Latest news of the domain name industry

Recent Posts

ICANN returning to Puerto Rico

Kevin Murphy, September 28, 2022, Domain Policy

ICANN has put Puerto Rico back on its list of future meeting venues after cancelling this year’s trip to San Juan due to the pandemic.

The Org will summon the true believers to the Puerto Rico Convention Center from March 2 to March 7, 2024, for ICANN 79, it announced this week.

That’s two years after the cancelled meeting from this March, which ultimately went ahead online only.

It will be six years after ICANN last visited the island, in the wake of Hurricane Maria.

It will be ICANN’s third visit to the country, a US territory. It first held a meeting there in 2007.

ICANN was forced to cancel a Puerto Rico visit in 2016 due to an outbreak of the Zika virus (remember that?).

Of the in-person meetings canceled due to the Covid-19 pandemic, now all have been rescheduled or have already taken place.

Malaysia relaxes travel restrictions ahead of ICANN 75

Kevin Murphy, August 9, 2022, Domain Policy

Malaysia has made it easier for foreign travelers to enter the country, which should take some of the headaches out of going to ICANN 75 next month.

According to local reports, the Malaysian government web site, and official UK travel advice, those entering Malaysia are no longer required to fill out a “travelers card” on the government’s contact-tracing app, MySejahtera.

It’s not clear whether MySejahtera is still mandatory for entry. The UK says you “may” be required to install it,

On-arrival tests have been scrapped, regardless of vaccination status, the Malaysian government said:

From 1st August 2022, all travellers are allowed to enter Malaysia regardless of their COVID-19 vaccination status and do not require a pre-departure or on-arrival COVID-19 test. There are no quarantine orders related to COVID-19 enforced by the Malaysian Government upon arrival.

If you test positive for Covid-19 while in Malaysia, you’re still required by law to quarantine for four days (if you subsequently test negative) to seven days (regardless of the test result) at your own expense.

While the government rules may take some of the red tape out of entering the country, ICANN’s still has rules about entering the meeting venue.

To obtain entry to the Kuala Lumpur Convention Center, you’ll need to have proof of vaccination under the current version of ICANN’s health guidelines, which were last updated July 20.

Thanks to Richard Wein for the tip.

More rules, but cozier ICANN 75 expected

Kevin Murphy, August 8, 2022, Domain Policy

There will be more rules to follow at ICANN 75 next month, but attendees might be able to expect a more intimate event, with less stringent seating restrictions.

The gathering, ICANN’s 2022 Annual General Meeting, will be held in Kuala Lumpur from September 17 to 22, the second pandemic-era meeting to have a face-to-face component, but in-person attendees need to register by September 14.

The new rules are largely a result of local laws, according to ICANN.

The first thing to note is that if you don’t have a smart-phone, you’re out of luck. Malaysia requires people entering the country to install a government Covid-control track-and-trace app called MySejahtera.

The law also says you have to wear masking indoors and self-isolate for four to seven days if you test positive. ICANN’s mandatory legal waiver makes the attendee responsible for associated costs.

But at the venue itself, ICANN is relaxing its session rules, saying it may halve the social-distancing requirement in half to a meter, which will allow more people into each room and could reduce the need for waiting lists and overflow rooms.

Many of the sessions at ICANN 74 in June were over-booked.

Feds warn of Covid risk from “dark” Whois

Kevin Murphy, July 19, 2022, Domain Policy

The US Food and Drug Administration has escalated its beef with ICANN, warning that inaccessible Whois data is making it harder to tackle bogus Covid-19 “cures” and the country’s opioid crisis.

Catherine Hermsen from the FDA’s Office of Criminal Investigations wrote to ICANN CEO Göran Marby last week to complain that some registrars do not adequately respond to abuse complaints and that ICANN ignores follow-up complaints from government agencies.

She doubled down on the FDA’s previous complaint that ICANN’s inaction may be because it is funded by the industry, but back-pedaled on previous insinuations that ICANN’s leadership were putting their own big salaries ahead of public safety.

The beef started in early June, when an organization called Coalition for a Secure & Transparent Internet — basically a front for the likes of DomainTools and other companies whose business models are threatened by privacy legislation — held a one-sided webinar entitled “The Threat of a Dark WHOIS”.

On that webinar, Daniel Burke, chief of the FDA’s Investigative Services Division, lamented the lack of cooperation his agency gets when requesting private Whois data from “certain” registrars, and pointed to cases where the FDA’s inability to quickly get fake pharma sites, including those related to Covid-19, shut down have led to deaths.

He also said that complaints to ICANN about non-compliant registrars fall on deaf ears, to the point that it no longer bothers complaining, and suggested that ICANN and domain companies are financially incentivized to be uncooperative.

Burke quoted the writer Upton Sinclair: “It is difficult to get a man to understand something when his salary depends on his not understanding it.”

“I have found that’s the case with my interactions with ICANN and certain registries and registrars,” Burke said. “They just don’t want to listen… it’s a money-maker for them right now, it’s not profitable for them to deal with it.”

Marby also “spoke” on the CSTI webinar, but his brief intervention was actually just an out-of-context snippet — the “GDPR is not my fault!” T-shirt speech — taken from a recording of an ICANN webinar back in January and presented — dishonestly in my opinion — as if it had been filmed as a contribution to the CSTI discussion.

His inability to directly respond to Burke live led him to write to the FDA (pdf) a couple of weeks later to dispute some of his claims.

First, Marby said the the FDA does not need to obtain a subpoena to get access to Whois data. Registrars are obliged to respond to “legitimate interest” requests, when balanced against the privacy rights of the registrant, he said. He added:

In a few instances, government agencies have submitted complaints to ICANN Contractual Compliance regarding registrars’ refusal to provide non-public registration data. These agencies were ultimately successful in gaining access to the requested data without having to obtain a subpoena or lawful order.

Second, Marby disputed the financial motivation claims, writing: “ICANN’s leadership’s salaries are in no way tied to or dependent upon domain name registrations.”

Third, he offered a (pretty weak, in my view) defense against the claim that ICANN ignores complaints from government agencies, pointing out: “ICANN is not political and, therefore, takes actions to ensure that the workings of the Internet are not politicized.”

He also pointed out that ICANN operates a system called DNSTICR which monitors reports of DNS abuse related to the pandemic and alerts the relevant registries and registrars.

The problem here is that ICANN’s definition of abuse is pretty narrow and does not extend to web sites that sell industrial bleach as a Covid cure. That would count as “content” and ICANN is not the “content police”.

That’s pretty much what Hermsen says in the latest missive (pdf) in this row.

DNS security threats such as malware and phishing, however, were not what SA Burke was referring to in his presentation. Given the agency’s public health mission, FDA has been working during the pandemic to protect Americans from unproven or fraudulent medical products claiming to treat, cure, prevent, mitigate or diagnose COVID-19…

Given your stated concerns regarding COVID-19-related malware and phishing activity, we trust that you are equally concerned about registrars who may not be following the [Registrar Accreditation Agreement’s] requirements to “investigate” and “respond appropriately” following receipt of notifications about abuse, particularly complaints reporting activity involving COVID-19-related fraud or activity exacerbated the current opioid addiction crisis — especially in light of ICANN’s singular ability to enforce the terms of RAAs.

She also comes back, splitting hairs in my opinion, on the ICANN salaries claim, stating: “SA Burke was not referring to ICANN’s leadership salaries… SA Burke was referring more generally to the substantial source of funding ICANN receives from domain name registries and registrars.”

ICANN has just started work on a Whois Disclosure System that, while pretty weak, may make it slightly easier for government agencies to obtain the data they want.

ICANN backtracks on legal waiver for ICANN 75

Kevin Murphy, July 13, 2022, Domain Policy

ICANN has softened the language in the legal waiver it requires all of its public meeting attendees to agree to.

The waiver for ICANN 75, due to take place in Kuala Lumpur in September, no longer requires you to absolve ICANN from blame if you get sick due to the Org’s own gross negligence.

For last month’s ICANN 74 in The Hague, the waiver stated:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.

The Kuala Lumpur waiver states:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19.

So if an infected ICANN staffer spits in the coffee, this time you could probably sue.

The 74 waiver caused a fair few complaints when it first emerged. It was accused of being “excessive” by the CEOs of Blacknight and the Namibian ccTLD registry in a Request for Reconsideration that was eventually dismissed by the ICANN board of directors.

It also caused the At-Large Advisory Committee to issue a withering takedown accusing ICANN of insensitivity and intimidation, which ICANN’s chair brushed off (pdf) a couple weeks ago.

There are other language changes in the new waiver, but none seem to be as significant as ICANN making itself legally bullet-proof.

Kuala Lumpur will have substantially the same Covid-19 precautions as The Hague, which includes mandatory mask-wearing indoors, testing, and social distancing, ICANN has confirmed.

Over 900 people show up for ICANN 74

Kevin Murphy, June 17, 2022, Domain Policy

Has community participation in ICANN meetings rebounded now that in-person meetings have returned? That’s one possible interpretation of data released by the Org today.

ICANN said that ICANN 74, which concluded yesterday, had 1,817 attendees, of whom 917 showed up in The Hague in person, their first opportunity to travel to an ICANN meeting since November 2019. The remaining 900 participated remotely via Zoom.

If we take the top-line number, that’s the highest attendance of the pandemic era, and comparable to the Montréal meeting immediately prior to the arrival of the Covid-19, ICANN 66, where 1,894 people showed up.

But the top-line number from Montréal does not include off-site Zoom participants, which were counted separately and amounted to 1,752 people.

So the number of people “attending” ICANN meetings one way or the other has either returned to pre-pandemic levels, or has been cut in half, or even quartered, over the last two and a half years, depending on how you’re counting.

The fact that the 66 was an Annual General Meeting, with a longer, more cluttered agenda and more opportunities to engage for a broader range of people than the mid-year Policy Forum, probably had some impact on the numbers.

The 2019 Policy Forum, held in Morocco, attracted 1,186 in-person attendees and 2.909 off-site Zoom participants.

Regardless of whether you think Zoom users count as full participants or not, 917 bums on seats is the smallest attendance for any meeting since ICANN started counting.

High fives, or elbows only? ICANN 74 intros traffic light system for socializing

Kevin Murphy, June 13, 2022, Domain Policy

People attending ICANN 74 in The Hague this week are being encouraged to outwardly express their social distancing preferences with their choice of meeting lanyards.

The Org has made lanyards with straps in four colors available to those who have shown up to ICANN’s first face-to-face public meeting in over two and a half years.

A red strap indicates that you should back off, because the wearer desires “extreme physical distancing and precautions”. Yellow is “elbows only” when it comes to greetings. Green means you can shake hands, high-five, and get a little more intimate.

There’s also black, for those who don’t want to wear their Covid-19 anxiety levels around their necks, can’t make their minds up, or think the system is silly.

Five days of masks and Covid-19 tests have been issued to attendees at the door, along with a supply of hand sanitizer. The masks are compulsory, and sanitizer use is being encouraged for those who are choosing to press the flesh.

In-person attendees are also being issued with wrist-bands, like you might get in hospital or at a music festival or nightclub, to prove their vaccination status has been verified.

I’m observing ICANN 74 remotely, and I’ve only viewed one session so far, but my impression based on that limited sample size is that most people seem to have opted for green or yellow lanyards.

It’s tempting to mock the system as another example of ICANN bureaucracy but I think it makes sense, particularly when you’ve got hundreds of people from dozens of countries, each at their own stages of pandemic recovery and with their own levels of endemic covidiocy, in the same building.

Seat reservations and waiting lists on the cards for ICANN 74

Kevin Murphy, May 24, 2022, Domain Policy

As if health screenings and cumbersome legal waivers weren’t irritating enough, it seems now even in-person attendees at ICANN 74 won’t necessarily be able to attend the meetings they want to attend in-person due to mandatory social distancing.

The Org announced last night that Covid-19 restrictions mean there will be a limit on how many people are allowed to enter a room, and you’ll have to reserved your seat in advance as a result. Waiting lists could be used in cases where rooms are over-booked.

Fortunately, the venue is the World Forum in the Hague and its rooms seem to be pretty big.

ICANN also seems to have done a pretty good job at matching room size to likely demand, so it seems very possible no waiting lists will be required.

The major plenary sessions likely to attract the most attendees are in a room with a capacity of 469, which would have been more than enough seats for almost every session at 2019’s Annual General Meeting in Montreal, which of course had no physical distancing.

The GNSO has a room for 80 people, the GAC has 157, and the ccNSO 74. These limits may have been onerous pre-pandemic, but I feel will be plenty for the likely turnout in The Hague.

That being said, seats are being claimed already three weeks in advance via the online scheduling tool, so if there’s a session you simply must attend it makes sense to grab your spot sooner rather than later.

ALAC’s brutal takedown of that “aggressive” ICANN 74 coronavirus waiver

Kevin Murphy, May 18, 2022, Domain Policy

ICANN’s At-Large Advisory Committee has accused ICANN of being aggressive, intimidating and insensitive by demanding attendees at next month’s public meeting in the Netherlands sign a far-reaching legal waiver.

In a remarkable submission to the ICANN board of directors, ALAC says the waiver, which basically amounts to a get-out-of-jail-free card for the Org, leaves a “lasting unpleasant taste in the mouths” of the volunteers who make up the ICANN community.

ALAC wants the board to clarify whether it had any involvement in the drafting of the waiver or in approving it but asks that it “take control of the situation and ensure that this waiver does not endanger both its relationship with the ICANN Community”.

The waiver requires in-person attendees to absolve ICANN of all blame if they catch Covid-19 — or anything else — “even if arising from the negligence or fault of ICANN”. Virtual attendees don’t have to sign it.

ICANN has suggested in a separate FAQ that it may not be worth the pixels it’s written with, which ALAC points out is inconsistent with the plan language of the waiver.

ALAC also includes a list of 10 reasons the waiver is a terrible idea. Here’s a few:

10. It is insensitive to the global community as it can be interpreted as an exportation of U.S.-based litigious culture.

4. This kind of blanket waiver could be unenforceable and, in that case, serves only as intimidation.

3. The waiver infringes on individual rights.

1. It leaves a lasting unpleasant taste in the mouths of participants contributing to ICANN’s multistakeholder model — which is presented as a source of pride and accomplishment to the internet governance community.

The waiver already the subject of a Request for Reconsideration by the heads of registrar Blacknight and the Namibian ccTLD registry, but ALAC’s comprehensive takedown, which has dozens of signatories, arguably carries more weight.

ALAC’s letter can be downloaded here. It’s not been published on ICANN’s correspondence page. Hat tip to Rubens Kuhl for the link.

ICANN reports shocking increase in pandemic scams

Kevin Murphy, May 6, 2022, Domain Tech

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.