Internet Governance: Analogue Solutions to Digital Problems

This is an overview of the booklet, "Internet Governance: Issues, Actors and Divides," recently published by DiploFoundation and the Global Knowledge Partnership. "Internet Governance is not a simple subject. Although it deals with a major symbol of the DIGITAL world, it cannot be handled with a digital - binary logic of true/false and good/bad. Instead, the subject's many subtleties and shades of meaning and perception require an ANALOGUE approach, covering a continuum of options and compromises." Update: This article was reposted with additional information and a new title.

History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium."

CENTR Statement on IDN Homograph Attacks

Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental...

Whither WGIG?

Now, I don't like the word "whither" any more than you do. But this Reuters article was circulating yesterday and it seemed to call for a "whither." It's a short story, so let's do a close reading. "A U.N.-sponsored panel aims to settle a long-running tug of war for control of the Internet by July and propose solutions to problems such as cyber crime and email spam, panel leaders said on Monday." We're going to decide what "internet governance" is by July?

Domain Name Dispute Cases Increased by 6.6% in 2004

In its February 18, 2005 press release, WIPO has reported filing an average of 3.4 UDRP and UDRP-based cases per calendar day in 2004, bringing the total number of cases received in 2004 to 1,179 -- an increase of 79 cases (or 6.6%) as compared to 2003. Also mentioned in the report is a 37 percent increase in ccTLDs cases over the previous year. Listed below are a number of additional facts and figures reported...

Spam Volume Redux

Several anti-spam companies talk about spam volumes in terms of a percentage of all inbound mail. Outsourced anti-spam services such as BlackSpider and Postini are currently quoting spam volumes in the 70%-85% range, having steadily grown over the last two+ years. That's nice, but it's actually hard to grasp what that means in absolute terms.

IDN Spoofing Solutions With Balance

Last week's tizzy about IDN (Internationalized Domain Name) spoofing was an interesting exercise in watching how people react to the unknown. The nearly-universal response to the problem that had been described in detail many years ago was "turn off IDNs" instead of "assume that the people who created IDNs knew about this, so let's do some research." The following is based on my thoughts this week. For those of you who are not familiar with my earlier work, I'm one of the authors of the IDN standards...

Controlling Cyber Dissidents?

Blogging is not only a well-established element of pop culture, it has become a tremendously influential communications mechanism. As early as March 2002, an article in Wired discussed the blogging "revolution" and declared that blogging "could be to words what Napster was to music - except this time, it'll really work."

NTIA Nixes Privacy Protection in Whois

Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast.

IDN and Homographs Spoofing

There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..."