Just recently, Bluesky—the decentralized social network running on an open protocol called AT Protocol—announced that as a mechanism for supporting its business financially, it will directly sell domain names as handles for its users. The sales will be processed through an Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrar, called Namecheap. Currently, the handles on social media platforms are internal handles and not independent domain names. As I will explain, using domain names as handles on social media networks might create a change in digital trust and safety landscape.

ICANN, Registries and Registrars

ICANN is the organization that globally coordinates the policies related to allocation of top-level domain names such as Alice.LOL and Farzaneh.TEAM. It sets some high-level policies regarding domain name allocation, and through contractual agreements with registries (the operators of .LOL) and registrars (the operators of EXAMPLE.LOL), ICANN governs these entities globally. The registry operators can also assert some control over registrars and impose extra governance criteria on them.

Understanding this detail is important to comprehend how the governance of Bluesky handles could be affected in the future and what the positive and negative aspects are. Domain name registries and registrars have had interesting governance stories, albeit scarce. For example, NTIA and Neustar (the registry for .US) had a policy of using the Pacifica list of seven words to police domain name registrations. NTIA and Neustar canceled someone’s domain name that had one of the seven words in it. Despite the fact that they overturned their decision, it took some time to 1) find what the policy based on which they canceled the domain was 2) argue against having a Pacifica list policy. Therefore, theoretically, if someone has a problematic word in the handle, the handle could be removed because of that specific registry’s policies.

The contractual agreement between Namecheap and Bluesky

It is not clear what sort of contractual agreement exists between Namecheap and Bluesky, but usually registrars also have “resellers.” Thus, the hierarchical structure looks this way: ICANN imposes certain contractual obligations on registries and registrars. Registries can also impose some other contractual obligations, and registrars can impose some more contractual obligations on their resellers. Registrars are also obliged to enforce ICANN policies on resellers. We don’t know the exact nature of the contractual relationship between Namecheap and Bluesky, but it could be the reseller relationship.

Trust and safety at Bluesky and the new trust and safety wardens?

Seems like Bluesky is going to have its own trust and safety and abuse policies, but as I explain below, it might be a hybrid between registries’ policies, registrars’ policies and Bluesky’s own internal policies.

Namecheap will have a very pronounced role in governing Bluesky users’ behavior for those who used Namecheap as their provider for their handle. We know that the Bluesky domain name registrants have to follow the registration agreement (acceptable use). Namecheap transparently mentions what those processes are. However, some policies are not very detailed. For example, it does not mention how it decides on whether a certain handle is involved with terrorist activities or promoting terrorist activities. It simply states: “Abuse Reports stand for any other inappropriate content, including but not limited to: identity theft, unauthorized redirect/frame/IP pointing, defamation, terrorism propaganda, HYIP, warez, etc.” It has more elaborate policies on copyright infringements.

It is very possible that Namecheap will get involved with “trust and safety” and content issues on Bluesky, Intellectual Property rights infringement disputes. Bluesky might have inadvertently outsourced some of its trust and safety functions to Namecheap.

This might go beyond Namecheap and involve other registries and registrars. At the moment, Bluesky allows for users to have their domains as their handles and they do not have to be registered at Namecheap. They can have a totally different registrar, in a different jurisdiction, with a different set of rules. But maybe since there is no contractual relationship between Bluesky and other registrars, they take little action.

What would be the role of registries?

The registries sometimes have their own internal content governance policies, which they impose on the registrars that register domain names or directly on the registered name holder. This is especially the case if they operate newer names (such as .LOL as opposed to .COM) since they might have a direct relationship with the domain name registrant. For example, UNIREGISTRY(section VI) requires .SEXY domain name holders not permit unsuitable content for viewing by a minor to be viewed from the main top-level directory (content that is immediately visible if a user navigates the domain name. In another case, for domain names ending in .HIV denies the existence of HIV, the registry reserves the right to delete the domain name (to be clear, many other registries have similar policies, I am just trying to give examples that can make the issue more tangible).

And what’s the role of ICANN?

Hopefully, ICANN will have no role in this. We have worked long and hard to keep ICANN away from content regulation. It should remain that way. We certainly do not want ICANN to moderate and govern online behavior. However, when it comes to the domain name registrants’ privacy or issues of Domain Name System abuse (that are purely technical), ICANN will have some role to play as it governs the registries and registrars about those aspects.

What does this mean for the governance of the handles and behavior of the users and users’ access?

This might actually be a good deal for a decentralized Internet. It could improve authentication and interoperability, and bring discussion of domain names back to the public discourse.. It could also potentially decentralize trust and safety as the decision-making power on trust and safety and other issues will be redistributed. However, the registrars’ involvement with “handle” governance on social media platforms could cause a lot of problems including: 1)(if Bluesky scales) some registrars are not ready for coping with a high volume of complaints that are common on social media platforms. 2) domain name deletion and disabling domain names could be less proportionate than other methods. For example, there could be sub-domains that engage with legal activities that could be affected if the domain name is deleted because of the violation of respective policies. 3) access to domain names that could be brought up in this case as well. Sometimes due to economic sanctions, registrars confiscate or delete domain names. So if using domains as social network handles takes off, sanctions might even affect access to those handles. Some registrars over-comply with sanctions and do not allow for residents of a sanctioned country to register a domain name. In effect, ‌sanctions can spread more to social network governance and users as well.

These are some speculations since Bluesky has not yet amassed a large network of users. However, it would be worthwhile to monitor the issue as it relates to trust and safety at domain name level and the new roles and responsibilities that it could create for registries and registrars in digital trust and safety space.