Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
New gTLD revenue cut by HALF in ICANN budget
The new gTLD industry is performing terribly when compared to ICANN’s predictions just six months ago.
ICANN budget documents published over the weekend show that by one measure new gTLDs are doing just 51% of the business ICANN thought they would.
The new budget (pdf) shows that for the fiscal year 2018, which ends June 30, ICANN currently expects to receive $4.6 million in registry transaction fees.
These are the fees registries must pay for each new registration, renewal or transfer, when the TLD has more than 50,000 domains under management.
In a draft budget (pdf) published March 2017, its “best estimate” for these fees in FY18 was $8.9 million, almost double its newest prediction.
That prediction lasted until the approved budget (pdf) published last August.
The budget published at the weekend expects this transaction revenue to increase 31.1% to $6 million by June 30, 2019, still a long way off last year’s estimate.
At the registrar level, where registrars pay a transaction fee regardless of the size of the customer’s chosen gTLD, ICANN expects new gTLD revenue to be $3.9 million in FY18.
That’s just 52% of its March/August 2017 estimate of $7.5 million.
Looking at all reportable transactions — including the non-billable ones — ICANN’s projection for FY18 is now 21.9 million, compared to its earlier estimate of 41.7 million.
ICANN even reckons the number of new, 2012-round gTLDs actually live on the internet is going to shrink.
Its latest budget assumes 1,228 delegated TLDs by the end of June this year, which appears to be a couple light on current levels (at least according to me) and down from the 1,240 it expected a year ago.
It expects there to be 1,231 by the end of June 2019, which is even lower than it expected have in June 2017.
I suspect this is related to dot-brands cancelling their contracts, rather than retail gTLDs going dark.
Revenue from fixed registry fees for FY18 is expected to be $30.6 million, $200,00 less than previous expectations. Those numbers are for all gTLDs, old and new.
Overall, the view of new gTLDs is not pretty, when judged by what ICANN expected.
It shows that ICANN is to an extent captive to the whims of a fickle market that has in recent years been driven by penny deals and Chinese speculation.
By contrast, legacy gTLDs (.com, .info, etc) are running slightly ahead of earlier projections.
ICANN now expects legacy registry transaction fees of $48.6 million for FY18, which is $200,000 more than predicted last year.
It expects registrar transaction fees of $29.5 million, compared to its earlier forecast of $29.4 million.
This is not enough to recoup the missing new gTLD money, of course, which is why ICANN is slashing $5 million from its budget.
ICANN slashes millions from its budget
ICANN has cut $5 million from its annual budget, warning the community that difficult decisions have to be made amid a slowing domain name market.
Staff and community members will all be affected by the cuts, whether in the form of less generous pay raises or fewer travel opportunities.
Cuts have also been proposed to international outreach, tech support, contractual compliance and translation services.
The organization at the weekend published for comment its proposed budget for fiscal 2019. That’s the year that begins July 1, 2018.
It would see ICANN spend $138 million, $5 million less than it expects to spend in fiscal 2018.
Four of the five top-line areas ICANN reports expenses will be cut for a total of $12 million in savings, while one of them — personnel — is going up by $7.3 million.
This rounds out to a $5 million cut to the total FY19 ICANN budget. Here’s the breakdown:
- Personnel costs going up from $69.5 million to $76.8 million, up $7.3 million.
- Travel and meetings costs are to go down from $17.8 million to $15.6 million, a $2.2 million saving.
- Professional services costs will go down from $27.7 million to $23.4 million, a $4.3 million saving.
- Administration and capital costs will go down from $22.5 million to $17.8 million, a $4.7 million saving.
- The contingency budget is going down from $5.3 million to $4.5 million, a $800,000 saving.
Personnel costs are going up due to a combination of new hires and pay rises, but the average annual pay rise will be halved from 4% to 2%, saving $1.3 million, ICANN documentation states.
Headcount is expected to level out at about 425, up from the current 400, by the end of FY19.
The travel budget is going down due to a combination of cuts to services provided at the three annual meetings and the number of people ICANN reimburses for going to them.
The Fellows program — sometimes criticized for giving people what look like free vacations for little measurable return — is seeing the biggest headcount cut here. ICANN will only pay for 30 Fellows to go its meetings in FY19, half the level of FY18. The Next Gen program, a similar outreach program for yoof participants, goes down to 15 people from 20.
The Governmental Advisory Committee will get its number of funded seats reduced by 10 to 40. The ALAC and the ccNSO also each lose a few seats. Other constituencies are unaffected.
At the meetings themselves, translation is to be scaled back to be provided on an as-requested basis, rather than automatically translating everything into all six UN languages. Key sessions will continue to have live interpretation.
Outside of the three main meetings, ICANN is pulling back on plans to expand its irregular “capacity building” workshops in “under-served” areas of the world.
It’s also slashing the “additional budget request” budget by 50%.
In terms of compliance, a proposed Technical Compliance Monitoring system that was going to be built this year — a way to make sure gTLD registries and registrars are stable and secure — appears to be at risk of being deprioritized.
ICANN said it “will develop an implementation plan in due time, depending on the RFP results and, if needed, work with the Board to identify necessary resources and funds to support implementation of the project.”
The documents published today are now open for public comment until March 8.
The cuts I’ve reported here can be found from page 19 of this document (pdf).
The reason for the cutbacks is that ICANN’s revenue isn’t growing as fast as it once did, due to the slower than expected growth of the domain name industry in general. I’ll get to that a later article.
A new gTLD kills itself off for the second time
British pharmacy chain Boots has applied to ICANN to terminate its dot-brand contract for the second time.
The company asked for its .boots Registry Agreement, signed in 2015, to be ended in December and ICANN opened the request for public comment this week.
What’s weird about the request is that Boots had already asked for self-termination last April, but that request was subsequently withdrawn by the company.
Boots seems to have changed its mind, twice, in a year.
As I noted first time around, .boots was the first example of a dot-brand that also matches a generic class of goods to chose the easy way out.
It’s quite likely the two-year freeze on re-applying for the string, should anyone want to, will be over by the time the next new gTLD application window opens.
.boots only had the contractually mandated placeholder domain nic.boots live.
ICANN blocks 1.5 million domains, including some three-letter names
A million and a half domain names, including many potential valuable three and four-letter strings, have been been given special protection across all gTLDs under a new ICANN policy.
The long-discussed, highly controversial reservation of the names and acronyms of various intergovernmental and non-governmental organizations has become official ICANN Consensus Policy and will be binding on all gTLD registries and registrars from August this year.
The policy gives special protection to (by my count) 1,282 strings in each of the (again, by my count) 1,243 existing gTLDs, as well as future gTLDs. That comes to over 1.5 million domains.
The strings match the names, and sometimes the acronyms and abbreviations, of recognized Intergovernmental Organizations (IGOs) and International Non-Governmental Organizations (INGOs) as well as the International Olympic Committee, Red Cross, Red Crescent and related movements.
These are all organizations whose names are protected by international law but not necessarily by trademarks.
Protected strings run from obscurities such as “europeanbankforreconstructionanddevelopment” and “internationalunionfortheprotectionofnewvarietiesofplants” to “can”, “eco” and “fao”.
All gTLDs, including legacy TLDs such as .com, are affected by the policy.
The full list of protected strings can be found here.
Any of the Red Cross, IOC and IGO strings already registered will remain registered, and registries are obliged to honor renewal and transfer requests. Nobody’s losing their domains, in other words. But if any are deleted, they must be clawed back and reserved by the registry.
The protected organizations must be given the ability to register their reserved matching names should they wish to, the policy states.
Registries will be able to sell the acronyms of protected INGOs, but will have to offer an “INGO Claims Service”, which mirrors the existing Trademark Claims service, in gTLDs that go live in future.
The policy was developed by ICANN’s Generic Names Supporting Organization and approved by the ICANN board of directors all the way back in April 2014 and has been in implementation talks ever since.
It’s the 14th Consensus Policy to be added to ICANN’s statute book since the organization was formed 20 year ago.
Registries and registrars have until August 1 to make sure they’re compliant. Consensus Policies are basically incorporated into their contracts by reference.
Work on IGO/INGO protections is actually still ongoing. There’s a GNSO Policy Development Process on “curative” rights for IGOs and INGOs (think: UDRP) that is fairly close to finishing its work but is currently mired in a mind-numbing process debate.
UPDATE: This post was updated January 17, 2018 to correct the number of reserved strings and to clarify how INGO names are treated by the policy.
Three ways ICANN could gut Whois
ICANN has published three possible models of how Whois could be altered beyond recognition after European privacy law kicks in this May.
Under each model, casual Whois users would no longer have access to the wealth of contact information they do under the current system.
There may also be a new certification program that would grant access to full Whois records to law enforcement, consumer protection agencies and intellectual property interests.
The three models are each intended to address the General Data Protection Regulation, EU law that could see companies fined millions if they fail to protect the personal data of European citizens.
While GDPR affects all data collection on private citizens, for the domain name industry it’s particularly relevant to Whois, where privacy has always been an afterthought.
The three ICANN models, which are now subject to a short public comment period, differ from each other in three key areas: who has their privacy protected, which fields appear in public Whois by default, and how third parties such as law enforcement access the full records.
Model 1 is the most similar to the current system, allowing for the publication of the most data.
Under this model the name and postal address of the registrant would continue to be displayed in the public Whois databases.
Their email address and phone number would be protected, but the email and phone of the administrative and technical contacts — often the same person as the registrant — would be published.
If the registrant were a legal entity, rather than a person, all data fields would continue to be displayed as normal.
The other two models call for more restricted, or at least different, public output.
Under Model 2, the email addresses of the administrative and technical contacts would be published, but all other contact information, including the name of the registrant, would be redacted.
Model 3 proposes a crazy-sounding system whereby everything would be published unless the registrar/registry decided, on a domain-by-domain basis, that the field contained personal information.
This would require manual vetting of each Whois record and is likely to gather no support from the industry.
The three models also differ in how third parties with legitimate interests would access full Whois records.
Model 1 proposes a system similar to how zone files are published via ICANN’s Centralized Zone Data Service.
Under this model, users would self-certify that they have a legit right to the data (if they’re a cop or an IP lawyer, for example) and it would be up to the registry or registrar to approve or decline their request.
Model 2 envisages a more structured, formal, centralized system of certification for Whois users, developed with the Governmental Advisory Committee and presumably administered by ICANN.
Model 3 would require Whois users to supply a subpoena or court order in order to access records, which is sure to make it unpopular among the IP lobby and governments.
Each of the three models also differs in terms of the circumstances under which privacy is provided.
The models range from protecting records only when the registrant, registry, registrar or any other entity involved in the data processing has a presence in the European Economic Area to protecting records of all registrants everywhere regardless of whether they’re a person or a company.
Each model has different data retention policies, ranging from six month to two years after a registration expires.
None of the three models screw with registrars’ ability to pass data to thick-Whois registries, nor to their data escrow providers.
ICANN said it’s created these models based on the legal analyses it commissioned from the Hamilton law firm, as well as submissions from community members.
One such submission, penned by the German trade associated Eco, has received broad industry support.
It would provide blanket protection to all registrants regardless of legal status or location, and would see all personally identifiable information stripped from public Whois output.
Upon carrying out a Whois query, users would see only information about the domain, not the registrant.
There would be an option to request more information, but this would be limited to an anonymized email address or web form for most users.
Special users, such as validated law enforcement or IP interests, would be able to access the full records via a new, centralized Trusted Data Clearinghouse, which ICANN would presumably be responsible for setting up.
It’s most similar to ICANN’s Model 2.
It has been signed off by registries and registrars together responsible for the majority of the internet’s domain registrations: Afilias, dotBERLIN, CentralNic, Donuts, Neustar, Nominet, Public Interest Registry (PIR), Verisign, 1&1, Arsys, Blacknight, GoDaddy, Strato/Cronon, Tucows and United Domains.
ICANN said in a blog post that its three models are now open for public comment until January 29.
If you have strong opinions on any of the proposals, it might be a good idea to get them in as soon as possible, because ICANN plans to identify one of the models as the basis for the official model within 48 hours of the comment period closing.
GoDaddy and DomainTools scrap over Whois access
GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.
DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.
Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.
He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.
“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”
“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.
DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.
GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.
In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.
GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.
This kind of Twitter exchange is fairly common on GoDaddy’s feed:
Being bombarded by web developers after purchasing domain frm @GoDaddy
I paid for that domain and u selling my personal info like anything.gotta switch frm godaddy.— Vikas Rawat (@VikasRa87555925) January 12, 2018
While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.
“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”
But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.
“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”
“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.
GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.
Bladel added that DomainTools is still getting more Whois access than other parties using port 43.
“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”
I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.
Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.
GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.
Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.
Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.
Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.
Big changes at DomainTools as privacy law looms
Regular users of DomainTools should expect significant changes to their service, possibly unwelcome, as the impact of incoming European Union privacy law begins to be felt.
Professional users such as domain investors are most likely to be impacted by the changes.
The company hopes to announce how its services will be rejiggered to comply with the General Data Protection Regulation in the next few weeks, probably in February, but CEO Tim Chen spoke to DI yesterday in general terms about the law’s possible impact.
“There will be changes to the levels of service we offer currently, especially to any users of DomainTools that are not enterprises,” Chen said.
GDPR governs how personal data on EU citizens is captured, shared and processed. It deals with issues such as customer consent, the length of time such data may be stored, and the purposes for which it may be processed.
Given that DomainTools’ entire business model is based on capturing domain registrants’ contact information without their explicit consent, then storing, processing and sharing that data indefinitely, it doesn’t take a genius to work out that the new law represents a possibly existential threat.
But while Chen says he’s “very concerned” about GDPR, he expects the use cases of his enterprise customers to be protected.
DomainTools no longer considers itself a Whois company, Chen said, it’s a security services company now. Only about 20% of its revenue now comes from the $99-a-month customers who pay to access services such as reverse Whois and historical Whois queries.
The rest comes from the 500-odd enterprise customers it has, which use the company’s data for purposes such as tracking down network abuse and intellectual property theft.
DomainTools is very much aligned here with the governments and IP lawyers that are pressing ICANN and European data protection authorities to come up with a way Whois data can still be made available for these “legitimate purposes”.
“We’re very focused on our most-important goal of making sure the cyber security and network security use cases for Whois data are represented in the final discussions on how this legislation is really going to land,” he said.
“There needs to be some level of access that is retained for uses that are very consistent with protecting the very constituents that this legislation is trying to protect from a privacy perspective,” he said.
The two big issues pressing on Chen’s mind from a GDPR perspective are the ability of the company to continue to aggregate Whois records from hundreds of TLDs and thousands of registrars, and its ability to continue to provide historical, archived Whois records — the company’s most-popular product after vanilla Whois..
These are both critical for customers responding to security issues or trying to hunt down serial cybersquatters and copyright infringers, Chen said.
“[Customers are] very concerned, because their ability to use this data as part of their incident response is critical, and the removal of the data from that process really does injure their ability to do their jobs,” he said.
How far these use cases will be protected under GDPR is still an open question, one largely to be determined by European DPAs, and DomainTools, like ICANN the rest of the domain industry, is still largely in discussion mode.
“Part of what we need to help DPAs understand is: how long is long enough?” Chen said. “Answering how long this data can be archived is very important.”
ICANN was recently advised by its lawyers to take its case for maintaining Whois in as recognizable form as possible to the DPAs and other European privacy bodies.
And governments, via the Governmental Advisory Committee, recently urged ICANN to continue to permit Whois access for “legitimate purposes”.
DomainTools is in a different position to most of the rest of the industry. In terms of its core service, it’s not a contracted party with ICANN, so perhaps will have to rely on hoping whatever the registries and registrars work out will also apply to its own offerings.
It’s also different in that it has no direct customer relationship with the registrants whose data it processes, nor does it have a contractual relationship with the companies that do have these customer relationships.
This could make the issue of consent — the right of registrant to have a say in how their data is processed and when it is deleted — tricky.
“We’re not in a position to get consent from domain owners to do what we do,” Chen said. “I think where we need to be more thoughtful is whether DomainTools needs to have a process where people can opt out of having their data processed.”
“When I think about consent, it’s not on the way in, because we just don’t have a way to do that, it’s allowing a way out… a mechanism where people can object to their data being processed,” he said.
How DomainTools’ non-enterprise customers and users will be affected should become clear when the company outlines its plans in the coming weeks.
But Chen suggested that most casual users should not see too much impact.
“The ability of anyone who has an interest in using Whois data, who needs it every now and then, for looking up a Whois record of a domain because they want to buy it as a domain investor for example, that should still be very possible after GDPR,” he said.
“I don’t think GDPR is aimed at individual, one-at-a-time use cases for data, I think it’s aimed at scalable abuse of the data for bad purposes,” he said.
“If you’re running a business in domain names and you need to get Whois at significant scale, and you need to evaluate that many domains for some reason, that’s where the impact may be,” he said.
Disclosure: I share a complimentary DomainTools account with several other domain industry bloggers.
.web closer to reality as antitrust probe ends
Verisign has been given the all-clear by the US government to go ahead and run the new gTLD .web, despite competition concerns.
The Department of Justice told the company yesterday that the antitrust investigation it launched almost exactly a year ago is now “closed”.
Verisign’s secret proxy in the 2016 auction, the original .web applicant Nu Dot Co, now plans to try to execute its Registry Agreement with ICANN.
That contract would then be assigned to Verisign through the normal ICANN process.
The .com registry operator today filed this statement with the US Securities and Exchange Commission:
As the Company previously disclosed, on January 18, 2017, the Company received a Civil Investigative Demand from the Antitrust Division of the United States Department of Justice (“DOJ”) requesting certain material related to the Company becoming the registry operator for the .web gTLD. On January 9, 2018, the DOJ notified the Company that this investigation was closed. Verisign previously announced on August 1, 2016, that it had provided funds for Nu Dot Co’s successful bid for the .web gTLD and the Company anticipates that Nu Dot Co will now seek to execute the .web Registry Agreement with ICANN and thereafter assign it to Verisign upon consent from ICANN.
This basically means that Justice disagrees with anyone who thinks Verisign plans to operate .web in a way that just props up its .com market dominance, such as by burying it without a trace.
People clamoring to register .web domains may still have some time to wait, however.
Rival applicant Donuts, via subsidiary Ruby Glen, still has a pending lawsuit against ICANN in California.
Donuts had originally sued to prevent the .web auction going ahead in mid-2016, trying to force Nu Dot Co to reveal who was really pulling its strings.
After the auction, in which Verisign committed to pay ICANN a record-setting $125 million, Donuts sued to have the result overturned.
But in November 2016, a judge ruled that the no-suing covenant that all new gTLD applicants had to sign was valid, throwing out Donuts’ case.
Donuts is now appealing that ruling, however, filing its most-recent brief just a few weeks ago.
Whether that will stop ICANN from signing the .web contract and delegating it to Verisign is an open question. It managed to delegate .africa to ZA Central Registry despite the existence of an ongoing lawsuit by a competing applicant.
If history is any guide, we may see a rival applicant apply for a temporary restraining order against .web’s delegation before long.
How ICANN could spend its $240 million war chest
Schools, pHD students and standards groups could be among the beneficiaries of ICANN’s nearly quarter-billion-dollar new gTLD auction war chest.
But new gTLD registries hoping for to dip into the fund for marketing support are probably shit out of luck.
Those are among the preliminary conclusions of a volunteer working group that has been looking at how ICANN should spend its new gTLD program windfall.
Over 17 new gTLD auctions carried out by ICANN under its “last resort” contention resolution system, the total amount raised to date is $240,590,128.
This number could increase substantially, should still-contested strings such as .music and .gay go to last-resort auction rather than being settled privately.
Prices ranged from $1 for .webs to $135 million for .web.
ICANN has always said that the money would be held separate to its regular funding and eventually given to special projects and worthy causes.
Now, the Cross-Community Working Group on New gTLD Auction Proceeds has published its current, close-to-final preliminary thinking about which such causes should be eligible for the money, and which should not.
In a letter to ICANN (pdf), the CCWG lists 18 (currently hypothetical, yet oddly specific) example proposals for the use of auction funds, 17 of which it considers “consistent” with ICANN’s mission.
A 19th example, which would see money used to promote TLD diversity and “smells too much like marketing” according to some CCWG members, is still open for debate.
While the list of projects that could be approved for funding under the proposed regime is too long to republish here, it would for example include giving scholarships to pHD students researching internet infrastructure, funding internet security education in developing-world primary schools and internet-related disaster-recovery efforts in risk-prone regions.
The only area the CCWG appears to be reluctant to endorse funding is the case of commercial enterprises run by women and under-represented communities.
The full list can be downloaded here (pdf).
The CCWG hopes to publish its initial report for public comment not too long after ICANN 61 in March. Comment would then need to be incorporated into a final report and then ICANN would have to approve its recommendations and implement a process for actually distributing the funds.
Don’t expect any money to change hands in 2018, in other words.
.music and .gay possible in 2018 after probe finds no impropriety
Five more new gTLDs could see the light of day in 2018 after a probe into ICANN’s handling of “community” applications found no wrongdoing.
The long-running investigation, carried out by FTI Consulting on ICANN’s behalf, found no evidence to support suspicions that ICANN staff had been secretly and inappropriately pulling the strings of Community Priority Evaluations.
CPEs, carried out by the Economist Intelligence Unit, were a way for new gTLD applicants purporting to represent genuine communities to avoid expensive auctions with rival applicants.
Some applicants that failed to meet the stringent “community” criteria imposed by the CPE process appealed their adverse decisions and an Independent Review Process complaint filed by Dot Registry led to ICANN getting crucified for a lack of transparency.
While the IRP panel found some hints that ICANN staff had been nudging EIU’s arm when it came to drafting the CPE decisions, the FTI investigation has found:
there is no evidence that ICANN organization had any undue influence on the CPE Provider with respect to the CPE reports issued by the CPE Provider or engaged in any impropriety in the CPE process.
FTI had access to emails between EIU and ICANN, as well as ICANN internal emails, but it did not have access to EIU internal emails, which EIU declined to provide. It did have access to EIU’s internal documents used to draft the reports, however.
Its report states:
Based on FTI’s review of email communications provided by ICANN organization, FTI found no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process. FTI found that the vast majority of the emails were administrative in nature and did not concern the substance or the content of the CPE results. Of the small number of emails that did discuss substance, none suggested that ICANN acted improperly in the process.
FTI also looked at whether EIU had applied the CPE rules consistently between applications, and found that it did.
It also dug up all the sources of information EIU used (largely Google searches, Wikipedia, and the web pages of relevant community groups) but did not directly cite in its reports.
In short, the FTI reports very probably give ICANN’s board of directors cover to reopen the remaining affected contention sets — .music, .gay, .hotel, .cpa, and .merck — thereby removing a significant barrier to the gTLDs getting auctioned.
If there were to be no further challenges (which, admittedly, seems unlikely), we could see some or all of these strings being sold off and delegated this year.
The probe also covered the CPEs for .llc, .inc and .llp, but these contention sets were resolved with private auctions last September after applicant Dot Registry apparently decided it couldn’t be bothered pursuing the ICANN process any more.
The FTI’s reports can be downloaded from ICANN.
Recent Comments