Latest news of the domain name industry

Recent Posts

No excuses! PIR to pay for ALL registries to tackle child abuse

Kevin Murphy, February 6, 2024, Domain Registries

Public Interest Registry has announced that it will pay for all domain registries to receive alerts when child sexual abuse material shows up in their TLDs.

The non-profit .org operator said today that it will sponsor any registry — gTLD or ccTLD — that wants to sign up to receive the Domain Alerts service from the Internet Watch Foundation, the UK-based charity that tracks CSAM on the internet.

According to the IWF, only a dozen registries currently receive the service, PIR said.

“Our sponsorship will extend access to Domain Alerts to over a thousand TLDs at no cost enabling any interested registry to help prevent the display of criminal, abusive content on their domains,” the company said.

PIR didn’t say how much this is likely to cost it. IWF doesn’t publish its prices, but it seems only paying members usually receive the service. Its membership fees range from £1,000 ($1,259) to £90,000 ($113,372) a year, based on company size.

The partnership also means all registries will have free access to the IWF TLD Hopping List, which tracks CSAM “brands” as they move between TLDs whenever they are taken down by registries in a given jurisdiction.

IWF says that in 2022 it found 255,000 web pages hosting CSAM, spread across 5,416 domains. PIR says it has removed 5,700 instances of CSAM across its portfolio of TLDs over the last five years.

Identity Digital publishes treasure trove of abuse data

Kevin Murphy, October 3, 2022, Domain Registries

Identity Digital, the old Donuts, has started publishing quarterly reports containing a wealth of data on reported abuse and the actions it takes in response.

The data for the second quarter, released (pdf) at the weekend, shows that the registry receives thousands of reports and suspends hundreds of domains for DNS abuse, but the number of domains it takes down for copyright infringement is quite small.

ID said that it received 3,007 reports covering 3,816 unique domains in the quarter, almost 93% of which related to phishing. The company said the complaints amounted to 0.024% of its total registered domains.

Most cases were resolved by third parties such as the registrar, hosting provider, or registrant, but ID said it suspended (put on “protective hold”) 746 domains during the period. In only 11% of cases was no action taken.

The company’s hitherto opaque “Trusted Notifier” program, which allows the Motion Picture Association and Recording Industry Association of America to request takedowns of prolific piracy sites resulted in six domain suspensions, all as a result of MPA requests.

The Internet Watch Foundation, which has similar privileges, resulted in 26 domains being reported for child sexual abuse material. Three of these were suspended, and the remainder were “remediated” by the associated registrar, according to ID.

The report also breaks down how many requests for private Whois data the company received, and how it processed them. Again, the numbers are quite low. Of requests for data on 44 domains, 18 were tossed for incompleteness, 23 were refused, and only three resulted in data being handed over.

Perhaps surprisingly, only two of the requests related to intellectual property. The biggest category was people trying to buy the domain in question.

This is a pretty cool level of transparency from ID and it’ll be interesting to see if its rivals follow suit.

IWF finds 3,401 “commercial” child porn domains

Kevin Murphy, April 28, 2021, Domain Registries

The Internet Watch Foundation last year found child sexual abuse material on 3,401 domains that it says appeared to be commercial sites dedicated to distributing the illegal content.

The UK-based anti-CSAM group said in its annual report, published last week, that it found 5,590 domains containing such material in 2020, and 61% were “dedicated commercial sites… created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.”

That’s a 13% increase in domains over 2019, the report says. It compares to 1,991 domains in 2015.

IWF took action on 153,369 URLs containing CSAM last year, the report says.

For example, the TLD with the most CSAM abuse is of course .com, with 90,879 offending URLs in 2020, 59% of the total. That compares to 69,353 or 52% in 2019.

But because those 90,000 URLs may include, for example, pages on image-hosting sites that use .com domains, the number of unique .com domains being abused will be substantially lower.

Same goes for the other TLDs on the top 10 list — .net, .ru, .nz, .fr, .org, .al, .to, .xyz and .pw.

.co, .cc and .me were on the 2019 list but not the 2019 list, being replaced by .al, .org and .pw.

The most disturbing part of the report, which is stated twice, is the alarming claim that some TLDs exist purely to commercially distribute CSAM:

We’ve also seen a number of new TLDs being created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.

We first saw these new gTLDs being used by websites displaying child sexual abuse imagery in 2015. Many of these websites were dedicated to illegal imagery and the new gTLD had apparently been registered specifically for this purpose.

I can only assume that IWF is getting confused between a top-level domain and a second-level domain.

The alternative would be that the organization believes one or more TLD registries are purposefully catering primarily to commercial child pornographers, and for some reason it’s declining to do anything about it.

I’ve put in a request for clarification but not yet received a response.

IWF is funded by corporate donations from primarily technology companies. Pretty much every big domain registry is a donor. Verisign is a top-tier, £80,000+ donor. The others are all around the £5,000 to £10,000 mark.

UPDATE May 26: IWF has been in touch to clarify that it was in fact referring to SLDs, rather than TLDs, in its claims about dedicated commercial CSAM sites quoted above. It has corrected its report accordingly.

Criminal .uk suspensions down this year

Kevin Murphy, November 26, 2019, Domain Registries

Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.
The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.
That’s 0.22% of all .uk names, Nominet said.
As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.
The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.
Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.
The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.
There were no requests from the Internet Watch Foundation to take down child sexual abuse material.
Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.

These five TLDs contain 80% of all child abuse images

Online child abuse watchdog the Internet Watch Foundation has released its 2018 annual report, and it fingers the five TLDs that host four in five cases of child sexual abuse images and videos.
The TLDs in question are Verisign’s .com and .net, Neustar’s repurposed Colombian ccTLD .co, Russia’s .ru and Tonga’s .to.
IWF found the illegal content in 3,899 unique domains, up 3% from 2017’s 3,791 domains, in 151 different TLDs.
Despite the apparent concentration of illegal web pages in just five TLDs, it appears that this is largely due to the prevalence of image-hosting and file-sharing “cyberlocker” sites in these TLDs.
These are sites abused by the purveyors of this content, rather than being specifically dedicated to abuse.
It would be tricky for a registry to take action against such sites, as they have substantial non-abusive uses. It would be like taking down twitter.com whenever somebody tweets something illegal.
In terms of domains being registered specifically for the purpose of distributing child abuse material, the new gTLDs created since 2012 come off looking much worse.
IWF said that last year it found this material on 1,638 domains across 62 new gTLDs. That’s 42% of the total number of domains used to host such content, compared to new gTLDs’ single-figures overall market share.
The number of URLs (as opposed to domains) taken down in new gTLD web sites was up 17% to 5,847.
IWF has a service that alerts registries when child abuse material is found in their TLDs.
Its 2018 report can be found here (pdf).

Child abuse becoming big problem for new gTLDs

Kevin Murphy, April 18, 2018, Domain Policy

There were 3,791 domain names used to host child sexual abuse imagery in 2017, up 57%, according to the latest annual report from the Internet Watch Foundation.
While .com was the by far the worst TLD for such material in terms of URLs, over a quarter of the domains were registered in new gTLDs.
Abuse imagery was found on 78,589 URLs on 3,791 domains in 152 TLDs, the IWF said in its report.
.com accounted for 39,937 of these URLs, a little over half of the total, with .net, .org, .ru and .co also in the top five TLDs. Together they accounted for 85% of all the abuse URLs found. The 2016 top five TLDs included .se, .io and .cc.
New gTLDs accounted for a small portion of the abuse URLs — just over 5,000, up 221% on 2016 — but a disproportionate number of domains.
The number of new gTLD domains used for abuse content was 1,063, spread over 50 new gTLDs. Equivalent numbers were not available in the 2016 report and IWF does not break down which TLDs were most-abused.
According to Verisign’s Q4 Domain Name Industry Brief (pdf), new gTLDs account for just 6.2% of all existing domain names, and yet they account for over 28% of the domains where IWF found child abuse imagery.
IWF said that the increasing number of domains registered to host abuse imagery can be linked to what it calls “disguised websites”.
These are sites “where the child sexual abuse imagery will only be revealed to someone who has followed a pre-set digital pathway — to anyone else, they will be shown legal content.”
Presumably this means that registries and registrars spot-checking domains they have under management could be unaware of their true intended use.