Challenges in Measuring DNS Abuse

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more

SiteFinder Is Leaking Data

I just discovered that VeriSign's SiteFinder Web site is leaking data submitted in Web forms to its marketing analysis partner, Omniture. Forms can easily contain personal information such as an email address. For the problem to occur, a Web form must use the GET method. This data spill problem occurs if a Web page anywhere on the Internet submits a Web form to an action URL with a misspelled or expired domain name. Because of VeriSign's recent controversial changes to the DNS system, this form data is submitted to the SiteFinder Web site.  more

Security by Obscurity?

Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more

Iran’s Top-Level Domain Approved by ICANN, That is .IRAN in Non-Latin

Internet Corporation for Assigned Names and Numbers (ICANN) announced today its approval of non-Latin string evaluation of Iran. This approval will allow the availability of Iran's top-level domain in its own native language, Persian, also known as Farsi (that is, the domain name .IRAN, in non-Latin characters). According to ICANN, there are currently 33 requests for Internationalized Domain Names (IDN) country code Top-Level Domains (ccTLDs) representing 22 languages out of which 18 countries/territories have so far been approved. Other countries that have also successfully passed this string evaluation by ICANN include: India, Republic of Korea, Syrian Arab Republic and Singapore. more

The US Department of Commerce, the DNS Root, and ICANN

The recent announcement in eWeek titled "Feds Won't Let Go of Internet DNS" (slashdotted here) has some major internet policy implications. The short, careful wording appears to be more of a threat to ICANN than a power grab. In short, the US Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) announced that it was not going to stop overseeing ICANN's changes to the DNS root. ...Of course, they have done next to nothing to support DNSSEC or other proposal for securing the DNS, but it sounds reassuring. The last sentence shows that the Bush administration shares the Clinton administration's lack of understanding of how the internet should evolve... more

A Look at the Facebook Privacy Class Action (Beacon) Settlement

Facebook announced on Friday that it settled the class action challenging its "Beacon" advertising program. Net result? Facebook establishes a privacy foundation funded with $9.5 million (or what's left of this amount after attorneys' fees, costs, and class claims are deducted)... Beacon was an advertising program launched in November 2007 which (roughly speaking) allowed the transmission of purchase and consumer-related information between partner retailers, Facebook, and of course, your Facebook friends. I don't think many people have a sense of all of the contours of the program... more

NTIA Nixes Privacy Protection in Whois

Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast. more

“No Legal Basis for IANA Transition”: A Post-Mortem Analysis of Senate Committee Hearing

The recent hearing conducted by the US Senate Committee on Commerce, Science & Transportation on 'Preserving the Multi-stakeholder Model of Internet Governance' again showed that the Republican-controlled US Congress needs to act decisively to protect the status quo. The Senator Thune-led Committee convened the hearing on 25th February to look into the 'IANA Transition' and assess the level of preparedness of the non-governmental agencies that are handling the Internet Technical Management functions... more

An Extortionists Fire Sale of TikTok to a US Company Would Be Un-American and Futile

In the latest twist of the US-China spat, President Trump has his sights on TikTok, the short-form video-sharing platform and ByteDance subsidiary. On July 31, President Trump threatened to ban TikTok because it was a threat to US national security. On August 6, he made good on his threat when he signed an Executive Order to that effect. President Trump tightened the screws with an August 14 Executive Order requiring ByteDance to divest its assets in the US and destroy any TikTok data on its US users within 90 days. more

Hijacked IP Addresses

From time to time, a party can get out of control. Raucous celebration can become careless, even destructive. Combine a critical number of young people, a certain amount of beer and lots of music and damage often happens. Partygoers leave a mess behind them. The same thing happens to some IP addresses. Malicious actors use IP addresses properly registered to someone else. more

Exactly When Is ARIN Going to Run Out of IPv4 Addresses?

At the April 2013 ARIN meeting the inevitable question came up once more: "Exactly when is ARIN going to run out of IPv4 addresses?" Various dates have been proposed as an answer to this question, based on various methods of prediction. As the date is indeed getting closer, it may well be worth the time to review ARIN's situation, and make a few predictions here about the likely date when ARIN's exhausts its remaining pool of IPv4 addresses. more

Questioning Innovation: An Interview with Bob Parsons

In a press release issued Wednesday, March 03, 2004, Go Daddy Software, Inc., defended ICANN's right to regulate VeriSign's registry services and called for a formal review of the company's position as an "exclusive registry." This announcement from Go Daddy, which comes one week after VeriSign filed a lawsuit against ICANN, pledges $100,000 to ICANN for its defense of the VeriSign lawsuit. Go Daddy, which ranks among the top 3 largest domain name registrars in the world and one of VeriSign's largest customers, has also sent a letter to both the U.S. Department of Commerce (DOC) and the Internet Corporation for Assigned Names and Numbers (ICANN) strongly urging both groups to undertake a formal review of VeriSign's registry position.

In this special interview, CircleID has caught up with Bob Parsons, President and Founder of Go Daddy, where he provides in-depth discussions of Internet Innovation, ICANN, VeriSign's Global Registry Services, Top-Level Domains and the current legal battles. more

Best Approach for Appraising Domain Names

There are two types of domain name appraisers, designated here as type "1" and type "0," with the former being appraisers who rely on a scientific approach. A large number of domain owners use the services of type "0" -- the nonscientific -- or do the appraisal themselves. Approaches used by scientific appraisers include regression-type statistical modeling, discounted cash-flow analysis, and reliance on the Law of Large Numbers. This post looks at some of the typical erroneous arguments against taking a statistical approach and provides an example from law... more

Parsing Hype From Hope: Will ENUM Spark Changes In Telecom?

In the beginning there was silence; then, silence begat communication, and communication begat more communication and, ultimately, group communication formed and begat a primordial "network" of communication that gradually and inevitably increased in effectiveness and complexity: there were only signal fires at first but, then, there were cave drawings, carrier pigeons, shouting from hill-tops, smoke from fire, lines of cannon fire, the telegraph, Alexander Graham Bell, and, finally, the network of networks known as the Internet. But, is that it? Is there not something more impressive in its impact upon communication than the Internet? What more might one desire than the dynamic wonders of the Internet, you ask? Well, what about ENUM? "E-What!?" more

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

The new DNS service, called Quad9, is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. more