
What the heck happened with .org? - soheilpro
https://blog.mozilla.org/blog/2020/05/11/what-the-heck-happened-with-org/
======
julianlam
> ... by 2018, ISOC was sitting on a pretty large ongoing revenue stream in
> the form of .org registration fees. However, ISOC management felt that
> having essentially all of their funding dependent on one revenue source was
> unwise and that actually running .org was a mismatch with ISOC’s main
> mission. Instead, they entered into a deal to sell PIR (and hence the .org
> contract) to a private equity firm called Ethos Capital, which is where
> things get interesting.

This sounds like a rather shortsighted decision, to give up a _very_ reliable
source of recurring revenue because you'd rather only have multiple smaller
sources of revenue... why not both?

~~~
jandrese
Its nonsensical. They get almost all of their funding from one source, which
they say is a bad idea even though the income stream is very reliable for the
foreseeable future.

So their plan is to get rid of it and replace it with...what exactly?
Donations? Some other kind of industry that they have not mentioned yet? The
plan seemed to start and end with selling off their primary revenue stream.

~~~
scatters
Assuming it was sold for what it was worth, the selling price could have been
used as an endowment to purchase investments with a similar cashflow/risk
profile but greater diversification so lesser risk overall. This is pretty
basic economics: the value of an investment is the NPV of its future
cashflows.

~~~
tw04
What possible investment could ever match the risk:return of .org and where do
I sign up? That is about the most risk free/cash positive investment in the
history of mankind. Short of cornering the worldwide market on oxygen you
aren't going to find a better investment.

~~~
dathinab
The .org contract ends in 2029! No guarantees that it will be renewed.

~~~
felipelemos
From article:

"One interesting fact about these contracts is that they are effectively
perpetual: the contracts themselves are for quite long terms and registry
agreements typically provide for automatic renewal except under cases of
significant misbehavior by the registry. In other words, this is a more or
less permanent claim on the revenues for a given TLD."

------
tasuki
This is going to keep reoccurring.

The Handshake project [1] attempts to decentralize the DNS root zone (using a
blockchain what else).

If, like me, you're suspicious about anything blockchain, a fun fact about
Handshake: the developers took $10 million of VC money and donated it to Free
and Open Source foundations [2]. That was actual cash donated, not magical
internet money (though magical internet money was _also_ donated).

Some coins were premined. 80% of those were airdropped to GitHub users. If you
had more than 15 followers in February 2019, you can still claim your airdrop
[3]! (Disclaimer: this is what got me interested in Handshake)

[1] [https://handshake.org/](https://handshake.org/)

[2] [https://handshake.org/grant-sponsors/](https://handshake.org/grant-
sponsors/)

[3] [https://handshake.org/claim/](https://handshake.org/claim/)

~~~
x3blah
In the short history of the Internet so far, domain names originally were
free. Many of the early .com(mmercial) names, e.g., bbn.com, dec.com, etc.,
were registered for free. Some TLDs were non-commercial for a long time, e.g.,
Educase I think only began charging fees for .edu around 2006.

For me, the question remains why do user have to pay for domain names.

Users once had to pay for SSL certificates but it seems like Let's Encrypt
found a way to work around that.

Why can't the same be done for domain names.

One could argue the "legitimacy" of LE certs is directly connected to, or even
dependent upon, the "legitimacy" of the applicant's domain name registration.
An ICANN-approved domain name registration is required to obtain a LE cert.
Wonder why LE does not operate a domain name registry.

~~~
tasuki
> For me, the question remains why do user have to pay for domain names.

Because they're scarce! Should you have `x3blah` or should I have it? If
domain names are free, how do we decide who operates which domain?

If I understood it right, one of the goals of Handshake is for names to be
almost free. With a near-infinite number of TLDs which you can buy for as
little as $0.09 (and renew for $0.02 every two years), less desired names
become essentially free.

Furthermore, you can become a registrar! With such a low cost (about $2 over
our expected lifetime), you can charge extremely low fees for `domain.x3blah`
or even give out the second level domains for free!

~~~
x3blah
What if no one gets "x3blah" and we each get some random string, e.g., an
ed25519 public key.

Handshake looks like it wants to create another "gold rush" for "vanity"
names. We have already had that. We have already seen how it plays out. It has
been a while since I read through the Handshake docs. Are there limits on how
many names a single applicant/organisation could register.

~~~
oarsinsync
I can enter x3blah from memory. I can print it on a poster when promoting my
service.

I can't memorise
AAAAC3NzaC1lZDI1NTE5AAAAIFwAU7Q9tccWIyPviJuzAatFIgQZVRr7mExznfbUR9Il. I can't
print it on a poster when promoting my service. I can use a QR code, but
that's ripe for exploitation. Someone can easily replace the QR code on my
poster, and there's no way for anyone viewing the poster to know that it's not
the correct QR code.

What's the point of the name at all if it's not memorable?

Or to put it another way, do you really want email address
AAAAC3NzaC1lZDI1NTE5AAAAIFwAU7Q9tccWIyPviJuzAatFIgQZVRr7mExznfbUR9Il@gmail.com?

~~~
x3blah
If the point of the domain name for _you_ is marketing, then get one you think
is "memorable" and use it as a CNAME.

The point for _me_ would be non-marketing uses, e.g., to get an SSL cert so I
do not have to use a self-signed one when monitoring encrypted egress traffic
from the local network. That name does not need to be memorable. I can get a
free cert from Let's Encrypt but I cannot get free domain name. Best I can get
for free is a subdomain of someone else's domain name.

As you know, not every domain name is used for the purposes of email addresses
or a website. To use a common example, AWS Cloudfront subdomains are not
memorable but they are useful to AWS. Like subdomains, domain names can still
be useful without being memorable.

~~~
oarsinsync
> If the point of the domain name for you is marketing, then get one you think
> is "memorable" and use it as a CNAME. The point for me would be non-
> marketing uses

This is a very fair and valid point. Thank you for pointing this out.

> to get an SSL cert so I do not have to use a self-signed one when monitoring
> encrypted egress traffic from the local network

This sounds like you're doing proxying / TLS interception / MITM? If so, you
need a signing certificate with authority to sign for any arbitrary name. No
vendor provides this for free, and using your own self generated CA is the
solution here.

> Best I can get for free is a subdomain of someone else's domain name.

It's unclear what you mean here, as the words you're using are somewhat
overloaded, depending on context.

An arbitrary gTLD is not something you can get for free, until we have a
better solution for DNS than the current approach.

Anything else is just variations on a subdomain. Heck, technically even a gTLD
is a subdomain of the root domain '.', where you don't own anything there
either, and are simply getting a subdomain granted to you by the roots.

When you look at it from that perspective, and you're simply looking for
something that is unique for you, what's the difference between a subdomain
from a dyndns provider, and a subdomain from a registry?

~~~
x3blah
"An arbitrary gTLD is not something you can get from free, until we have a
better solution for DNS that the current appraoch."

This implies that there is a better approach. I agree. There are many
possibilities. I have been running own root zone at home for several decades.
I routinely experiment with different ideas. I am aware of many possibilities.

I do generate a CA pem file using openssl in order to view own traffic.
However even with all these hoops we jump through to do such basic things,
"Big Tech" seems to actively try to discourage users even more, .e.g., from
monitoring their own traffic. For example, subjecting the user to a keylogger
in Chrome and forcing them to type some undocumented, opinionated shibboleth
such as "badidea" or "thisisunsafe" to proceed.

[https://stackoverflow.com/questions/35274659/does-using-
badi...](https://stackoverflow.com/questions/35274659/does-using-badidea-or-
thisisunsafe-to-bypass-a-chrome-certificate-hsts-error)

The subject of the OP is what was originally supposed to be a "non-commercial"
TLD, which since abandoned that designation and began charging fees, and, more
importantly, the current and future lack of any restrictions on raising those
fees. If one is using a TLD in ways that demand transparency, e.g., to
represent an entity that is taking money from the public, then involving a
third party that accepts personally identifiable information, e.g., a
registrar, makes some sense. However, interactions with the public, e.g.,
commercial uses, are not the only ways the internet can be used and such uses
are not the only way domains can be used.

------
mirimir
> Additionally, in the summer of 2019, PIR’s ten year agreement with ICANN
> renewed, but under new terms: looser contractual conditions to mirror those
> for the new gTLDs (yes, including .wtf), including the removal of a price
> cap and certain other provisions.

It's seems like something got hugely screwed up in PIR's bylaws. I mean, with
a name like "Public Interest Registry", you'd think that serving the public
interest would be its top priority.

~~~
specialist
Do the owners (registrants) of domains have any standing in these TLD
decisions?

Any major change (eg sale) of .org TLD should be put to a vote of the all the
.org registrants.

Governance. It always boils down to governance. No taxation without
representation, and all that.

~~~
bitxbitxbitcoin
They have absolutely no say in the current system and are completely at the
mercy of these centralized powers.

------
gorgoiler
It’s not hard to see why .ORG rattled so many cages. It seems like there’s a
lot of passive anger of old school vs new money, even now in 2020. Thinking
about domains, it doesn’t take too long to get into the politics of property.

How do you think domain names should work?

Should you just be able to buy them openly? If one person has all the money,
then should they be allowed to buy all the domain names?

Should they be limited to some sensible amount per person? _Is a company a
person?_ Should companies be limited in the same way?

If there is a limit, should the price be capped as well, or left open to the
market? Those with the most money get to control the best domains?

Personally: I am grateful that we still have a system that works for all and
I’m very motivated to not see it go the way of rampant commercialism.
Mozilla’s post helps me proselytize.

------
notRobot
> .edu: for educational institutions

Only for US educational institutions, or those who got a domain before 2001:
[https://www.farsightsecurity.com/blog/txt-record/edu-
investi...](https://www.farsightsecurity.com/blog/txt-record/edu-
investigation-20160825/)

------
jandrese
> a promise not to raise prices by more than 10%/year for 8 years

Yeah, that's the kind of shit that made me cancel my cable service.

~~~
tinus_hn
They don’t care about you. Most companies aren’t going to lose their brand
identity for $100

------
xorcist
Hopefully this is indicative of where Mozilla stands on this.

It would be great if there could be a net wide push to relieve ISOC of their
.org duties, preferably before 2029. It feels strange to say this, because
ISOC is a legitimate organization with more than 50k members world wide.

Mozilla and EFF have shown themselves to be very good Internet citizens with
Let's Encrypt and are likely more than capable of running a top domain
operation too.

~~~
drdec
Ideally, you would address the underlying issues that caused this attempt to
cash in on the .org domain at the same time. Or you would just be making
whichever organization you choose a target for the underhanded types that
infiltrated ISOC.

Perhaps the key would be to signal that for the next contract, priority would
be given to bidders that are owned by multiple organizations. Also require the
owners to be non-profit. So a new XYZ co-owned by Mozilla, EFF and ISOC might
work.

You'd want at least three non-profit owners and for the new company to have
by-laws prohibiting any one company from accumulating more than 50% control.

------
C1sc0cat
Good summary though id disagree about the .org == "us non profit"

Should have gone with Poptels (already ran .coop) bid back in 2002 - though I
suspect that ICAN did not find us as biddable as they would like.

------
ksec
I would like to take this opportunity to ask, What happened to .web?

.web in my view is the only possible challenger to .com, but it has been
years, and those dispute seems endless with no update.

~~~
dmulholl
I've always thought 'web' should be at the other end of the domain, instead of
'www'. It takes literally one-ninth the time to say.

~~~
MaxBarraclough
Stephen Fry once suggested pronouncing 'www' as 'wuh wuh wuh', taking around a
third the time to say as the usual pronunciation. A pity it didn't catch on.

~~~
Multicomp
I've heard it pronounced "dub dub dub" for similar speed improvement

~~~
Izkata
I typically drop the middle syllable to get "dub-yew dub-yew dub-yew"; not as
fast but no one seems to realize what I did and they just hear the full name.

------
wyclif
What are the implications for consumers, orgs, or businesses who register .org
domains going forward, compared to registering a .com, .net, or other top-
level domains?

~~~
wmf
There are no implications for now since the status quo will remain. But it
sounds like ISOC will continue to look for a way to restructure their finances
so there's likely to be future discussion about doing something with .org.

~~~
abiogenesis
They are also free to increase the .org pricing, which they can use to justify
the Ethos sale.

------
rswail
So if ".org" is supposed to be for non-profits (and not-for-profits?) and
ISOC/PIR are supposed to be running the .org registry for two reasons: 1\. To
provide a gTLD for non-profits at an affordable price 2\. To provide an
ongoing income stream for ISOC

Given that those are the professed reasons, then ISOC's management and
diversification of its revenue stream is ISOC's problem to solve, however,
selling its revenue stream should/must not interfere with the other purpose of
the ".org" gTLD.

A stable revenue stream like ".org" is a valuable thing in its own right. ISOC
could sell the rights to that stream now, receiving a fixed amount for
endowment and other investments, or it can plan around that revenue stream.

Either way, the other primary purpose of the gTLD has equal weight to
ISOC/IETF etc need for income.

~~~
psychoslave
>So if ".org" is supposed to be for non-profits (and not-for-profits?)

Where I live what English generally name a "non-profit" have a single
important juridical difference: the assets of the organization belongs to the
organization, and can not be transferred directly to founders or whoever has
control of its board.

Also a non-profit can benefit from some advantages on fiscal side that a for-
profit can not, but the latter will far more likely "optimize" their
contribution to public services.

------
chx
I remember those days when a single person -- usually working for free -- made
the domain decisions. Specifically I remember Hungary. Registering under the
.hu domain was free for a while (it started in '91 Oct) and the rules were
made up by the person registering because, well, who else? and in '96 an
organization not fitting those rules laid immense pressure to get the domain
they wanted so said person resigned. And then the Council of Hungarian
Internet Providers was established and the free domains were gone...

~~~
rrdharan
Amusingly this made me go check if cthul.hu was registered. The domain name
has been claimed since 2000 (according to Whois.net). Hope I didn’t trigger
the awakening...

------
ohashi
The analysis they link to from Milton Mueller is garbage. His complete faith
in public interest commitments is laughable. See
[http://www.circleid.com/posts/20200311-the-sad-story-of-
priv...](http://www.circleid.com/posts/20200311-the-sad-story-of-private-
public-interest-commitments-pics/)

------
making_things
When the US allowed commercial activity seems like they forgot to make a
carve-out set of rules for non-profits. Are the .edu domain restrictions set
by laws established back then or by ICANN and can therefore theoretically be
changed without any input by governments?

