Banxa announces AUD $3 million sale of crypto-related domain names, with more to come

Publicly-listed Banxa has announced the sale of AUD $3 million worth of crypto-related domain names to Independent Reserve (an Australian crypto exchange). 1 $AUD is worth approximately USD $0.67 at the time of this post.

Continue reading “Banxa announces AUD $3 million sale of crypto-related domain names, with more to come”

ICANN75 Session of the Transfer Policy Working Group is Friday at 10:30PM Eastern Time

The ICANN75 session of the ICANN Transfer Policy Review PDP Working Group will be taking place in less than 12 hours from this blog post, at 10:30 PM Eastern Time on Friday, September 16, 2022. [10:30 MYT (UTC+8), 17 September 2022]

Remote participation is available via Zoom (you’ll need to create an ICANN account to access the links to the Zoom room, as per the above session link).

As I’ve noted in my lengthy comment submission, there are very serious problems with the working group’s recommendations.

Furthermore, that working group’s review of the public comments is superficial at best. As an example, watch the Zoom recording of this past Tuesday’s working group call. (unfortunately, the written transcript of the call isn’t posted yet on the GNSO’s calendar page).

Did the working group even mention, in discussions of removal of the Losing FOA, my citing of the SSAC report, from page 39 of my comment submission, to:

“Treat transfer attempts as a security event (check and re-check).”

Nope! Apparently such an important point was not worth mentioning on their call! It demonstrates the importance of the Losing FOA.

There’s a certain arrogance in the working group, as if they know better than the public. e.g. Jim Galvin of Afilias (a member of the SSAC) claimed he was “not especially persuaded by most of these comments” and that he didn’t believe “that there’s new information here” (see the “rough transcript” produced by Zoom at around 44:22 into the call, or listen to the actual call; the rough transcript isn’t perfect).

Galvin claimed that he “could sit here and go through, and I think I would have a specific response to each one of these comments” (at around 44:53 into the call). I openly challenge him to do so!

I even reached out to him, to have a telephone call, to go through my concerns to see what his “response” would be. I’ve not heard back, yet.

At 1 hour and 10 minutes into the call, Galvin asserts that “there really is no diference between the FOA and the notification.” He then goes on to claim “the notification has the same properties. It neither adds nor removes them.”

This is demonstrably false!

If I validly create a TAC (transfer authorization code), to transfer a valuable domain name from Tucows to GoDaddy (as an example), and provide that TAC to a buyer or to an escrow company, but then see (via the Losing FOA) that the transfer is actually going to Alibaba or a Russian registrar, I’d be able to NACK (cancel) the transfer, as it’s not going to the correct destination.

That involved no compromise of the registrar’s control panel, but involved misuse of the TAC after it was properly generated, but before it was properly used at the correct gaining registrar).

This is a perfect demonstration that their analysis is completely wrong. The removal of the Losing FOA would have demonstrably made one worse off.

Galvin claims that “all bets are off” if an attacker gains access to a registrar’s control panel (because the attacker can change registrant contact details, so the registrant wouldn’t be able to receive the Losing FOA). Again, his analysis is wrong. Perhaps at a poorly-designed registrar, his analysis might be fine. But, a properly-designed security-conscious registrar wouldn’t immediately make those critical changes. They would seek verification first! I documented in my lengthy submission that I carefully separate out the registrar control panel details and contacts, so that they’re independent of the domain name contacts.

Later on that call, at around 1 hour and 14 minutes, Jim Galvin demonstrates to us all that he didn’t actually do his homework and understand the working group’s report, as he was unaware that the 5 day window after the gaining registrar submits the transfer was being eliminated. How embarrassing for him, and embarrassing for SSAC. He says “maybe I’m missing something  here” — yes, Galvin and others are missing a lot!

In conclusion, it’s clear that these working group members are not doing a proper review of the public comments. They have tunnel vision, and are working from the starting point that they “know better” than the public who submitted serious concerns about their dangerous proposals. If you share these concerns and have time on Friday night (North American time) to attend the ICANN75 session remotely, please do so.

 

Domain Owners Might Want To Enable Lockdown Mode

Apple recently released iOS 16 for the iPhone, which introduced a new security setting called “Lockdown Mode” (this feature will also be coming soon for the iPad and macOS). It increases the security of your device, to defend against some “extreme” attacks.

Owners of valuable domain names (or other digital assets like crypto/NFTs), CEOs, celebrities, journalists, and other “high value targets” might want to enable Lockdown Mode for extra protection.

Stanley Pace wins Reverse Domain Name Hijacking Decision in Court, Overturning UDRP

Stanley Pace has won a reverse domain name hijacking victory in court, overturning a wrongly-decided UDRP decision at WIPO in the celluvation.com dispute.

You can read the entire court decision here.

In summary:

The Court herby DECLARES and ORDERS:

1. Pace’s use of the celluvation.com domain does not violate the ACPA.
2. Pace’s use of the celluvation.com domain does not violate the Lanham Act.
3. Pace has established a claim for reverse domain name hijacking.
4. Defendant’s counterclaims against Plaintiff are DISMISSED WITH PREJUDICE for willful and inexcusable failure to prosecute and failure to comply with court orders pursuant to Fed. R. Civ. P. 41(b).
5. Pace’s request for fees is DENIED.
6. The WIPO arbitration panel decision is OVERTURNED, and the domain name
registrar for celluvation.com is ORDERED to lift the hold on the domain name and return the domain to Pace.
7. Judgment shall be entered in favor of Plaintiff

Will WIPO add this decision to its list of UDRP-related court cases? You might recall that WIPO retaliated against my company and removed the PUPA.com court case decision from their list (after I voted against Brian Beckham as co-chair of the RPM PDP working group at ICANN).

Newfold Digital Signs Agreement to Acquire MarkMonitor from Clarivate for $302.5 million

Newfold Digital, the company that owns registrars like Network Solutions and Web.com, issued a press release that they’re buying MarkMonitor from Clarivate for $302.5 million.

This was already reported multiple times on the Domaining.com RSS aggregator by other sites.

Yet, by being the last to report it, this admittedly parasitic blog post, which adds no value whatsoever, will now appear HIGHER on Domaining.com than the site that first broke the news (Elliot Silver of DomainInvesting.com), and thus generate clicks! So, go visit Elliot’s site, who deserves the traffic and eyeballs, and ponder why others are getting away repeatedly with their parasitic practices.

I’ve mentioned these parasitic practices repeatedly, e.g. in my blog posts here and here. I’ve tweeted about it repeatedly too, e.g.

Perhaps Domaining.com needs to add a way to downvote or even hide “duplicative” articles that are parasitic. E.g. on Hacker News, not every story gets on the homepage, and they’re not simply listed in reverse chronological order.

In conclusion, go read Elliot’s excellent article that broke the news before anyone else did. He has my full respect, as I know he’s always very careful to cite prior work from myself, Jamie Zoch and others producing original content. And he doesn’t try to “gain eyeballs” through parasitic practices.

 

Arizona court orders that ETH.LINK domain name be transferred back to True Names

An Arizona court has ordered that the ETH.LINK domain name be transferred back to True Names. You can read the entire order here.

This was first reported on Hacker News last night, but none of the usual suspects blogged about it yet. Given I’m “on strike” for reporting on SEC Filings findings for the rest of the year, due to too many parasitic bloggers, I figured I’d write about something different. Let’s see how many parasitic bloggers write about this without citing the original Hacker News post or this blog post…especially those who don’t typically blog on the weekends….

Obviously change of ownership and domain transfers in general are matters of critical importance, yet how many people reading this bothered to submit comments to ICANN during their recent comment period? You can read my company’s 60 page submission in a prior blog post. If you were upset about how the registrars handled the ETH.LINK expiration and transfer to a 3rd party, perhaps you should pay more attention to the policies which enable that behaviour. When a registrar can earn more from the expiry of a domain name, rather than its renewal, that creates an enormous conflict of interest. The interests of registrants are routinely ignored at ICANN, because of your apathy.