Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Domain firms plan “Trusted Notifier” takedown rules
Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.
Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.
Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.
It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.
ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.
The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.
It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.
It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.
Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.
Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.
Locked-down .music could launch this year
One of the most heavily contested new gTLDs, .music, could launch this year after new registry DotMusic finally signed its Registry Agreement with ICANN.
The contract was signed over two years after DotMusic prevailed in an auction against Google, Amazon, Donuts, Radix, Far Further, Domain Venture Partners and MMX.
It seems the coronavirus pandemic, along with ICANN bureaucracy, was at least partly to blame for the long delay.
I speculated in April 2019 that .music could launch before year’s end, but this time DotMusic CEO Constantinos Roussos tells me a launch in 2021 is indeed a possibility.
The contract the company has signed with ICANN contains some of the most stringent restrictions, designed to protect intellectual property rights, of any I’ve seen.
First off, there’s going to be a Globally Protected Marks List, which reserves from registration the names of well-known music industry companies and organizations, and platinum-selling recording artists.
Second, registrants are going to have to apply for their domains, proving they are a member of one of the registry’s pre-approved “Music Community Member Organizations”, rather than simply enter their credit card and buy them.
DotMusic will verify both the email address and phone number of the registrant before approving applications.
There’s also going to be a unique dispute resolution process, a UDRP for copyright, administered by the National Arbitration Forum, called the .MUSIC Policy & Copyright Infringement Dispute Resolution Process (MPCIDRP).
Basically, any registrant found to be infringing .music’s content policies could be slung out.
The content policies cover intellectual property infringement as you’d expect, but they also appear to cover activities such as content scraping, a rule perhaps designed to capture those sites that aggregate links to infringing content without actually infringing themselves.
The registry is also going to ban second-level domains that have been used to infringe copyright in other TLDs, to prevent the kind of “TLD-hopping” outfits like The Pirate Bay have engaged in in the past.
In short, it’s going to be one of the least rock-n-roll TLDs out there.
Tightly controlled TLDs like this tend to be unpopular with registrars. Despite the incredibly strong string, my gut feeling is that .music is going to be quite a low-volume gTLD. There’s no word yet on pricing, but I’d err towards the higher end of the spectrum.
Pirate Bay founder says ICANN won’t let him be a registrar
Peter Sunde, co-founder of the controversial Pirate Bay file-sharing web service, says ICANN is unfairly refusing him a registrar accreditation and he’s not happy about it.
Sunde told DI at the weekend that his application for his new registrar, Sarek.fi, to obtain accreditation was recently denied after over 18 months on the grounds that he lied about his criminal convictions on his application form.
He denies this, saying that his crimes were not of the type ICANN vets for, and in any event they happened over a decade ago.
He thinks ICANN is scared about doing business with a disruptive and “annoying” “pain in the ass” with a history of criticizing the intellectual property industry.
Would-be registrars have to select “Yes” or “No” to the question of whether any officer or major shareholder of the company has:
within the past ten (10) years, has been convicted of a felony or of a misdemeanor related to financial activities, or has been judged by a court to have committed fraud or breach of fiduciary duty, or has been the subject of a judicial determination that is similar or related to any of these;
Sunde was convicted by a Swedish court of enabling copyright infringement via the Pirate Bay in 2009, and was sentenced to a year in prison — later reduced to eight months on appeal — and hundreds of thousands of dollars of fines.
The Pirate Bay was a web site that collected links to BitTorrent files, largely copyrighted movies and music.
Because he was not based in Sweden, Sunde avoided jail for several years despite an Interpol arrest warrant.
He eventually served five months of his sentence after being arrested in 2014.
He checked “No” on his registrar accreditation application form, on the basis that he had not been convicted of fraud or any of the other listed financial crimes, and certainly not within the last 10 years.
But ICANN took a broader interpretation, and refused him accreditation due to the Pirate Bay conviction and his Interpol status in 2014, he says.
Since then, the Org, including CEO Göran Marby (with whom he had a brief email exchange) have been ignoring his emails, he says.
Sarek.fi has already been accredited to sell ccTLD domains by the likes of Nominet, Verisign and Donuts, but ICANN’s rejection means the company won’t be able to sell gTLD names.
Sunde says he’s now faced with the likelihood of having to leave his own company in order to secure accrediation, though he’s not ruled out pursuing ICANN through its own appeals process.
He says he suspects ICANN just doesn’t want to do business with him due to his reputation as a disrupter. He’s attended ICANN meetings in the past but wants to get more involved in the policy process.
“it’s really a way for ICANN to make sure that an annoying person with media influence and with a dislike for centralised organisations and monopolies to be there to raise concerns — that they just proved valid,” he told DI in an email.
I take quite an offence to their denial. Not just on the basis of their interpretation of the law (copyright infringement is not fraud, i would have been convicted of fraud then…) Not just because it seems that it’s ok to be a murderer the past 10 years. Or a wife beater. Or a neonazi. These things that are a bit worse than being an internet activist, caring about the free and open internet. The biggest offence I take is to their obligation to the general public to have a broader membership than what they allow today.
Sarek.fi’s business model is to charge a flat fee above wholesale cost for every domain registered.
It’s Sunde’s second domain business. He launched Njalla, a Tucows reseller with a focus on protecting the privacy of registrants, in 2017.
Ethos promises to keep .org for many many many many years
Ethos Capital doesn’t plan to flip .org manager Public Interest Registry any time soon, according to its CEO.
Erik Brooks said that private equity firm Ethos, which intends to buy PIR from the Internet Society for over a billion dollars, plans to keep hold of the company for “many, many, many, many years”.
He was talking last night during a public conference call organized by NTEN, which also included the CEOs of ISOC and PIR, as well as critics from the Electronic Frontier Foundation, the the National Council of Nonprofits and the Irish chapter of ISOC.
The call was set up because many believe .org’s transition back into for-profit hands, coupled with its recently gained ability to raise prices arbitrarily, means .org’s non-profit registrants are in for a hard time as Ethos profit-takes.
While Brooks and chief purpose officer Nora Abusitta made all the right noises to settle such concerns, promising to not unreasonably raise prices and to stick with PIR’s commitment to non-profits, some participants remained skeptical.
Brooks said that his vision for Ethos, which he founded earlier this year, is “fundamentally broader and more expansive than traditional investing” where “success is defined as success for all participants, success for customers, employees, vendors, the community impacted by the company”.
PIR CEO Jon Nevett said he was initially concerned about the deal — which was negotiated between ISOC and Ethos without PIR’s participation — he is now “convinced that they’re here to do the right thing”.
He said that rather than funneling all of PIR’s spare .org reg cash to ISOC as happens currently, it will now be able to invest some of it in improving .org instead.
Brooks said he understand the community concerns about price increase.
“We are absolutely committed to staying within the spirit of how PIR has operated with the price system they have operated with before,” he said. That means 10% a year on average, as Ethos has stated before.
He added that “working on some mechanisms and some ideas that will give registrants more assurance” that this is just not PR spin, and that these will be communicated publicly over the coming weeks.
The fact that ICANN lifted the previous 10% contractual price cap just a few months before the deal was sealed did not factor into Ethos’ thinking, he said.
While what Ethos is describing is all well and good, there’s no telling what a future owner of PIR would do, should Ethos sell it or float it on the public markets.
That looked like a possibility, especially given that some say that Ethos is under-paying by a considerable margin for the registry.
But Brooks, asked what Ethos’ exit runway for PIR looked like, said that the company was committed to owning the registry “for an extraordinarily long period of time… dramatically outside the normal window of somebody owning a business… many, many, many, many years”.
Ethos’ own backers — which apparently include investment vehicles linked to Mitt Romney and the late Ross Perot — are on board with this long-term plan, he said.
So, assuming Brooks is a man of his word, .org registrants only have to look forward to price increases of no more than 10% a year for some time to come, which is kinda the situation they were in at the start of the year.
But not everyone is as trusting/gullible as me.
The EFF’s Mitch Stoltz, who was on the call, later published a blog post that seemed to shift gears somewhat away from pricing concerns towards the potential for future censorship of .org domains.
“Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases,” he wrote.
He alluded to that PIR had briefly toyed with the idea of a “UDRP for copyright” a few years ago, but had backed down under community pressure, something that he doesn’t believe Ethos would necessarily do.
Asked about the censorship issue by Stotlz during the call, Brooks said he had not given the issue a great deal of consideration but that he expected PIR’s practices on this kind of thing to continue on as they are today.
Criminal .uk suspensions down this year
Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.
The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.
That’s 0.22% of all .uk names, Nominet said.
As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.
The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.
Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.
The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.
There were no requests from the Internet Watch Foundation to take down child sexual abuse material.
Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.
Three big changes could be coming to .uk
Nominet wants to know what you thinking about three significant policy changes that could be implemented in the next year or so.
The .uk registry today published a consultation document covering two security-related changes and one related to expired domains.
First, Nominet wants to know if it should be allowed to preemptively block resolution on newly registered domains where it has “identified a high risk the domain will be used for phishing”.
It looks like more of a cosmetic policy change, given that the company is already blocking suspected phishing domains where the registrant fails to adequately verify their identity.
About 1,500 domains were blocked like this in the 12 months ending July 2019, Nominet says, on the basis of its Domain Watch program, which combines technical and manual oversight to identify phishy-looking names.
Second, Nominet want to know if it should display an standard informational web page when it blocks a domain on the basis of fraud, copyright infringement, and counterfeiting.
Currently, the company takes down tens of thousands of names every year on this basis, but the names are simply removed from the zone file and refuse to resolve.
Nominet’s friends in law enforcement reckon that allowing the the domains to instead resolve to a standard web page instead could help victims of fraudulent sites help with police investigations, and Nominet wants to know if you agree.
A side-effect of this would be that the names would remain in the zone, so we’d be able to see for the first time which names get suspended for fraud.
Third, Nominet wants to know whether it should start openly publishing drop-lists, the list of domains that have expired registrations and are about to become available.
This appears to be bad news for those registrars currently “excessively” pinging the registry to compile their own lists and get the jump on competitors when it comes to drop-catching valuable names for resale.
Nominet seems to want to see fewer dropped domains winding up in the hands of domainers, saying currently “not all dropping domains are registered and actively used by the new registrant, reducing the vibrancy of .UK domains”.
It’s proposing to give drop-lists just to registrars, or to publish them openly.
All three questions are open for comment until December 15.
Nominet takes down 32,000 domains for IP infringement
The number of .uk domains suspended by Nominet has doubled over the last year, almost entirely due to takedown requests concerning intellectual property.
The .uk registry said this week that it suspended 32,813 domains in the 12 months to October 31, up from 16,632 in the year-ago period.
It’s the fourth year in a row that the number of suspensions has more than doubled. In 2014, it was a paltry 948.
While Nominet has trusted notifier relationships with 10 law enforcement agencies, it’s the Police Intellectual Property Crimes Unit that is responsible for almost all of the takedown requests, 32,669 this year.
No court order or judicial review is required. Nominet simply carries out unspecified “administrative checks” then suspends the domain.
Only 114 domains did not make the cut this year, Nominet said, but that’s up considerably from 32 last year.
There’s an appeals mechanism that can be used by registrants to restore their domains, for example if they’ve removed the infringing content. It was used successfully 16 times in the year, up by one on last year.
The registry also reported that no domains were suspended due to its ban on incitement-to-rape domains, down from two last year, but that staff had to manually review 2,717 new registrations containing suspect strings.
US and EU call for Whois to stay alive
Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.
The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.
Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.
David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.
Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.
Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”
“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”
He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.
The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.
For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.
It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.
The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.
While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.
Two weeks ago it called for comments on three possible Whois models that could be used from May.
That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.
Big changes at DomainTools as privacy law looms
Regular users of DomainTools should expect significant changes to their service, possibly unwelcome, as the impact of incoming European Union privacy law begins to be felt.
Professional users such as domain investors are most likely to be impacted by the changes.
The company hopes to announce how its services will be rejiggered to comply with the General Data Protection Regulation in the next few weeks, probably in February, but CEO Tim Chen spoke to DI yesterday in general terms about the law’s possible impact.
“There will be changes to the levels of service we offer currently, especially to any users of DomainTools that are not enterprises,” Chen said.
GDPR governs how personal data on EU citizens is captured, shared and processed. It deals with issues such as customer consent, the length of time such data may be stored, and the purposes for which it may be processed.
Given that DomainTools’ entire business model is based on capturing domain registrants’ contact information without their explicit consent, then storing, processing and sharing that data indefinitely, it doesn’t take a genius to work out that the new law represents a possibly existential threat.
But while Chen says he’s “very concerned” about GDPR, he expects the use cases of his enterprise customers to be protected.
DomainTools no longer considers itself a Whois company, Chen said, it’s a security services company now. Only about 20% of its revenue now comes from the $99-a-month customers who pay to access services such as reverse Whois and historical Whois queries.
The rest comes from the 500-odd enterprise customers it has, which use the company’s data for purposes such as tracking down network abuse and intellectual property theft.
DomainTools is very much aligned here with the governments and IP lawyers that are pressing ICANN and European data protection authorities to come up with a way Whois data can still be made available for these “legitimate purposes”.
“We’re very focused on our most-important goal of making sure the cyber security and network security use cases for Whois data are represented in the final discussions on how this legislation is really going to land,” he said.
“There needs to be some level of access that is retained for uses that are very consistent with protecting the very constituents that this legislation is trying to protect from a privacy perspective,” he said.
The two big issues pressing on Chen’s mind from a GDPR perspective are the ability of the company to continue to aggregate Whois records from hundreds of TLDs and thousands of registrars, and its ability to continue to provide historical, archived Whois records — the company’s most-popular product after vanilla Whois..
These are both critical for customers responding to security issues or trying to hunt down serial cybersquatters and copyright infringers, Chen said.
“[Customers are] very concerned, because their ability to use this data as part of their incident response is critical, and the removal of the data from that process really does injure their ability to do their jobs,” he said.
How far these use cases will be protected under GDPR is still an open question, one largely to be determined by European DPAs, and DomainTools, like ICANN the rest of the domain industry, is still largely in discussion mode.
“Part of what we need to help DPAs understand is: how long is long enough?” Chen said. “Answering how long this data can be archived is very important.”
ICANN was recently advised by its lawyers to take its case for maintaining Whois in as recognizable form as possible to the DPAs and other European privacy bodies.
And governments, via the Governmental Advisory Committee, recently urged ICANN to continue to permit Whois access for “legitimate purposes”.
DomainTools is in a different position to most of the rest of the industry. In terms of its core service, it’s not a contracted party with ICANN, so perhaps will have to rely on hoping whatever the registries and registrars work out will also apply to its own offerings.
It’s also different in that it has no direct customer relationship with the registrants whose data it processes, nor does it have a contractual relationship with the companies that do have these customer relationships.
This could make the issue of consent — the right of registrant to have a say in how their data is processed and when it is deleted — tricky.
“We’re not in a position to get consent from domain owners to do what we do,” Chen said. “I think where we need to be more thoughtful is whether DomainTools needs to have a process where people can opt out of having their data processed.”
“When I think about consent, it’s not on the way in, because we just don’t have a way to do that, it’s allowing a way out… a mechanism where people can object to their data being processed,” he said.
How DomainTools’ non-enterprise customers and users will be affected should become clear when the company outlines its plans in the coming weeks.
But Chen suggested that most casual users should not see too much impact.
“The ability of anyone who has an interest in using Whois data, who needs it every now and then, for looking up a Whois record of a domain because they want to buy it as a domain investor for example, that should still be very possible after GDPR,” he said.
“I don’t think GDPR is aimed at individual, one-at-a-time use cases for data, I think it’s aimed at scalable abuse of the data for bad purposes,” he said.
“If you’re running a business in domain names and you need to get Whois at significant scale, and you need to evaluate that many domains for some reason, that’s where the impact may be,” he said.
Disclosure: I share a complimentary DomainTools account with several other domain industry bloggers.
EFF recommends against new gTLDs
The Electronic Frontier Foundation has recommended that domain registrants concerned about intellectual property “bullies” steer clear of new gTLDs.
The view is expressed in a new EFF report today that is particularly critical of policies in place at new gTLD portfolio registries Donuts and Radix.
The report (pdf) also expresses strong support for .onion, the pseudo-TLD available only to users of the Tor browser and routing network, which the EFF is a long-term supporter of.
The report makes TLD recommendations for “security against trademark bullies”, “security against identity theft and marketing”, “security against overseas speech regulators” and “security against copyright bullies”.
It notes that no one TLD is “best” on all counts, so presents a table explaining which TLD registries — a broad mix of the most popular gTLD and ccTLD registries — have which relevant policies.
For those afraid of trademark “bullies”, the EFF recommends against 2012-round new gTLDs on the basis that they all have the Uniform Rapid Suspension service. It singles out Donuts for special concern due to its Domain Protected Marks List, which adds an extra layer of protection for trademark owners.
On copyright, the report singles out Donuts and Radix for their respective “trusted notifier” schemes, which give the movie and music industries a hotline to report large-scale piracy web sites.
These are both well-known EFF positions that the organization has expressed in previous publications.
On the other two issues, the report recommends examining ccTLDs for those which don’t have to kowtow to local government speech regulations or publicly accessible Whois policies.
In each of the four areas of concern, the report suggests taking a look at .onion, while acknowledging that the pseudo-gTLD would be a poor choice if you actually want people to be able to easily access your web site.
While the opinions expressed in the report may not be surprising, the research that has gone into comparing the policies of 40-odd TLD registries covering hundreds of TLDs appears on the face of it to be solid and possibly the report’s biggest draw.
You can read it here (pdf).
Recent Comments