Derek and all my friends, My remarks and comments interspersed below... Derek Smythe wrote:
Jeffrey and all
Re: Identifying user concerns
I have changed the subject line to a more appropriate one.
Good idea and choice.
This is an excellent idea, one that I would dearly love to participate in.
However, I would like to change item (2), phishing, to encompass fraud which may appear to be phishing typo domains at first glance, but upon analysis found not to be. As such I would like to say fraud for want of a better word.
Ok, but phishing is the single most intrusive and potentially damaging sort of fraud that prays on users lack of understanding. Most phishing is caused or originated by spoofing IP addresses and/or Domain names, from an insider of a legitimate originating domain name's Email address, a result of misconfigured DNS being either exploited or intentionally misconfigured in order to suck information from visitors to that domain name. There are of course other root causes as well. Many of these causes can be eliminated or severally reduced by cleaning up DNS configs and an area where ICANN can make a huge difference.
There are many domains with fake whois, registered via proxy servers paid for by anonymous means that make the registrant untraceable. This is deliberately so. Example: http://butterfis.com/sl/
Exactly right, and here is again where ICANN can make a huge difference if they will only police their registrars and registries. And if for instance, ICANN will require Registrars to make substantial corrections to the accuracy of Whois data, limit access to personal an private data in some Whois's, and revamp registration software.
Likewise many domains are registered with stolen credit card details, the victims details appearing in whois, opening them up to even more abuse. I have a lot of case history on this issue. Some resellers even offer domain registrations with no whois details ever asked.
Yes this is a significant problem and once which I mentioned on circleid. ICANN can't really address this problem very well however. The only manner in which ICANN could address this problem is limit the number of Domain names any one registrant can register in a given length of time. Not a very good approach really. The other manner in which ICANN could address this problem is to eliminate the reseller market in some manner. But this is never going to happen for obvious reasons...
Of course, this is taking us into the third point you have here, the second point sometimes even originating from the first.
Yep!
While I would not dare register a domain without some form of whois protection, I was extremely relieved when recent initiatives to have whois details in domains removed from public scrutiny. At the moment we are each other's best watchdogs and we simply cannot afford general whois privacy, since this would simply hide a problem and not fix a problem. Yet we have to break this vicious cycle and move forward. Anonymity must not result in no responsibility. However this is what we are seeing currently.
I don't believe in the idea that anonymity leads to poor responsibility.
In fact this is currently used to actually identity victims of credit card fraud. We have teachers, estate agents etc living in small towns all across America who are not even aware they own a Microsoft Lottery, a NatWest Bank, FBI or CIA spoof domain. Big business is ignoring this problem. We have hundreds of supposedly American citizens with a fetish for registering Central Bank of Nigeria domains all of a sudden.
Yes, I was recently hit with a NatWest bank false account. I turned that over to US-CERT for their review. The reason FBI and CIA as well as NSA spoofs are occurring is because their DNS's are misconfigured badly leaking TTL's
There is another group of people who is not in the ICANN, registrar or registrant class, who are victims of a system with quite a few quirks and no accountability.
Yes the accountability of large IP interests and their internet presence's such as Banks and other financial institutions whom are the largest segment that have little or no accountability except to themselves which is no accountability at all.
This is undermining faith in the Internet since the average Internet user can simply not understand how such a system as advanced and sophisticated as the Internet can operate with no accountability. These are ordinary people that may not be very technical and are from all over the world with no meaningful recourse.
Sad but currently largely true.
I can carry on and on, but I think this is enough to get the point across.
I suggest the following documents would be a starting point: http://www.icann.org/announcements/advisory-10may02.htm http://www.icann.org/announcements/advisory-03apr03.htm
Regards
Derek http://www.aa419.org
Danny and all my friends,
I think in order to make some progress identifying users main concerns, and listing them would be a good first start. So from our members anyway, here is a short list:
1.) Solving the growing spam problem. 2.) Means and methods of addressing phishing 3.) Personal privacy on the net.
....... .......
Regards, Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827