Subscribe: CircleID: Comments
Added By: Feedage Forager Feedage Grade A rated
Language: English
dec pst  dec  devex org  domain  domains  icann  org  posted dec  posted  provider  pst  registrant  registrar  udrp  whois 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: Comments

CircleID: Comments

Latest comments posted on CircleID


RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Louise Timmons)


Here is the reference for the above quote:

UDRP Providers and Uniformity of Process – Status Report

Link | Posted on Dec 15, 2017 1:52 PM PST by Louise Timmons

RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Louise Timmons)


Zak, Thanx for a great article about the danger of leaving panelists to their own devices. Is there not grounds to sue ICANN to change its language describing providers from, "approved?" Here is the definition of, "approve:"

officially agree to or accept as satisfactory


With limited checks in place for UDRP and URS providers, ICANN misrepresents its service:

List of Approved Dispute Resolution Service Providers

bold mine

Where is the protection for the Registrant in the following provision outlined by ICANN:

In recognition of that potential [of UDRP provider abuse], ICANN commits that substantiated reports of UDRP provider non-compliance with the UDRP or the Rules will be investigated. If the investigations uncover issues of UDRP provider non-compliance, ICANN will work with the affected UDRP provider to determine if the issue can be remedied. If the issue cannot be remedied, and the UDRP provider cannot – or refuses – to return to acting in conformity with the UDRP, ICANN will take action, which might include revocation of its approval of the UDRP provider, taking into account issues relating to the transferring or completion of pending matters before that provider.

bolds mine
The report against a UDRP providers has to be SUBSTANTIATED, first.
IF ICANN finds an issue of non-compliance, it WORKS WITH THE PROVIDER to find out if the "issue can be remedied." What does that mean? The provider acknowledges his mistake and goes on? By that time, a business using a domain can be affected, a sale can be lost, or the domain could be transferred to a foreign Registrar like eName, which traffics stolen domains, and which ICANN< Verisign, and the major Registrars faciitate its trafficking . . .

Link | Posted on Dec 15, 2017 1:48 PM PST by Louise Timmons

RE: A Closer Look at Why Russia Wants an Independent Internet (Anthony Rutkowski)


The internet as a singularity has always been a myth.  There were many internets through the 1980s into the 1990s.  For some time, the concept of their integration was described as The Matrix - for which there was even a monthly newsletter.  With the help of $5 billion out of the U.S. public coffers plus the evangelism of the Clinton Administration, the DARPA Internet was foisted into the public infrastructure and subordinated the OSI internet which was more robust.  In the process, the myth of "The Internet" was born, even though many vast infrastructures like the global mobile network use their own internet implementations. 

Even Bob Kahn who had headed up the DARPA internet effort - realizing that many internets exist and will continue to expand - has spent the past two decades developing his Handle System to allow discovery and interoperability among them.  NFV-SDNs and 5G will result in vast proliferations of internets.

You accurately depict the ITU as the only intergovernmental forum that can play a global role in bringing about a measure of cooperation today.  It's survivability and resilience in the face of all the technical and political changes in the world over the past 167 years seems like ample proof.  Furthermore, it definitely beats bully bilateralism.  Unfortunately, it may also take some time for the IGF/ICANN types to move on.  It'll take another generation and the disappearance of the word "internet" into history.

Link | Posted on Dec 15, 2017 1:27 PM PST by Anthony Rutkowski

RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Samit Madan)


De-accreditation of a panelist seems to be a sensible approach, would provide for some pause to rogue panelists who decide to rewrite policy.

Link | Posted on Dec 14, 2017 11:29 PM PST by Samit Madan

RE: 'Combosquatting': New Attention for an Old Problem (Kevin Murphy)


Thanks for this piece Doug. Articles portraying brand+keyword cybersquatting as some kind of "new threat" have been really irksome recently.

Link | Posted on Dec 14, 2017 3:59 PM PST by Kevin Murphy

RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Nat Cohen)



An administrative appeal would be one form of oversight.  Another form of oversight would be if the provider de-accredited a panelist, such as in the case, who demonstrates such disregard for the Policy.  By continuing the accredit the panelist, and by continuing to assign cases to such a panelist, the provider becomes complicit in the undermining of the Policy it has committed to enforce.



Link | Posted on Dec 14, 2017 1:24 PM PST by Nat Cohen

RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Gerald M. Levine)


Excellently put, but not sure what kind of "oversight" can reasonably be expected from ICANN or the providers. There are certainly (rogue) panelists who go their own way, but the consensus has been remarkably steady on the jurisprudence in balancing parties' rights (as Nat indicates in citing DLL). The Camilla ACPA case ended with a stipulation to vacate the UDRP award. Trial level judges also make errors of law, but they (the errors) can be corrected on appeal. Question: Should the UDRP be amended to include a provision for an administrative appeal (that does not prejudice a respondent's right under 4k if that review is affirmed)?

Link | Posted on Dec 14, 2017 12:58 PM PST by Gerald M. Levine

RE: Why UDRP Panelists Must Follow the Policy: A Look at the Decision (Nat Cohen)


In the decision issued on December 7th, panelist Nick Gardner found-

"If the Respondent had no knowledge of the Complainant when registering the Disputed Domain Name then bad faith cannot be established."

That is a sensible, common-sense threshold question for whether the possibility of a bad faith registration exists.  If the Panelist in had followed this common-sense approach, the travesty of the misguided decision could have been avoided.

Link | Posted on Dec 14, 2017 10:55 AM PST by Nat Cohen

RE: GDPR: Registries to Become Technical Administrators Only? (Dirk Krischenowski)


Hi Volker, the bad actor registrar issue was raised by lawyers and others that were present at the meeting. I just reported what has been said.

Link | Posted on Dec 13, 2017 2:03 AM PST by Dirk Krischenowski

RE: GDPR: Registries to Become Technical Administrators Only? (Charles Christopher)


Another useful data point.

After the .INFO land rush I had a registrar attempt to steal 2 of my 3 letter domain wins. I detected this by watching the whois. I think it was a day or two after Afilias added the domains to their backend the registrar changed the whois.

The registrar's contract stated whois shall not be changed in the first 30 days (maybe 60, too long ago for me to recall). I contacted Afilias, they looked it up and saw the whois had changed. Afilias forced the registrar to change the whois back to me. Afilias also made it very clear to me that their lawyers would be having a very long legal discussion with that registrar. I can't recall the registrar, only that they went out of business a year or two later, what a surprise.

Had there been no public whois I would have lost the domain and the registrar would have kept my significant landrush catch fees as well.

Link | Posted on Dec 12, 2017 12:07 PM PST by Charles Christopher

RE: GDPR: Registries to Become Technical Administrators Only? (Charles Christopher)


>I don't know about you, but several times a year I run into someone
>I know of who's having a registrar hold their domain hostage

Excellent point!

So lets break it out for those without experience:

Person or company has NO CLUE about domain management or building websites. But they know they need a web site. They then hire someone to do it for them. Typically the service paid for is domain registration, web authorship, and server hosting. All paid as one.

The consultant may or may not bother to put their client in the whois record, and certainly will NOT provide the client access to the domain management account at the registrar. In this case the registration ownership does have an ambiguity the consultant takes advantage of.

The consultant knows FULL WELL the domain name registration is the primary leverage point to getting paid. Use of this to hold clients hostage is well known and why most of us tell people NEVER EVER allow a web site consultant to manage or control your domain name. You control the domain, they control the website.

This "opportunity" to hold a customer hostage has in fact moved to the registrar level. But when we have registrar terms of service that say:

"we reserve the right to change our terms of service at any time, for any reason, without notice to you"

What can we possible expect? And note well that quoted text HAS appeared in registrar terms of service as written. I've no doubt lawyers have become more creative in expressing it more opaquely these days.

Link | Posted on Dec 12, 2017 11:26 AM PST by Charles Christopher

RE: GDPR: Registries to Become Technical Administrators Only? (Todd Knarr)


I don't know about you, but several times a year I run into someone I know of who's having a registrar hold their domain hostage (usually the registrar's one that I'd've avoided on principle but they were cheaper than the alternatives so the registrant went with them not knowing of the red flags) and where I can authenticate the person's ownership of the domain. If I'm seeing it that often, there's no way it's a rare occurrence.

As far as "no effect" goes, how does a registrant force a domain transfer when the current registrar denies the request to transfer? Doing that requires proving that the entity requesting the transfer is the registrant, but how does the registry verify that when they don't have a copy of the registration information and the registrar won't release the information? There's a similar problem when a "domain privacy" service suddenly won't put the actual registrant information back and won't listen to requests from the registrant, so the situation is hardly unprecedented. At least there though the registrant has the option to not use a "domain privacy" service in the first place, avoiding the issue. Here the registrant wouldn't have any such option.

Link | Posted on Dec 12, 2017 11:14 AM PST by Todd Knarr

RE: WHOIS: How Could I Have Been So Blind? (Charles Christopher)


>it is the law of the land and we will have to live with it.
>Surely you cannot be suggesting that contracted parties break the law.

"An individual who breaks a law that conscience tells him is unjust, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for the law”
― Dr. Martin Luther King Jr.

"The news team found that rather than working eastbound lanes, where smugglers transport drugs to the East Coast, officers focused on westbound lanes, where smugglers haul cash back to Mexico. A subsequent review of drug task force records indicated that officers made 10 times as many stops on the westbound side of the highway as they did on the eastbound side."

"In what became a case study of forfeiture abuse, police officers stopped out-of-state drivers for insubstantial reasons in order to search the vehicles. Upon discovering cash or other items of value, officers seized the properties and threatened owners with bogus charges—even state removal of their children—if they refused to waive their rights to the properties. Forfeiture proceeds were used to buy, among other things, a $500 popcorn machine, candy for a poultry festival and $400 worth of catering. Money also went to a local chamber of commerce, a youth baseball league, a local Baptist church and the pocket of a Tenaha police officer whose name appeared in complaints from stopped motorists.6"

"Local governments also issued regulations that affected other spheres of Jewish life: in Saxony, Jews could no longer slaughter animals according to ritual purity requirements, effectively preventing them from obeying Jewish dietary laws."

“It does not require a majority to prevail, but rather an irate, tireless minority keen to set brush fires in people’s minds.”
– Samuel Adams

Link | Posted on Dec 12, 2017 11:09 AM PST by Charles Christopher

RE: GDPR: Registries to Become Technical Administrators Only? (Charles Christopher)


>A much better tool against registrar failure or termination is the registrar data escrow program The data escrow programs allows submission of privacy whois. Thus the data escrow program protects registrants from HONEST registrars, of which they need no protection from. It does not, by itself, protect registrants from evil registrars. I was one of the people affected by RegisterFly. In fact I had a whois monitoring system in place at the time for my domains and called RegFly twice about their changing my whois to a University student address and email address. And if that was the data in their escrow submissions (not implemented at that time), which IS the escrow requirement, who would have received the domain after they were closed by ICANN??? Not me! After the second call I transferred my domains out and posted a warning to others in DomainState as to what I was observing and suggesting others to moved their domains out ASAP. Soon after that I became a registrar at it seemed the only way to be able to effectively manage thousands of domains and protect them from evil registrars. Fact is the average registrant is clueless and likely knows NOTHING about domain name whois and thus never even bothers to check its accuracy! With it gone they will not even be able to verify their registries believe of ownership. And it is belief as reseller accounts have been a historical way to steal domains as the registrant THINK they are dealing direct with the registrar without realizing their is an intermediary with full control of their domain name. Add to that Verisign implementation of the transfer lock as policy and not hard coded technology and the thief takes the domain on a "transfer trip" through a few registrars in foreign countries .... And with no provable ownership records the registrant will NEVER get the domain back. >leaving millions of Registrants in the dark" I am not aware of any either. However it does not take millions to be a problem. Loss of a domain name control could quickly destroy an online business. The the number really does not matter, we are all very dependent on consistency of behavior of our domains and dns. Any loses are a problem, especially to the one affected. Thus the goal must be in the direction of registrant empowerment not away from it. Clear instantiation of domain ownership via pubic whois, is foundational to consistent domain behavior. Here is were domainers are likely the leading experts on such issues. Domainers for almost 2 decades now have learned, just by looking at whois, what a domain's status likely is, and do this with great precision. And frankly, many lawyers use those domineers to help them establish that status. I hope, when the first few domain are successfully stolen since "proof of ownership" no longer exists (but was reasonably assumed to be in place), the politicians involved with GDPR are personally sued. Maybe then will win the case, but its the ride they go on that will be most important. Meanwhile, back in the real bricks and mortar world: "Land registers are a very important source of information due to their legal nature." "Land registers help to facilitate land-related administrative tasks of citizens, legal professionals, state authorities, private companies and other interested parties. The official register information is open (in a majority of EU countries) to banks, creditors, business partners and consumers in order to enhance transparency and legal certainty in European Union markets." But lets not let hundreds+ of years of [...]

RE: GDPR: Registries to Become Technical Administrators Only? (Volker Greimann)


Hi Dirk, I am sure you are exaggerating when it comes to the utility of thick whois. In the past, there has been exactly one case where thick whois would have been useful to assist registrants in accessing their domains and that was the one with the fly. A much better tool against registrar failure or termination is the registrar data escrow program, which securely maintains the registrant data for just that case. Registries do not even play a role in that other than transferring the domains from the failed/terminated registrar to the new registrar.

I am also not aware that "ICANN terminates year by year dozens of bad actor Registrar going bankrupt or just out of business sometimes leaving millions of Registrants in the dark" is actually a fact. I certainly have not seen these cases in the numbers you describe, affecting the numbers of registrants you describe.

You are exaggerating! Not passing on private registrant information to registries will have no effect on the process to safeguard the interests of those registrants.

Link | Posted on Dec 12, 2017 9:25 AM PST by Volker Greimann