I just discovered that VeriSign's SiteFinder Web site is leaking data submitted in Web forms to its marketing analysis partner, Omniture. Forms can easily contain personal information such as an email address. For the problem to occur, a Web form must use the GET method. This data spill problem occurs if a Web page anywhere on the Internet submits a Web form to an action URL with a misspelled or expired domain name. Because of VeriSign's recent controversial changes to the DNS system, this form data is submitted to the SiteFinder Web site. more
It is openly admitted , in the same Implementation PDF file, that all accesses to the Site Finder service are monitored and archived. A further worry for users is the privacy policy and terms of service posted on the Site Finder service. Not only does the simple act of mistyping a URL implicitly cause you, the end user, to accept VeriSign's Terms of Service and Privacy Policy without the chance to review and accept or decline either, but critical information as described above is not disclosed in either policy (as of this writing). The Privacy Policy clearly states... more
It looks as if ICANN is going to require applicants for new TLDs to agree (in advance) not to negotiate a changed contract with ICANN. We agree that streamlining the process is in everyone's interest. Along those lines, we are proposing a substantially thinner contract that ICANN and new registries could use. Existing registries should also be allowed to sign up to this contract, if they wish. more
Two controversial issues which were on the agenda of the Montreal ICANN meetings creating some irritation: the way of planning to create a country code support organization (ccNSO), and the discussions around the purpose and operation of WHOIS – the database of registrants of domains. Without going into the history of the ccTLDs withdrawing from their former role within the DNSO and moving towards a self organized structure, there is an obvious conflict revolving around the term... more
The Internet Corporation for Assigned Names and Numbers (ICANN) concluded its Montreal meeting with a landmark agreement that cements the relationship between ICANN and the worldwide community of country-code top-level domain registries. "Today's agreement represents both a historic achievement for the ICANN process, and a powerful vote of confidence in the newly reformed ICANN 2.0," said Paul Twomey, ICANN's president and CEO.
Finalizing four years of dialogue and negotiation, the creation of the Country-Code Names Supporting Organization (ccNSO) heralds a new era of cooperative and productive relations among ICANN and the country-code domain registries. The structure and rules for ICANN's new ccNSO were endorsed by domain registry organizations and individual managers representing every region and populated continent. "Today's agreement is a testament to how ICANN is seen as a forum the international Top Level Domain administrators can come together and jointly address issues," said Twomey. more
John LoGalbo - a "law enforcement" type - is complaining how long it takes him to issue a subpoena. My thought is this: Why should our privacy suffer because his organization can't get its procedural act together?
I am incensed - he is simply stating a conclusion that his targets are "criminals" and that, to go after them, he wants to throw away all legal processes and procedures - so much for the fourth, fifth, sixth, and fourteenth amendments. more
I'm going to try something new here. I'm sitting here at the ICANN meeting on whois and I'll try to jot down some of my thoughts as they occur to me in reaction to what is being said:
- What is the "purpose" of whois? When a person acquires a domain name he/she has a decision to make: whether he/she will give the vendor/registrar his/her personal information? (If not, the person might have to forego getting the name, but that's his/her choice.) It seems that that is the context in which we need to evaluate the "purpose" of whois. In other words, the person relinquishes the information for the purpose of acquiring a domain name and not the broad panopoly of uses that have grown around whois. more
John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more
Brownian motion is the ceaseless random movement of particles suspended in a warm fluid. The particles move because they are buffeted by random collisions with molecules and atoms speeding this way and that under the impetus of heat. The greater the heat, the greater the motion. But no matter how much motion and how much heat, Brownian motion brings no progress.
Today I learned from Bret Fausett's ICANN Blog that ICANN has just published its Sixth Status Report Under ICANN/US Government Memorandum of Understanding, dated March 31, 2003. This report is subtitled "Report by ICANN to United States Department of Commerce Re: Progress Toward Objectives of Memorandum of Understanding" (emphasis added.) more
Various people whose judgment I value [M. Mueller, B. Fausett] have suggested that ICANN/IANA may finally get to the issue of privacy.
The ICANN Board is establishing a "President's Standing Committee on Privacy" (why the committee is possessed by ICANN's "president" and not the Board is something we can deal with at another time and another place.)
Privacy is a hard question. It is a matter that pervades all aspects of information handling. It would be entirely inappropriate, and ultimately futile, to try to deal with privacy as an after-the-fact adjustment to the existing DNS Whois system. It is necessary to examine the most fundamental questions -- such as what reasons, if any, justify there being a Whois database at all. more
Although, undoubtedly, it is disappointing, it is not surprising that after four years of experimenting with Internet governance, the first corporate entity to take on the ambitious task -- the Internet Corporation for Assigned Names and Numbers (ICANN) -- has not achieved the legitimacy of a global consensus-based manager of the Internet's domain name system. Simson Garfinkel explains, in his insightful piece in the March 2003 issue of Technology Review, that it has become conventional wisdom that "ICANN serves as a model for systematically shutting the public out" of its policy making activities. It should go without further explanation that the ICANN model is a particularly bad governance model, if consensus-building is supposed to be the corporation's linchpin of legitimacy. Among a few other concerns, ICANN, unmistakably, suffers from power-sharing phobia. more
What happens if ICANN fails? Who will run the DNS then?
Of course to many, ICANN already has failed -- spectacularly so. Critics have long complained that ICANN not only lacks accountability and legitimacy, but also that it is inefficient (at best) and downright destructive (at worst). According to these critics, ICANN's many sins include threatening the stability of the Internet, limiting access by imposing an artificial domain name scarcity, and generally behaving like a petulant dictator. more
The Whois Task Force of the Domain Name Supporting Organization (DNSO) has been consulting with registrars over the past few months on the Whois accuracy issue for law enforcement. The Task Force has enumerated three primary areas of interest: accuracy, uniformity, and better searching capabilities. When the registrars met with the Task Force in Shanghai, a fourth area of interest was also brought forward and advocated by many of the registrars at the meeting as paramount to the other three areas. This fourth area of interest was privacy. more
Suppose you wanted to know who operates a website at a given domain name. Perhaps you suspect that the domain name is pointing to a website that offers illegal content, or you may just want to send a comment to its authors. Conveniently, the Internet provides a so-called "WHOIS" system that ordinarily provides contact information for each registered domain. But in the case of many hundreds of thousands of domains, the WHOIS data just isn't accurate. more
On October 28, as ICANN met in Shanghai, China for its regular board meeting, ICANN at Large held a lengthy meeting to address user concerns, particularly the disenfranchisement of the At-Large by ICANN, and the At-Large's self-organizing in response. The meeting was chaired by YJ Park, one of our Executive Panel Members, and was well attended. Attendees included ... more