Proxy-Privacy Use Higher for Illicit Domains
Hello folks, look forward to seeing you all next week. I have just released a sample of one section of a report to be released next Tuesday: WHOIS issues are looming large for the ICANN meeting next week, starting with an all-day WHOIS Policy Review (http://svsf40.icann.org/node/21983) on Sunday (background https://community.icann.org/display/whoisreview/WHOIS+Background+Information). WHOIS is a subject that has been the recent topic of a number of issues including a debacle over potentially disclosing the identities of compliance reporters to spammers and criminal domainers (http://krebsonsecurity.com/2011/03/whois-problem-reporting-system-to-gain-pr...). For those unacquainted with the purpose of WHOIS, I would recommend Paul Vixie's (http://www.circleid.com/members/620/) excellent article (http://www.circleid.com/posts/whois_scared/). One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers. Additionally, the illicit use of privacy-proxy erodes the legitimate use. This is compounded by the fact that many privacy-proxy services are phantom companies themselves. In September of last year ICANN released the results of a study estimating 18% usage of privacy-proxy services in the gTLD(http://www.icann.org/en/announcements/announcement-14sep10-en.htm) (full report http://www.icann.org/en/compliance/reports/privacy-proxy-registration-servic...). However, Knujon (http://www.knujon.com) research has revealed that privacy-proxy usage is significantly higher among illicit domain registrations. We looked at two specific categories: spammed domains and illicit pharmacy domains. The conventional logic has always been that spammers and criminals would not waste money on privacy services, that they would simply falsify registration data or use "throw-away" free email addresses. We know this is not the case. One section of a report KnujOn will issue on Tuesday March 15th will show 33% usage of privacy-proxy registrations for domains advertised in spam and 39 to 51% usage among illicit pharmacy domains. KnujOn studied 13,277 repeatedly spammed domains over six months and found that among the general population, most registrants used unmonitored or false yahoo.com, gmail.com, hotmail.com, and other free-email accounts in the registration. However, six out of the top ten spam registrations were through Registrar-sponsored privacy services. Also, 31 of the all the 152 registrant emails domains collected were privacy services. For illicit pharmacy domains, the numbers are even more interesting. Once again gmail, yahoo, hotmail and aol "throw-aways" were most popular but 15 out of the top 20 contact emails used were at privacy services, most were the services offered by the sponsoring Registrar. Among the general population of 27,414 illicit pharmacy domains studied 39% used privacy-proxy. Within the 50th percentile there is 45% privacy usage, in the 25th percentile it is 48%. Among the top 50 contact email domains 51% were privacy services. The most used privacy services had 8,380 illicit pharmacies as customers. For some, the question still remains, why pay for a privacy service when bogus WHOIS information is easy to use? There are a variety of reasons. First, it adds another layer of obfuscation to confound investigators. A separate KnujOn study found over 100 illicit pharmacy domains, that had the privacy service removed after complaints, had false WHOIS underneath. A second reason is that it provides additional cover for illicit registrants by creating an unaccountable phantom third party that is neither completely registrant nor Registrar. This is evidenced in multiple UDPRs where a brand owner eventually wins an infringing domain name through default but the true identity of the original owner is never revealed. There are many more issues including which privacy services are compliant with the ICANN RAA and who owns the privacy services heavily used by illicit domainers. This will be detailed in our full report. -Garth More info: http://www.circleid.com/posts/20110310_proxy_privacy_user_higher_for_illicit...
On 10 Mar 2011, at 09:23, Garth Bruen at Knujon.com wrote:
One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers.
cool. i am now a spammer and a criminal. your brush strokes are a tad bit broad. a.
Avri, I'd like to point out this sentence: "the illicit use of privacy-proxy erodes the legitimate use." I support the use of privacy services for proper reasons. The way it is structured now benefits the abusers and will likely cause lawful users to suffer later. I like the Canadian system (.CA) that prohibits the use for commercial entities, that would preclude much misuse. Your assumptions about my intent are not supported by the content of the article, it is I who have been painted by a broad brush. -Garth -------------------------------------------------- From: "Avri Doria" <avri@ella.com> Sent: Thursday, March 10, 2011 5:17 PM To: "NARALO Discussion List" <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Proxy-Privacy Use Higher for Illicit Domains
On 10 Mar 2011, at 09:23, Garth Bruen at Knujon.com wrote:
One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers.
cool. i am now a spammer and a criminal. your brush strokes are a tad bit broad.
a.
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
Hi, I was commenting on the comment made in the article. Where you bluntly say that a system I think that is run for my benefit is run for the benefit of criminals and spammers. a. On 10 Mar 2011, at 17:03, Garth Bruen at Knujon.com wrote:
Avri,
I'd like to point out this sentence: "the illicit use of privacy-proxy erodes the legitimate use." I support the use of privacy services for proper reasons. The way it is structured now benefits the abusers and will likely cause lawful users to suffer later. I like the Canadian system (.CA) that prohibits the use for commercial entities, that would preclude much misuse.
Your assumptions about my intent are not supported by the content of the article, it is I who have been painted by a broad brush.
-Garth
-------------------------------------------------- From: "Avri Doria" <avri@ella.com> Sent: Thursday, March 10, 2011 5:17 PM To: "NARALO Discussion List" <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Proxy-Privacy Use Higher for Illicit Domains
On 10 Mar 2011, at 09:23, Garth Bruen at Knujon.com wrote:
One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers.
cool. i am now a spammer and a criminal. your brush strokes are a tad bit broad.
a.
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
I mean the comment made in the email. a. On 10 Mar 2011, at 17:11, Avri Doria wrote:
Hi,
I was commenting on the comment made in the article.
Where you bluntly say that a system I think that is run for my benefit is run for the benefit of criminals and spammers.
a.
On 10 Mar 2011, at 17:03, Garth Bruen at Knujon.com wrote:
Avri,
I'd like to point out this sentence: "the illicit use of privacy-proxy erodes the legitimate use." I support the use of privacy services for proper reasons. The way it is structured now benefits the abusers and will likely cause lawful users to suffer later. I like the Canadian system (.CA) that prohibits the use for commercial entities, that would preclude much misuse.
Your assumptions about my intent are not supported by the content of the article, it is I who have been painted by a broad brush.
-Garth
-------------------------------------------------- From: "Avri Doria" <avri@ella.com> Sent: Thursday, March 10, 2011 5:17 PM To: "NARALO Discussion List" <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Proxy-Privacy Use Higher for Illicit Domains
On 10 Mar 2011, at 09:23, Garth Bruen at Knujon.com wrote:
One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers.
cool. i am now a spammer and a criminal. your brush strokes are a tad bit broad.
a.
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
I mean the comment made in the email.
It would be nice if someday the ALAC could get beyond the conceit that the Internet is run for the convenience of vanity domain holders. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 10 March 2011 20:29, John R. Levine <johnl@iecc.com> wrote:
I mean the comment made in the email.
It would be nice if someday the ALAC could get beyond the conceit that the Internet is run for the convenience of vanity domain holders.
I don't think that conceit is universally shared. Many people who have gravitated into a policy intrerest in ICANN have done so because they're at least familar with the concept of domain name ownership. That means, in the most cases, they've either helped people get domains or they own a few themselves. Myself, I administer a "stable" of about a dozen on behalf of friends, family and a client or two. (At least a few of them, I guess, could be called "vanity" domains, but that's because of the present rules of the game. Better me than a speculator.) That's where things were at the beginning. I like to think that outreach activities -- that have brought in ALSs like my own that normally have zero to do with Internet governance and whose members by and large are not domain owners -- are starting to work. It's a reason why the ALS model is preferable to the romantic direct-election model which guaranteed a process of insiders voting for insiders. Right now, ICANN loves to talk about "consumer choice". Most of this is just horsecrap because it means nothing. Right now it's not even known if ICANN's idea of "consumer" is the domain buyer (the bottom of ICANN's particular food chain) or the Internet user who "consumes" Internet information that may be found by domain name, IP address, search result or a link from somewhere else. As long as this distinction continues to be muddy, the platitudes will continue because they're worthless. Even so, ICANN tends to talk about consumer issues with the vocabulary of the supplier, not the consumer. (Personally, I don;t even like the term "consumer" in this context because it implies that Internet use requires a financial transaction. End users do not exist on the Internet merely to consume things...) One of my own personal goals next week in San Francisco is to bring some clarity to this, because the ICANN-related needs of end users are very different from those of registrants. On a number of issues, end-users and registrants have common ground, but one of ICANN's dirty little secrets is that the two groups in some cases have very different agendas. The biggest example of this is in WHOIS, where (generally) registrants want privacy and end-users want accountability. (Painting this as a law-enforcement issue is also horsecrap IMO). Another issue -- litttle spoken of -- is the issue of domaining, which does nothing for the public good, adds zero value, does not benefit the flow or quality of information on the Internet, has needlessly increased the cost of having an Internet presence, but is heavily defended by domain speculators (and tacitly backed by ICANN which has a vested interest in its maintenance). These gaps in agenda, IMO need to get clearer ... and I think they will. At a certain point, people who claim to speak in the public interest but also own domains, if they are honest about it, are going to find themselves conflicted. (I believe) I've already come to grips with mine. - Evan
Evan, as I don't see a Confluence page set up yet to accept comments on the GAC Scorecard, could I trouble you to bring this proposed comment to the attention of the ALAC? Thanks, Danny The ALAC has taken note of the ICANN Board response to GAC Scorecard point #12.1, namely that “The principle of an early warning is already included in the Guidebook” and that “The exact process needs to be discussed further”. The ALAC supports the principle of early warning and contributes the following recommendation for consideration. Inasmuch as ICANN has established a comfort level with the notion of short-term, purpose-built and time-definite consulting contracts (as exemplified by RSTEP), we are of the view that ICANN can attend to some of the concerns expressed by the GAC in their final San Francisco session with the Board through recourse to such an approach. The ALAC in particular notes that members of the GAC articulated the following concerns: • there are many governments that are not affiliated with the GAC that may not daily follow that which transpires within ICANN – accordingly it becomes quite possible for governments to perhaps miss the opportunity to offer objections (if warranted) within the scheduled comment windows. • Some geographic identifiers may not reside within the authoritative lists that are published by recognized global organizations At issue is the subject of “reach” and the desire not to inadvertently fail to address what may be the legitimate concerns and sensitivities of those in the developing world that may not yet have a voice within ICANN. To that end, and in keeping with the spirit expressed at the ICANN plenary by President Bill Clinton to enjoin the world’s NGO population, the ALAC makes the following proposal – ICANN will seek to retain the short-term services of the Conference of Non-Governmental Organizations in Consultative Relationship with the United Nations (CONGO) as part of its Communications Strategy to inform relevant parties and governments worldwide of their opportunities for comment and/or objection in the new gTLD process.
Oh, I know what you meant. but you're talking about original intent and I'm talking about the de facto regime. -------------------------------------------------- From: "Avri Doria" <avri@ella.com> Sent: Thursday, March 10, 2011 8:11 PM To: "NARALO Discussion List" <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Proxy-Privacy Use Higher for Illicit Domains
Hi,
I was commenting on the comment made in the article.
Where you bluntly say that a system I think that is run for my benefit is run for the benefit of criminals and spammers.
a.
On 10 Mar 2011, at 17:03, Garth Bruen at Knujon.com wrote:
Avri,
I'd like to point out this sentence: "the illicit use of privacy-proxy erodes the legitimate use." I support the use of privacy services for proper reasons. The way it is structured now benefits the abusers and will likely cause lawful users to suffer later. I like the Canadian system (.CA) that prohibits the use for commercial entities, that would preclude much misuse.
Your assumptions about my intent are not supported by the content of the article, it is I who have been painted by a broad brush.
-Garth
-------------------------------------------------- From: "Avri Doria" <avri@ella.com> Sent: Thursday, March 10, 2011 5:17 PM To: "NARALO Discussion List" <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Proxy-Privacy Use Higher for Illicit Domains
On 10 Mar 2011, at 09:23, Garth Bruen at Knujon.com wrote:
One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers.
cool. i am now a spammer and a criminal. your brush strokes are a tad bit broad.
a.
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------
participants (5)
-
Avri Doria -
Danny Younger -
Evan Leibovitch -
Garth Bruen at Knujon.com -
John R. Levine