Latest news of the domain name industry

Recent Posts

“Horrifying” Zoombombing attack on ICANN meeting, again

Kevin Murphy, June 22, 2020, Domain Policy

ICANN’s eleventh-hour decision to remove password requirements for ICANN 68 was proved wrong almost immediately after the meeting got underway on Zoom today.

According to participants and ICANN itself, several sessions were “zoombombed” this morning, with apparently pornographic content.

Zoombombing is where trolls disrupt public, open Zoom meetings with content designed to offend.

ICANN 68 is taking place on Zoom, but on Kuala Lumpur time. I was asleep during the attacks and ICANN has yet to post the recordings of any of today’s sessions, so I can’t give you any of the details first-hand.

But judging by a handful of social media posts that reference the attack, it seems to have been pornographic in nature. ICANN said it comprised “audio, images and video”.

One participant described it as “funny at first…until it was not”, while another said it was “horrifying” and left her feeling “completely vulnerable”.

ICANN said in a blog post that the trolls were swiftly removed from the sessions.

It added that it has changed the format of the remainder of ICANN 68, unplugging certain interactive components and requiring passwords to be entered before access is granted.

This means you’re going to have to register for each session and click emailed confirmation links, it appears.

Only the Governmental Advisory Committee is staying on the platform with its original vulnerable configuration.

ICANN had been planning to require passwords since a similar attack at an inter-sessional meeting in March, but changed its mind last week after security upgrades made by Zoom gave leaders a greater sense of confidence in the platform.

It appears that confidence was misplaced.

Comment Tagged: , , , , , ,

Coronavirus is saving ICANN millions of your money, but will it use the cash wisely?

Kevin Murphy, June 21, 2020, Domain Policy

ICANN is saving millions this year due to the coronavirus-related shift to online-only public meetings.

But it’s thinking about using some of the cash to do things like pay for broadband upgrades and hotel rooms for some of its community volunteers.

During a conference call on Thursday, CFO Xavier Calvez gave out figures suggesting that the switch from in-person to Zoom meetings could save as much as $8 million of your money in 2020.

Calvez said that ICANN meetings usually cost an average of $4 million, but that the virtual ICANN 67 in March only cost the org $1.5 million to $2 million.

Because the face-to-face component was canceled only at the last minute, ICANN had already incurred some costs associated with a physical meeting.

The ICANN 68 meeting, which begins tomorrow, is expected to cost $1 million to $1.5 million, Calvez said.

If we assume that October’s ICANN 69, recently moved from Hamburg to Zoom, will see similar savings, then the total 2020 meetings bill could be down by between $6 million and $8 million.

Calvez added that ICANN’s funding during the coronavirus crisis has so far been holding steady.

No sooner had Calvez finished speaking than a pre-submitted community member question was read out wondering whether some of this cash could be redistributed to participants who are usually travel-subsidized.

Intellectual property expert Jonathan Zuck said that money could be handed out to volunteers in order to pay for things such as broadband upgrades and “finding quiet places to participate in the middle of the night”.

Perhaps surprisingly, Calvez and senior VP of global stakeholder engagement Sally Costerton did not rule this out.

In fact, she said such ideas are currently under active discussion and may be floated for public comment after ICANN 68.

One idea, I suggest, might be to compensate the 200-odd people who tuned into Thursday’s “Q&A” session for their time.

The session was scheduled to be an hour long, but the first 45 minutes were devoted to the 12 members of the ICANN executive team introducing themselves and patting themselves on the back for all the awesome work they’ve been doing.

5 Comments Tagged: , , , , ,

Half as many women apply for ICANN leadership jobs

Kevin Murphy, June 19, 2020, Domain Policy

This year’s ICANN Nominating Committee has released data showing a drop in the number of applicants for ICANN leadership positions, with a noticeable decline in the number of female applicants.

The NomCom is responsible for picking members of the ICANN board, GNSO Council, PTI board, ALAC and ccNSO Council.

There were 96 applicants this year, down from 127 in the 2019 round, including only 18 women, down from 42 a year ago.

I can think of two possible reasons for this apparent decline.

First, applicants this year got the option not to disclose their gender for the first time. The “did not disclose” box was checked by 13 people.

Second, both of the director positions opening up this October are currently occupied by women who are not term-limited — Avri Doria and Sarah Deutsch.

There’s a reasonable chance both of them could be reappointed.

ICANN’s board has told NomCom that it can use gender as a criterion when appointing directors, saying last December:

Without compromising the fundamental requirement to have Board members with the necessary integrity, skills, experience, the Board would find it helpful to have greater gender diversity on the Board.

It appears that’s not going to happen this year.

The other three ICANN directors whose current terms end in October are Chris Disspain, Matthew Shears and León Sánchez. Disspain is being replaced by the ccNSO with a man and Sánchez and Shears have been confirmed for second terms by ALAC and GNSO respectively.

Comment Tagged: ,

ICANN decision to cancel Hamburg was NOT unanimous

Kevin Murphy, June 19, 2020, Domain Policy

Surprisingly, ICANN’s decision last week to cancel its Hamburg annual general meeting in favor of Zoom did not receive the unanimous support of its board of directors.

Two directors — Ihab Osman and Ron da Silva — voted against the majority in the June 11 resolution, minutes published last night show.

The resolution noted that the global path of the coronavirus pandemic is currently too unpredictable to ensure that an in-person ICANN 69 could go ahead safely or legally in October.

But the two directors dissented, pushing instead for a “hybrid” model meeting, with a greatly reduced in-person attendance propped up with online participation.

According to the minutes:

Ron expressed concerns that the decision to conduct ICANN69 as a purely virtual meeting is premature and indicated a preference for the President and CEO to explore with the SO and AC leadership the implications, costs and logistics around a hybrid approach for ICANN69. Ihab expressed concerns that the proposed resolution does not allow for the possibility of some sort of physical hybrid model for ICANN69.

Osman went further, arguing that ICANN should set an example by going ahead with Hamburg:

Ihab Osman pointed out that large parts of the world are moving towards opening up, and that ICANN, as global community and global player, has a responsibility to do its part to bring the world back to some level of normalcy.

While CEO Göran Marby came back with a bunch of reasons a physical meeting would be impractical and potentially unsafe, both directors were unconvinced and voted against the 13-person majority anyway.

Notes released alongside the minutes reveal that ICANN stands to save a lot of money by remaining online-only.

Not only will it not have to pay for hundreds of flights and hotel rooms for staff and subsidized community members, but it had not yet signed contracts with the venue or local hotels, so it won’t be losing any deposits either.

1 Comment Tagged: , , , , ,

NamesCon goes virtual with intriguing 24-hour conference concept

Kevin Murphy, June 19, 2020, Domain Services

NamesCon has announced that it is going to host an online-only conference this year, with sessions running around the clock for three days straight.

It will run from September 9 to September 11 in a “custom online venue” and is being called NamesCon 360°.

Organizers are promising the usual “keynotes, panels, breakout sessions, and partner events” but with intriguing additions such as “intuitive matchmaking” and “gamification”.

The schedule is being split into a daily main track, running from 1500 UTC to 1900 UTC, and regional tracks targeting the Americas and South Asia regions, timed to be more convenient for American and Indian domainers.

There’ll also be 24-hour on-demand content, and sponsor content and networking rooms will be open for the duration of the conference.

It’s early days, and the agenda has not yet been fleshed out with information on specific sessions or speakers.

Registration is not yet open, and there’s no word on pricing. One assumes a lower ticket price than the usual in-person meetings.

NamesCon is promising a demo of its platform soon.

Comment Tagged: ,

Virtual cocktails coming to ICANN meetings. Really.

Kevin Murphy, June 18, 2020, Domain Policy

Fancy a virtual coffee? How about a virtual cocktail? These are both real events coming to ICANN’s public meetings, which for the rest of the year are online-only due to coronavirus restrictions.

It’s part of an effort to better capture the sense of socializing and community-building found at normal, in-person ICANN meetings.

The schedule for ICANN 68, which kicks off on Monday, has just been updated to include several 30-minute “virtual coffee” sessions, which of course will be conducted over Zoom.

ICANN’s calling these “Fika” sessions.

It’s not an acronym, but rather a reference to the Swedish workplace tradition of taking a break to drink coffee, eat cake, and chat with colleagues. I’m guessing Swedish CEO Göran Marby had a hand in the naming.

Each Fika session comes with a number of sub-rooms, in which participants can discuss issues such as “Bingeworthy: My Favorite Shows and Movies During Quarantine” or “I’ve Got the Time Now: Quarantine DIY Projects”.

It’s all very sweet and cuddly.

There’s no confirmed “virtual cocktail” sessions (which strike me as an exceptional excuse for day-drinking, depending on your time zone) on the ICANN 68 schedule yet, but the idea has been floated as part of ICANN org’s plan for enhancing its virtual meetings.

This plan is part of a draft four-phase plan to eventually re-open physical meetings when it becomes safe and permitted.

In the current Phase 0, ICANN’s going to encourage greater use of remote video — by all participants, not just the ICANN hosts — and sponsorship opportunities in a virtual “exhibition hall”.

ICANN’s even thinking about arranging for the shipping of schwag bags filled with sponsor loot.

Phase 1 would see the return of in-person meetings, but only at the local or regional level, Phase 2 would see a return to in-person ICANN public meetings, but with a “hybrid” approach that would retain the current online components.

Phase 3 would be essentially a return to business as usual.

The decision to enter a new phase would be guided by issues such as pandemic status, government guidelines, venue safety, and so on.

There’s no chance of up-phasing public meetings this year. ICANN has already confirmed that ICANN 69, originally set for Hamburg, will also be online-only.

But it does seem that this year’s meetings will be slightly friendlier affairs.

Fortunately for female participants, haptic technology has not sufficiently advanced to accurately replicate the experience of being sexually harassed in a hotel bar by a bearded middle-aged man who stinks of virtual vodka.

1 Comment Tagged: , , ,

More dot-brands dump their gTLDs

A further three new gTLDs have applied to ICANN for self-termination over the last few months, bringing the total to 76.

They’re all dot-brands: .sbs, .rightathome and .symantec.

The most recent application came from the Australian broadcaster SBS, for Special Broadcasting Service. This seems to be a case of a brand owner briefly experimenting with redirects to its .au domain, then deciding against it.

.symantec is biting the dust because the security company Symantec recently rebranded as NortonLifeLock Inc.

.rightathome also appears to be a case of a discontinued brand, in this case formerly used by consumer products firm SC Johnson.

10 Comments Tagged: , , , , , ,

GoDaddy, PorkBun and Endurance win domain “blocking” court fight

Kevin Murphy, June 17, 2020, Domain Policy

Three large registrar groups last week emerged mostly victorious from a court battle in which a $5.4 billion-a-year consumer goods giant sought to get domains being used in huge scam operations permanently blocked.

Hindustan Unilever, known as HUL, named Endurance, GoDaddy and PorkBun in a lawsuit against unknown scammers who were using cybersquatted domains to rip off Indians who thought they were signing up to become official distributors.

The .in ccTLD registry, NIXI, was also named in the suit. All of the domains in question were .in names.

Among other things, HUL wanted the registrars to “suspend and ensure the continued suspension of and block access to” the fraudulent domains in question, but the judge had a problem with this.

He’d had the domain name lifecycle explained to him and he decided in a June 12 order (pdf) that it was not technically possible for a registrar to permanently suspend a domain, taking into account that the registration will one day expire.

He also defined “block access to” rather narrowly to mean the way ISPs block access to sites at the network level, once again letting the registrar off the hook.

Judge GS Patel of the Bombay High Court wrote:

Any domain name Registrar can always suspend a domain that is registered. But the entire process of registration itself is entirely automated and machine-driven. No domain name registrar can put any domain names on a black list or a block list.

Where he seems to have messed up is by ignoring the role of the registry, where it’s perfectly possible for a domain name to be permanently blocked.

NIXI may not have its hands directly on the technology, but .in’s EPP registry is run by back-end Neustar (now owned by GoDaddy but not directly named in the suit), which like all gTLD registries already has many thousands of names permanently reserved under ICANN’s direction.

Patel also seems to assume that NIXI doesn’t get paid for the domain names its registrar sells. He wrote:

The relief against Defendants Nos. 14 and 15, the dot-IN registry and NIEI [NIXI] at least to the extent of asking that they be ordered to de-register or block access is misdirected. Neither of these is a registrar. Neither of these receives registration consideration. Neither of these registers any domain name. The reliefs against them cannot therefore be granted.

NIXI actually charges INR 350 ($4.60) per second-level .in name per year, of which a reported $0.70 goes to Neustar.

The judge also ruled that the registrars have to hand over contact information for each of the cybersquatters.

He also ordered several banks, apparently used by the scammers, to hand over information in the hope of bringing the culprits to justice.

Comment Tagged: , , , , , , ,

You won’t need a password for ICANN 68 after all

Kevin Murphy, June 17, 2020, Domain Policy

ICANN has ditched plans to require all ICANN 68 participants to enter a password whenever they enter one of the Zoom sessions at the meeting next week.

The org said today that it will use URLs with embedded passwords, removing the need for user input, after reviewing changes Zoom made last month.

These included features such as a waiting room that enables meeting hosts to vet participants manually before allowing them to enter the meeting proper.

ICANN said: “Please use these links cautiously, only share them on secure channels such as encrypted chat or encrypted e-mail, and never post them publicly.”

ICANN had said last month, before the Zoom changes, that it would require passwords in order to limit the risk of Zoombombing — where trolls show up and spam the meeting with offensive content. One ICANN Zoom session had been trolled in this way in March.

The org also said today that participants will be asked to give their consent to be recorded upon entry to a session.

“It is our hope that this small change empowers attendees by providing quick access and more control over the acceptance of our policies as it relates to attending virtual meetings,” ICANN lied, to cover for the obvious piece of legal ass-covering.

Refuse consent and see how far you get.

Comment Tagged: , , , ,

Donuts rolls out free phishing attack protection for all registrants

Donuts is offering registrants of domains in its suite of new gTLDs free protection from homograph-based phishing attacks.

These are the attacks where a a bad guy registers a domain name visually similar or identical to an existing domain, with one or more characters replaced with an identical character in a different script.

An example would be xn--ggle-0nda.com, which can display in browser address bars as “gοοgle.com”, despite having two Cyrillic characters that look like the letter O.

These domains are then used in phishing attacks, with bad actors attempting to farm passwords from unsuspecting victims.

Under Donuts’ new service, called TrueNames, such homographs would be blocked at the registry level at point of sale at no extra cost.

Donuts said earlier this year that it intended to apply this technology to all current and future registrations across its 250-odd TLDs.

The company has been testing the system at its registrar, Name.com, and reckons the TrueNames branding in the shopping cart can lead to increased conversions and bigger sales of add-on services.

It now wants other registrars to sign up to the offering.

It’s not Donuts’ first foray into this space. Its trademark-protection service, Domain Protected Marks List, which has about 3,500 brands in it, has had homograph protection for a few years.

But now it appears it will be free for all customers, not just deep-pocketed defensive registrants.

Comment Tagged: , , , , , ,