its inaugural Bulby Awards, given out to the best .co sites.
Key registrar partner Go Daddy won an award (for x.co), as did the companies’ joint Super Bowl spokesmodel Joan Rivers (for joan.co).
Go Daddy’s Bulby was for the Best Use Of A Single Letter Domain. It beat Twitter (t.co) and Overstock (o.co). Rivers beat the singer Charlotte Church for Best Personal Site.
Sociable.co beat domain blogger Elliot Silver (bahamas.co) to the Best Content award.
The winners were tallied up from votes submitted online, .CO said. The results can be found here.
Afilias does something similar for .info domains every year, but its awards have cash prizes.
CNN asks: Will .xxx domains cost $185,000?
If you’ve ever doubted what a rarefied world we work in, check out this new CNN interview with ICM Registry, which confusingly conflates .xxx with ICANN’s new top-level domains program.
Anchor Pauline Chiou uses the approval of new gTLD program as a segue into a brief interview with ICM president Stuart Lawley about the forthcoming .xxx sunrise period.
“If they want to apply for this one-time block do they have to pay this $185,000?” she asks
She goes on to press Lawley into launching a defense of ICANN’s program that I doubt he was expecting.
You’ll notice that Chiou also refers to ICANN as the “Internet Corporation for Assigned Names” and flatteringly describes it as “the group that oversees the development of the internet”.
For a casual viewer, it would be fairly easy to come away from this interview assuming Lawley works for ICANN, and that .xxx domains could cost $185,000.
Recent Comments