Speaking at the Ruxcon information security conference in Melbourne on Sunday, Vixie, a pioneer of the Internet's DNS system, said that creating the new TLDs goes against ICANN's purpose:
"ICANN is a 501(c)(3) non-profit public charity [under the California Non-profit Public Benefit Corporation Law], and their job is to serve the public, not to serve the companies... I think that until they can come up with an actual public benefit reason they should be creating more of these, they've got no cause to act," Vixie said.
"There should be no price at which you can buy '.microsoft', but there is, and that's a mistake. That indicates corruption, as far as I'm concerned."
Vixie also indicated the WHOIS privacy industry wouldn't exist were it not for criminals:
"There are plenty of folks [who] would like to say [that] for civil society purposes we need the ability for dissidents to register a domain name and complain about their own government, and not have to worry about getting their doors kicked in. Frankly, that is not a realistic scenario, and that is not the way that WHOIS privacy gets used," he said.
Vixie encouraged conference attendees to implement technologies that improve the integrity of DNS (like DNSSEC) and called for replacement of the X.509 Certificate Authority system.
Related Stories
"Google, this is bogus as hell," Paul Vixie ranted on Internet Engineering Task Force mail list this week. The IETF mail list is where the people who create the internet's technologies converse.
The post was noticed because Paul Vixie is an Internet Hall of Fame engineer known for his pioneering work on the modern Domain Name Service (DNS).
And it is how Google was using DNS in its Chromecast Ultra streaming device that ticked him off.
[...] [Vixie] bought a Google Chromecast. But when he went to set it up, he found it doing something no device in his network is allowed to do: It wouldn't use his own, private DNS server. It would only use Google's public server.
Related: Paul Vixie: New TLDs a Money Grab, and a Mistake
VLC 3.0.0 Released, With Better Hardware Decoding and Support for HDR, 360-Degree Video, Chromecast
Paul Vixie on the Benefits of Running DNS Services Locally
(Score: 2, Informative) by Anonymous Coward on Monday October 26 2015, @05:16PM
It's not just the government that is the problem; stalking, harassment, swatting and the like are real-world issues. I agree with him on the stupidity and money-grab aspects of new TLD's tho.
(Score: 2) by Snow on Monday October 26 2015, @05:22PM
Was it hard to get an anonymous domain before the new .TLDs?
Answer: No.
(Score: 0) by Anonymous Coward on Monday October 26 2015, @05:56PM
Do keep up at the back of the class [eff.org]
IIRC, this is also in TTIP but I only had time to skim it.
(Score: 2) by isostatic on Monday October 26 2015, @06:16PM
http://www.prq.se/?intl=1 [www.prq.se]
(Score: 2) by frojack on Monday October 26 2015, @06:23PM
Was it hard to get an anonymous domain before the new .TLDs?
Obviously not, but THAT wasn't his point.
What he said about private/anonymous domain registrations was that it was largely a refuge for the criminal element. It never did protect the politically down-trodden groups.
That remark had nothing to do with new TLDs, it was just mentioned a separate issue to show the corruption within ICANN.
"The WHOIS privacy industry would not exist if not for criminals," Vixie said....
"WHOIS, you can lie. You can put in an address that is not your own, or you can pay some WHOIS privacy provider to hide the identity of your domain name registration, or your IP address registration. And so investigators, both criminal and civil, have long learned that WHOIS is probably not going to help them much. They check it, but they don't expect any results," he said.
No, you are mistaken. I've always had this sig.
(Score: 2) by frojack on Monday October 26 2015, @06:32PM
It's not just the government that is the problem; stalking, harassment, swatting and the like are real-world issues.
Except that "real-world" issue doesn't happen.
Not from WHOIS information.
WHOIS private registrations are used to hide criminal activity. Stalking, harassment, swatting just about never happens, and all anyone need do is have a reachable mail drop, and an abuse email. Nobody ever swatted a post office box.
No, you are mistaken. I've always had this sig.
(Score: 5, Informative) by Anonymous Coward on Monday October 26 2015, @06:58PM
If you honestly think stalking and harassment do not happen, I suggest you read the news more often.
In the UK the Royal Mail will reveal, upon request, the verified address used to register a PO Box. This is the case unless a note on file from the police instructs them otherwise.
(Score: 3, Informative) by Anonymous Coward on Monday October 26 2015, @07:27PM
Oh and:
That [ksn.com] must [kobi5.com] be [yahoo.com] why [dailyvoice.com] I [fox5ny.com] just [wlbz2.com] about [postcrescent.com] never [myfoxboston.com] read [fusion.net] about [www.cbc.ca] it? [theblaze.com]
(Score: 2) by frojack on Monday October 26 2015, @08:01PM
I'm saying that Vixie is saying that WHOIS is not used for these purposes. You've presented no evidence that it is used for such purposes.
Even the UK Mail does not verify the address of every P.O. Box punter. Who are you trying to kid?
You can tell them anything, and they won't care, they certainly won't check, they can't find their own ass with both hands.
Your Stalker is NOT going to show up at your post office and demand a physical address.
So screw the royal mail, and send it to your attorney, or Mail Boxes Etc.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Monday October 26 2015, @08:23PM
It's publicly available personal information, of course it is used like that.
Ahh, I see you've had dealings with them ;P They will not provide a PO Box service without a validated id and address.
If they are determined, they will.
Feasible for a company, not for an individual.
For anybody in the public eye, it's not a matter of if they end up being stalked and harassed, simply a matter of time before some determined crazy latches on to them.
(Score: 2) by frojack on Monday October 26 2015, @10:30PM
Feasible for a company, not for an individual.
Last time I counted there were 12 to 13 companies doing private mailboxes in the UK, 3 or of them with nation wide coverage.
And its quite cheap. My business partner is currently in Leeds in a temporary assignment. He's used this method in Italy and Australia as well. Its cheap.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday October 27 2015, @12:15AM
Work for a private mailbox provider do we? Why should I pay for an external subscription service when my domain registrar will offer it for a once-off nominal fee?
(Score: 2) by kurenai.tsubasa on Tuesday October 27 2015, @12:35AM
I have one domain with private registration and several others without. There are two other domains, registered by a friend and a friend of a friend, my server in the clouds hosts, and I suppose it wouldn't be difficult to eventually determine that I'm hosting them (along with the private registration one) for somebody determined. The reverse DNS points to the private registration one, so it'd just be a matter of time.
If one of my users wanted to do something untoward or even post inflammatory content in their $home/www, I have plausable deniability, even if it were secretly myself. In the case of other users, were I given a death threat and doxxing because of something they've posted, I would challenge the SJWs or anti-SJWs or whoever to the death to follow up on it! That's not just Amazon bravado. I seriously doubt that these internet death threats have anything to them.
Of course, if I received a secret order to fork over my users' data, then I'd be in a pickle. On the other hand, I have a feeling the NSA has other means than WHOIS records to determine who's responsible for any given domain (or IP). Those “other means” are probably just simply sending a nastygram to the domain's registrar. Maybe I can get a private registration, but there's still a record of somebody paying the renewal fee, and there's also a record of somebody (me) paying monthly for my server in the clouds.
SWATing is a real problem, but that's something police departments need to work through. 911 dispatch and the officers on the ground need to be aware of the one in a million potential that a 911 call from a hostage or somesuch may just be a troll. The solution, of course, is to follow more civilized procedures instead of going all-out like it's a warzone. I mean, it's not just SWATing, as in the internet harassment technique. Sometimes the police just have the wrong address, and people die anyway. That indicates this is a problem with the police, not the internet.
I guess it's a good thing my property is in a jurisdiction where the cops really are public servants, not gestapo. One benefit of living in a modestly sized town in flyover country I suppose.
Remember when we had landlines and all our names and addresses were published, perhaps not in a format that could be readily thrown through grep, but published nonetheless? I view my information being public for domains I've registered as something like that.
(Score: 0) by Anonymous Coward on Monday October 26 2015, @08:06PM
Except that "real-world" issue doesn't happen.
Not from WHOIS information.
Because for the last decade anyone who is even mildly concerned with that happening has used a private registration to shield that info.
I've been doing it for all of my domains for 15+ years - even before it was an option I used a PO box - but that cost me $200/yr. This way is better because it is cheaper.
(Score: 3, Interesting) by TheRaven on Tuesday October 27 2015, @10:12AM
sudo mod me up
(Score: 3, Interesting) by SanityCheck on Monday October 26 2015, @05:21PM
The fact that it was a money-grab was painfully obvious. The guy seems to try to be very political about it. ICANN is now as all other marginal gate-keeping government institutions: a place for patronage. Trying to advocate change to their modus operandi through public discourse about the issue will yield likely nothing. Only way things will change (and not for the better) is through horrible fragmentation of the DNS system which will result in many regional entities under the thumbs of their respective state-sponsors.
(Score: 2) by Hyperturtle on Monday October 26 2015, @05:27PM
that whole .sucks thing was a clear indicator of a money grab.
The TLD system, at least what it's evolved into, is a money printing press that works to make cash in all of the world's currencies.
it used to be I could tell by the domain that unless I was feeling lucky, maybe I should not click on that link, or open that email.
Not anymore. Well that's not true.. some of the new TLDs have been used almost exclusively by spammers and malware botnets and such. It must be nice to be able to set up so many disposable and private TLDs with ill gotten proceeds. It seems to serve only to keep the honest people honest, and the corrupt people in business.
(Score: 2) by FatPhil on Tuesday October 27 2015, @12:47PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by TheLink on Monday October 26 2015, @05:27PM
ICANN could reserve/create other more useful TLDs rather than repeatedly doing "Yet Another DotCom".
They could reserve TLDs for different types of local private usage.
For example: https://tools.ietf.org/html/draft-yeoh-tldhere-01 [ietf.org]
And perhaps one or more for other internal organization logical use.
I actually asked them to reserve .here a long time ago but I guess back then they were too busy with stuff like .info .biz and so on. Yawn...
Maybe if I was a very rich person I might have applied for .here and given it to the world for free, but I wasn't.
(Score: 2) by frojack on Monday October 26 2015, @06:07PM
The first people to rush in and register on all the new TLDs aren't the businesses that owned names in the existing TLDs.
They don't have to, because of domain squatting decisions over the years, the registration microsoft.sucks would have been taked from Joe Sixpack and handed to Microsoft.
No, the first people that rushed in were spammers. And all of them using private registrations, which proves Vixie's claim that private registration is the darling of criminals.
No, you are mistaken. I've always had this sig.
(Score: 1, Interesting) by Anonymous Coward on Monday October 26 2015, @06:11PM
As far as I know, they have not moved on .bit, .i2p, .onion [ietf.org] either.
(Score: 0) by Anonymous Coward on Monday October 26 2015, @06:29PM
In the 90's I was looking at being an ISP and the boards then where asking these same questions.
I was pro-new TLDs but under a strict control.
Example: UN Telecom group would own it. UN would also setup a trademark group. So yes, IBM would trademark their International trademark IBM once not with each country. With that trademark, they get the TLD .IBM also. So one stop shop. Now if the internet gets new super-TLD: Earth, Mars, Pluto... Then the TLD would move down one.
Trademark / domain offices would honor the higher and lower level trademarks. so .IBM.US would be given to .IBM. Now if a third party would want to use ibmsucks.us, that is legal as along as it not trying to advertise computer services. ie: cause confusion. But in each case it trademark office that is holding assignment and ownership, to prevent two companies in the world both trying to use the same name. example: drycleaner.ny.ny.us and drycleaner.ny.us would be a confusion, so first assigned has the ownership and limits the growth. Now drycleaner.ny.ny.us and drycleaner.albany.ny.us does not.
The gov, com, org, net would all be dumped, since they are US centric, not global.
The us, eu, as, au and other country tld would remai and would be part of trademark office.
The real question is $$$$$$. $50k for a new TLD is yes, a scam. This should be a rights holding, so only a company named IBM would get the right to .IBM. IT is why my idea was to trademark office to hand-out ownership.
(Score: 4, Interesting) by bradley13 on Monday October 26 2015, @07:13PM
Not a bad concept, but things are a bit more complicated. Trademarks are not unique. My little company goes by the abbreviation KRI. So does the Kundalini Research Institute, the Kri Eco Resort, KRI inc. in Japan, KriKri in Greece, Khan Resources Inc., and on, and on, and on... As long as either territories or industry area (or both) differ, this is just fine.
Because of this, I would like to discourage (or even prohibit) companies from owning more than one domain containing their trademark. Otherwise, big companies come in and buy up their_name.com, their_name.org, their_name.net, their_name.??? - and smaller companies with a legitimate claim to that domain are left out in the cold.
The KRI example also shows a different problem: domain squatters. kri.com, kri.net, kri.com and kri.us are all registered to squatters rather than to any of the companies that might actually use those names. I'm not quite sure how to regulate squatting, but buying a domain name only to resell it should be forbidden.
Everyone is somebody else's weirdo.
(Score: 1, Insightful) by Anonymous Coward on Monday October 26 2015, @10:36PM
I understand that. What are there 24 trade classes in US? So a trademark can exist in more than class.
And yes there are regional companies. KRI for instance in your example. Which one is truly international. That one would win in my view. If none are the no problem. In each country, the largest would win again. kri.jp is not kri.us, so each have their region, any no TLD ,kri can be created. Hence the honoring of up and down the hierarchic. Again in a country like US, kri.ny.us is not kri.ca.us, so again no kri,us could be created.
And I agree, with single ownership. IBM, owning .ibm, and hence ibm.us, ibm.jp, ... I expect them to use their single domain for ALL their machines. No also having .WATSON , .BIGBLUE. .watson.ibm is find, it is in their domain set. This would also go for drug companies and their sites for new drug offerings.
Where it gets real sticky is when a company buys another and they both have TLDs, Again my personal view is the parents TLD is the domain it is under. So Dell buy EMC, then .emc is returned and .emc.dell the new correct domain.
Right now there is no control over .com just lawyers and lawsuits. Trademark w/ company merged in would make it simpler for all to know who htey are dealing with.
(Score: 3, Insightful) by Thexalon on Monday October 26 2015, @08:05PM
The point of the TLDs was that ICANN could make a big pile of cash by selling off the rights to be the registrar for those TLDs. The registrars, in turn, were willing to pay huge prices for those rights because all organizations needed to buy a bunch of domains in order to protect their brand or risk losing their trademarks.
So yet another case of a few people getting very rich while ripping off everybody else just a little bit.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2, Interesting) by Anonymous Coward on Monday October 26 2015, @11:09PM
I agree with Vixie about TLDs and I think it's a travesty, but isn't he just calling for closing the barn door after the horse has gotten away?
WHOIS privacy is a bit of a double-edged sword. It protects from all of those things he mentioned (and advertising), but it does give corporations and other organized crime a shield to hide scammy behaviour. However, it needs to remain an option and it should be free.
(Score: 0) by Anonymous Coward on Tuesday October 27 2015, @02:02PM
‘The Internet is not for sissies.’
-- Paul Vixie
(Score: 0) by Anonymous Coward on Tuesday October 27 2015, @03:45PM
Looking over some of the wacky TLDs you can get nowadays, I noticed Google now offers .soy [nic.soy] domains -- perhaps interesting for soylentnews? There was this other tech news site with a 'funny' URL, but I can't for the life of me remember what it was.