Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Hacked ICANN data for sale on black market
If you were a user of ICANN’s Centralized Zone Data Service back in 2014 you may wish to think about changing some passwords today.
ICANN has confirmed that a bunch of user names and hashed passwords that were stolen in November 2014 have turned up for sale on the black market.
The batch reportedly contains credentials for over 8,000 users.
ICANN said yesterday:
ICANN recently became aware that some information obtained in the spear phishing incident we announced in 2014 is being offered for sale on underground forums. Our initial assessment is that it is old data and that no new breach of our systems has occurred. The data accessed in the 2014 incident breach included usernames and hashed passwords for our Centralized Zone Data System (CZDS). Once the theft was discovered, we reset all user passwords, and urged users to do the same for any other accounts where they used the same passwords.
While CZDS users have all presumably already changed their CZDS passwords, if they are still using that same password for a non-CZDS web site they may want to think about changing it.
ICANN first announced the hack back in December 2014.
It said at the time that the Government Advisory Committee’s wiki, and a selection of other less interesting pages, had also been compromised.
The attackers got in after a number of ICANN staffers fell for a spear-phishing attack — a narrowly targeted form of phishing that was specifically aimed at them.
If you email with ICANN staff with any regularity you will have noticed that for the last several months your email subject lines get prefixed [EXTERNAL] before the staffer receives them.
That’s to help avoid this kind of attack being successful again.
Blah blah ICANN blah .africa blah delegated blah blah…
Today blah blah ZA Central Registry blah blah .africa blah delegated blah.
ICANN blah blah root blah. Blah blah ZACR blah nic.africa.
Blah blah five years blah blah contention blah lawsuit blah blah DotConnectAfrica blah. Blah blah Bekele blah IRP blah.
ICANN blah blah Governmental Advisory Committee blah blah blah African Union blah blah blah.
Blah blah Geographic Names Panel blah blah controversy blah blah blah blah lawsuit blah blah blah leg to stand on.
Registry Africa celebrates delegation of .africa#ForAfricansByAfricans #WeAreLive pic.twitter.com/UXZX6yKSPV
— dotAfrica (@africandomain) February 15, 2017
Blah racist blah blah conspiracy blah blah blah… nutty. Blah.
Blah reporting blah damned blah story blah forever blah blah bored blah blah blah blah.
Blah blah blah.
.africa to finally go live after judge denies injunction
A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.
Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.
The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.
Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.
Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.
Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.
An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.
Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:
The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages
He balanced this against the harm of NOT delegating .africa:
The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.
So what now?
ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”
As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.
Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.
If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.
Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.
While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.
You can read Halm’s ruling here (pdf).
Antitrust feds probing Verisign’s .web deal
US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.
The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:
On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.
He did not comment further, beyond describing it as “kind of like a subpoena”.
Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.
Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.
ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.
But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.
It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.
It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.
Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.
The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.
It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.
.xxx has its ICANN fees slashed and adopts URS
ICM Registry is to see its .xxx ICANN registry fees hugely reduced in contractual amendments approved by ICANN last week.
The changes also mean that .xxx will now become subject to the Uniform Rapid Suspension anti-cybersquatting mechanism, despite it being a pre-2012 gTLD.
.xxx becomes the latest pre-2012 gTLD to move to a contract more closely aligned with the standard Registry Agreement from the new gTLD program.
Under the complex new deal, its per-transaction fee could be reduced from $2 to $0.25 by mid-2018.
Its quarterly fixed fee will go up from $2,500 to $6,250.
ICM has also agreed to take on many aspects of the standard new gTLD Registry Agreement, the most controversial of which is the URS.
The domainer group the Internet Commerce Association was fiercely critical of this addition to the contract, as it has been when URS was brought to .jobs, .travel, .cat, .pro and .mobi.
ICA is largely concerned that URS will also be pushed upon Verisign’s .net, which is up for contract renewal this year, and eventually .com.
ICANN’s Empowered Community to get its first test-drive after appeals panel vote
ICANN’s post-transition bylaws have only been in effect for a few months, but the board of directors wants to change one of them already.
The board last week voted to create a new committee dedicated to handling Requests for Reconsideration — formal appeals against ICANN decisions.
But because this would change a so-called Fundamental Bylaw, ICANN’s new Empowered Community mechanism will have to be triggered.
The Board Governance Committee, noting that the number of RfR complaints it’s having to deal with has sharply increased due to fights over control of new gTLDs, wants that responsibility split out to be handled by a new, dedicated Board Accountability Mechanisms Committee.
It seems on the face of it like a fairly non-controversial change — RfRs will merely be dealt with by a different set of ICANN directors.
However, it will require a change to one of the Fundamental Bylaws — bylaws considered so important they need a much higher threshold to approve.
This means the untested Empowered Community (which I’m not even sure actually exists yet) is going to get its first outing.
The EC is an ad hoc non-profit organization meant to give ICANN the community (that is, you) ultimate authority over ICANN the organization.
It has the power to kick out directors, spill the entire board, reject bylaws changes and approve Fundamental Bylaws changes.
It comprises four or five “Decisional Participants” — GNSO, the ccNSO, the ALAC, the ASO and (usually) the GAC.
In this case at least three of the five Decisional Participants must approve the change, and no more than one may object.
The lengthy process for the EC approving the proposed bylaws change is outlined here.
I wouldn’t expect this proposal to generate a lot of heated discussion on its merits, but it will put the newly untethered ICANN to the test for the first time, which could highlight process weaknesses that could be important when more important policy changes need community scrutiny.
ICANN to host DNS event in Madrid
ICANN is to hold a “DNS Symposium” in Madrid this May.
The event will “explore ICANN’s current initiatives and projects relating to DNS research, operations, threats and countermeasures and technology evolution”, according to ICANN.
It’s a one-day event, focused specifically on DNS, rather than the domain name registration business.
The Symposium immediately follows the GDD Summit, the annual ICANN industry-focused intersessional event designed for registrars, registries and the like.
The Summit runs from May 9 to 11 and the Symposium is on May 13.
Both events will be held at the Hotel NH Collection Madrid Eurobuilding in Madrid and will be webcast.
ICANN is currently looking for corporate sponsors for the Symposium.
ICANN’s divorce from the US cost $32 million
The IANA transition cost ICANN a total of $32 million, according to documentation released today.
The hefty bill was racked up from the announcment of the transition in March 2014 until the end of 2016, according to this presentation (pdf).
A whopping $15 million of the total went on lawyers.
Another $8.3 million went on other third-party services, including lobbying, PR and translation.
More than half of the overall expenses — $17.8 million — was incurred in ICANN’s fiscal 2016, which ended last June.
Complaints about registrars dip in 2016
There were slightly fewer complaints about domain name registrars in 2016, compared to 2015, according to newly published ICANN data, but complaints still run into the tens of thousands.
There were 43,156 complaints about registrars to ICANN Compliance in 2016, compared to 45,926 in 2015, according to the data (pdf). That’s a dip of about 6%.
The overall volume of complaints, and the dip, can be attributed to Whois.
About three quarters of the complaints directed at registrars in 2016 were for Whois inaccuracy — 32,292 complaints in total, down from 34,740 in 2015.
The number of complaints about gTLD registries was pretty much flat at 2,230, despite hundreds of new gTLDs being delegated during the year.
The vast majority of those gTLDs were dot-brands, however, with nowhere near the same kind of potential for abuse as generally available gTLDs.
The biggest cause for complaint against registries, representing about half the total, was the Zone File Access program. I’ve filed a few of these myself, against dot-brands that decide the ZFA policy doesn’t apply to them.
Formal, published breach notices were also down on the year, with 25 breaches, four suspensions and four terminations, compared to 32 breaches, six suspensions and eight terminations in 2015.
That’s the second consecutive year the number of breach notices was down.
Thick Whois policy for .com is now live
The domain name industry is kicking off one of its most fundamental shifts in its plumbing this week.
Over the next two years, Verisign and every registrar that sells .com domains will have to rejigger their systems to convert .com from a “thin” to “thick” Whois.
This means that by February 1, 2019, Verisign will for the first time control the master database of all Whois records for .com domains, rather than it being spread piecemeal across all registrars.
The switch comes as a result of a years-in-the-making ICANN policy that officially came into force yesterday. It also applies to .com stablemates .net and .jobs.
The first big change will come August 1 this year, the deadline by which Verisign has to give all of its registrars the ability to submit thick Whois records both live (for new regs) and in bulk (for existing ones).
May 1, 2018 is the deadline for all registrars to start submitting thick Whois for new regs to Verisign, but they can start doing so as early as August this year if they want to.
Registrars have until February 1, 2019 to supply Verisign with thick Whois for all their existing registrations.
There’s a process for registrars who believe they would be violating local privacy laws by transferring this data to US-based Verisign to request an exemption, which may prevent the transition going perfectly uniformly.
Some say that the implementation of this policy may allow Verisign to ask for the ability to ask a for an increase in .com registry fees — currently frozen at the command of the US government — due to its inevitably increased costs.
Personally, I think the added costs will likely be chickenfeed compared to the cash-printing machine that is .com, so I think it’s far from a slam-dunk that such fee increases would be approved.
Recent Comments