Whois

Whois / Recently Commented

ICANN SSAD Proposal Poised to Fail?

After years of work on a proposed standardized system of WHOIS data disclosures (referred to as SSAD), and over a year of operational assessment of the proposal by ICANN itself, the ICANN Board seems poised to reject the proposal. And rightly so. The proposed SSAD is entirely watered down, fractured, and affords no oversight powers to ICANN regarding disclosure decisions that would continue to be left to the complete discretion of individual registrars (the very parties ICANN oversees).  more

ICANN, or ICAN’T or IWON’T?

We're halfway into ICANN71, and early interactions are posing questions about ICANN Org's capability to carry out its mission to maintain an orderly domain name system (DNS). Or, if that's not the case, ICANN leadership seems bent on a hands-off approach to its oversight responsibilities to the DNS. For years now - years - the ICANN community has raised the volume level about acute issues -- a workable Whois management and access system (including clearly delineated controllership)... more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

The Insult and Injury of the U.S. Government’s Failure to Enforce ICANN’s Contractual Obligation

Someone recently observed that many stakeholders have fallen victim to a "chilling effect" resulting from fear of retaliation by the rich and powerful bullies currently infecting the multistakeholder community, ICANN, and Internet governance. I related to what I was hearing because I've been personally targeted and libelously attacked and it is deeply dismaying enough having to worry about threats to revenue and reputation along with other harmful effects of such thuggery. more

Is ICANN Running a Racket?

On March 13, 2019, I published an article on CircleID, Portrait of a Single-Character Domain Name, that explored the proposed release and auction of o.com, a single-character .com domain name that was registered in 1993 and assigned to the Internet Assigned Numbers Authority (IANA) by Dr. Jon Postel. Although the National Telecommunications and Information Administration (NTIA) has since raised serious objections... more

What Are the Connected Assets of Confirmed Fake FBI Domains?

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more

WHOIS Record Redaction and GDPR: What’s the Evolution Post-2018?

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more

The Netizen’s Guide to Reboot the Root (Part I)

In the world of ICANN and Internet policy, complexity is manufactured to create an illusion that issues are impenetrably technical such that normal and everyday principles can't apply. This causes a pervasive and entrenched phenomenon of eyes that glaze over at the mere mention of the word "ICANN" -- including those of government regulators and other officials that might otherwise take more of an active interest. more

More Warning Shots for ICANN, or the End of the Road?

Last fall, I wrote about ICANN's failed effort to achieve its goal of preserving the Whois domain name registration directory to the fullest extent possible. I predicted that if the policy effort failed, governments would take up the legislative pen in order to fulfill the long-ignored needs of those combating domain name system harms. That forecast has now come true through significant regulatory actions in the United States and the European Union in the form of a proposed directive from the European Commission (EC) and instruction from the US Congress to the National Telecommunications and Information Administration (NTIA). more

.com Is A Clear and Present Danger to Online Safety

"The Internet is the real world now." This assessment was offered by Protocol, a technology industry news site, following the very real violence on Capitol Hill during the counting of the electoral college votes that officially determines the next president of the United States. The media outlet went on to say that, "[t]he only difference is, you can do more things and reach more people online -- with truth and with lies -- than you can in the real world." more

A Brief Look at the Domain Attack Surface of Streaming Media Companies

The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more

Phishing 2020: A Concentrated Dose of Badness

How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more

The Whois Wars Go On

There is a lot of discussion about the Expedited Policy Development Process (EPDP) Phase 2 report on evaluating a System for Standardized Access/Disclosure (SSAD) to non-public gTLD registration data after the decisions taken by the GNSO Council on September 24th. Notably, the Business Constituency (BC) and the Intellectual Property Constituency (IPC) have voted against the adoption of the Final Report of the EPDP team. more

A Failed Whois Policy

ICANN's two-year effort to purportedly preserve the Whois public directory to the greatest extent possible while complying with GDPR has failed. Under the latest proposal, the Whois database, once a contractually-required directory of domain name registrants, will be gutted to the point of virtual worthlessness, as registrars, registries, academics, and hand-wringing others ignored the public interest and imposed ever-higher barriers to legitimate, GDPR-compliant access to registration data. more

Too Little, Too Late? Why ICANN’s Proposed WHOIS Access System Isn’t Worth It

After two years of grueling, complex and contentious debate, the ICANN EPDP team delivered its Phase 2 Final Report on July 31st, 2020. Unfortunately, and disappointingly, the policy recommended for the so-called "System for Standardized Access/Disclosure" (SSAD) fails to meet the needs of the users it supposedly is designed to benefit. more

Industry Updates