Last minute geek

last minute tech news from around the net

You are here: English CircleID

CircleID

Domain Names Are Fading From User View

The internet has changed and evolved ever since it's ancestors first came to life in the late 1960's. Some technology fades away and is forgotten; other aspects continue but are overlaid, like geological sediments, so that they are now longer visible but are still present under the surface.

The Domain Name System — both the technology of DNS and the deployed naming hierarchy we all use — are among those aspects of the internet that, although they feel solid and immutable, are slowly changing underneath our feet.

Act I: In Which DNS Fades to Translucent Grey

Internet Domain Names had a good twenty-year run from the early days of the World Wide Web (1995) through 2015.

Some people made a lot of money through domain name speculation. Others made money by wallpapering Google Ad Sense advertisements over vacuous websites. And a busload of attorneys made a good living chasing down shysters trying to make a buck off of the trademarks of others.

And through its perceived control of domain name policy, ICANN grew into a ever-bloating, money absorbing bureaucracy worthy of Jonathan Swift.

But things are changing. The days of domain names as the center of internet policy and internet governance are ending. Domain name speculation will slowly become a quaint shadow of its former self.

What is driving these changes?

It is not that the Domain Name System (DNS) is becoming less important as a technical way of mapping structured names into various forms of records, most often records containing IP addresses.

Nor is the Domain Name System used less then heretofore.

Nor are the knights of intellectual property becoming any less enthusiastic about challenging every domain name that they feel does not pay adequate homage to the trademarks they are protecting.

And national governments continue to believe that domain names are the holy grail of levers they can use to impose their views of right and proper behavior onto the internet.

All of that remains. And it will remain.

What is happening to DNS is more subtle: Domain names are slowly becoming invisible.

For many years internet users could not avoid domain names. DNS names were highly visible. And domain names were everywhere. DNS names were part of e-mail addresses, DNS names were prominent parts of World Wide Web URLs, and DNS names that were based on words formed a rough, but useful, taxonomy of web content.

But the sea-level of internet technology is slowly rising. We now live in a world of web search engines. We now have personalized lists of "contacts". We now use a profusion of "apps". And we now spend much of our online lives inside walled gardens and social networks (such as Facebook, Twitter, or various games.)

Even in places where users formerly uttered or typed email-addresses (containing domain names) or web addresses, we now enter keystrokes or words that are used by user interface code to search for the thing we want and make suggestions.

For example, when I send an e-mail, I usually don't need to type more than two or three characters of the name of the desired recipient; for every keystroke the software goes to my contact list, does a search, and shows me the possible outcomes. Similarly, on web browsers the old "address bar" has become a place for the user to send search targets to a web search company. In both of these examples the user no longer really deals with domain names (even though in both of these examples there are domain names — sometimes visible, sometimes hidden — underneath the search results.)

In the world of Apps, games, and walled gardens there may not even be a way for a user to utter a domain name.

And if a user does mention a domain name it is frequently in the form of a shortened URL that has no resemblance to the actual domain name of the target resource.

You can confirm this by asking yourself: "When was last time I used a domain name while using Facebook or Twitter, or when playing my favorite game?" Few of us have ever used a domain name when giving an order to an Amazon Echo ("Alexa") or a Google Home ("OK Google").

Act II: DNS Remains, But Quietly Hovers In The Background

DNS is not being abandoned; the domain name system is as robust, powerful, and important today as it ever was.

However, DNS is being veiled. So that rather than being a central figure, visible to all, it does its job behind the scenes where few but internet operators and repair techs see it.

In days past, you or I may have gone to a web browser and entered a URL that looked like, http://upstairs-thermostat.myhouse.tld/. But today I use an Internet of Things device and say "Alexa, set the upstairs thermostat to 68 degrees."

Same activity, same request, same devices, but the domain name has gone away and been replaced with a more convenient handle.

I use the word "handle" quite intentionally. One of the aspects of the post-DNS internet is that names are becoming contextual. These new names often exist within the context of a particular person (as in a personal contact list) or a particular walled garden (such as Twitter).

Contextual names let us escape the rules and disputes — and costs — that came from the "globally unique identifier" view of the domain name system. You and I can each use the name "upstairs thermostat"; the context prevents collisions; the context differentiates between your "upstairs thermostat" and mine.

These new names will often be used on software that internally uses domain names to tie things together. There is no doubt that Twitter, for example, has lots of internal domain names. But those domain names have become merely internal gears and wheels, they have become as invisible as the pistons in the motor of a gasoline powered automobile.

The DNS system will remain as a means of using structured names — words connected by dots — to obtain various forms of records that can contain things as varied as IP addresses, geographic locations, e-mail exchange server lists, VoIP PBX locations, etc. But it will be software rather than humans that originates those structured names and uses the lookup results. That software may, and frequently will not, make those underlying structured DNS names, or the lookup results, visible to the human user.

The fading of domain names brings benefits.

Some troublesome things will begin to end.

Domain names will no longer be perceived as being particularly valuable ways to express semantically meaningful labels.

  • This will remove much of the energy that powered the DNS trademark wars that we have seen over the past twenty years. (But don't expect the trademark protection industry to give up their relentless effort to own even private, local uses of some names — that company in Atlanta will probably want to try to prevent people in their own homes from using the word "coke" to refer to any brown carbonated sugar drink other than their own.)
  • And it will also tend to de-energize marginal internet activities such as typosquatting in order to pick up advertising impressions or click dollars from people who accidentally mis-typed a domain name into a browser.
  • And it will obviate the need for most of the functions of ICANN.

Opportunities will arise for application-specific or community specific naming systems:

  • New names can be more descriptive of classes of possible targets rather than being tightly bound: You could, for example, say "ATM" and not be locked into ATMs operated by wellsfargo.com.
  • New names do not need to fit into the confined strictures of domain names.
  • New names need to be less like "names" and more like "descriptions" — more on that below.

Act III: There’s Still Gold In Internet Naming

The loss of domain names as baubles for speculation does not mean that entrepreneurs and Procrustean government bureaucrats must fold their tends and skulk away in to the night.

Even after DNS becomes merely an internal organ of the internet, there will be plenty of opportunities for fun and profit.

Companies that are presently operating as domain name registries and registrars, are well poised to capitalize on the new systems: they already have much of the customer and user facing "front office" infrastructure that will be required to service whatever naming systems may arise.

There are two broad areas in which internet naming will probably evolve: entity naming and describing.

Entity Naming

The need to attach names to specific things will be with us forever. And there will always be a need to turn names into some sort of concrete handle to those things. This will be, as it always has been, tied to the problems of figuring out where that thing is (i.e. its address) and how to get there (i.e. the route.)

One of the prime values of DNS as it exists today is that almost everybody voluntary chooses to use a single base root. So we have a global shared system that assures that all names attached to that root are unique.

That uniqueness is important, but it is not always necessary — sometimes people want a solid distributed name-to-record lookup system that is not dependent on a global root outside of their control. Sometimes people just want a private name space for some private purpose. DNS technology, as opposed to "the" domain name system, provides a useful tool for these purposes.

The name model of DNS is extremely useful, but it is simplistic: It is a hierarchy, represented by names separated by dots, that leads to sets of records that can contain various types of data. That simplicity has allowed DNS to be robust and reliable. But that same simplicity creates limits.

The world is evolving so that that simple model of names-to-records will become increasingly inadequate. I've written a couple of papers on this topic:

  • On Entity Associations In A Cloud Network – The argument made here is that as we move towards cloud based resources the simple mapping of DNS names to a relatively fixed set of answers is not sufficient to accommodate the motion, partitioning, and coalescing of cloud based computing and data resources.
  • Thoughts On Internet Naming Systems ‐ This presentation addresses certain presumed characteristics of domain names that are not necessarily true in practice and likely to become even less true in the future. For example, many of us tend to presume that DNS names will generate the same answers no matter who requests a DNS lookup. And all of us are increasingly aware that DNS names are not permanent, the underlying records, and sometimes even the DNS names themselves, sometimes change or even disappear.

And even though name-to-record look machinery such as DNS will remain valuable, it must evolve so that it can have greater security and consistency.

The larger area of future change lies in the area described by the first of the papers above — in the realm of lookups based on descriptions and attributions.

Attribute and Description Based Systems

Whether in real life or on the internet, often you want something that is a member of a class rather than a specific member of that class. You often just want "a Pepsi" rather than a specific bottle of that drink; you usually don't care which bottle for your needs, the various bottles are equivalent and interchangeable. A word for this is "fungible".

As is described in my paper On Entity Associations In A Cloud Network the internet is evolving so that there may be many resources that would satisfy any one of our (or our application's) needs. DNS is often not the best solution for this kind of resource search. Attribute and description based systems would be better, particularly if they had some leeway to find things that are "near" or "similar to" the description or attributes.

We are familiar with this kind of search. For example, web search engines, such as Google, try to show us web search results that locate the best or nearest solutions, not necessarily the perfect solution. And many apps on mobile devices aspire to discover resources based on their distance to your current location.

We can anticipate that use of this kind of thing will increase.

Descriptions and attributes can be self-published by devices and services as they are deployed (or as cloud entities split or coalesce) or they can be published by those who manage such devices or services. This publication could be in the form of simple ad hoc text, as is done for much that is on the web, or be formalized into machine-readable data structures in JSON or XML.

There is lots of room for innovation in this realm; and possibly lots of room to glue-on revenue producing machinery, much as Google did when it attached advertising to web searching.

Epilogue: The Internet Twenty Years Hence (2037)

Relatively few of us remember the internet as it was twenty years ago when the World Wide Web was just getting started. What will it look like twenty years in the future?

We can be sure that whatever it looks like to users, that there will be a lot of ancient machinery, such as DNS, lurking inside.

It is likely that human users will increasingly interact with computer and networks resources much as they interact with other humans — in ad hoc and informal ways. Humans are notoriously vague and ambiguous; that will not change in the future. This means that our computerized systems will have to become more human in the ways that they resolve that ambiguity into concrete results and actions. This, in turn, means that computerized systems will have to become more aware of context and use fewer "names" and more "descriptions" when trying to satisfy human requests.

The introduction of context into network naming will mean more opportunities for damage to human privacy. The tension between convenience and privacy will increase.

As the network world becomes more contextual, it will become harder to diagnose and isolate problems and failures.

Footnote: What Do We Do With An ICANN That Has Lost Most Of Its Purpose?

The vast bulk of ICANN's machinery and staff is present to support the domain name selling industry. As this paper indicates, we can anticipate that that industry will shrink and consolidate. And fights over domain names will fade as domain names lose their semantic weight or become hidden artifacts rarely seen by anyone except internet technicians.

The ICANN traveling circus of international meetings will become as interesting as a meeting about the future of Lotus 123.

ICANN's income stream will shrink; ICANN will no longer be able to support its grandiose office suites, staff, and hyperbolic procedures.

ICANN will have to retreat back to what it should have been in the first place — a technical coordinator, a source of operational service levels for DNS roots and TLD servers, and secretariat for protocol parameters such as DNSSEC keys and IP protocol numbers.

Written by Karl Auerbach, Chief Technical Officer at InterWorking Labs

Follow CircleID on Twitter

More under: DNS, Domain Names, ICANN, Web


Read all

NSA to Stop Collecting American Emails To and From Overseas

U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. Betsy Woodruff reporting in the Daily Beast writes: "The FISC ruling is expected to be publicized soon, and to indicate that the NSA has stopped using this surveillance tactic because it couldn't fully comply with procedures designed to protect Americans' constitutional rights. ... The surveillance tactic at issue is known as 'about' collection ... [that] lets the NSA store and read internet communications pertaining to foreign targets that move through American companies. 'About' collection is the process by which the NSA searches through those electronic communications it collects as they're in traffic in transit across the Internet backbone."

Follow CircleID on Twitter

More under: Privacy, Security


Read all

Commodifying Words and Letters in the .Com Space

Words (and by extension their constituent letters) are as free to utter and use as is the air sustaining life. No one owns them. There is no toll fee to be paid to dictionary makers who curate them. There are, however, two carve-outs from this public domain, namely words and letters businesses use as designations of origin for their marketplace presence, protected by trademark law; and words and letters arranged expressively by authors, protected by copyright law. The rights accruing to persons under these carve-outs — trademark more ancient than copyright (circa 1610) — have their roots in statutory and common law.

Another carve-out of more recent origin has emerged based on contract rather than legislation relating to the registration of domain names. The first to register words and letters as domain names essentially owns and controls them for the duration of their registrations, which could be unending with renewals. It will be recalled that when the Internet Corporation for Assigned Names and Numbers (ICANN) implemented the Uniform Domain Name Dispute Resolution Policy (UDRP) at the end of 1999, there were approximately 7 million domain names. Today there are over 340 million domain names; 142.7 million of which are country code domains, approximately 127 million are in the dot com space and New TLDs account for approximately 26 million. The precise current counts can be found on the Verisign website; counts from 1998 to 2009 can be found at http://www.zooknic.com/Domains/counts.html.

The question is, who is acquiring all of these domain names and for what purpose? There are two principal groups of registrants of domain names, namely commercial businesses (including mark owners) and domain name investors. Businesses acquire domain names to create or maintain a presence on the Internet corresponding to their presence in the actual marketplace. In the main, they register the domain names they need.

In contrast, domain investors (as distinguished from cybersquatters) from the nascent years and thereafter steadily expanding their business models have been active in vacuuming up every word in general and specialized dictionaries as well as registering strings of arbitrary characters that could also be acronyms. What they have done and the reason for doing it (and continue doing particularly in the dot com space) is summarized in Steve Forbes' 2007 press release (an age ago, but no less relevant), namely that the Internet had created a new market analogous to the market in real property: "Internet traffic and domains [he said] are the prime real estate of the 21st century. This market has matured, and individuals, brands, investors and organizations who do not grasp their importance or value are missing out on numerous levels."

This means (as investors see it) that domain names are not just addresses in cyberspace; they are "prime" properties. As the numbers of registered domain names held by domain investors have increased, the free pool of available words for new and emerging businesses has decreased. Put another way, there has been a steady diminution of the public domain of words and letters for use in the dot com space that corresponds in reverse to the increase in the number of registered domain names. This is not just anecdotal exaggeration.

The situation I'm describing for the dot com space is made explicit in Verisign v. against XYZ.com, 15-2526, pg. 9 (4th Cir. February 8, 2017). The evidence in that case indicated that "99% of all registrar searches today result in a 'domain taken' page." The Court noted further that "Verisign's own data shows that out of approximately two billion requests it receives each month to register a .com name, fewer than three million — less than one percent — actually are registered."

The mass acquisition of domain names (again, I'm referring in particular to the dot com space) has resulted in commodifying words and letters (in essence locking them up) for the purpose holding or using them for profit; in essence transforming them into merchandise. This is reflected in the booming market for domain names by auction and direct sales from "supermarkets" holding hundreds of thousands of domain names. The impact of this commodification is particularly felt by new and emerging businesses seeking corresponding domain names in the dot com space for the marks they wish to be known by. Where once words and letters were freely available from the word hoard of centuries, they are now locked up.

While the non-statutory diminution of the public domain is an extraordinary development, acquiring domain names speculatively or holding them for monetizing or merchandising is not unlawful. This is a core principle of the UDRP; and no less so under the statutory regime of the ACPA as long as there is no evidence of capitalizing on the mark. Businesses whose market presence postdate the registration of domain names that by happenstance correspond to their prospective or newly minted marks have no superior rights (and no actionable claim) unless the domain names are transferred to successor registrants who unwittingly use them in bad faith. I'll return to this in a moment. Whereas as original registrants are protected; successors can be exposed.

The observable experience is that domain investors (as original registrants) are careful to use their assets in such a manner that no inference of bad faith registration can be drawn from their use or non-use. They succeed in retaining their registrations, for example, by using the domain names for their semantic (that is, their conventional meanings) rather than their trademark value or holding them for resale without offense to the test articulated in Telstra Corporation Limited v. Nuclear Marshmallows, D2000-0003 (WIPO February 18, 2000).

Clearly, emerging businesses have to adjust to the new reality of words and letters locked up by investors. It is particularly difficult for owners whose marks postdate registrations of corresponding domain names because they have no remedy under either the UDRP or (in the U.S.) the ACPA. Notwithstanding this, mark owners rashly continue to file complaints that are invariably dismissed mostly with sanctions of reverse domain name hijacking. In their disappointment and threaded into their arguments for bad faith, they have described the prices for domain names variously as "unreasonable," "excessive," "disproportionate," "exorbitant," and even "outrageous." See my earlier comments, "Timing is all: Cybesquatting or Mark Owner Overreaching?” It may very well be true, but it's irrelevant.

In the past two or three months, there have been several UDRP complaints of this type. The latest example of mark owners tilting against windmills is the acronym "DCAC" — Denny Cherry & Associates Consulting, LLC v. Azeras LLC, FA1702001718995 (Forum April 16, 2017) — and the word string "myspectrumnews" — Charter Communications, Inc., Charter Communications Holding Company, LLC and Charter Communications Operating LLC v. Perfect Privacy, LLC / Sheri K Corwin, D2017-0040 (WIPO April 19, 2017). First use in commerce for both Complainants postdated the registrations of the domain names. Of note is that the Respondents in these cases are the original registrants; had they been successor registrants postdating the trademarks the facts would have favored Complainants.

Whether intended or not (although it seems more likely that it was), ICANN's opening up of new spaces on the Internet (the equivalent in real estate terms of opening up vacant land) by expanding the number of generic top-level domains has relieved (to some extent) the situation for new and emergent businesses. The same words and letters unavailable for use in the dot com space are available for use in other spaces. This may not be a happy situation since dot com continues to be the most desirable space, but nevertheless, this is the market reality.

A fair question may be whether owners of marks postdating the original domain name registrations can ever claim rights to words and letters locked up by the original investors? Yes, as against successors. This is so because, in the interim between original acquisition and today, the facts have shifted in mark owners' favor. What were lawful registrations before corresponding marks, now infringe third-party rights. As later investors acquire portfolios from early investors, there will undoubtedly be a percentage of domain names composed of words, letters, and phrases that will have become challengeable by mark owners with subsequently acquired statutory rights in those terms. If a "supermarket" is holding domain names as successor from earlier investors that have become identical or confusingly similar to trademarks, it may very well be in breach of its Representations and Warranties under Paragraph 2 of the Policy. This happens in particular to later investors who have acquired portfolios of domain names from early investors without examining each one for possible infringement of third-party rights.

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Follow CircleID on Twitter

More under: Registry Services, Top-Level Domains


Read all

Dot-Com is Still King - of Domain Name Disputes

Despite the launch of more than 1,200 new gTLDs, .com remains far and away the most popular top-level domain involved in domain name disputes.

In 2016, .com domain names represented 66.82 percent of all gTLD disputes at the World Intellectual Property Organization (WIPO), the only domain name dispute provider that publishes real-time statistics. And, as of this writing, the rate is even higher so far in 2017, with .com domain names accounting for 69.78 percent of all disputes.

Not surprisingly, the overall trend since the launch of the new gTLDs shows .com appearing in a smaller percentage of cases under the Uniform Domain Name Dispute Resolution Policy (UDRP). For example, in 2012, when the new gTLD applications were unveiled, .com domain names represented 74.84 percent of all gTLD disputes at WIPO.

Of course, some new gTLDs are appearing in UDRP cases, with 13 new gTLDs represented in 10 or more UDRP cases at WIPO in 2016:

  • .xyz
  • .top
  • .club
  • .online
  • .vip
  • .store
  • .website
  • .cloud
  • .site
  • .space
  • .shop
  • .lol
  • .date

But, the discrepancy between .com disputes and others is tremendous (as the chart above shows): WIPO saw 3,120 .com domain names in dispute proceedings last year, but the most-commonly disputed new gTLD — .xyz — appeared only 321 times.

As I've written before, the large number of new gTLDs probably contributed to a record number of UDRP disputes in 2016. But it's clear that new gTLDs are accounting for relatively few disputes.

Trying to understand why new gTLDs don't appear in more UDRP proceedings is pure speculation, though a couple of explanations seem reasonable:

  • New gTLD registrations account for a small percentage of all domain names. While there were 329.3 million total domain name registrations (with .com accounting for 126.9 million of those) as of the end of 2016, there are currently fewer than 29 million new gTLD registrations. Therefore, there is simply a relatively small number of gTLD registrations that could be subject to a dispute.
  • Trademark owners care more about .com domain name registrations and how they are being used. While new gTLDs are bothersome to many trademark owners, their limited appeal makes them less important to dispute.

Written by Doug Isenberg, Attorney & Founder of The GigaLaw Firm

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, Top-Level Domains


Read all

New Chapter Working Groups Open Closed Doors

One thing was clear from a recent presentation by the new leaders of the SF-Bay Internet Society (ISOC) Chapter Working Groups: inclusion and collaboration will be the key to these groups' success.

As Dr. Brandie Nonnecke, the Internet Governance Working Group (WG) Chair said, "We haven't yet cracked the code on what 'multistakeholder' means." But that won't stop her and Dr. Jaclyn Kerr, the Data Protection, Privacy, and Security WG Chair, from trying. At a recent Chapter Event held on April 10th, 2017, these two innovative leaders laid out an ambitious plan to bridge silos and foster open dialogue in order to work towards the Internet Society's mission that the Internet is for Everyone.

Focus Areas

These newly-launched Working Groups will focus on the interest areas of the SF Bay Area Chapter members, as determined by their responses to a recent survey. There are three in total: Internet Governance; Data Protection, Privacy & Security; and Internet of Things (IoT), Internet Technologies & Access.

Internet Governance

For the Internet Governance Working Group, Chair Brandie Nonnecke laid out a plan that includes supporting interdisciplinary research, publishing position papers and policy briefs, organizing workshops, symposia, and activities, and supporting a fellowship programme. The goal is to educate and engage stakeholders not traditionally involved in Internet governance. Brandie is well-suited to achieve this goal: she is a PhD whose research focuses on multistakeholderism in internet governance and information and communication technology (ICT) policymaking at the Center of Information Technology Research in the Interest of Society (CITRIS) and the Banatao Institute, UC Berkeley. The WG group is now accepting members; help drive the agenda by applying to join the WG.

Data, Privacy, Security

For the Data Protection, Privacy, and Security Working Group, Chair Jaclyn Kerr discussed the urgency of this issue: due to government surveillance and data breaches, there are serious threats to our online security and privacy. Even at the top level of government, there have been security breaches. Jaclyn discussed working in collaboration with the other WGs and fostering discussion between those involved in tech, civil society, civil liberties, security and academia. Jaclyn is as a Postdoctoral Research Fellow at the Center for Global Security Research (CGSR), Lawrence Livermore National Laboratory, where her research focuses on cybersecurity and information security strategy, Internet governance, and the Internet policies of non-democratic regimes. Apply to join this WG.

IoT

And last but not least, in the IoT, Internet Technologies & Access Working Group, the focus will be on the IoT ecosystem, issues around access, critical Internet infrastructure, innovation and open standards. As more and more devices connect to the Internet, we need to ensure that security concerns, critical resources like IPv4 and IPv6 address space, and technology standards are addressed. Mischa Spiegelmock, who unfortunately could not attend the Chapter Event due to travel, chairs this WG. Mischa is software engineer who currently leads an engineering team at MVS Technical Group Inc., and specializes in information security, database-driven applications, systems programming, UNIX and C. To get involved, apply to join this working group.

Opening Doors

So many decisions about Internet governance, security, and infrastructure happen behind closed doors. The more technical the topic is, the more difficult it is for everyday citizens to get involved, which is a vulnerability for all of us. These Working Groups, the SF-Bay Area Chapter and the Internet Society exist to change that. "The Internet touches every part of our lives and everyone should be equipped with enough knowledge to enable them to have a say in how it is run," says SF-Bay Area Chapter President and Chair, Susannah Gray. "The SF-Bay Area Chapter provides a neutral platform for you to advocate, learn, educate, and work on these key issues. It was amazing to see so many people come together on April 10 to express their interest, their own areas of focus and their concerns for the future of the Internet: we look forward to working with you all as we continue to build up our Working Groups."

Get Involved

Get involved today by joining us and almost 2,000 other members (it's free!), emailing us with your thoughts, applying for open board seats, volunteering, donating, sponsoring the Chapter, or joining one of these powerful Working Groups. There is a reason Board Treasurer Ken Krechmer, one of the Chapter founders, called ISOC the "Continental congress of the Internet." This is the basis for an open Internet.

You can find the agenda from the April 10 Chapter Event and recording here.

This blog post was written by Jenna Spagnolo on behalf of the San Francisco-Bay Area Internet Society chapter.

Written by Jenna Spagnolo

Follow CircleID on Twitter

More under: Access Providers, Broadband, Censorship, Internet Governance, Internet of Things, Malware, Net Neutrality, Policy & Regulation, Privacy, Security, Web


Read all

Over 800 Startups Send Letter to Pai: Focus Instead on Policies for Stronger Internet for Everyone

The coalition led by Engine, Y Combinator, and Techstars, along with over 800 tech startups sent a letter to Federal Communications Commission (FCC) Chairman Ajit Pai urging him to focus "on policies that would promote a stronger Internet for everyone," rather than dismantling the existing net neutrality framework. On Wednesday, Pai gave a stern speech in Washington about his intent to reverse rules that boosted government regulatory powers over Internet service providers: "this is a fight that we intend to wage." The letter sent to Pai argues: “Without net neutrality, the incumbents who provide access to the Internet would be able to pick winners or losers in the market." ... "We are concerned by reports that you would replace this system with a set of minimum voluntary commitments, which would give a green light for Internet access providers to discriminate in unforeseen ways. Rather than dismantling regulations that allow the startup ecosystem to thrive, we urge you to focus instead on policies that would promote a stronger Internet for everyone." The full letter is posted on the Engine website.

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation


Read all

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform:

Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams.

Should access to WHOIS data be redacted in any way beyond what it is at present, my work will be made impossible. I spend 90% of my day in WHOIS data, the other 10% sculpting the data in a manner to provide reason and proof to hosting provider and registrars to take action against real-life criminals on their networks.

I also prepare cases for law enforcement to act upon. Contrary to popular belief in some quarters, LE cannot possibly begin to know about the stuff I (and my many, many colleagues) see until we tell them. That's how it works. Any of the big botnet and crime ring take-downs and arrests you've ever seen have involved a public-private collaboration between individuals, researchers such as myself, and law enforcement.

So, I'd like to issue congratulations to all those who want to redact. You will, without a single iota of uncertainty, will expose many more people to real — not potential or hypothetical — privacy issues of a far more serious nature than you could possibly imagine, all in the badly mangled, misguided, and muddleheaded notion of what privacy actually is in the real world. 'Cut off your nose to spite your face' has never been more apt.

I hope you tell your Mom, family and your friends what you are trying to do here, while I spend my time trying to protect them from real evil: Revenge porn. Identity Theft. Plain old theft. Stalking. Photographic representation of the rape of children. Trolling, leading to the destruction of people's lives. Emptied bank accounts.

Tell them you don't want me to be able to do my job, and that you are trying to make it impossible, because you think access to the data that has been public and without challenge under the world's privacy laws for twenty years is better off limited to the point of uselessness, sacrificed on some misshapen altar of privacy.

If I sound angry at what you are attempting to do, then I've hit my mark. I am furious. The security sector is furious. We are terrified that you may have any degree of success in this regard, because you apparently don't know, or don't care what the actual results will be. Placating with 'gated access' means there will be some among my peers and colleagues, far more talented and effective than I, who simply cannot gain access, and the resulting mess will be on your head, and at risk of overstating my case, the blood on your hands.

So again, congratulations. Mother's Day is coming up. Be sure to make mention of this in the card you send. Now, if you'll excuse me, I'll go back to diving in the data lake of WHOIS, trying to keep spam and far worse evil off've your network.

K bye tnx.

Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Twitter : @cauce

Written by Neil Schwartzman, Executive Director, The Coalition Against unsolicited Commercial Email - CAUCE

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DDoS, DNS, Security, Spam, Whois


Read all