Latest news of the domain name industry

Recent Posts

Criminal .uk suspensions down this year

Kevin Murphy, November 26, 2019, Domain Registries

Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.
The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.
That’s 0.22% of all .uk names, Nominet said.
As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.
The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.
Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.
The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.
There were no requests from the Internet Watch Foundation to take down child sexual abuse material.
Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.

These five TLDs contain 80% of all child abuse images

Online child abuse watchdog the Internet Watch Foundation has released its 2018 annual report, and it fingers the five TLDs that host four in five cases of child sexual abuse images and videos.
The TLDs in question are Verisign’s .com and .net, Neustar’s repurposed Colombian ccTLD .co, Russia’s .ru and Tonga’s .to.
IWF found the illegal content in 3,899 unique domains, up 3% from 2017’s 3,791 domains, in 151 different TLDs.
Despite the apparent concentration of illegal web pages in just five TLDs, it appears that this is largely due to the prevalence of image-hosting and file-sharing “cyberlocker” sites in these TLDs.
These are sites abused by the purveyors of this content, rather than being specifically dedicated to abuse.
It would be tricky for a registry to take action against such sites, as they have substantial non-abusive uses. It would be like taking down twitter.com whenever somebody tweets something illegal.
In terms of domains being registered specifically for the purpose of distributing child abuse material, the new gTLDs created since 2012 come off looking much worse.
IWF said that last year it found this material on 1,638 domains across 62 new gTLDs. That’s 42% of the total number of domains used to host such content, compared to new gTLDs’ single-figures overall market share.
The number of URLs (as opposed to domains) taken down in new gTLD web sites was up 17% to 5,847.
IWF has a service that alerts registries when child abuse material is found in their TLDs.
Its 2018 report can be found here (pdf).

Child abuse becoming big problem for new gTLDs

Kevin Murphy, April 18, 2018, Domain Policy

There were 3,791 domain names used to host child sexual abuse imagery in 2017, up 57%, according to the latest annual report from the Internet Watch Foundation.
While .com was the by far the worst TLD for such material in terms of URLs, over a quarter of the domains were registered in new gTLDs.
Abuse imagery was found on 78,589 URLs on 3,791 domains in 152 TLDs, the IWF said in its report.
.com accounted for 39,937 of these URLs, a little over half of the total, with .net, .org, .ru and .co also in the top five TLDs. Together they accounted for 85% of all the abuse URLs found. The 2016 top five TLDs included .se, .io and .cc.
New gTLDs accounted for a small portion of the abuse URLs — just over 5,000, up 221% on 2016 — but a disproportionate number of domains.
The number of new gTLD domains used for abuse content was 1,063, spread over 50 new gTLDs. Equivalent numbers were not available in the 2016 report and IWF does not break down which TLDs were most-abused.
According to Verisign’s Q4 Domain Name Industry Brief (pdf), new gTLDs account for just 6.2% of all existing domain names, and yet they account for over 28% of the domains where IWF found child abuse imagery.
IWF said that the increasing number of domains registered to host abuse imagery can be linked to what it calls “disguised websites”.
These are sites “where the child sexual abuse imagery will only be revealed to someone who has followed a pre-set digital pathway — to anyone else, they will be shown legal content.”
Presumably this means that registries and registrars spot-checking domains they have under management could be unaware of their true intended use.

Now new gTLDs are being scapegoated for child abuse material (rant)

The guy responsible for getting the string “rape” closely restricted for no reason in .uk domain names is now gunning for ICANN and new gTLDs with a very similar playbook.
Campaigner John Carr, secretary of the little-known Children’s Charities’ Coalition on Internet Safety, wants ICANN to bring in strict controls to prevent convicted pedophiles registering domains in child-oriented domains such as .kids.
He’s written to the UK prime minister, the two other ministers with the relevant brief, the US federal government and the California attorney general to make these demands.
That’s despite the fact that he freely acknowledges that he does not have any evidence of a problem in existing kid-oriented TLDs and that he does not expect there to be a problem with .kids, should it be delegated, in future.
Regardless, ICANN comes in for a bit of a battering in the letter (pdf), with Carr insinuating that it and the domain industry are quite happy to throw child safety under the bus in order to make a quick buck. He writes:

ICANN has definitely not been keeping the internet secure for children. On the contrary ICANN shows complete indifference towards children’s safety. This has led to real dangers that ICANN could have prevented or mitigated.

ICANN, the Registries and the Registrars have an obvious financial interest in increasing the number of domain names being sold. Their interest in maximising or securing their revenues appears sometimes to blind them to a larger obligation to protect the weak and vulnerable e.g. in this instance children.

Despite this worrying premise, Carr admits in an accompanying paper (pdf) that the Russian version of .kids (.дети), which has been live for three years and only has about 1,000 registrations, does not seem to have experienced a deluge of sex offenders.
Nevertheless, he says ICANN should have forced the .дети registry to do criminal background checks on all registrants to make sure they did not have a record of sexual offences.

While at the time of writing we have no information which suggests anything untoward has happened with any Russian .kids websites, and we understand the volume of sales has been low so far, the matter should never have been left open in that way. When ICANN let the contract it could have included clauses which would have made it a contractual obligation to carry out the sort of checks mentioned. The fact that ICANN did not do this illustrates a degree of carelessness about children’s well-being which is tantamount to gross negligence.

Quite how a domain registry would go about running criminal records checks on all of its customers globally, and what the costs and the benefits would be, Carr does not say.
The letter goes on to state incorrectly that Amazon and Google are in contention for .kids.
In fact, Google applied for the singular .kid. While the two strings are in contention due to an adverse String Confusion Objection, there’s also a second applicant for .kids, the DotKids Foundation, which proposes to keep .kids highly restricted and which Carr is either unaware of or deliberately omits from his letter.
Based on his assumption that .kids is a two-horse race between Amazon and Google, he says:

while I am sure both Google and Amazon will choose to do the right thing, whichever one is the eventual winner of the contract, the point is matters of this kind should never have been left as an option

So not only does Carr not have any evidence that extant “.kids” domains are currently being abused years after delegation, he’s also sure that .kids won’t be in future.
But he wants Draconian background checks implemented on all registrants anyway.
His letter coincides with the release of and heavily cites the 2016 annual report (pdf) of the Internet Watch Foundation — the organization that coordinates the takedown of child abuse material in the UK and elsewhere.
That report found that new gTLD domains are being increasingly used to distribute such material, but that Verisign-run TLDs such as .com are still by far the most abused for this purpose.
The number of takedowns against new gTLD domains in 2016 was 272 (226 of which were “dedicated to distributing child sexual abuse content”) the IWF reported, a 258% increase on 2015.
That’s 272 domains too many, but averages out at about a quarter of a domain per new gTLD.
There were 2,416 domains being used to distribute this material in 2016, IWF said. That means new gTLDs accounted for about 11% of the total child abuse domains — higher than the 7.8% market share that new gTLDs command (according to Verisign’s Q4 industry brief).
But the IWF report states that 80% of the total abuse domains are concentrated in just five TLDs — .com, .net, .se, .io, and .cc. Even child abusers are not fans of new gTLDs, it seems.
Despite the fact that two of these domains are operated under ICANN contract, and the fact that .io is operated by a British company representing a British overseas territory, Carr focuses his calls for action instead on new gTLDs exclusively.
And his calls are receiving attention.
A The Times article this week cries “New internet domain is magnet for paedophiles, charities warn”, while tabloid stable sister The Sun reported on “fears predators are exploiting new website addresses to hide indecent material”.
This is how it started with Carr’s campaign to get “rape” domains banned in the UK.
Back in 2013, he wrote a blog post complaining that it was possible to register “rapeher.co.uk” — not that it had been registered, only that it could be registered — and managed to place a couple of stories in the right-leaning press calling for Nominet to do more to prevent the registration of “depraved and disgusting” domains such as the one he thought up.
This led to a government minister calling for an independent policy review, an actual review, and a subsequent policy that sees some poor bastard at Nominet having to pore over every .uk registration containing rapey strings to see if they’re potentially advocating or promoting actual rape.
Implementation of that policy has so far confirmed that Carr’s worries were, as I said in my 2013 rant, baseless.
In 2016, there were 2,407 registrations of domains containing the string “rape”, but just one of them was found to be using it in the context of sexual assault and was suspended, according to Nominet stats.
In 2015, the number of suspensions was the same. One.
The same story is playing out now — a single Don Quixote with a tenuous grasp of the systems he’s criticizing calling for ludicrous policies to prevent a problem that he freely admits does not exist and probably won’t exist in future.
Still, at least he gets to wave some headlines in front of his employers to pretend he’s actually earning his salary.

Government forces Nominet into ludicrous porn review

Kevin Murphy, September 9, 2013, Domain Policy

Should Nominet ban dirty words from the .uk namespace?
Obviously not, but that’s nevertheless the subject of a formal policy review announced by Nominet today, forced by pressure from the British government and the Murdoch press.
Nominet said it has hired Ken MacDonald, former director of public prosecutions, to carry out the review.
He’s tasked with recommending whether certain “offensive” words and phrases should be banned from the .uk zone.
According to Nominet, MacDonald’s qualifications include his role as a trustee of the pro-free-speech Index on Censorship and a human rights audit he carried out for the Internet Watch Foundation, the UK’s child abuse material watchdog.
Nominet said:

Lord Macdonald will work with Nominet’s policy team to conduct a series of meetings with key stakeholders, and to review and assess wider contributions from the internet community, which should be received by 4 November 2013. The goal is to deliver a report to Nominet’s board in December of this year, which will be published shortly thereafter.

You can contribute here.
The review was promised by Nominet in early August following an article in the Sunday Times, subsequently cribbed quite shamelessly by the Daily Mail, which highlighted the fact that Nominet’s policies do not ban strings suggesting extreme or illegal pornography.
You may recall a rant-and-a-half DI published at the time.
While my rant was written without the benefit of any input from Nominet — I didn’t speak to anyone there before publishing it — it appears that Nominet already had exactly the same concerns as me.
The company has published a set of lightly redacted correspondence (pdf) between itself and the Department of Culture, Media and Sport which makes for extremely illuminating reading.
In a July 23 letter to DCMS minister Ed Vaizey, Nominet CEO Lesley Cowley uses many of the same arguments — even giving the same examples — as I did a week later. She was much more polite, of course.
She points out that as a matter of principle it probably should not be left to a private company such as Nominet to determine what is and isn’t acceptable content, and that it’s difficult to tell what the content of a site will be at the point the domain is registered anyway.

In relation to the questions of practicality, the permutations of offensive words and phrases that can be created in the 63 characters of a domain name are almost limitless, so the creation of some kind of exclusion list would ultimately not prevent offensive phrases being registered as domain names. Were we to have a set of words or phrases that could not be registered, we would likely end up restricting many legitimate registrations. A good example is Scunthorpe.co.uk, which contains an offensive term within the domain name, or therapist.co.uk which could be read in more than one way.

She also points out that domains such as “childabuse.co.uk”, which may on the face of it cause concern, actually just redirect to the NSPCC, the UK’s main child abuse prevention charity.
The real eye-opening correspondence discusses the Sunday Times article that first compelled Vaizey to lean on Nominet.
As I discussed in my rant, it was based on the musings of just one guy, a purported expert in internet safety called John Carr, who once worked for the IWF and now apparently advises the government.
The examples of “offensive” domains he had supplied the Sunday Times with, I discovered, were either unregistered or contained no illegal content whatsoever.
Nominet’s correspondence contains several more .uk domains that Carr had given the newspaper, and they’re even less “offensive” than the “rape”-oriented ones it eventually published.
The domains are teens‐adult‐sex‐chat.co.uk, teendirtychat.co.uk, teens.demandadult.co.uk, teenfuckbook.co.uk and ukteencamgirls.co.uk, all of which Nominet found contained legal over-18s pornography.
One of them is even owned by Playboy.
Carr, it seems, didn’t even provide the Sunday Times or Nominet privately with any domains that suggest illegal content in the string and actually contain it in the site.
Judging by the emails between Nominet’s PR people (which, admittedly, may not be the best place to obtain an objective viewpoint) the Sunday Times reporter was “not interested in the complexity of the issue” and:

has taken a very hostile stance and is broadly of the view that the internet industry is not doing enough to stop offensive (legal) content.

The Sunday Times’ downmarket sister publication, The Sun, is famous primarily for printing topless photographs of 18-year-old women (in the 1980s it was 16-year-old girls) on Page 3 every day.
The Sun, the UK’s best-selling daily, is currently resisting a valiant effort by British feminists, which I wholeheartedly support, to have Page 3 scrapped.
In other words, the level of media hypocrisy, government idiocy and registry cowardice that came together to create the MacDonald review is quite outstanding.
Still, Nominet in recent years has proven itself pretty good at making sure its independent reviews turn out the way it wants them to, so it’s looking fairly promising that this one is likely to conclude that banning rude words would be impractical and pointless.