Global domain name overseer ICANN has shrugged off intense criticism from big brands and parts of the US government, and will tonight start allowing companies to apply for new top-level domain names. For a hefty $185,000 (£119,500) processing fee – a third of which will be dumped into ICANN's legal defence fund – any company or …
IdiotsJohn Postel must be spinning in his grave :-(
The post is required, and must contain letters.
So I Take Itthe richest person called smith will get .smith? or will it be done by a raffle ticket type draw?
A small request to the techies...Can someone please develop a firefox add-on that automatically blocks any domain name that isnt a standard extension (.com, .co, .org, etc.)? Lets get in the cyber counter-measures now and hopefully these extra domains will crash and burn before they even get off the ground...
Yes but...... if enough people were to have the blocking add-on installed then it would no longer prove profitable to set up your own domain, and so companies wouldnt buy them and the whole plan would die... with ICANN getting significant egg on face as well... Its win-win...
or alternativelyallow domains through for which people/firms have paid a far more realistic fee to a non money grubbing ( no typo ) not for profit outfit.
You could use a proxy on your firewall
I'm blocking all of Korea with Squid -- \.co\.kr
promote competition and consumer choiceYes, either you choose to pay up on time from this day forth, or you choose to find yourself another business.... perhaps on the high street.
URL? What's that?Adverts on t'telly are all like "facebook.com/pepsi" these days. Too late to get hip, ICANN. Your day has passed.
Time to replace ICANNUltimately they have influence, but no authority over how we view the DNS root. And this particular contribution to chaos spawned by greed will inevitably reduce ICANN's influence. There are plenty of copies of the current root zone they have maintained up to date around, and it's very easy to obtain one. Time to make available patches to DNS resolver programs (BIND, DJBDNS etc) which treat these new names as non-existent and for alternate DNS resolution providers (Google, OpenDNS) to offer these patched versions to their user groups. If DNS resolvers patched as proposed become popular enough, then it will be time for the ITU to cut its bureacracy and improve its procedures sufficiently for it to maintain and serve a root zone which TLD content DNS server operators won't ignore, before some other more reputable and appropriate organisation than ICANN steps forward to do this job.
No need for a patch
Just feed BIND the root zone database and tell it not to forward any DNS requests, it should then only use the ones in the Root zone. I have done this to block the users I am responsible from accessing certain TLDs (ir, iq, cu, kp, cn, ws, cc, xxx, ru, etc).
Re: how many internal networks will break?
None. It is the external domain that won't be accessible.
Here's hoping that someone pays up for .local *before* figuring this out.
OMGWTFBBQ!!!!eleventyone!Meh. I expect maybe 500 applications tops for the first year. I doubt more than half that will get approved. As for trademark abuse, when fraudsters can get, e.g, an .ru address for practically nothing, and punters have shown that they are fully willing to accept that as legit, why waste $185,000*? Remember too, that $185,000 is just TO APPLY. You'll still have to show ICANN that you have the resources to responsibly run a registry and a reasonable right to run the requested registry. So someone trying to create a fraudulent registry is going to have to come up with not just wads of cash, but a story which will hold up to ICANN's scrutiny. The REAL concern here is what level of scrutiny ICANN will be able to muster. How good a vetting does $185,000 provide? * I say they should have gone with a charge of $186,282 -- just to keep the atmosphere light.
WTF?So El Reg has decided that not only can we not do HTML formatting, but they'll eliminate any of the limited formatting that plaintext allows in the forums now?
Yes, I'd noticed that too.
Funny thing is that the preview looks fine.
[new line starts here]Paragraphs are useful.
[new line starts here]So why can't we can't use them?
OK - now I'm confused...
(a) it's formatting fine
(b) I can't withdraw it.
(c) I seem to be able to post without the moderators checking it...!
What have you done, El Reg?
What a colossal waste of time and money.Funny thing, if I say 'foo.com' to you, it is reasonably clear that I am referring to a domain that presumably has a website. I wonder how many other TLDs share that handy little linguistic feature. Still, given that tripe like .biz and .mobi have utterly failed to set the world on fire, a new swathe of TLDs seems likely to be similarly uninteresting. The worthwhile extensions (by which I mostly mean .com, with very little else) will still be filled with squatters, and the pointless new vanity domains will be worth very little.
just shows what the world is coming toa third of the fee will be dumped into lawyers' pockets see title
Let the Fraud Begin!This is the best thing to happen to internet fraud since Nigeria. Like a lot of other people I reverse-DNS all my visitors and block access from non-existent TLDs. But this is going to be a security nightmare. On the other hand, this might be just as popular as .biz .
Maybe they could be encouraged to get their own TLD, .con?
Getting in lineI'm planning on registering the TLD .shamelessmoneygrab real soon now. I just need to convince ICANN to wait on cashing my $185,000 check until after my "sunrise period" when domains can protect their trademarks by giving me $1000 for each name. I'll start with Hitachi, Canon, and Deloitte.
AlternativelyHow many big ISPs / backbone providers are there? If Canon/Sony/Nike just paid ATT or Sky $10K to add .canon .sony .nike etc to their root DNS soon other smaller ISPs would have to follow just to avoid customer complaints and you wouldn't need ICAN at all. Google and Apple already add extra market domains on their phones - I can see complete separate Android , iPhone and PC internets
"I can see complete separate Android , iPhone and PC internets"
I can't. That network model has been tried by AOL and hasn't been a great success.
Buy .whatever-you-want for just $185,000Would that be www.whatever-you-want.statusquo then.... Ta-dat da-dah, ta-dat da-dah, ta-dat da-dah... (repeat for ever using three chords)...
Because everyone will remember to use blahblah.pepsi rather than pepsi.com
We've spent 15 years training people that the right of the dot is always ".com", irrespective of whether that is suitable for the site or not.
We should throw away the phisher-infested trojan-packed spam-canal that is the intarweb and build something better instead of retrofitting it with new formica counter tops.
We could start by defining a distributed-structure capable protocol that knows about session state.
No 'we' haven't
I've spent 15 years avoiding any UK companies that use .com whenever possible. ".uk" domains here in the UK thank you very much!
Re: No we haven't
Indeedy, and part of the reason for that is that .uk domains are subject to my local law whereas .com domains are subject to the whims of some judge in Kentucky. Anyone outside the US who has been training users to suspect addresses outside .com should apologise immediately.
And on the subject of the article, presumably *.idiot addresses will be subject to the jurisdiction of the country of whoever paid the cash. For the average end-user, that's just unknown.
The "brand protection" scam for .xxx domains was bad enough (the idea of .xxx is having a tld that can be seperated entirely from the rest of the internet for porn filters; now diluted by company brands "protecting' their mark and therefore making .xxx pointless).
So why not register the following and make a quick money grab from the vulnerable:
Just substitute any email, bank or high street shop name in front of the dot:
.account; .youraccount; .acc; .accont
.banking; .ukbanking; .ukbank; .trusted; .secure
.hbsc; .hsbcbanking; .hbscbanking; .hbsbcanking
.jlewis;. jonlewis; .johnlwis; .john.lewis
.wh.smiths; .whsmths; .smiths
Dear Mr Refrigerated,
Halifax has recently updated their Terms & Conditions resulting in some reason for you to visit our website and log on to check your account. If you have any questions then simply log on to https://www.halifax.secure.itssafe.trustme/honest and send us a message from the secure messaging panel in your account.
Your Bank Manager
What's really scary, some banks would not surprise me in the least if they picked a stupid domain such as .trustme
The possibilities are endless for someone who has a lot of funds from previous criminal exploits....
Lucky none of us trust any banks these days!
The ability to allow company brands to protect 'their mark' means that they pay a one time fee to secure the domain from ever being used by anyone else, including themselves - the domain brand.xxx won't appear on WHOIS, you won't know who registered it, and more importantly won't have a zone file attached to it, so can't be used by those brands to direct traffic to their main site. As such the .xxx should not be diluted, as it can only be used by those in the porn industry!
Whilst a criminal could register the domains you suggest, they would need deep pockets - all of the above would cost £4,070,000 and that's just to apply for right to run the registry for those domains. You'd have to prove you could run a registry and then actually run said registry, all of which would cost extra money. Assuming some crook did actually manage to purchase .banking, it would, if anything make it far easier for ISP's world wide to simply block any domain under the GTLD!
Lastly, and specifically for the banking sector, I'd be very surprised if .bank was not requested, and if run correctly, could ONLY be used by a legit bank. This would mean that if you saw natwest.bank or hsbc.bank as a customer, you knew it was and had to be legit, as any potential scammer would not be able to register such a domain. If the consortium bidding for such a GTLD did not make this a cornerstone of their policy, then obviously it could be doomed to failure!
You were saying...?
Appreciate your reply but...
"Federal law enforcement agents have arrested members of two cyber-crime gangs who may have netted more than $74 million by infecting user computers with scareware and then charging for fake antivirus software." - http://www.eweek.com/c/a/Midmarket/FBI-Busts-Two-Scareware-Fake-AV-Gangs-in-Global-Operation-187749/
I think that's more than enough to cover the fees to register a few misspelled domains - remember they're not trying to fool the bank or the authorities - just enough of the type of people who click on banner ads that warn "Your Computer is Infected!"
The fact that online scams and typo squatters exist is a testiment to the fact that ICAN'T will not be able to catch them all. "Hello, my name is Ben Nigel King, I would like to register the domain .BNKing here is my $185k fee. Also, I am planning a new social media network and would like to purchase .updates - here's another $185k."
Now you have:
This is just off the top of my head with little thought or planning. The criminal enterprises that do this everyday will have much better ingenuity.
Also remember, like premium rate phone scammers, many of these operations are fly-by-night; a small time-window is all they need to capture some credit card info, or upload a virus then close up shop and the registered company is found to be false.
To assume this is not possible is either extremely naive or disingenuous.
"Lastly, and specifically for the banking sector, I'd be very surprised if .bank was not requested, and if run correctly, could ONLY be used by a legit bank."
In the UK, I believe there's a *.ltd.uk (or something) domain that you can only get if Companies House are convinced that you are legit. The intention is exactly what you suggest and it already exists, with the additional guarantee that you are a UK company and can therefore be taken to a court in the UK by a UK customer who is unhappy.
None of the UK banks use it. Lloyds TSB, for example, use a .com.
iDNS spoofing ..
> programme will also enable organisations to apply for gTLDs in non-Latin, non-ASCII scripts ..
What happens when a non-Latin URL shares similar looking characters with a Latin URL?
"The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike"
Their searched for in the application process, and it's rejected if it's too similar.
"The programme will also enable organisations to apply for gTLDs in non-Latin, non-ASCII scripts, such as Cyrillic, Arabic, Greek, Hebrew and Chinese."
This has always bothered me about domain names: there are no good reasons why we should paint the entire internet with Latin, ASCII sameness. (The arguments in favor of using English as for easy communication do not apply in this case, because an English-speaker will not be able to understand nor reliably type a Chinese domain name regardless of whether it is written with roman characters or with Chinese characters. If a Chinese website wants to reach English-speakers, they can still get an additional ASCII-based domain name.)
Love them or hate them, many of these reforms are a natural evolution of the system that ICANN could not resist forever. That they also open up avenues for abuse is an unavoidable side-effect.
It's not about Language, it's about Internet Protocol Addresses.
IP Address FF.FF.FF.FF = 255.255.255.255
ZZ.ZZ.ZZ.ZZ = (676).(676).(676).(676)
ZZZ.ZZZ.ZZZ.ZZZ = (17,576).(17,576).(17,576).(17,576)
The only 2 gTLD's that have any metaphysical meaning are .COM and not(.COM) because Commercial Enterprises *must* "know their customers" ... Social Networks like FB deliver 4.75 Network Degrees of Separation (or so they claim) between a customer and another customer and "hold" 1 Network Degree of Separation between their customers and themselves. They are not brokers in the usual sense.
cybersquatting and brand protection
I think some people are not understanding the problem this is going to cause. It's not that you have to protect your trademarks and brands by buying .brandname it's buying them at other peoples tlds.
e.g. Some company registers .hotel, now everyone who owns a hotel has to go to that company and buy brandname.hotel at what ever price the owner thinks they can get away with.
London buys .london, you own a business in London? best pay Boris what ever he asks for business.london or someone else may get there first.
> London buys .london, you own a business in London? best pay Boris what ever he asks for business.london or someone else may get there first.
only the very stupid will buy this snake oil. the contents of a domain name don't matter any more. people use this thing called google to find web sites. they rarely see and even more rarely type those domain names.
it simply won't matter to the public whether the web site or whatever lives behind shitname.com or shitname.london or goodname.shitname or... they're just not going to know or care what the domain name string is. domainers and marketing twerps will care, but they are worthless scum. they are bottom feeders who hype this froth to make money because they can't get proper jobs.
as far as the internet is concerned, all that matters is the domain name string resolves and there's a working web/mail/whatever server at the end of it.
That's a lot of regexs that need rewriting.
ICANN lay a golden egg
if you stop drawing attention
Doesn't look like I'll be able to buy youremywifenow.dave anytime soon...
ICANN grosses $200 million .. $70 million to lawsuit defense fund
LET THE GOOD TIMES ROLL !
.JUNK bust .. investors lose a few billion .. companies have a bunch of worthless domains ..
World sues ICANN ..
GOLDEN PARACHUTES AWAY !
One can hope it will either be http://www.ncga.com/ or http://www.corn.org/ who get it.
I DO IT BECAUSE I CANN
You've got problems? Go complain to the internet.
Up yours, I CANN
lets club together...
Then we can sell rights off...
icaan.aretwats of course would be free to the best designed sites.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- The Register to boldly go where no Vulture has gone before: The WEEKEND
- Netflix swallows yet another bitter pill, inks peering deal with TWC