Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
.org price anger comments top 3,000 as non-profits weigh in
The proposal to remove price caps from .org domains has now attracted more than 3,000 angry comments, and it’s not just domainers who are feeling the outrage.
Non-profit groups have now also submitted objections to the ICANN proposal, which would remove the 10%-a-year price increase limit that Public Interest Registry is currently subject to.
At least two organizations, which together claim to represent over 32,000 non-profits, have rejected the pricing plan since I first posted about it last week.
The National Council of Nonprofits is a support network for around 25,000 organizations in the US.
Its VP of public policy, David Thompson, told ICANN that price increases in .org would funnel money to PIR away from worthy causes:
Quite literally, the profits derived by this unwarranted change will ultimately be paid by the people nonprofits will not be able to serve. Every $1 in increased prices on the 10+ million .org domain users would generate more revenue each year than is utilized by all but the top one-percent of charitable nonprofits. Each one-dollar hike in costs per domain would divert more than $10 million from nonprofit missions for the enrichment of the monopoly. By anyone’s estimate, this money would be better spent delivering an additional 1,600,000 meals by Meals on Wheels to seniors to help maintain their health, independence and quality of life. Or $10 million could enable nonprofits to provide vision screenings for every two- and three-year-olds in California. Or pay for one million middle school students to attend performances of “Hamilton” or “To Kill a Mockingbird”. Nonprofits should not need to choose between paying for a domain name and helping people.
He said that ICANN should not treat .org the same way as commercial domain registries simply in order to normalize its registry agreements, when .org has a public-interest purpose.
It’s probably worth noting that even under the existing 10% price increase limit, PIR would be able to raise its prices by almost $1 in the first year anyway.
The American Society of Association Executives is a trade association that represents trade associations in the US. It says it has 44,000 individual members from 7,400 organizations.
Its president, John Graham, told ICANN that .org, as a legacy gTLD that PIR spent no money to acquire, should not have the same pricing flexibility as gTLDs that have gone live more recently:
It’s true that registry operators that won the right to sponsor new gTLDs can charge whatever price they see fit, but they also paid millions of dollars in some cases to acquire all of the value in their sponsored domain names, whereas the service contractors managing legacy domain names most assuredly did not. This is a crucial difference that ICANN should take great care to enforce.
Stating that nonprofit organizations can easily switch from one domain name to another if they don’t like the pricing structure ignores the reality that established nonprofits have a longstanding Internet presence built on a .org domain name — a name and online reputation that the organization (not the registry operator) has spent decades cultivating.
Ayden Férdeline, who sits on the GNSO Council representing non-commercial interests commented in his personal capacity to say that while he does not necessarily expect PIR to exploit the customers of its 10 million .org domains:
To exploit these organizations and to have them paying substantially more every year to maintain their domain names would have a detrimental impact on the public’s ability to obtain information and services, and could see smaller non-profit organizations either stop renewing their domain names altogether or moving away from the Domain Name System to proprietary platforms like Facebook.
These were some of the most significant voices from outside the domain investment community that I’ve been able to find from my trawl of the 3,105 comments that had been submitted as of time of writing.
At least 700 of these comments, likely hundreds more, were filed via a form-letter submission tool created by the Internet Commerce Association. Others seem to have been inspired by coverage in the domainer blogosphere and on social media platforms.
Please let me know in the comments or privately if you’ve seen any comments opposing or supporting the price increases from any other major non-domainer organizations.
Of the larger domainers, I spotted that Nat Cohen of Telepathy echoed the views of many, writing:
The legacy domain names, including .info and .org, were handed over to ICANN as trustee to manage for the public benefit. ICANN has betrayed that trust by turning .org over to an organization, that no matter how worthy its mission, will have the unchecked ability to extract vast sums from the base of .org registrants, many of which are non-profits with worthy missions in their own right.
The public comment period ends tonight at midnight UTC. That’s about seven hours from the timestamp on this post.
PIR declined to comment for this article.
ICA rallies the troops to defeat .org price hikes. It won’t work
Over 100 letters have been sent to ICANN opposing the proposed lifting of price caps in .org, after the Internet Commerce Association reached out to rally its supporters.
This is an atypically large response to an ICANN public comment period, and there are four days left on the clock for more submissions to be made, but I doubt it will change ICANN’s mind.
Almost all of the 131 comments filed so far this month were submitted in the 24 hours after ICA published its comment submission form earlier this week.
About a third of the comments comprise simply the unedited ICA text. Others appeared to have been inspired by the campaign to write their own complaints about the proposal, which would scrap the 10%-a-year .org price increase cap Public Interest Registry currently has in place.
Zak Muscovitch, ICA’s general counsel, told DI that as of this morning the form generates different template text dynamically. I’ve spotted at least four completely different versions of the letter just by refreshing the page. This may make some comments appear to be the original thoughts of their senders.
This is the original text, as it relates to price caps:
I believe that legacy gTLDs are fundamentally different from for-profit new gTLDs. Legacy TLDs are essentially a public trust, unlike new gTLDs which were created, bought and paid for by private interests. Registrants of legacy TLDs are entitled to price stability and predictability, and should not be subject to price increases with no maximums. Unlike new gTLDs, registrants of legacy TLDs registered their names and made their online presence on legacy TLDs on the basis that price caps would continue to exist.
Unrestrained price increases on the millions of .org registrants who are not-for-profits or non-profits would be unfair to them. Unchecked price increases have the potential to result in hundreds of millions of dollars being transferred from these organizations to one non-profit, the Internet Society, with .org registrants receiving no benefit in return. ICANN should not allow one non-profit nearly unlimited access to the funds of other non-profits.
The gist of the other texts is the same — it’s not fair to lift price caps on domains largely used by non-profits that may have budget struggles and which have built their online presences on the old, predictable pricing rules.
The issues raised are probably fair, to a point.
Should the true “legacy” gTLDs — .com, .net and .org — which date from the 1980s and pose very little commercial risk to their registries, be treated the same as the exceptionally risky gTLD businesses that have been launched since?
Does changing the pricing rules amount to unfairly moving the goal posts for millions of registrants who have built their business on the legacy rules?
These are good, valid questions.
But I think it’s unlikely that the ICA’s campaign will get ICANN to change its mind. The opposition would have to be broader than from a single interest group.
First, the message about non-profits rings a bit hollow coming from an explicitly commercial organization whose members’ business model entails flipping domain names for large multiples.
If a non-profit can’t afford an extra 10 bucks a year for a .org renewal, can it afford the hundreds or thousands of dollars a domainer would charge for a transfer?
Even if PIR goes nuts, abandons its “public interest” mantra, and immediately significantly increases its prices, the retail price of a .org (currently around $20 at GoDaddy, which has about a third of all .orgs) would be unlikely to rise to above the price of PIR-owned .ong and .ngo domains, which sell for $32 to $50 retail.
Such an increase might adversely affect a small number of very low-budget registrants, but the biggest impact will be felt by the big for-profit portfolio owners: domainers.
Second, letter-writing campaigns don’t have a strong track record of persuading ICANN to change course.
The largest such campaign to date was organized by registrars in 2015 in response to proposals, made by members of the Privacy and Proxy Services Accreditation Issues working group, that would have would have essentially banned Whois privacy for commercial web sites.
Over 20,000 people signed petitions or sent semi-automated comments opposing that recommendation, and ICANN ended up not approving that specific proposal.
But the commercial web site privacy ban was a minority position written by IP lawyers, included as an addendum to the group’s recommendations, and it did not receive the consensus of the PPSAI working group.
In other words, ICANN almost certainly would not have implemented it anyway, due to lack of consensus, even if the public comment period had been silent.
The second-largest public comment period concerned the possible approval of .xxx in 2010, which attracted almost 14,000 semi-automated comments from members of American Christian-right groups and pornographers.
.xxx was nevertheless approved less than a year later.
ICANN also has a track record of not acceding to ICA’s demands when it comes to changes in registry agreements for pre-2012 gTLDs.
ICA, under former GC Phil Corwin, has also strongly objected to similar changes in .mobi, .jobs, .cat, .xxx and .travel over the last few years, and had no impact.
ICANN seems hell-bent on normalizing its gTLD contracts to the greatest extent possible. It’s also currently proposing to lift the price caps on .biz and .info.
This, through force of precedent codified in the contracts, could lead to the price caps one day, many years from now, being lifted on .com.
Which, let’s face it, is what most people really care about.
Info on the .org contract renewal public comment period can be found here.
Karklins beats LaHatte to chair ICANN’s Whois privacy team
Latvian diplomat and former senior WIPO member Janis Karklins has been appointed chair of the ICANN working group that will decide whether to start making private Whois records available to trademark owners.
Karklins’ appointment was approved by the GNSO Council last week. He beat a single rival applicant, New Zealand’s Chris LaHatte, the former ICANN Ombudsman.
He replaces Kurt Pritz, the former ICANN Org number two, who quit the chair after it finished its “phase one” work earlier this year.
Karklins has a varied resume, including a four-year stint as chair of ICANN’s Governmental Advisory Committee.
He’s currently Latvia’s ambassador to the United Nations in Geneva, as well as president of the Arms Trade Treaty.
Apparently fighting for Latvia’s interests at the UN and overseeing the international conventional weapons trade still gives him enough free time to now also chair the notoriously intense and tiring Expedited Policy Development Process on Whois, which has suffered significant burnout-related volunteer churn.
But it was Karklins’ one-year term as chair of the general assembly of WIPO, the World Intellectual Property Organization, that gave some GNSO Council members pause.
The EPDP is basically a big bloodless ruck between intellectual property lawyers and privacy advocates, so having a former WIPO bigwig in the neutral hot seat could be seen as a conflict.
This issue was raised by the pro-privacy Non-Commercial Stakeholders Group during GNSO Council discussions last week, who asked whether LaHatte could not also be brought on as a co-chair.
But it was pointed out that it would be difficult to find a qualified chair without some connection to some interested party, and that Karklins is replacing Pritz, who at the time worked for a new gTLD registry and could have had similar perception-of-conflict issues.
In the end, the vote to confirm Karklins was unanimous, NCSG and all.
The EPDP, having decided how to bring ICANN’s Whois policy into compliance with the General Data Protection Regulation, is now turning its attention to the far trickier issue of a “unified access model” for private Whois data.
It will basically decide who should be able to request access to this data and how such a system should be administered.
It will not be smooth sailing. If Karklins thinks international arms dealers are tricky customers, he ain’t seen nothing yet.
ICANN to approve new UDRP provider
ICANN is set to approve a new UDRP provider at a board of directors meeting next week.
May 3, the board will approve the Canadian International Internet Dispute Resolution Centre as its sixth approved provider and the second based in North America.
The resolution to approve its now year-old application is on the consent agenda for next week’s meeting, meaning the decision to approve has basically already been made.
CIIDRC is a division of the British Columbia International Commercial Arbitration Centre, a non-profit set up by the BC government in the 1980s.
It’s been exclusively handling cybersquatting disputes over .ca domain names since 2002, under a deal with local registry CIRA.
The organization reckons it will be ready to start accepting complaints within a few months of approval, and could handle up to 200 cases per month.
It had a roster of 26 panelists in rotation at the time it applied to ICANN for UDRP approval, many of whom also provide their expertise to other UDRP providers such as WIPO and NAF.
Amazon tells power-hungry governments to get stuffed
Amazon has rejected attempts by South American governments to make the would-be gTLD .amazon “jointly owned”.
In a letter to ICANN last week, Amazon VP of public policy Brian Huseman finally publicly revealed the price Amazon is willing to pay for its dot-brand, but said members of the Amazon Cooperation Treaty Organization are asking for way too much power.
It turns out three of ACTO’s eight national government members have proposed solutions to the current impasse, but Amazon has had to reject them all for commercial and security reasons. Huseman wrote (pdf):
Some member states require that we jointly own and manage the .AMAZON TLDs. Some require that we give the member states advance notice and veto authority over all domain names that we want to register and use—for both trademarked terms as well as generic words. Some suggest a Governance Committee can work only if it has governance that outweighs Amazon’s voice (i.e. the Governance Committee has a representative from one of each of the eight member states, while Amazon has one); and some want to use .AMAZON for their own commercial purposes.
From Huseman’s description, it sounds like the ACTO nations basically want majority control (at least in terms of policy) of .amazon and the Chinese and Japanese translations, applications for which have been essentially frozen by ICANN for years.
Huseman told ICANN that Amazon cannot comply.
If the company were to give eight South American governments advanced notice and veto power over .amazon domains it planned to register, it would make it virtually impossible to contain its business secrets prior to the launch of new services, he said.
The governments also want the right to block certain unspecified generic strings, unrelated to the Amazon region, he wrote. Amazon can’t allow that, because its range of businesses is broad and it may want to use those domains for its own commercial purposes.
Amazon has offered to block up to 1,500 strings per TLD that “represent the culture and heritage of the Amazonia region”.
Nine .amazon domains would be set aside for actual usage, one for ACTO and one each for its members, “that have primary and well-recognized significance to the culture and heritage of the region”, but they’d have to use those domains non-commercially.
The proposal seems to envisage that the countries would select their two-letter country code as their freebie domain. Brazil could get br.amazon, for example.
They could also select the names of Amazonian indigenous peoples’ groups or “the specific terms OTCA, culture, heritage, forest, river, and rainforest, in English, Dutch, Portuguese, and Spanish.”
They would not to be allowed to use third-level domains, other than “www”.
The governments would have up to two years to populate the list of 1,500 banned terms. The strings would have to have the same “culture and heritage” nexus, and Amazon would get veto power over whether the proposed strings actually meet that test.
As the whole policy would be enshrined as a Public Interest Commitment in the .amazon registry contract with ICANN, ACTO members would be able to protest such rejections using the PIC Dispute Resolution Policy.
Amazon would also get veto power over the content of the web sites at the domains used by the governments. They’d have to be basically static sites, and all user-generated content would be strictly verboten.
It’s a power struggle, with little evident common ground once you get down into the details, and it’s likely going to be up to ICANN to decide whether Amazon’s proposal is sufficient to overrule the ACTO and Governmental Advisory Committee concerns.
ICANN had set a deadline of April 21 to receive the proposal. The timetable it has previously set out would see its board of directors make a decision (or punt it back to Amazon) at the Marrakech public meeting in late June.
However, board chair Cherine Chalaby has told ACTO that if it wants to negotiate a joint proposal with Amazon, it can still do so. ICANN would need to receive this revised proposal by June 7, he said.
Oh, the irony! Banned anti-Islam activist shows up on “Turkish” new gTLD domain
Tommy Robinson, who has been banned from most major social media platforms due to his anti-Islam “hate speech”, is now conducting business via a domain name that some believe rightfully belongs to the Muslim-majority nation of Turkey.
The registration could add fuel to the fight between ICANN and its governmental advisers over whether certain domains should be blocked or restricted.
Robinson, the nom de guerre of the man born Stephen Yaxley-Lennon, is the founder and former leader of the far-right English Defence League and known primarily for stirring up anti-Muslim sentiment in the UK for the last decade.
He’s currently, controversially, an adviser to the UK Independence Party. Former UKIP leader Nigel Farage, also a thoroughly unpleasant bloke, considers Robinson so far to the right he quit the party in response to the appointment.
Over the last year, Robinson has been banned from Twitter, Facebook and Instagram, and had his YouTube account placed under serious restrictions. This month, he was also banned from SnapChat, and the EDL he used to lead was among a handful of far-right groups banned from Facebook.
Since his personal Facebook page went dark in February, he’s been promoting his new web site as the primary destination for his supporters.
It features news about his activities — mainly his ongoing fights against social media platforms and an overturned contempt of court conviction in the UK — as well as summaries of basically any sufficiently divisive anti-Islam, anti-immigration, or pro-Brexit stories his writers come across.
The domain he’s using is tr.news, a new gTLD domain in a Donuts-owned registry. It was registered in December via GoDaddy.
Given it’s a two-character domain, it will have been registry-reserved and would have commanded a premium price. Other two-character .news domains are currently available on GoDaddy for between $200 and $10,000 for the first year.
It will come as no surprise at all for you to learn that the domain was transferred out of GoDaddy, which occasionally kicks out customers with distasteful views, to Epik, now de facto home of those with far-right views, a couple of weeks after the web site launched.
The irony of the choice of domain is that many governments would claim that tr.news — indeed any two-character domain, in any gTLD, which matches any country-code — rightfully belongs to Turkey, a nation of about 80 million nominal Muslims.
TR is the ISO 3166-1 two-character code for Turkey, and until a couple of years ago new gTLD registries were banned from selling any of these ccTLD-match two-letter domains, due to complaints from ICANN’s Governmental Advisory Committee.
Many governments, including the UK and US, couldn’t care less who registers their matching domain. Others, such as France, Italy and Israel, want bans on specific domains such as it.pizza and il.army. Other countries have asked for blanket bans on their ccTLD-match being used at all, in any gTLD.
When new gTLDs initially launched in 2012, all ccTLD matches were banned by ICANN contract. In 2014, ICANN introduced a cumbersome government-approval system under which governments had to be consulted before their matches were released for registration.
Since December 2016, the policy (pdf) has been that registries can release any two-letter domains, subject to a provision that they not be used by registrants to falsely imply an affiliation with the country or registry with the matching ccTLD.
Robinson is certainly not making such an implication. I imagine he’d be as surprised as his readers to learn that his new domain has a Turkish connection. It’s likely the only people who noticed are ICANN nerds and the Turkish themselves.
Would the Turkish people look at tr.news and assume, from the domain alone, that it had some connection to Turkey? I think many would, though I have no idea whether they would assume it was endorsed by the government or the ccTLD registry.
Would Turkey — a government whose censorship regime makes Robinson’s social media plight look like unbounded liberalism — be happy to learn the domain matching its country code is being used primarily to deliver divisive content about the coreligionists of the vast majority of its citizens? Probably not.
But under current ICANN policy it does not appear there’s much that can be done about it. If Robinson is not attempting to pass himself of as an affiliate of the Turkish government or ccTLD registry, there’s no avenue for complaint.
However, after taking the cuffs off registries with its December 2016 pronouncement, allowing them to sell two-letter domains with barely any restrictions, ICANN has faced continued complaints from the GAC — complaints that have yet to be resolved.
The GAC has been telling ICANN for the last two years that some of its members believe the decision to release two-character names went against previous GAC advice, and ICANN has been patiently explaining the process it went through to arrive at the current policy, which included taking GAC advice and government comments into account.
In what appears to be a kind of peace offering, ICANN recently told the GAC (pdf) that it is developing an online tool that “will provide awareness of the registration of two-character domains and allow for governments to report concerns”.
The GAC, in its most-recent communique, told ICANN its members would test the tool and report back at the public meeting in Montreal this November.
The tool was not available in December, when tr.news was registered, so it’s not clear whether Turkey will have received a formal notification that its ccTLD-match domain is now registered, live, and being used to whip up mistrust of Muslims.
Update April 30: ICANN informs me that the tool has been available since February, but that it does not push notifications to governments. Rather, governments can search to see if their two-letter codes have been registered in which gTLDs.
ICANN got hacked by crypto bots
ICANN had to take down its community wiki for several hours last week after it got hacked by crypto-currency miners.
The bad guys got in via one of two “critical” vulnerabilities in Confluence, the wiki software that ICANN licences from Atlassian Systems, which ICANN had not yet patched.
ICANN’s techies noticed the wiki, which is used by many of its policy-making bodies to coordinate their work, was running slowly April 11.
They quickly discovered that Atlassian had issued a vulnerability warning on March 20, but ICANN was not on its mailing list (doh!) so hadn’t been directly notified.
They also determined that a malicious “Crypto-Miner” — software that uses spare CPU cycles to attempt to create new cryptocurrency coins — had been installed and was responsible for the poor performance.
ICANN said it took the wiki down, restored it to a recent backup, patched Confluence, and brought the system back online. It seems to have taken a matter of hours from discovery to resolution.
The organization said it has now subscribed to Atlassian’s mailing list, so it will be notified of future vulnerabilities directly.
David and Goliath? DotMusic confirms .music win
Cyprus-based registry upstart DotMusic Ltd has confirmed that it has secured the rights to the .music gTLD.
Founder and CEO Constantinos Roussos tweeted the news overnight.
Excited to announce that after more than a decade, DotMusic has prevailed and will be the .MUSIC registry 🙂 https://t.co/XSnCkQVn28 #ICANN #DotMusic #DavidandGoliath #Music #Domains pic.twitter.com/tQX14eYyKu
— Constantine Roussos (@mus) April 11, 2019
It is not known how much DotMusic paid for the string, which I believe was auctioned in late March.
DotMusic fought off competition from seven other applicants, including some heavy-hitters: Google, Amazon, Donuts, Radix, Far Further, Domain Venture Partners and MMX.
MMX’s application was the last to be withdrawn, last night.
It’s not impossible that .music could launch before the end of the year, after DotMusic has completed the remaining pre-delegation steps such as signing its ICANN registry contract.
There will also be a couple of launch phases that give priority to members of the music industry.
Even when it goes to general availability, it won’t be a free-for-all, however.
DotMusic, in its efforts to secure support from the piracy-fearful music industry, proposed relatively strict “enhanced safeguards” for .music.
Registrants will have to verify their identity by phone as well as email in order to register a domain. They’ll also be restricted to strings matching their “their own name, acronym or Doing Business As”.
I don’t think the policies as outlined will be enough to prevent speculation, but they will add friction, possibly throttling sales volume.
In other news, it turns out Dewey did in fact defeat Truman.
ICANN takes the reins again as .amazon talks fail
ICANN has re-involved itself in the fight over the .amazon gTLD, after Amazon and eight South American governments failed to reach agreement over the name.
ICANN chair Cherine Chalaby wrote this week to the Amazon Cooperation Treaty Organization to inform the group that it is now ICANN that will decide whether the proposed dot-brand domain is approved or not.
ICANN’s board had given Amazon and ACTO until April 7 to come to a mutual agreement that addressed ACTO’s sovereignty concerns, but they missed that deadline.
According to the BBC World Service, citing unnamed diplomats, ACTO wanted Amazon to create a kind of policy committee, with seats at the table for governments to veto second-level domains Amazon decides it wants to register in .amazon in future.
Amazon declined this demand, instead offering each of the eight ACTO countries its two-letter country-code under .amazon — br.amazon for Brazil, for example — the Beeb reported at the weekend.
Now that ICANN’s deadline has passed, ACTO appears to have lost its chance to negotiate with Amazon.
ICANN has now asked the company to submit a plan to address ACTO’s concerns directly to ICANN by April 21.
From that point, it could go either way. ICANN might approve the .amazon application, reject it, or push it back to Amazon for further work.
But .amazon may not necessarily be on the home straight yet. A straightforward approval or rejection will very likely provoke howls of anguish, and further appeals action, from the losing side.
.music update: I’m calling it for Costa
Amazon has pulled out of the fight for the .music gTLD, and I’m ready to call the race.
In full knowledge that this could be my “Dewey Defeats Truman” moment, it seems to me the balance of evidence right now is strongly pointing to a win for DotMusic over sole remaining rival bidder MMX.
The contention set originally had eight applicants, but six — Google, Donuts, Radix, Far Further, Domain Venture Partners and last night Amazon — have withdrawn over the last week or so.
This is a sure sign that the battle is over, and that the rights to .music have been auctioned off.
The two remaining applicants yet to withdraw are DotMusic Ltd, the Cyprus-based company founded and managed by music enthusiast and entrepreneur Constantinos Roussos, and Entertainment Names Inc, a joint venture managed by MMX (aka Minds + Machines).
One of them will withdraw its application soon, and my money’s on MMX.
Neither company will talk to me about the result.
But, as I observed Monday, DotMusic has recently substantially revamped its web site, and appears to be accepting “pre-registrations” for .music domains. These are not the actions of a loser.
MMX, on the other hand, has never shared Roussos’ public enthusiasm for .music and has never been particularly enthusiastic about winning private gTLD auctions, usually preferring instead to enjoy the proceeds of losing.
There are only two wildcard factors at play here that may soon make me look foolish.
First, the joint venture partner for Entertainment Names is an unknown quantity. Its two directors, listed in its .music application, are a pair of Hollywood entertainment lawyers with no previous strong connection to the ICANN ecosystem. I’ve no idea what their agenda is.
Second, MMX did not mention .music once in the “Post Period Highlights” of its recently filed 2018 financial results statement. It did mention the resolution of the .gay and .cpa contention sets, but not .music.
That filing came out April 3, at least a few days after the contention set had been won, but I’m assuming that the tight timing and/or non-disclosure agreements are probably to blame for the lack of a mention for .music.
So, on balance, I’m calling it for Roussos.
With a bit of luck we’ll have confirmation and maybe a bit of detail about potential launch dates before the week is out.
Recent Comments