After two years of grueling, complex and contentious debate, the ICANN EPDP team delivered its Phase 2 Final Report on July 31st, 2020. Unfortunately, and disappointingly, the policy recommended for the so-called "System for Standardized Access/Disclosure" (SSAD) fails to meet the needs of the users it supposedly is designed to benefit. more
It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry. more
Public Interest Registry (PIR) announced the creation of the DNS Abuse Institute about two months ago as it believes that "every .ORG makes the world a better place" and "anything that gets in the way of that is a threat," notably in the form of Domain Name System (DNS) abuse. To show support for the initiative, WhoisXML API analyzed monthly typosquatting data feeds for December 2020, January 2021, and February 2021 to identify .ORG domain trends... more
The European Commission recently released technical input on ICANN's proposed GDPR-compliant WHOIS models that underscores the GDPR's "Accuracy" principle - making clear that reasonable steps should be taken to ensure the accuracy of any personal data obtained for WHOIS databases and that ICANN should be sure to incorporate this requirement in whatever model it adopts. Contracted parties concerned with GDPR compliance should take note. more
In 1905, philosopher George Santayana famously noted, "Those who cannot remember the past are condemned to repeat it." When past attempts to resolve a challenge have failed, it makes sense to consider different approaches even if they seem controversial or otherwise at odds with maintaining the status quo. Such is the case with the opportunity to make real progress in addressing the many functional issues associated with WHOIS. We need to think differently. more
On Wednesday 16 March the Serious Organised Crime Agency organised a meeting in London with the RIPE NCC. For the second time law enforcers from the whole world met with the RIPE NCC and RIPE community representatives to discuss cooperation. RIPE NCC staged several very interesting presentations that showed the LEAs the importance of the work done within RIPE and ARIN, the information RIPE NCC has and the relevance of all this to LEAs. Also issues were addressed that can potentially be harmful to future investigations. more
I have recently been a "victim" of the domain name tasting "scam". A domain name (.COM) which is related to me personally (and which was owned by someone else previously) expired and as I knew from Whois (which is another debate on its own) that the expiry date was coming up, I kept a watch on when it would become available so I could register it. To cut a long story short, it took me nearly 6 weeks to get the domain. Each time the domain dropped off the 5 day grace period (it is not really something that would generate ad revenue), it would be picked up by a different registrant... more
On Friday I was on a surprisingly interesting session at Rightscon 2018 in Toronto about GDPR and WHOIS. The panel consisted of Eleeza Agoopian from ICANN staff; Avri Doria who was recently appointed to the ICANN board; Elliot Noss who runs large registrar Tucows; Stephanie Perrin who has done a lot of privacy work for the Canadian government and as an ICANN volunteer, and me; Milt Mueller, who is now at Georgia Tech, moderated. more
ICANN's Generic Names Supporting Organisation (GNSO) has formed a working group to consider changes to the domain transfer process to enhance security and reduce hijacking. The working group consists of registrars, aftermarket players, domainers and other members of the ICANN Community. The group published its preliminary recommendations at the ICANN meeting in Brussels two weeks ago and the 20-day comment period has just begun. more
Recently ICANN published a report on inaccurate registration data in her own databases. Now the question is presented to the world how can we mitigate this problem? There seems to be a very easy solution. ... The question to this answer seems simple. To know who has registered with an organisation. This makes it possible to contact the registered person or organisation, to send bills and to discuss policy with the members. more
ICANN comment periods on policy proposals don't normally garner much attention. In the case of the current comment period on proxy/privacy services, however, things are very different. To date several thousand comments have been filed, while the topic of the policy proposals has received media attention across hundreds of outlets. more
It has been my distinct pleasure to serve on ICANN's Expert Working Group on gTLD Directory Services (EWG). We put in many long months and what seemed like countless hours of research, discussion, meetings, and deliberations on how to tackle a clean-slate approach to gTLD directory services, popularly known as "WHOIS". In our Final Report, the Expert Working Group (EWG) recommended a Registration Directory Service (RDS) to replace today's WHOIS, providing a next-generation system to better meet the needs of the evolving global Internet with greater accuracy, privacy, and accountability. more
Domain brand squatting can be defined as the unauthorized or dishonest use of a brand or company identifiers in domain names. It is often linked to the use of look-alike domains in bad faith, and we see it all the time. The threat actors behind these domains are called different names, though a prevalent one would be “typosquatters.” The Hot on the Trail of Compulsive Brand Squatters webinar showcased how these people are infiltrating the Internet. The first page of PhishTank’s valid phish search alone as of this writing tells us that domain brand squatting is a real and present danger. more
Muscle memory is a funny thing. We don't even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we've come to use WHOIS over the past two decades to get contact information for registered domain names. If you wanted to see who owned a domain, you'd simply do a WHOIS search. I've probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place. more
The compliance deadline for the European Union's General Data Protection Regulation (GDPR) is nearly upon us, the unveiling of a proposed model to bring WHOIS into compliance is said to come from ICANN next week, and everyone is scrambling to understand all that's involved. Implementation of a revised WHOIS model is clearly on the horizon, but what comes after may be the real story! Specifically, if WHOIS information becomes more than nominally restricted, what's the consequence to the data controllers (ICANN and the contracted parties) who implement this revised model? more
A World-Renowned Source for Internet Developments. Serving Since 2002.