.de worst TLD for CSAM — report
Germany’s ccTLD, .de, was the worst in the world for hosting child sexual abuse material last year, according to the latest data from the Internet Watch Foundation, which many registries rely on for helping take down such material.
IWF said it found 802 unique .de domains hosting CSAM in 2023, a 1,995% increase compared to 2022. The second and third worst were .com and .ru, with 744 and 691 domains respectively. IWF noted that CSAM domains in .com were down 10% in the year.
Other TLDs in the top 10 were .cc, the non-DNS .onion, .top, .xyz, .pw, .ws and .net. The fastest-grower was Samoa’s .ws, managed by Global Domains International, which saw an increase to 2,966% to 184 unique domains.
.de was also the worst for commercial CSAM operations, IWF said. It found 783 such sites in 2023, all of which “openly displayed images and videos of child sexual abuse on the homepage”. That number in 2022 was zero, the report says.
UK gov takes its lead from ICANN on DNS abuse
The UK government has set out how it intends to regulate UK-related top-level domain registries, and it’s taken its lead mostly from existing ICANN policies.
The Department for Science, Innovation and Technology said last year that it was to activate the parts of the Digital Economy Act of 2010 that allow it to seize control of TLDs such as .uk, .london, .scot, .wales and .cymru, should those registries fail to tackle abuse in future.
It ran a public consultation that attracted a few dozen responses, but has seemingly decided to stick to its original definitions of abuse and cybersquatting, which were cooked up with .uk registry Nominet and others and closely align to industry norms.
DSIT plans to define abuse in the same five categories as ICANN does — phishing, pharming, botnets, malware and vector spam (spam that is used to serve up the first four types of attack) — in its response to the consultation, published yesterday (pdf).
But it’s stronger on child sexual abuse material than ICANN. While registries and registrars have developed a “Framework to Address Abuse” that says they “should” take down domains publishing CSAM, ICANN itself has no contractual prohibitions on such content.
DSIT said it will require UK-related registries to have “adequate policies and procedures” to combat CSAM in their zones. The definition of CSAM follows existing UK law in being broader than elsewhere in the world, including artworks such as cartoons and manga where no real children are harmed.
DSIT said it will define cybersquatting as “the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names”. The definition omits the “and is being used in bad faith” terminology used in ICANN’s UDRP. DSIT’s definition includes typosquatting.
In response to the new document, Nominet tweeted:
The response highlights that Government recognises the work registries already do to support law enforcement agencies prevent the registration of domains to carry out illegal activity and "expect the existing voluntary arrangements to be used as the first port of call".
— Nominet (@Nominet) February 23, 2024
DSIT said it will draft its regulations “over the coming months”.
No excuses! PIR to pay for ALL registries to tackle child abuse
Public Interest Registry has announced that it will pay for all domain registries to receive alerts when child sexual abuse material shows up in their TLDs.
The non-profit .org operator said today that it will sponsor any registry — gTLD or ccTLD — that wants to sign up to receive the Domain Alerts service from the Internet Watch Foundation, the UK-based charity that tracks CSAM on the internet.
According to the IWF, only a dozen registries currently receive the service, PIR said.
“Our sponsorship will extend access to Domain Alerts to over a thousand TLDs at no cost enabling any interested registry to help prevent the display of criminal, abusive content on their domains,” the company said.
PIR didn’t say how much this is likely to cost it. IWF doesn’t publish its prices, but it seems only paying members usually receive the service. Its membership fees range from £1,000 ($1,259) to £90,000 ($113,372) a year, based on company size.
The partnership also means all registries will have free access to the IWF TLD Hopping List, which tracks CSAM “brands” as they move between TLDs whenever they are taken down by registries in a given jurisdiction.
IWF says that in 2022 it found 255,000 web pages hosting CSAM, spread across 5,416 domains. PIR says it has removed 5,700 instances of CSAM across its portfolio of TLDs over the last five years.
IWF finds 3,401 “commercial” child porn domains
The Internet Watch Foundation last year found child sexual abuse material on 3,401 domains that it says appeared to be commercial sites dedicated to distributing the illegal content.
The UK-based anti-CSAM group said in its annual report, published last week, that it found 5,590 domains containing such material in 2020, and 61% were “dedicated commercial sites… created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.”
That’s a 13% increase in domains over 2019, the report says. It compares to 1,991 domains in 2015.
IWF took action on 153,369 URLs containing CSAM last year, the report says.
For example, the TLD with the most CSAM abuse is of course .com, with 90,879 offending URLs in 2020, 59% of the total. That compares to 69,353 or 52% in 2019.
But because those 90,000 URLs may include, for example, pages on image-hosting sites that use .com domains, the number of unique .com domains being abused will be substantially lower.
Same goes for the other TLDs on the top 10 list — .net, .ru, .nz, .fr, .org, .al, .to, .xyz and .pw.
.co, .cc and .me were on the 2019 list but not the 2019 list, being replaced by .al, .org and .pw.
The most disturbing part of the report, which is stated twice, is the alarming claim that some TLDs exist purely to commercially distribute CSAM:
We’ve also seen a number of new TLDs being created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.
…
We first saw these new gTLDs being used by websites displaying child sexual abuse imagery in 2015. Many of these websites were dedicated to illegal imagery and the new gTLD had apparently been registered specifically for this purpose.
I can only assume that IWF is getting confused between a top-level domain and a second-level domain.
The alternative would be that the organization believes one or more TLD registries are purposefully catering primarily to commercial child pornographers, and for some reason it’s declining to do anything about it.
I’ve put in a request for clarification but not yet received a response.
IWF is funded by corporate donations from primarily technology companies. Pretty much every big domain registry is a donor. Verisign is a top-tier, £80,000+ donor. The others are all around the £5,000 to £10,000 mark.
UPDATE May 26: IWF has been in touch to clarify that it was in fact referring to SLDs, rather than TLDs, in its claims about dedicated commercial CSAM sites quoted above. It has corrected its report accordingly.
Recent Comments