Privacy Commissioner Finds Facebook Violating Canadian Privacy Law

The Office of the Privacy Commissioner of Canada has released its long-awaited finding in the complaint against Facebook on a variety of privacy grounds. The complaint was launched by CIPPIC in May 2008 (note that I am an advisor to CIPPIC but had no involvement in this complaint). The case marks an important step in assessing how Canadian privacy law addresses social media with the Commissioner identifying some significant concerns. Moreover, as the case potentially heads to court, it will be closely watched to see whether the findings can be enforced against a global social media power like Facebook. more

CircleID’s Top Ten Posts of 2011

Here are the top ten most popular news, blogs, and industry updates featured on CircleID in 2011 based on the overall readership of the posts for the year. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2012. Happy New Year! more

Maintaining Security and Stability in the Internet Ecosystem

DDoS attacks, phishing scams and malware. We battle these dark forces every day - and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack. That's why we as an industry need to come together and share best practices - at the ICANN community, at the IETF and elsewhere - so collectively we are ready for the future. more

DNSSEC Deployment Among ISPs: The Why, How, and What

It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more

Global Paradigms We Relied Upon Were Destroyed Overnight - How Prepared Are You for New Realities?

Unprecedented new Political and Cyber Security Threats are happening at a scale that has never been witnessed before. These threats are large and malicious enough to take down nuclear programs, render oil refineries inoperable, and take billion-dollar websites offline (not to mention smaller ones). Recent events confirm that NO ONE IS IMMUNE. Despite the obvious warning signs, Internet business stakeholders the world over continue to act as if nothing has changed, and seem unaware that global paradigms have undergone a seismic shift almost overnight. more

Black Frog: Next Generation Botnet, No Generation Spam Fighting

Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more

CNN Spam Outbreak Quickly Morphing Into a New Breed

This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more

New gTLDs, Last-Minute End-Arounds, and Fundamental Fairness

The ICANN community is ever closer to realization of its goal to bring long-overdue consumer choice and competition to Internet naming. Regrettably, but perhaps predictably, reliance on the Final Applicant Guidebook (AGB) is being challenged at the last minute by recent proposals from the Business and Intellectual Property Constituencies (BC/IPC), which demand "improvements" to the already extensive trademark protections that will be part of the new gTLD landscape. more

Making DKIM More Useful with Domain Assurance Email

The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from fred@furble.net, the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in... more

ICANN Asks U.S. Federal Trade Commission Whether .SUCK is Violating Any Laws

Allen Grogan, ICANN's Chief Contract Compliance Officer, has written a blog post today concerning a formal letter it has received asking the agency to halt the rollout of .SUCKS, a new gTLD operated by Vox Populi Registry Inc. As it stands, a ruling against Vox Populi by ICANN could result in federal prosecution or other legal action, according to ICANN officials. more

Confirmed: Bill Clinton to Address ICANN Meeting in SF

A personal source close to Bill Clinton has confirmed to us that the former president will give the keynote speech ICANN meeting in San Francisco March 14-18. The meeting promises to produce far more electricity than sleepy NGO-lawyer-techie-academic-lobbyist ICANN attendees are used to. more

Report from UN Spam Meeting in Geneva

The International Telecommunication Union (ITU), held an ITU WSIS Thematic Meeting on Countering Spam from 7 to 9 July 2004, in Geneva, Switzerland. The meeting was focused around various topics including: Scope of the problem, Technical solutions, Consumer protection and awareness, Legislation and enforcement, and International cooperation. The following is a report by William J. Drake, Senior Associate International Centre for Trade and Sustainable Development in Geneva. more

DNS Level Action to Address Abuses: New Tools for DNS Operators and Legislators

The ways in which the Internet is embedded in our daily lives are too varied and numerous to catalogue. The Internet delivers information, access to goods, services, education, banking, social interaction and, increasingly, work space. The global pandemic has only heightened our dependence on the online world, which is why efforts to ensure that the Internet remains a trusted and secure environment are more important than ever. more

Running DNSBLs in an IPv6 World

DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. more

Is Whois Data Accuracy Enough?

The Whois Task Force of the Domain Name Supporting Organization (DNSO) has been consulting with registrars over the past few months on the Whois accuracy issue for law enforcement. The Task Force has enumerated three primary areas of interest: accuracy, uniformity, and better searching capabilities. When the registrars met with the Task Force in Shanghai, a fourth area of interest was also brought forward and advocated by many of the registrars at the meeting as paramount to the other three areas. This fourth area of interest was privacy. more