Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
ICANN reveals 12 more data breaches
Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.
ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.
The revelation follows an investigation that started in April this year.
ICANN said in a statement:
in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.
The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.
It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.
Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.
ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.
Krischenowski has denied any wrongdoing.
ICANN said last night that its investigation is now over.
ICANN reveals $1m of not-lobbying lobbying expenses
ICANN has revealed how much it has spent so far on a few controversial professional services firms that have been accused of “lobbying” the US government on behalf of the organization.
It said today that between July 2015 and September 2015 it spent $1,070,438 on six companies providing “Education/Engagement” services related to the transition of IANA from US government oversight.
Two of the payees are consulting firms run by former high-level US officials.
One is Albright Stonebridge Group LLC, founded by Clinton-era secretary of state Madeleine Albright.
The other is Rice Hadley Gates LLC, which counts W-era officials Condoleeza Rice, Stephen Rice and Robert Gates as its principles.
The $1 million figure also includes payouts to PR firm Edelman, which has been working with ICANN for as long as I can remember, a video production company, and two other consultants.
It’s substantially less than the $2.4 million spend estimated by Kieren McCarthy, whose public-forum questions at the last two ICANN meetings and subsequent The Register article seem to be responsible for the latest disclosures.
McCarthy, in heated public clashes with ICANN CEO Fadi Chehade, had argued that these payouts were essentially “lobbying” expenses that had not been disclosed because they fall into a “loophole” in US regulations that require lobbyists to disclose their clients.
ICANN said it spent $765,829 on external lobbying services — both related to the IANA transition and not — over the same period.
Its in-house lobbyist, James Hedlund, has separately disclosed a spend of $890,000 over the period.
McCarthy had argued that ICANN was trying to hide the true extent of its lobbying, because it’s trying to make a case with US authorities for ICANN the organization that is at odds with what the community-led IANA transition process is trying to achieve.
Today’s disclosures show that ICANN spent $4,809,949 — almost half of its transition-related professional services spend — on the two law firms that have been advising the two volunteer groups developing the IANA transition proposals.
It spent a more modest $1,150,213 on its own legal advisers, Jones Day.
English beats Portuguese in $2.2m .hotels auction
Booking.com has won the right to operate .hotels after an auction concluded a protracted fight over the gTLD.
In an ICANN-run auction yesterday, Booking.com prevailed with a winning bid of $2.2 million.
Its sole competitors was Travel Reservations (formerly Despegar Online), which had applied for the Portuguese word .hoteis.
In 2012, a String Similarity Review panel concluded that .hotels and .hoteis look too similar to coexist, due to the likelihood of confusion between I and l in sans-serif fonts.
Neither applicant agreed with that decision, knowing that it would result in a expensive auction, and Booking.com filed a Request for Reconsideration and then, in March 2013, an Independent Review Process complaint.
After two years, it lost the IRP. But the panel said it had “legitimate concerns” about the fairness of the SSR process and ordered ICANN to pay half of its costs.
Now, Booking.com has had to fork out another $2.2 million for the string.
That’s not particularly expensive as ICANN-auctioned gTLDs go. Eight of the 13 other strings ICANN has auctioned have sold for more.
ICANN’s auction proceeds to date now stands at $63,489,127, which is being held in a separate bank account for purposes yet to be determined.
How one registrar allegedly dodges ICANN Compliance
A Chinese registrar has been accused by ICANN of playing games to avoid complying with Whois policy.
In a breach notice from ICANN Compliance last week, Beijing-based 35 Technology is told that it has failed to verify Whois records as required by its accreditation agreement.
The domain in question was shoesbbalweb.com, which DomainTools’ archived screenshots show was once used to sell branded running shoes.
I understand that 35 is believed to have suspended the domain when ICANN first referred a Whois accuracy complaint to it.
It is then said to have un-suspended the domain, without any change to the Whois record, as soon as ICANN closed the complaint.
The breach notice (pdf) instructs 35 to:
Provide records and information demonstrating that 35 Technology took steps to verify and validate the Whois information of the domain name
since 23 March 2015, or provide ICANN with an explanation why the domain name suspension was removed without verifying and validation Whois information
The switcheroo appears to have been brief enough that its suspended state was not recorded by DomainTools.
ICANN has a monitoring program, however, that randomly spot-checks previously complained-about domains for ongoing compliance.
The registrar, which does business at 35.com, is not tiny. It had over 450,000 domains under management, in legacy gTLDs and a handful of Chinese-script new gTLDs, at the last count.
It has until the end of the month to explain itself or risk termination.
.feedback regs Fox trademark to itself during sunrise
Top Level Spectrum, the new .feedback registry, has painted a second gigantic target on itself by registering to itself a .feedback domain matching one of the world’s largest media brands.
The company has registered fox.feedback and put up a web site soliciting comment on Fox Broadcasting Company.
This has happened whilst .feedback is still in its sunrise period.
The intellectual property community is, I gather, not particularly happy about the move.
The domain fox.feedback points to a web site that uses TLS’ standard feedback platform, enabling visitors to rate and comment on Fox.
The site has a footnote: “Disclaimer: This site is provided to facilitate free speech regarding fox. No direct endorsement or association should be conferred.”
Fox had no involvement with the registration, which Whois records show is registered to Top Level Spectrum itself.
Registry CEO Jay Westerdal said that the domain is one of the 100 “promotional” domains that new gTLD registries are allowed to set aside for their own use under the terms of their ICANN contracts.
Registries usually register names like “buy.example” or “go.example”, along with the names of early adopter anchor tenant registrants, using this mechanism.
I’m not aware of any case where a registry has consciously registered a famous brand, without permission, as part of its promotional allotment.
“The website is hosted automatically by the Feedback platform,” Westerdal said. “Fox Television Network has raised no concerns and has not applied for the domain during sunrise. We are testing out promotion of the TLD with the domain as per our ICANN contract.”
Fox may still be able to buy the domain during sunrise, he said.
“This is a Registry Operation name. During sunrise, If we receive an application from a sunrise-eligible rights holders during sunrise for a Registry Operations name we may release the name for registration,” he said.
Fox’s usual registrar is MarkMonitor. Matt Serlin, VP there, said in an email that the TLS move could be raised with ICANN Compliance:
I find it curious that this branded domain name would have been registered to the registry prior to the sunrise period which is restricted to the 100 registry promotional names. The fact that the domain is actually resolving to a live site soliciting feedback for The Fox Broadcasting Company is even more troubling. MarkMonitor may look to raise this to ICANN Compliance once the registry is able to confirm how this domain was registered seemingly outside of the required process.
The IP community originally fought the introduction of the 100-domain pre-sunrise exception, saying unscrupulous registries would use it to stop trademark owners registering their brands.
While there have been some grumblings about registries reserving dictionary terms that match trademarks, this may be the first case of a registry unambiguously targeting a brand.
Top Level Spectrum courted controversy with the trademark community last week when it told DI that it plans to sell 5,000-brand match domains to a third party company after .feedback goes into general availability in January.
Westerdal told us this is not “cybersquatting”, as the sites contain disclaimers and are there to facilitate free speech.
What do you think about this use of brands as “promotional” domains?
It’s indisputably pushing the envelope of what is acceptable, but is it fair? Should registries be allowed to do this?
Web.com just gave itself another reason to bid high for .web gTLD
Registrar group Web.com is changing its stock market ticker symbol to WEB tomorrow, in another sign that it really, really wants to be identified with the string.
The switch from WWWW may indicate that the NASDAQ-listed company’s six rivals for the new gTLD .web have a fight — and a possible big payday — on their hands when .web finally goes to auction.
Web.com is competing with Nu Dot Co, Radix, Google, Donuts, Afilias and Schlund for the gTLD.
The company has already fiercely defended its “right” to .web, filing successful String Confusion Objections against .webs applicant Vistaprint.
Vistaprint subsequently filed an ICANN Independent Review Process complaint to appeal its SCO loss.
Last month, the IRP was won by ICANN, but the panel left the door open for ICANN to reconsider its decision.
The .web auction is not likely to go ahead until the Vistaprint issue is resolved.
If ICANN decides the two strings can be delegated separately, what I think is the last barrier to the .web auction going ahead disappears.
If not, then Vistaprint finds itself as the seventh contender in the auction, which may give it the impetus to carry on challenging the ruling.
ICANN’s board plans to discuss the issue at its next meeting, December 10.
Which way it leans will give an indication of how long it will be before .web goes to auction.
Most US presidential hopefuls use Whois privacy despite begging for cash
More than half of the remaining US presidential candidates could have risked losing their official campaign web sites under proposed Whois privacy rules.
Today I carried out Whois queries on all 18 candidates to discover that 10, or over 55%, use a Whois privacy service.
Of the three remaining Democrat candidates, only Bernie Sanders uses privacy. Martin O’Malley and Hillary Clinton do not.
Here’s a table of the Republican candidates and their chosen privacy services. N/A means their campaigns are using what appears to be genuine contact information.
[table id=38 /]
The results are interesting because rules under discussion at ICANN earlier this year — which are apparently still on the table in other international fora — would have banned the use of privacy services for commercial web sites that allow financial transactions.
All 18 candidates — even Trump — solicit donations on their campaign sites, and many sell T-shirts, bumper stickers and such.
Back in May, a minority of ICANN’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) were in favor of banning privacy for such registrants.
The rationale was that criminals, such as those selling counterfeit drugs, should not be allowed to mask their Whois details.
Judging by a working group report at the ICANN meeting in Dublin last month, the proposed new rules have been killed off by the PPSAI after a deluge of comments — around 22,000 — that were solicited by registrars and civil rights groups.
However, according to the Electronic Frontier Foundation, at the exact same time as the PPSAI was revealing its change of heart, the US government was pushing for virtually identical policy at a meeting of the OECD, the Organization for Economic Cooperation and Development.
The EFF says the proposed OECD Recommendation “would require domain name registration information to be made publicly available for websites that are promoting or engaged in commercial transactions with consumers.”
It’s remarkable that the US government is apparently pushing for rules that are being violated by most of its own hopeful commanders-in-chief as part of the democratic process.
Clearly, fake pharmacies are not the only class of crook to find value in privacy.
ICANN opens blog to comments, immediately trolled
Welcome to my world, ICANN.
The organization on Friday opened its blog to commenters for the first time in years, allowing any registered user of the ICANN site to submit comments on its posts.
The switch appears to be retroactive on all previous posts on the platform.
The post announcing the move was immediately commented on by habitual, single-issue commenter Graham Schreiber, a name familiar to anyone who regularly reads the comments sections of industry blogs.
He’s the guy who unsuccessfully sued ICANN — for some reason — back in 2012 and has continued his tirade against the organization in social media ever since.
Trolling aside, it’s a good move by ICANN, something it should have done a long time ago.
While ICANN obviously accepts comments on pretty much everything it does, the usual format of emailed PDFs perhaps lacks some of the brevity, openness and immediacy of a two-way blog.
European privacy ruling could add to registrars’ costs
European domain registrars say they are facing increased costs of doing business due to a recent court ruling on privacy protection.
As a result, US data escrow giant Iron Mountain is likely to lose a lot of its ICANN business, as EU registrars defect to local alternatives such as UK-based NCC Group.
The ruling in question deals with the so-called “safe harbor” principles, under which European companies were able to transfer customers’ private data to US companies as long as the recipient promised to abide by EU privacy protection rules.
However, former spy Edward Snowden’s revelations of widespread privacy violations by the US government seemed to show that many US tech giants were complicit in handing over such data to US spooks.
And now the European Court of Justice has ruled the safe habor principles invalid.
This affects registrars because, under their ICANN contracts, they have to escrow registrant data on a weekly basis. That’s to prevent registrants losing their domains when registrars go out of business or turn out to be crooks.
While registrars have a choice of escrow agents, pretty much all of them use Iron Mountain, because ICANN subsidizes the service down to $0.
However, with the ECJ ruling, Euro-registrars have told ICANN that it would now be “illegal” to continue to use Iron Mountain.
In a recent letter (pdf) to ICANN, about 20 EU-based registrars said that non-European registrars would get a competitive advantage unless ICANN does something about it.
They want ICANN to start subsidizing one or more EU-based escrow agents, enabling them to switch without adding to costs.
the service fees of those [alternative] providers are not being supported by ICANN. Thus, the only solution for EU based registrars to comply with their local laws is to support this extra cost.
We are sure, you will agree this clearly constitutes an unfair disadvantage to a given category of a registrars.
This is why we ask ICANN to offer the same terms as it currently does to Iron Mountain to other RDE [Registrar Data Escrow] providers established in the European Economical Area to ensure a level playing field for registrars globally.
According to the registrars, they have until January to switch, so ICANN may have to move quickly to avoid unrest.
XYZ says it won’t block censored Chinese domains
New gTLD registry XYZ.com has said it will not preemptively censor domain names based on the wishes of the Chinese government.
Over the last couple of days, CEO Daniel Negari has sought to “clarify” its plans to block and suspend domain names based on Chinese government requests.
It follows XYZ’s Registry Services Evaluation Request for a gateway service in the country, first reported by DI and subsequently picked up by the Electronic Frontier Foundation, a Wall Street Journal columnist, Fortune magazine and others.
The clarifications offered up by XYZ probably did more to confuse matters.
A blog post on Wednesday said that XYZ will not reserve any .xyz domain names from being registered, except those ICANN makes all new gTLD registries reserve.
Subsequent comments from Negari stated that XYZ will, as the RSEP stated, prevent names that have been banned in China from being registered.
However, there’s one significant difference.
Now, the registry is saying that it will only put those bans in place for domain names that have been specifically banned by the Chinese government when the name had already been registered by a Chinese registrant.
So, if I understand correctly, it would not preemptively ban anyone anywhere from registering [banned term].xyz.
However, if [banned term].xyz was registered to a Chinese resident and the Chinese government told the registry to suspend it, it would be suspended and nobody would be able to re-register it anywhere in the world.
Negari said in a blog comment yesterday:
if we receive a Chinese legal order tomorrow (before the gateway has launched) which requires disabling a domain name registered in China and properly under Chinese jurisdiction, then it will be disabled at the registry level, and not by the gateway. When the gateway launches the name will continue to be unavailable, and the gateway will not implement the action on a localized basis only in China. The normal registry system would continue to be the only system used to resolve the name globally. Again — the specific stability concern ICANN had was that we would use the Chinese gateway to make .xyz names resolve differently, depending on what country you are in. I completely agree that our [RSEP] re-draft to address that concern came out in a way that can be read in a way that we sincerely did not intend.
So there is a list of preemptively banned .xyz, .college, .rent, .security and .protection domains, compiled by XYZ from individual Chinese government requests targeting names registered to Chinese registrants.
Negari said in an email to DI yesterday:
To clarify the statement “XYZ will reserve domains,” we meant that XYZ will takedown domains in order to comply with “applicable law.” Unfortunately, the inaccuracies in your post caused people to believe that we were allowing the Chinese government to control what names could be registered or how they could be used by people outside of China. The idea that XYZ is going to impose Chinese law and prevent people outside of China from registering certain domain names is simply incorrect and not true. To be 100% clear, there is no “banned list.”
That was the first time anyone connected with XYZ had complained about the October 12 post, other than since-deleted tweets that corrected the size of the list from 40,000 domains to 12,000.
The RSEP (pdf) that causes all this kerfuffle has not been amended. It still says:
XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.
This fairly unambiguous statement is what XYZ says was “misinterpreted” by DI (and everyone else who read it).
However, it’s not just a couple of sentences taken out of context. The context also suggests preemptive banning of domains.
The very next sentence states:
When the Gateway is initially implemented we will not run into a problem whereby a Chinese registrant has already registered a name prohibited for registration by the Chinese government because Chinese registrars are already enforcing a prohibition on the registration of names that are in violation of Chinese law.
This states that Chinese residents are already being preemptively banned, by Chinese registrars, from registering domains deemed illegal in China.
The next few paragraphs of the RSEP deal with post-registration scenarios of domains being banned, clearly delineated from the paragraph dealing with pre-registration scenarios.
In his blog post, Negari said the RSEP “addressed the proactive abuse mitigation we will take to shut down phishing, pharming, malware, and other abuse in China”.
I can’t believe this is true. The consequence would be that if China sent XYZ a take-down notice about a malware or phishing site registered to a non-Chinese registrant, XYZ would simply ignore it.
Regardless, the takeaway today is that XYZ is now saying that it will not ban a domain before it has been registered, unless that domain has previously been registered by a Chinese resident and subsequently specifically banned by the Chinese government.
The registry says this is no different to how it would treat take-down notices issued by, for example, a US court. It’s part of its contractual obligation to abide by “applicable law”, it says.
Whether this is a policy U-turn or a case of an erroneous RSEP being submitted… frankly I don’t want to get into that debate.
Disclosure: during the course of researching this story, I registered .xyz domains matching (as far as this monoglot can tell) the Chinese words for “democracy”, “human rights”, “porn” and possibly “Tiananmen Square”. I have no idea if they have value and have no plans to develop them into web sites.
Recent Comments