Universal Acceptance – Making the Internet Work for Everyone

Back in 2014, to foster innovation and to better the choice in domain names, ICANN introduced new generic top-level domains through its New gTLD Program. It was a monumental move that enabled businesses, individuals, and communities across the globe to mark their presence on the Internet. Allowing users to be present digitally in their chosen language (non-ASCII characters and scripts) gave opportunities to local businesses, civil societies, and governments to better serve their communities. more

Domain Name Proxy Service Not Inherently Evil

In the recent court decision of CyBerCorp Holding v. Allman case, although the registrant of the domain name 'cybertraderlive.com' did lose the Uniform Domain Name Dispute Resolution Policy (UDRP) case and was found to have acted in bad faith (having been a former customer of complainant), the decision is noteworthy as it finds that registrant's use of proxy service to keep contact information private, in and of itself is not evidence of bad faith... more

Where Are the World’s Most Popular Websites Hosted?

As I do every day, I was perusing Twitter and came across a link for a Business Insider piece on the world's most popular websites by country. Two researchers used web traffic data from Alexa to visually display each country's most visited website. It's an interesting read... But I couldn't help but wonder what the most popular website based in each country was. So, I put the Dyn research team to work and they came up with a comprehensive list. more

Why Can’t We Make the Internet Secure?

In a discussion about a recent denial of service attack against Twitter, someone asked, "Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?" Sure, but you're not going to like it. The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved... more

IP Addresses and Personally Identifiable Information

I don't normally cheer for Google when I don't own shares in the company, but this time I will make an exception. Alma Whitten, Software Engineer at Google, today posted to their Public Policy Blog that IP addresses shouldn't be considered Personally Identifiable Information (PII). This is not a problem in the United States but it is in the EU, and if the EU actually were to legislate this it would most definitely affect Microsoft and Google's business functionality in the EU... more

Redux: European Parliament Proposes .kid Internet Domain

I ran into a Reuters headline today, which illustrated to me the pace at which some legislative bodies operate. Yes, this .kids idea is timely. It is an idea so good, that I remember multiple different bidders proposing it in the initial wave of new TLDs laid in front of ICANN back in 2000. The contenders all had fantastic presentations and capabilities, which I heard voiced in the Marina Del Rey ICANN meetings as the 44 initial proposals were culled into seventeen, and then into the seven... more

.eu Domain Name Contract Signed: Registration Could Begin in Six to Nine Months

The long awaited Service Concession Contract to operate the .eu registry was signed yesterday (Oct. 12). Now the European Commission will formally notify ICANN of the selected registry operator allowing official negotiations to commence between EURid and ICANN to have .eu put in the root. According to the press release, registrations could begin in six to nine months... more

Time to Renew .coop, .museum, and .aero ICANN

Way back in 2000-2001, ICANN approved a handful of new top level domains, and entered into agreements with their promoters. Three of the sponsored domains, are coming up for renewal next year, so they've sent in their renewal proposals. A sponsored domain is one that restricts who can register to members of a particular community, in this case respectively co-ops, museums, and the airline industry. Let's take a look and see how they're doing. more

HTTPS Web Hijacking Goes From Theory to Practice

I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more

Microsoft Choking Domain Parking Business Practices?

In a follow up to Microsoft's Strider URL Tracer tool released a few months ago, SecurityFocus is running an article which takes a closer look at how Microsoft's free Strider URL Tracer with Typo-Patrol is aimed at fighting typo-squatters and domain parking abuse. From the article: "In most cases, the typo domain is not even selling a product or service itself. The typo domain makes its money from syndicated advertising such as Google's AdSense program. The typo-squatter simply parks the domain and the only content on the site ends up being the ads served from a syndicated advertising program..." more

A New Privacy-Focused DNS Protocol Released Called Oblivious

Cloudflare and Apple, along with Fastly, on Tuesday announced a new proposed DNS standard that separates IP addresses from queries preventing an entity from seeing both at the same time. more

Road Warrior at Risk: The Dangers of Ad-Hoc Wireless Networking

Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. ...However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of. more

Cornucopia: A Radically Different Approach to TLDs

Much of the discussion about proposed TLDs centres around domain names as a form of classification: ".mobi" for mobile device content, ".kids" for child-safe content, language codes for language-specific content, ".museum" for museum-related entities, and so on. Notoriously little activity has been forthcoming in actually implementing these proposals, and the select few that have been allowed out into the world are, shall we say, a tad arbitrary. I'd like to engage in a little thought experiment where we abandon the "few TLDs with carefully chosen meanings" paradigm, and instead consider the benefits of a cornucopia of completely meaningless TLDs. more

The Non-Parity of the UDRP

The UDRP is obviously not working. Two websites, fundamentally the same (criticism at trademark.tld), two opposite decisions, both within weeks of each other! A Complainant (Biocryst Pharmaceuticals Inc) initiated a complaint to WIPO about one of my criticism websites (biocrystpharmaceuticals.com). The Panel found in my favour. Another Complainant (Eastman Chemical Inc) meanwhile made a complaint to NAF regarding another of my criticism websites (eastman-chemical.com). The Panel found against me. The two websites are fundamentally the same, both websites in criticism of the practices of the individual companies concerned... more

The Hack Back Bill in Congress is Better Than You’d Expect

Rep's Graves and Sinema recently introduced H.R. 4036, the catchily named Active Cyber Defense Certainty Act or ACDC act which creates some exceptions to criminal parts of computer crime laws. Lots of reports have decried "hack back" but if you read the bill, it's surprisingly well targeted. The first change is to what they call Attributional Technology, and says it's OK to put bait on your computer for an intruder intended to identify the intruder. more