Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Court denies .sucks trademark bid
Vox Populi Registry has lost its ballsy bid to have its .sucks brand trademarked in the US.
The US Court of Appeals for the Federal Circuit yesterday denied Vox’s latest appeal in its fight with the Patent and Trademark Office, which had rejected two .sucks trademark applications in 2018.
Vox had tried to register the string .sucks itself and also its stylized logo, in which “.SUCKS” appears pixelated. Both were rejected, but the registry appealed on the logo application.
It’s one of a great many trademark attempts by actual and wannabe gTLD registries to be rejected by the USPTO, which usually finds that the marks do not act as “source identifiers”.
The court instead found that people and companies, including registrars, “use .SUCKS to refer to a product being sold to the public rather than as an identifier for Vox’s services”.
In this case, Vox tried to show that it had crossed the line into service mark partly on the basis that its two leading registrars filed declarations swearing it is a distinctive service mark.
Showing that Vox’s chutzpah knows no depths, one of those registrars was its own sister company, Rebel, which is also owned by Momentous. The other was Uniregistrar, years prior to its acquisition by GoDaddy.
But the USPTO wasn’t buying it, and the Federal court agreed with its analysis.
The court also agreed that the stylized .sucks logo was not distinctive enough — too “ordinary” — to allow it to be trademarked.
The case has a layer of irony as .sucks’s biggest customer is a serial cybersquatter that some UDRP panels have speculated is connected to the registry itself.
Read the decision (pdf) here.
ICANN hasn’t implemented a policy since 2016
It’s been over five years since ICANN last implemented a policy, and many of its ongoing projects are in limbo.
Beggars belief, doesn’t it?
The ongoing delays to new gTLD program policy and the push-back from ICANN on Whois policy recently got me thinking: when was the last time ICANN actually did anything in the policy arena apart from contemplate its own navel?
The Org’s raison d’être, or at least one of them, is to help the internet community build consensus policies about domain names and then implement them, but it turns out the last time it actually did that was in December 2016.
And the implementation projects that have come about since then are almost all frozen in states of uncertainty.
ICANN policies covering gTLD domains are usually initiated by the Generic Names Supporting Organizations. Sometimes, the ICANN board of directors asks the GNSO Council for a policy, but generally it’s a bottom-up, grass-roots process.
The GNSO Council kicks it off by starting a Policy Development Process, managed by working group stocked with volunteers from different and often divergent special interest groups.
After a few years of meetings and mailing list conversations, the working group produces a Final Report, which is submitted to the Council, and then the ICANN board, for approval. There may be one or more public comment periods along the way.
After the board gives the nod, the work is handed over to an Implementation Review Team, made up of ICANN staff and working group volunteers, which converts the policy into implementation, such as enforceable contract language.
The last time an IRT actually led to a GNSO policy coming into force, was on December 1, 2016. Two GNSO consensus policies became active that day, their IRTs having concluded earlier that year.
One was the Thick WHOIS Transition Policy, which was to force the .com, .net and .jobs registries to transition to a “thick” Whois model by February 2019.
This policy was never actually enforced, and may never be. The General Data Protection Regulation emerged, raising complex privacy questions, and the transition to thick Whois never happened. Verisign requested and obtain multiple deferrals and the board formally put the policy on hold in November 2019.
The other IRT to conclude that day was the Inter-Registrar Transfer Policy Part D, which tweaked the longstanding Transfer Dispute Resolution Policy and IRTP to streamline domain transfers.
That was the last time ICANN actually did anything in terms of enforceable, community-driven gTLD policy.
You may be thinking “So what? If the domain industry is ticking over nicely, who cares whether ICANN is making new policies or not?”, which would be a fair point.
But the ICANN community hasn’t stopped trying to make policy, its work just never seems to make the transition from recommendation to reality.
According to reports compiled by ICANN staff, there are 12 currently active PDP projects. Three are in the working group stage, five are awaiting board attention, one has just this month been approved by the board, and three are in the IRT phase.
Of the five PDPs awaiting board action, the average time these projects have been underway, counted since the start of the GNSO working group, is over 1,640 days (median: 2,191 days). That’s about four and a half years.
Counting since final policy approval by the GNSO Council, these five projects have been waiting an average of 825 days (median: 494 days) for final board action.
Of the five, two are considered “on hold”, meaning no board action is in sight. Two others are on a “revised schedule”. The one project considered “on schedule” was submitted to the board barely a month ago.
The three active projects that have made it past the board, as far as the IRT phase, have been there for an average of 1,770 days (median: 2,001 days), or almost five years, counted from the date of ICANN board approval.
So why the delays?
Five of the nine GNSO-completed PDPs, including all three at the IRT stage, relate to Whois policy, which was thrown into confusion by the introduction of the European Union’s introduction of the GDPR legislation in May 2018.
Two of them pre-date the introduction of GDPR in May 2018, and have been frozen by ICANN staff as a result of it, while three others came out of the Whois EPDP that was specifically designed to bring ICANN policy into line with GDPR.
All five appear to be intertwined and dependent on the outcome of the ICANN board’s consideration of the EPDP recommendations and the subsequent Operational Design Assessment.
As we’ve been reporting, these recommendations could take until 2028 to implement, by which time they’ll likely be obsolete, if indeed they get approved at all.
Unrelated to Whois, two PDPs relate to the protection of the names and acronyms of international governmental and non-governmental organizations (IGOs/INGOs).
Despite being almost 10 years old, these projects are on-hold because they ran into resistance from the Governmental Advisory Committee and ICANN board. A separate PDP has been created to try to untangle the problem that hopes to provide its final report to the board in June.
Finally, there’s the New gTLD Subsequent Procedures PDP, which is in its Operational Design Phase and is expected to come before the board early next year, some 2,500 days (almost seven years) after the PDP was initiated.
I’m not sure what conclusions to draw from all this, other than that ICANN has turned into a convoluted mess of bureaucracy and I thoroughly understand why some community volunteers believe their patience is being tested.
Satirists register Joe Rogan domain to promote Covid vaccines
An Australian comedy troupe has registered podcaster Joe Rogan’s name as a domain as part of an anti-anti-vaccine prank.
The Chaser, which has published satire across print, radio, TV and the web for the last 20 years, picked up joerogan.com.au a few days ago and redirected it to the Aussie government’s vaccine-booking web site.
The domain was publicized in the latest edition of The Chaser’s podcast, which was rebranded “The Joe Rogan Experience” and spent most of its 20-minute runtime skewering the US comedian and martial arts commentator.
Rogan has attracted negative attention in the last week or so for his skeptical comments about Covid-19 vaccines on his podcast, which is the most-listened podcast on Spotify, the platform with which he has an exclusive $100 million distribution deal.
Musicians Neil Young and Joni Mitchell have pulled their work from Spotify in protest at Rogan’s words, which they said were dangerous.
Rogan has since tried to clarify his comments and editorial policy, and Spotify has said it will start to provide links to reliable Covid-19 information alongside podcasts that address the topic.
Do young people know how to use domain names?
If you’re reading this blog, chances are you’re a fan of domain names. Prepare to be irritated by this TikTok “influencer”.
@timotechanut Hire a freelancer for any task #fiverr #freelance
If the video isn’t embedded properly, it’s probably because your browser is blocking third-party cookies from tiktok.com.
It’s part of a long series in which a guy called Timoté Chanut tips off his bewilderingly large audience about useful web sites, largely fun-looking content creation tools.
What’s baffling about these videos is how he teaches his viewer to navigate to the web site in question.
“If you search fiverr.com and click the first link, you can find a freelancer to do just about anything,” he says in the above video.
He demonstrates this by typing the domain name of the web site, in this case fiverr.com, into the Google search bar on the Chrome home page, then clicking the top link in the search results page, which in this case is a Google ad paid for by Fiverr.
Chanut’s TikTok feed is filled with examples of this bizarre navigation technique.
An encouragingly large number of web sites he promotes via his videos are built on new gTLDs such as .earth, .space and .online, or repurposed ccTLDs such as .co, .ai and io. There’s no .com bias here.
But this method of using domain names sure is a head-scratcher.
Is this how kids are using the internet nowadays? Do they not understand how a browser address bar works? Do they not realize that you can just type the goddamn domain into the browser and go right where you want to go, without feeding the Google beast?
Lest you think I’m randomly picking on some 20-year-old French kid, I’ll point out that Chanut has 2.3 million followers on TikTok and runs his own social media consultancy. He’s an “influencer”.
I’ll give him the benefit of the doubt and assume Chanut does know what domain names are and how to use them. Does this imply that he assumes his audience of TikTok-using youngsters do not?
I’ve been asked for over a decade whether domain names are becoming less relevant as apps and search become more popular, and my stock response is to explain that domains are not just about navigation, they’re about identity.
There can be little doubt the navigation component is less relevant than it used to be, but I had no idea it had got so bad.
“GDPR is not my fault!” — ICANN fears reputational damage from Whois reform
Damned if we do, damned if we don’t.
That seems to an uncomfortable message emerging from ICANN’s ongoing discussions about SSAD, the proposed Standardized System for Access and Disclosure, which promises to bring some costly and potentially useless reform to the global Whois system.
ICANN’s board of directors and the GNSO Council met via Zoom last night to share their initial reactions to the ICANN staff’s SSAD Operational Design Assessment, which had been published just 48 hours earlier.
I think it’s fair to say that while there’s still some community enthusiasm for getting SSAD done in one form or another, there’s much more skepticism, accompanied by a fear that the whole sorry mess is going to make ICANN and its vaunted multistakeholder model look bad/worse.
Some say that implementing SSAD, which could take six more years and cost tens of millions of dollars, would harm ICANN’s reputation if, as seems quite possible, hardly anyone ends up using it. Others say the risk comes from pissing away years of building community consensus on a set of policy recommendations that ultimately don’t get implemented.
GNSO councillor Thomas Rickert said during yesterday’s conference call:
One risk at this stage that I think we need to discuss is the risk to the credibility of the functionality of the multi-stakeholder model. Because if we give up on the SSAD too soon, if we don’t come up with a way forward on how to operationalize it, then we will be seen as an organization that takes a few years to come up with policy recommendations that never get operationalized and that will certainly play into the hands of those who applaud the European Commission for coming up with ideas in NIS2, because obviously they see that the legislative process at the European and then at the national state level is still faster than ICANN coming up with policies.
NIS2 is a formative EU Directive that is likely to shake up the privacy-related legal landscape yet again, almost certainly before ICANN’s contractors even type the first line of SSAD code.
While agreeing with Rickert’s concerns, director Becky Burr put forward the opposing view:
The flip side of that is that we build it, we don’t have the volume to support it at a reasonable cost basis and it does not change the outcome of a request for access to the Whois data… We build it, with all its complexity and glory, no one uses it, no one’s happy with it and that puts pressure on the multi-stakeholder model. I’m not saying where I come out on this, but I feel very torn about both of those problems.
The ODA estimates the cost of building SSAD at up to $27 million, with the system not going live until 2027 or 2028. Ongoing annual operating costs, funded by fees collected from the people requesting private Whois data, could range from $14 million to $107 million, depending on how many people use it and how frequently.
These calculations are based on an estimated user base of 25,000 and three million, with annual queries of 100,000 and 12 million. The less use the system gets, the higher the per-query cost.
But some think the low end of these assumptions may still be too high, and that ultimately usage would be low enough to make the query fees so high that users will abandon the system.
Councillor Kurt Pritz said:
I think there’s a material risk that the costs are going to be substantially greater than what’s forecast and the payback and uptake is going to be substantially lower… I think there’s reputational risk to ICANN. We could build this very expensive tool and have little or no uptake, or we could build a tool that becomes obsolete before it becomes operational.
The low-end estimates of 25,000 users asking for 100,000 records may be “overly optimistic”, Pritz said, given that only 1,500 people are currently asking registrars for unredacted Whois records. Similarly, there are only 25,000 requests per year right now, some way off the 100,000 low-end ODA assumption, he said.
If SSAD doesn’t even hit its low-end usage targets, the fee for a single Whois query could be even larger than the $40 high-end ODA prediction, creating a vicious cycle in which usage drops further, further increasing fees.
SSAD doesn’t guarantee people requesting Whois data actually get it, and bypassing SSAD entirely and requesting private data directly from a registrar would still be an option.
There seems to be a consensus now that GDPR always requires registries and registrars to ultimately make the decision as to whether to release private data, and there’s nothing ICANN can do about it, whether with SSAD or anything else.
CEO Göran Marby jokingly said he’s thinking about getting a T-shirt printed that says “GDPR was not my fault”.
“The consequences of GDPR on the whole system is not something that ICANN can fix, that’s something for the legislative, European Commission and other ones to fix,” he said. “We can’t fix the law.”
One idea to rescue SSAD, which has been floated before and was raised again last night, is to cut away the accreditation component of the system, which Marby reckons accounts for about two thirds of the costs, and basically turn SSAD into a simplified, centralized “ticketing system” (ironically, that’s the term already used derisively to describe it) for handling data requests.
But the opposing view — that the accreditation component is actually the most important part of bringing Whois into GDPR compliance — was also put forward.
Last night’s Zoom call barely moved the conversation forward, perhaps not surprisingly given the limited amount of time both sides had to digest the ODA, but it seems there may be future conversations along the same lines.
ICANN’s board, which was in “listening mode” and therefore pretty quiet last night, is due to consider the SSAD recommendations, in light of the ODA, at some point in February.
I would be absolutely flabberghasted if they were approved in full. I think it’s far more likely that the policy will be thrown back to the GNSO for additional work to make it more palatable.
Cahn says .hiphop premiums could show up at auction next month
“Premium” .hiphop domains could show up at auction next month, according to RightOfTheDot.
The company is planning a “digital asset auction” for February 24 and boss Monte Cahn said in a press release “you may also see some .hiphop premium reserve names as well as some other premium TLDs.”
Cahn is a partner in Dot Hip Hop, along with JJN Consulting and DigitalAMN, the new company currently battling ICANN bureaucracy for the right to have UNR’s .hiphop registry contract reassigned.
Along with 22 other UNR buyers, DHH is waiting for ICANN approval of its purchase. ICANN is wary and/or confused by UNR’s representations about matching blockchain alt-root TLDs that accompanied the sales.
The company plans to lower the cost of .hiphop names to bring them to a wider audience.
DHH filed a Request for Reconsideration with ICANN recently, to speed up a process that has so far taken almost six months, but withdrew it when it became clear it had merely triggered another time-consuming bureaucratic process.
ROTD was formed to coordinate gTLD auctions, but is perhaps better known nowadays for selling left-of-the-dot domains, such as at its annual NamesCon conference live auctions.
The company is currently seeking lots for its February 24 auction, including high-value domains and NFTs. The deadline for submissions is February 17.
No SSAD before 2028? ICANN publishes its brutal review of Whois policy
Emergency measures introduced by ICANN to reform Whois in light of new privacy laws could wind up taking a full decade, or even longer, to bear dead-on-the-vine fruit.
That’s arguably the humiliating key takeaway from ICANN’s review of community-created policy recommendations to create a Standardized System for Access and Disclosure (SSAD), published this evening.
The Org has released its Operational Design Assessment (pdf) of SSAD, the first-ever ODA, almost nine months after the Operational Design Phase was launched last April.
It’s a 122-page document, about half of which is appendices, that goes into some detail about how SSAD and its myriad components would be built and by whom, how long it would take and how much it would cost.
It’s going to take a while for the community (and me) to digest, and while it generally veers away from editorializing it does gift opponents of SSAD (which may include ICANN itself) with plenty of ammunition, in the form of enumerated risk factors and generally impenetrable descriptions of complex systems, to strangle the project in the crib.
Today I’m just going to look at the timing.
Regular DI readers will find little to surprise them among the headline cost and timeline predictions — they’ve been heavily teased by ICANN in webinars for over a month — but the ODA goes into a much more detailed breakdown.
SSAD, ICANN predicts, could cost as much as $27 million to build and over $100 million a year to operate, depending on adoption, the ODA says. We knew this already.
But the ODA contains a more detailed breakdown of the timeline to launch, and it reveals that SSAD, at the most-optimistic projections, would be unlikely to see the light of day until 2028.
That’s a decade after the European Union introduced the GDPR privacy law in May 2018.
Simply stated, the GDPR told registries and registrars that the days of unfettered access to Whois records was over — the records contain personal information that should be treated with respect. Abusers could be fined big.
ICANN had been taken off-guard by the law. GDPR wasn’t really designed for Whois and ICANN had not been consulted during its drafting. The Org started to plan for its impact on Whois barely a year before it became effective.
It used the unprecedented top-down emergency measure of the Temporary Specification to force contracted parties to start to redact Whois data, and the GNSO Council approved an equally unprecedented Expedited Policy Development Process, so the community could create some bottom-up policy.
The EPDP was essentially tasked with creating a way for the people who found Old Whois made their jobs easier, such as intellectual property lawyers and the police, to request access to the now-private personal data.
It came up with SSAD, which would be a system where approved, accredited users could funnel their data requests through a centralized gateway and have some measure of assurance that they would at least be looked at in a standardized way.
But, considering the fact that they would not be guaranteed to have their requests approved, the system would be wildly complex, potentially very expensive, and easily circumvented, the ODP found.
It’s so complex that ICANN reckons it will take between 31.5 and 42 months for an outsourced vendor to build, and that’s after the Org has spent two years on its Implementation Review Team activities.
That’s up to almost six years from the moment ICANN’s board of directors approves the GNSO’s SSAD recommendations. That could come as early as next month (but as I reported earlier today, that seems increasingly unlikely).
The ODA points out that this timetable could be extended due to factors such as new legislation being introduced around the world that would affect the underlying privacy assumptions with which SSAD was conceived.
And this is an “expedited” process, remember?
Ten years ago, under different management and a different set of bylaws, ICANN published some research into the average duration of a Policy Development Process.
The average PDP took 620 days back then, from the GNSO Council kicking off the process to the ICANN board voting to approve or reject the policy. I compared it to an elephant pregnancy, the longest gestation period of all the mammals, to emphasize how slow ICANN had become.
Slow-forward to today, when the “expedited” PDP leading to SSAD has so far lasted 1,059 days, if we’re counting from when Phase 2 began in March 2019. It’s taken 1,287 days if we’re being less generous and counting from the original EPDP kicking off.
Nelly could have squeezed out two ankle-nibblers in that time. Two little elephants, one of which would most assuredly be white.
ICANN board not happy with $100 million Whois reform proposals
ICANN’s board of directors has given its clearest indication yet that it’s likely to shoot down community proposals for a new system for handling requests for private Whois data.
Referring to the proposed System for Standardized Access and Disclosure, ICANN chair Maarten Botterman said “the Board has indicated it may not be able to support the SSAD recommendations as a whole”.
In a letter (pdf) to the GNSO Council last night, Botterman wrote:
the complexity and resources required to implement all or some of the recommendations may outweigh the benefits of an SSAD, and thus may not be in the best interests of ICANN nor the ICANN community.
The SSAD would be a centralized way for accredited users such as trademark lawyers, security researchers and law enforcement officers to request access to Whois data that is currently redacted due to privacy laws such as GDRP.
The system was the key recommendation of a GNSO Expedited Policy Development Process working group, but an ICANN staff analysis last year, the Operational Design Phase, concluded that it could be incredibly expensive to build and operate while not providing the functionality the trademark lawyers et al require of it.
ICANN was unable to predict with any accuracy how many people would likely use SSAD. It will this week present its final ODP findings, estimating running costs of between $14 million and $107 million per year and a user base of 25,000 to three million.
At the same time, ICANN has pointed out that its own policies cannot overrule GDPR. Registries and registrars still would bear the legal responsibility to decide whether to supply private data to requestors, and requestors could go to them directly to bypass the cost of SSAD altogether. Botterman wrote:
This significant investment in time and resources would not fundamentally change what many in the community see as the underlying problem with the current process for requesting non-public gTLD registration data: There is no guarantee that SSAD users would receive the registration data they request via this system.
ICANN management and board seem to be teasing the GNSO towards revising and scaling back its recommendations to make SSAD simpler and less costly, perhaps by eliminating some of its more expensive elements.
This moves ICANN into the perennially tricky territory of opening itself up to allegations of top-down policy-making.
Botterman wrote:
Previously, the Board highlighted its perspective on the importance of a single, unified model to ensure a common framework for requesting non-public gTLD registration data. However, in light of what we’ve learned to date from the ODP, the Board has indicated it may not be able to support the SSAD recommendations as a whole as envisioned by the EPDP. The Board is eager to discuss next steps with the Council, as well as possible alternatives to design a system that meets the benefits envisioned by the EPDP
The board wants to know whether the GNSO Council shares its concerns. The two parties will meet via teleconference on Thursday to discuss the matter. The ODP’s final report may be published before then.
Over 6,000 Brexit domains snapped up after mass delete
EURid saw about 6,000 .eu domain names that formerly belonged to Brits re-registered in the first day after a mass delete at the start of the month.
“Around 6000 Brexit-related domain names were re-registered during the first day, and around 6500 as of today,” a registry spokesperson said.
EURid had released around 48,000 domains in batches on January 3, so the portion of domains considered valuable enough to snap up was about 13.5%.
The domains had belonged to UK citizens who no longer qualify for .eu after Brexit came into effect a year ago.
Registrants had been given many chances to retain their names by transferring them to an entity in the remaining EU and EEA states, or to an EU/EEA citizen residing in the UK.
There were almost 300,000 .eu domains registered in the UK at the time of the Brexit referendum in 2016.
Verisign saw MASSIVE query spike during Facebook outage
Verisign’s .com and .net name servers saw a huge spike in queries when Facebook went offline for hours last October, Verisign said this week.
Queries for facebook.com, instagram.com, and whatsapp.net peaked at over 900,000 per second during the outage, up from a normal rate of 7,000 per second, a more than 100x increase, the company said in a blog post.
The widely publicized Facebook outage was caused by its IP addresses, including the IP addresses of its DNS servers, being accidentally withdrawn from routing tables. At first it looked to outside observers like a DNS failure.
When computers worldwide failed to find Facebook on their recursive name servers, they went up the hierarchy to Verisign’s .com and .net servers to find out where they’d gone, which led to the spike in traffic to those zones.
Traffic from DNS resolver networks run by Google and Cloudflare grew by 7,000x and 2,000x respectively during the outage, Verisign said.
The company also revealed that the failure of .club and .hsbc TLDs a few days later had a similar effect on the DNS root servers that Verisign operates.
Queries for the two TLDs at the root went up 45x, from 80 to 3,700 queries per second, Verisign said.
While the company said its systems were not overloaded, it subtly criticized DNS resolver networks such as Google and Cloudflare for “unnecessarily aggressive” query-spamming, writing:
We believe it is important for the security, stability and resiliency of the internet’s DNS infrastructure that the implementers of recursive resolvers and public DNS services carefully consider how their systems behave in circumstances where none of a domain name’s authoritative name servers are providing responses, yet the parent zones are providing proper referrals. We feel it is difficult to rationalize the patterns that we are currently observing, such as hundreds of queries per second from individual recursive resolver sources. The global DNS would be better served by more appropriate rate limiting, and algorithms such as exponential backoff, to address these types of cases
Verisign said it is proposing updates to internet standards to address this problem.
Recent Comments