Porn firm wins .cam after years of objections

The controversial new gTLD .cam has been won at auction by Dutch porn site operator AC Webconnecting, putting an end to over two years of back-and-forth objections.
Rival applicants Rightside and Famous Four Media both withdrew their applications earlier this week.
The contest for .cam was marked by several objections and appeals.
In 2013, Verisign filed and lost String Confusion Objections against AC Webconnecting and Famous Four, but won its near-identical objection against Rightside.
Verisign had claimed that .cam and .com are so similar-looking that confusion among internet users is bound to arise.
Because the SCO panels in the three cases returned differing opinions, Rightside was one of two applicants given the right to appeal by ICANN in October 2014.
I never quite understood why Verisign wasn’t also given the right to appeal.
Rightside won the right to stay in the .cam contention set almost a year later.
Despite all that effort, it did not prevail in the resulting auction.
Separately, back in 2013, AC Webconnecting filed and lost Legal Rights Objections against its two rivals, based on a “.cam” trademark it acquired purely for the purpose of fighting off new gTLD competitors.
I’d be lying if I said I knew a lot about the soon-to-be registry.
Based in Rotterdam, its web site comes across as a wholly safe-for-work web design firm.
However, it seems to be mainly in the business of operating scores, if not hundreds, of webcam-based porn sites.
Its application for .cam states that it will be for everyone with an interest in photography, however.
When it goes live, its most direct competitor is likely to be Famous Four’s .webcam, which already has an 18-month and 70,000-domain head start.
It remains to be seen whether its clear similarity to .com will in fact cause significant confusion.

Radiohead backs .music community bid

Ed O’Brien, guitarist with the band Radiohead, has become the latest musician to throw his support behind DotMusic’s community-based application for the new gTLD .music.
In a letter to ICANN today (pdf), O’Brien said that if DotMusic loses its ongoing Community Priority Evaluation, it will “be setting back the world’s chances of a Fair Trade Music Industry by many years”.
“I challenge The Internet Corporation for Assigned Names and Numbers views that the global music community to which I belong does not exist,” he wrote.
He’s arguably the highest-profile musician to support DotMusic to date. Radiohead have sold over 30 million records and a few years ago O’Brien was ranked by Rolling Stone as the 59th greatest guitarist of all time.
The phrase “Fair Trade Music Industry” appears to have been coined last week at TechCrunch Disrupt by Grammy-nominated musician Imogen Heap, another one of DotMusic’s celebrity supporters.
It refers to the notion that artists should be fairly compensated for their work, opposing services such as Spotify, which reportedly pays artists less than a tenth of a cent every time one of their songs is played.
Both Heap and Radiohead are noted for their innovative uses of technology in their music (for example, listen to Radiohead’s incredible 1997 album OK Computer, bootlegs of which are available to stream for free on YouTube).
Radiohead is also known for its love-hate relationship with internet-based music business models.
In 2007, Radiohead released a new album for free on its web site, allowing fans to set their own price. But in 2013, it pulled its back catalog from Spotify, with lead singer Thom Yorke calling the service “the last desperate fart of a dying corpse”.
Its music is back on Spotify now.
But you can see why the band would support DotMusic’s application for .music, which proposes a number of novel rights protection mechanisms covering not just trademarks, but also copyright.
One interesting proposal is to ban any domain name from .music if a matching domain in another TLD has received over 10,000 copyright infringement notices from a big music industry body. This is to prevent TLD “hopping” affecting .music.
So, for example, if thepiratebay.com had received 10,000 notices, thepiratebay.music would be permanently blocked from registration.
The company is proposing a somewhat restricted namespace too, where only “community members” are allowed to register domains.
But prospective registrants merely need to self-identify as a member of one of the community’s dozens of subsets — which includes “fans” and “bloggers” — in order to register.
Parking will be prohibited, however, which would cut down on domain investor speculation.
Quite how .music will enhance the move for “fair trade” for artists is not entirely clear from O’Brien’s letter. After .music launches, there will still be hundreds of other TLDs that do not have DotMusic’s rules in place.
It’s also unlikely that the Economist Intelligence Unit, which is currently handling the CPE, will even see O’Brien’s letter.
ICANN told DotMusic (pdf) recently that the EIU “may not consider” any support letters received after October 13, which was two months after the official deadline for letters to be submitted.
DotMusic has letters of support — mostly the same letter with a different signature — from literally hundreds of musicians, trade groups, producers and publishers.
CEO Constantine Roussos told DI last week that it has more support letters than all the other “Community” gTLD applicants combined.
He said he’s confident that DotMusic’s CPE will be successful, citing positive precedent set by EIU panels in .osaka, .hotel and .radio CPE cases.
But the closest precedent we have so far is the Far Further application for .music, which comprehensively lost its CPE a year ago, scoring just three points out of the available 16, well short of the 14-point passing score.
There are differences between the applications, but Far Further’s CPE panel told it that there was no such thing as “the music community”, which sets a pretty high bar for DotMusic to leap.
If DotMusic wins its CPE, the remaining seven competing applications for the string get kicked out of the program. If it loses, it goes to an auction it has little chance of winning.

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.
Internet Identity, which provides threat data services, made the prediction in a press release this week.
IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.
He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.
But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.
It’s a bit of a strange prediction to come out of a security company.
The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.
It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.
I could live with that kind of security threat, personally.
But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?
I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?
We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.
Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.
We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

It’s official: new gTLDs didn’t kill anyone

The introduction of new gTLDs posed no risk to human life.
That’s the conclusion of JAS Advisors, the consulting company that has been working with ICANN on the issue of DNS name collisions.
It is final report “Mitigating the Risk of DNS Namespace Collisions”, published last night, JAS described the response to the “controlled interruption” mechanism it designed as “annoyed but understanding and generally positive”.
New text added since the July first draft says: “ICANN has received fewer than 30 reports of disruptive collisions since the first delegation in October of 2013. None of these reports have reached the threshold of presenting a danger to human life.”
That’s a reference to Verisign’s June 2013 claim that name collisions could disrupt “life-supporting” systems such as those used by emergency response services.
Names collisions, you will recall, are scenarios in which a newly delegated TLD matches a string that it is already used widely on internal networks.
Such scenarios could (and have) led to problems such as system failure and DNS queries leaking on to the internet.
The applied-for gTLDs .corp and .home have been effectively banned, due to the vast numbers of organizations already using them.
All other gTLDs were obliged, following JAS recommendations, to redirect all non-existent domains to 127.0.53.53, an IP address chosen to put network administrators in mind of port 53, which is used by the DNS protocol.
As we reported a little over a year ago, many administrators responded swearily to some of the first collisions.
JAS says in its final report:

Over the past year, JAS has monitored technical support/discussion fora in search of posts related to controlled interruption and DNS namespace collisions. As expected, controlled interruption caused some instances of limited operational issues as collision circumstances were encountered with new gTLD delegations. While some system administrators expressed frustration at the difficulties, overall it appears that controlled interruption in many cases is having the hoped-for outcome. Additionally, in private communication with a number of firms impacted by controlled interruption, JAS would characterize the overall response as “annoyed but understanding and generally positive” – some even expressed appreciation as issues unknown to them were brought to their attention.

There are a number of other substantial additions to the report, largely focusing on types of use cases JAS believes are responsible for most name collision traffic.
Oftentimes, such as the random 10-character domains Google’s Chrome browser uses for configuration purposes, the collision has no ill effect. In other cases, the local system administrators were forced to remedy their software to avoid the collision.
The report also reveals that the domain name corp.com, which is owned by long-time ICANN volunteer Mikey O’Connor, receives a “staggering” 30 DNS queries every second.
That works out to almost a billion (946,728,000) queries per year, coming when a misconfigured system or inexperienced user attempts to visit a .corp domain name.

Bladel romps home in ICANN election re-run

Go Daddy VP of policy James Bladel has been elected chair of ICANN’s Generic Names Supporting Organization Council.
The result came a month after the GNSO Council embarrassingly failed to elect a chair to replace outgoing Jonathan Robinson.
This time Bladel ran unopposed, securing the unanimous support of both his own Contracted Parties House and the Non-Contracted Parties House, which did not field a candidate.
In the October vote, the NCPH had nominated academic Heather Forrest.
Due to personal friction between commercial and non-commercial NCPH Council members, Bladel lost that election to “none of the above” by a single vote.
Forrest has been elected vice-chair, along with Neustar’s Donna Austin.
Volker Greimann and David Cake, who had been running the Council on an interim basis for the last month, have stepped aside.

ICANN reveals 12 more data breaches

Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.
ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.
The revelation follows an investigation that started in April this year.
ICANN said in a statement:

in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.

The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.
It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.
Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.
ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.
Krischenowski has denied any wrongdoing.
ICANN said last night that its investigation is now over.

ICANN reveals $1m of not-lobbying lobbying expenses

ICANN has revealed how much it has spent so far on a few controversial professional services firms that have been accused of “lobbying” the US government on behalf of the organization.
It said today that between July 2015 and September 2015 it spent $1,070,438 on six companies providing “Education/Engagement” services related to the transition of IANA from US government oversight.
Two of the payees are consulting firms run by former high-level US officials.
One is Albright Stonebridge Group LLC, founded by Clinton-era secretary of state Madeleine Albright.
The other is Rice Hadley Gates LLC, which counts W-era officials Condoleeza Rice, Stephen Rice and Robert Gates as its principles.
The $1 million figure also includes payouts to PR firm Edelman, which has been working with ICANN for as long as I can remember, a video production company, and two other consultants.
It’s substantially less than the $2.4 million spend estimated by Kieren McCarthy, whose public-forum questions at the last two ICANN meetings and subsequent The Register article seem to be responsible for the latest disclosures.
McCarthy, in heated public clashes with ICANN CEO Fadi Chehade, had argued that these payouts were essentially “lobbying” expenses that had not been disclosed because they fall into a “loophole” in US regulations that require lobbyists to disclose their clients.
ICANN said it spent $765,829 on external lobbying services — both related to the IANA transition and not — over the same period.
Its in-house lobbyist, James Hedlund, has separately disclosed a spend of $890,000 over the period.
McCarthy had argued that ICANN was trying to hide the true extent of its lobbying, because it’s trying to make a case with US authorities for ICANN the organization that is at odds with what the community-led IANA transition process is trying to achieve.
Today’s disclosures show that ICANN spent $4,809,949 — almost half of its transition-related professional services spend — on the two law firms that have been advising the two volunteer groups developing the IANA transition proposals.
It spent a more modest $1,150,213 on its own legal advisers, Jones Day.

English beats Portuguese in $2.2m .hotels auction

Booking.com has won the right to operate .hotels after an auction concluded a protracted fight over the gTLD.
In an ICANN-run auction yesterday, Booking.com prevailed with a winning bid of $2.2 million.
Its sole competitors was Travel Reservations (formerly Despegar Online), which had applied for the Portuguese word .hoteis.
In 2012, a String Similarity Review panel concluded that .hotels and .hoteis look too similar to coexist, due to the likelihood of confusion between I and l in sans-serif fonts.
Neither applicant agreed with that decision, knowing that it would result in a expensive auction, and Booking.com filed a Request for Reconsideration and then, in March 2013, an Independent Review Process complaint.
After two years, it lost the IRP. But the panel said it had “legitimate concerns” about the fairness of the SSR process and ordered ICANN to pay half of its costs.
Now, Booking.com has had to fork out another $2.2 million for the string.
That’s not particularly expensive as ICANN-auctioned gTLDs go. Eight of the 13 other strings ICANN has auctioned have sold for more.
ICANN’s auction proceeds to date now stands at $63,489,127, which is being held in a separate bank account for purposes yet to be determined.

How one registrar allegedly dodges ICANN Compliance

A Chinese registrar has been accused by ICANN of playing games to avoid complying with Whois policy.
In a breach notice from ICANN Compliance last week, Beijing-based 35 Technology is told that it has failed to verify Whois records as required by its accreditation agreement.
The domain in question was shoesbbalweb.com, which DomainTools’ archived screenshots show was once used to sell branded running shoes.
I understand that 35 is believed to have suspended the domain when ICANN first referred a Whois accuracy complaint to it.
It is then said to have un-suspended the domain, without any change to the Whois record, as soon as ICANN closed the complaint.
The breach notice (pdf) instructs 35 to:

Provide records and information demonstrating that 35 Technology took steps to verify and validate the Whois information of the domain name since 23 March 2015, or provide ICANN with an explanation why the domain name suspension was removed without verifying and validation Whois information

The switcheroo appears to have been brief enough that its suspended state was not recorded by DomainTools.
ICANN has a monitoring program, however, that randomly spot-checks previously complained-about domains for ongoing compliance.
The registrar, which does business at 35.com, is not tiny. It had over 450,000 domains under management, in legacy gTLDs and a handful of Chinese-script new gTLDs, at the last count.
It has until the end of the month to explain itself or risk termination.

.feedback regs Fox trademark to itself during sunrise

Top Level Spectrum, the new .feedback registry, has painted a second gigantic target on itself by registering to itself a .feedback domain matching one of the world’s largest media brands.
The company has registered fox.feedback and put up a web site soliciting comment on Fox Broadcasting Company.
This has happened whilst .feedback is still in its sunrise period.
The intellectual property community is, I gather, not particularly happy about the move.
The domain fox.feedback points to a web site that uses TLS’ standard feedback platform, enabling visitors to rate and comment on Fox.
The site has a footnote: “Disclaimer: This site is provided to facilitate free speech regarding fox. No direct endorsement or association should be conferred.”
Fox had no involvement with the registration, which Whois records show is registered to Top Level Spectrum itself.
Registry CEO Jay Westerdal said that the domain is one of the 100 “promotional” domains that new gTLD registries are allowed to set aside for their own use under the terms of their ICANN contracts.
Registries usually register names like “buy.example” or “go.example”, along with the names of early adopter anchor tenant registrants, using this mechanism.
I’m not aware of any case where a registry has consciously registered a famous brand, without permission, as part of its promotional allotment.
“The website is hosted automatically by the Feedback platform,” Westerdal said. “Fox Television Network has raised no concerns and has not applied for the domain during sunrise. We are testing out promotion of the TLD with the domain as per our ICANN contract.”
Fox may still be able to buy the domain during sunrise, he said.
“This is a Registry Operation name. During sunrise, If we receive an application from a sunrise-eligible rights holders during sunrise for a Registry Operations name we may release the name for registration,” he said.
Fox’s usual registrar is MarkMonitor. Matt Serlin, VP there, said in an email that the TLS move could be raised with ICANN Compliance:

I find it curious that this branded domain name would have been registered to the registry prior to the sunrise period which is restricted to the 100 registry promotional names. The fact that the domain is actually resolving to a live site soliciting feedback for The Fox Broadcasting Company is even more troubling. MarkMonitor may look to raise this to ICANN Compliance once the registry is able to confirm how this domain was registered seemingly outside of the required process.

The IP community originally fought the introduction of the 100-domain pre-sunrise exception, saying unscrupulous registries would use it to stop trademark owners registering their brands.
While there have been some grumblings about registries reserving dictionary terms that match trademarks, this may be the first case of a registry unambiguously targeting a brand.
Top Level Spectrum courted controversy with the trademark community last week when it told DI that it plans to sell 5,000-brand match domains to a third party company after .feedback goes into general availability in January.
Westerdal told us this is not “cybersquatting”, as the sites contain disclaimers and are there to facilitate free speech.
What do you think about this use of brands as “promotional” domains?
It’s indisputably pushing the envelope of what is acceptable, but is it fair? Should registries be allowed to do this?