"Former ICANN CEO Fadi Chehade personally registered the domain name currently used by Ethos Capital in May and it was registered as a limited company in the US state of Delaware on May 14. That date is significant because it is one day after ICANN indicated it was planning to approve the lifting of price caps through its public comment summary.
As such it appears that the plan to purchase the .org registry was predicated on the price caps going ahead and that those behind the deal had intricate knowledge of ICANN’s internal processes."
I worked at one of the main TLDs for years and was on one of the ICANN boards and got to know the industry well.
It is well know amongst the domain name community that ICANN is a poorly run organization, whose directors have in recent years have used their position of leadership to lead decisions from which they are afterwards benefiting themselves economically, in many cases by rushing decisions such as in these case.
Peter Dengate Thrush was famous for pushing for the new domain extensions (.anything) as chief executive of ICANN and quitting a month later to become the CEO for a company that was the main bidder for a large number of extensions. Fadi Chehade is doing the same with .ORG by lifting the price cap on the prices of an established domain name and then gobbling up the company that sells those domains.
Sadly, ICANN has little oversight and since its kind of in the air and doesn’t report to anyone, the directors get away with what would be legally considered corruption in most of the world. The fact that the internet community and most Internet companies have never care about it makes doesn’t help, since a lot or times the “multistakeholder” model that they claim to use in reality doesn’t work.
Ultimately, this is why the DNS and domain name industry feels so shady in general and why for most companies getting a name on the internet is a tortuous process that feels very scammy, which is unfair and costs more than it probably should. But so far we don’t have any good alternatives to the current system.
The process of mapping name=IP is not remotely technically difficult, and I'd dare say most people reading this message could implement the backend to such a system in a few days.
Setting up the peering replication and nameservers around the world is considerably harder, but it's definitely not a $10 billion+ problem (the current value of registrars and certificate authorities.) A startup funded by YC could handle that easily.
Dealing with all the companies trying to sue you over others squatting their domains and having to decide who has the better claim would be the most expensive part.
I really hate to say it because it's so cliche and overused, but a blockchain-like system could remove the central authority, the server costs, and the lawsuit risks. But it would introduce concerns over trust, most likely.
The really hard, unsolvable part is the unwillingness of the browser vendors to support an alternative domain name system. If Chrome, Firefox, and Safari all supported a new TLD outside of ICANN's control as a public service (let's call it "Let's Resolve" which would offer free domains and would be funded through donations), it would be very successful. If even one of them didn't support it, nobody would ever consider using it for their websites. Browser extensions, even if they allowed access to intercept domain name lookups, would not work. It would have to be supported out of the box in every major browser, and well, good luck with that. Anything failing to herd those three cats right out of the starting gate is absolutely dead on arrival.
Who knows though, maybe they'll raise .org prices just a bit too much, and piss off an established non-profit enough to start a huge campaign to create an alternative. But probably not.
Browsers shouldn't be the entity deciding on address resolution, a domain system bound only to the web/httpx would be a huge leap backwards. This should be up to the os and whatever names resolution the os provides should be happily accepted by any network program, be it a browser, email client, ssh, irc or something completely different.
Unfortunately, with at least Chrome and Firefox moving to DNS-over-HTTPS, they are the entities deciding on address resolution for 99% of average-user requests.
I would agree with you in principle however, in which case there's an even more impossible goal: get Microsoft, Apple, Google, and every Linux/BSD distro to agree to a new OS-level alternate domain name resolver that functions out of the box. And also stop Google and Mozilla from rolling out browser-level DoH.
Wonder if this means Cloudflare - and/or the other termination points for DNS-over-HTTPS - could be an interesting place to start adding an alternative DNS resolution system?
Then it wouldn't need to be done by any browsers... if the DNS-over-HTTPS end point provider does the additional name resolution, it should "just work".
Browsers are the only ones actually willing to allow any change. If we wait for OSs to change nothing will ever happen. If it works well in browsers first then the OS will pick it up.
Similar to how email works and has various options to secure it but the reality is no end users were benefiting from it. How many OSs have enabled by default encrypted DNS? Browsers should primarily focus on providing the most secure and private browsing experience.
DNS is also not decentralized. It's centralised on ICANN and whatever company owns your TLD which is why this thread is here.
> The really hard, unsolvable part is the unwillingness of the browser vendors to support an alternative domain name system. If Chrome, Firefox, and Safari all supported a new TLD outside of ICANN's control as a public service (let's call it "Let's Resolve" which would offer free domains and would be funded through donations), it would be very successful.
Not sure I understand your proposal. Say every single browser in the world supports Let's Resolve. byuu.org is registered with ICANN; but someone now wants to register byuu.org with Let's Resolve. Do you let them? What about the other way round? And what if someone attempts to register byuu.org with ICANN, while another attempts to register byuu.org with Let's Resolve at the same time, causing a race. Who wins?
Also, unique, meaningful and memorable identifiers are a scarce resource. Offering free domains just open up the floodgate of squatting and hoarding (at unprecedented ease).
Edit: Parent suggested a new TLD; I read it as a whole alternative system. Well, the new TLD idea was already implemented as .bit AFAIK, and it's pretty crap.
You probably need a system that allows both roots to function together. Maybe a different URL scheme:
http: and https: use ICANN, httplr: and httplrs: use LR
If not specified, browser tries LR first, then falls back on ICANN.
Doesn't feel as solid to me, but they could also register a placeholder TLD that would be use for redirecting requests to LR, or the other way around:
google.com.lrns would tell the browser to resolve google.com in the LR root (hardcoded), or google.com.icann would tell the browser to resolve google.com in the ICANN root. When falling back from one to the other, the browser would display the hostname with the fallback TLD on it.
Just some ideas off the top of my head, I haven't fully considered the implications yet.
As stated by another person, yeah I'd want it to not overlap with the existing ICANN TLDs. Not too hard to do, and we could fix one of the bigger annoyances of DNS and correct the ordering: bsnes.byuu.org -> #newtld.byuu.bsnes, for example could work, or even just #byuu -> #byuu.bsnes and only have a sole TLD for it.
I don't know how we stop squatters, maybe a one-time registration fee would be reasonable, but that would be discriminatory as $100 would be trivial for developers in the US, and impossible for service workers in Mozambique that just want a personal website.
It's not as though .com/.net/.org (and heck, even a lot of the new gTLDs) aren't absolutely filled to the brim with squatters already.
I mentioned Handshake in another comment. It has a good method for mitigating squatters. Names are won through a vickrey auction so they go to the highest bidder, and your funds are locked up for the duration of the auction (2 weeks) so it inhibits squatters from bidding on all the good names at once.
I think by "TLD outside of ICANN's control", GP meant a unique TLD that (currently) does not exist under ICANN. So it's not going to be byuu.org under ICANN vs byuu.org under LR, it's going to be byuu.lr (under LR) versus byuu.org (under ICANN)?
I agree. As long as there's scarcity, there's someone trying to exploit it.
I think it could be better to just accept that unique global names are not a great idea, and start identifying parties by certificates rather than name. Various chain of trust & reputation type arrangements can be used to ensure people won't confuse Their Bank (certificate issued by/for Their Bank) for Their Bank (certificate issued by & for scammer in Ukraine). Legit entities will have every reason to include information that minimizes likelihood of confusion.
Come on, I can have more than one James Smith in my phone's contact book too.. let's stop fighting over names.
> Various chain of trust & reputation type arrangements
The problem of course is that as you said, you still need authorities or a chain of authorities to tell you which one is the genuine Debian and which ones are trying to shove malware onto your machines. Today we go to debian.org, see the valid TLS cert, and assuming there’s no fraudulent issuance of debian.org cert and no attacker injected their cert into our device CA store, we can be reasonably sure the PGP key listed there is genuine.
You only need to look at .onion to see how well the keys without authorities idea turned out.
I don't have a problem with having authorities as long as we can choose which ones to trust (and have limitations on the scope of their authority), and form our own as necessary.
For example, I'll be happy to add and pin my government's authority for the services that they control. I'll be happy to add a group of FLOSS hobbyists issuing certs for open source projects, as long as they are transparent and can demonstrate that they have a handle on security. In both cases, there must be some way to limit the scope of their authority, and ideally do things like pinning the authority so that one can't sneakily take over the other in an attack that results from e.g. misconfigured scope.
I think establishing identity is something that we should learn to do. When John Smith gives me his phone number, I'm probably looking at his face and I know which John it is that is giving me their number. I should also be able to go to my bank and get their cert when I sign up for an account & credit card. I'd like to have additional confirmation of their identity (-> reputation) e.g. from my government, but I don't know if I want them to be automatically trusted just because there happens to be a chain that checks out.
If I'm looking at some entity that I cannot meet in person, I should be able to see who have vouched for their cert and make a judgement based on that.
Kinda like PGP I guess, at a larger scale and with better infrastructure (geek signing parties and wide open keyservers are not good enough). The system does not need to be centralized.
It should be possible to have certs signed by multiple parties, to help establish trust without having everyone agree on a single source of trust. (At this point, I'd like to use a term that sounds smaller and less powerful than authority)
I'm not particularly happy with the model where the chain of trust in every case is established starting at some international megacorps that do who know what, and countless issuers are directly or indirectly "trusted" from the get-go until someone points out their abuse and removes their certs.
The hope is to get a non-corrupt TLD in place that won't raise prices on you with no caps (and if possible while we're at it, won't charge you for certificate signing.) Ideally, a real winner would be a pay-once, own-for-life (say 100 years) TLD. I might be willing to drop $500 on a domain I know I'll never have to remember to renew.
Ah perfect, not your keys, not your domain. I mean now domain jackings can be permanent and irreversible! Apple.com can literally be stolen by Tim Apple and there’s not a thing anyone could do about it. Another clear win for the blockchain. Resolving this kind of dispute is why we have central authorities in the first place.
You’ve got it backwards. When the keys are lost or stolen you’re SOL. The dispute resolution process would restore proper ownership via existing legal frameworks like it’s been done for hundreds of years.
You don't need proof of ownership to obtain a judgement in your favor. It would make the process easier to be sure but you can make the case based on historical ownership and other indirect proof that a judge will accept.
You don't walk into a court and have the judge say "what you don't have the receipt?! case dismissed!!" -- the judge isn't a parking meter.
I may be mistaken, but I always thought DNS resolution was handled by the underlying OS, and not by the browser through HTTP. Support from browser vendors would probably matter a great deal for this, but not at a technical/implementation level, right?
Chrome already ignores OS-level name-resolution in favor of phoning home directly to Google DNS unless you block their IP#s at your border. I see it daily in etherape. Side-effect: Chrome users on my LAN have to type in IP#s to browse local resources because their browser ignores my dnsmasq, which resolves the split horizon.
Do you mean Chrome or the Chromecast? The Chromecast totally ignores network-configured DNS and uses 8.8.8.8. The Chrome browser has its own DNS client, but it doesn't phone home to Google DNS - it still uses the DNS servers configured by the OS.
How could free domain names possibly work? Good domain names are scarce so of they were free someone could just write a script to register every good domain and then resell them. The yearly renewal fee means people tend to let go of domain names they no longer and never will use.
The blockchain idea could work. There is a coin called namecoin which attempts to do this. I think on end user devices we should still use DNS so you don't have to store a 1tb blockchain on your device but the blockchain could be what the DNS servers source their data from.
Handshake is trying to do exactly what you’re describing. It’s an alternative root of trust for DNS that uses a blockchain to secure names. One of the non-obvious security benefits is that you can store certs on the blockchain instead of relying on CAs, which is a source of failure in the security of the Internet today.
Browsing adoption is tricky, but people can point their DNS to Handshake resolvers pretty easily — it’s equivalent to switching to
‘S 1.1.1.1 service which many people already do.
(1) There exists a blockchain-based, decentralized DNS lookalike: https://handshake.org/
(2) Every major OS has has a way to plug an alternative DNS resolver (except maybe iOS), and every major browser has a control to switch off the DNS-over-https resolver. With any goodwill from the major mobile OS vendors, a new resolver could be rolled out to 99% of consumer devices or so, and work transparently.
(3) A new name resolution system should not clash with the DNS namespace. It could allow to copy established DNS domains (not parked) to the new namespace for a nominal fee.
(4) Many DNS tricks, like load-balancing, could go away. Running your own name server can become harder. The transition, should it occur, would not be fast.
Anything that doesn't work out-of-the-box is dead on arrival, though. I would never be willing to move my domain from .org to a system that people couldn't get to without installing additional software (eg OpenNIC.) But if every OS and/or every major browser supported OpenNIC, then I'd be willing to make the switch.
Indeed. My point is that supporting an additional name resolution system is mostly a political problem, and technically doable.without forcing people to even upgrade their OS, phone, or browser.
You're right that the technology is the very least of the difficulties. And that's the reason it won't change: nobody's going to do all the work of replicating all that bureaucracy just so there's even more organizations involved.
The only way I can think to end the corruption is to take away the financial incentive, and AFAIK that would mean either the government runs anything that makes a profit, or to remove price completely.
"but a blockchain-like system could remove the central authority, the server costs, and the lawsuit risks" This already exists, check out [ENS domains](https://ens.domains/) running on the Ethereum blockchain. They can be mapped to [IPFS](https://IPFS.io) hosted sites
In case anyone is wondering there is a blockchain that was made for such a reason. It's called namecoin. It spawned a project called chimera which was renamed xaya. In xaya the idea is you can reserve a name and the name has an alterable 2048 byte space for json data that you can update every block if you wish.
Namecoin though has always been around to reserve names and in particular domain names.
ICANN having little oversights is not an accident. It’s corrupt current and past leaders have ensured that. This organization is supposed to be non-profit international organization. If you ask me “who controls Internet”? it’s these guys. They have managed to convert ICANN into a perpetual personal wealth fund for friends and families.
The writing was on the wall when the board decided they weren't getting what they wanted from the at-large constituency & direct elections and shut them down, in doing so completely blowing off the Memorandum of Understanding. It's a bit surprising that it's taken so long to hit .org directly, it's a really obvious target if you want to find ways to turn an ICANN position into cash.
Full disclosure, I was one of those at-large members and they made it very clear that we weren't being good little peons.
That has been proposed for as long as I can remember. The result would be that dictatorships and authoritarian governments control the internet, because they make up the majority in the ITU. I don't think we want that.
Can you explain this a bit more? Afaik the ITU does a good if boring job. I can phone about anybody in the world. The system works.
Now ICANN? They seem a bad choice, as this story demonstrates. Tolerable as long as the internet wasnt very important, but today, a UN international body seems the obvious choice.
They would only control the assignment of TLDs, whereas all the stuff that's actually interesting from a censorship perspective happens on much lower levels than that.
For example, ITU also controls country code assignment for phone numbers. Does that translate to any meaningful capacity to censor? So far as I know, the only practical restriction that comes out of it is that unrecognized states don't get one assigned, but that's also generally true with TLDs.
> Ultimately, this is why the DNS and domain name industry feels so shady in general and why for most companies getting a name on the internet is a tortuous process that feels very scammy, which is unfair and costs more than it probably should.
Shady is putting it lightly.
I once tried to register a nice .wiki domain in order to host a wiki for myself. Those domains weren't available anywhere. I had to "request" one from the company that managed the TLD. So I emailed them and they asked me about my "plans" for the domain. Eventually they just said they'd host it on my behalf. They created a wiki on the domain I wanted, threw ads around it and told me to start contributing.
It's not really an equal playing field where anyone can buy a domain. They gatekeep not only by charging huge prices but also by simply refusing to sell the domain if they think you're not important enough.
Onion services don't have human readable namespaces. Independently of using onion services, whatever services we run should probably be registered on Namecoin and/or Ethereum Name Service. That's how we get out of the DNS cabal's grasp.
ENS is more focused on wallet naming than DNS. Have you checked out Handshake? It’s aiming to create a more secure root of trust for DNS that’s resistant to seizure and censorship. We (namebase.io) are building on it ourselves.
You highlight an interesting point which made me realize that no one actually owns their domain names on the Internet. We’re all just renters.
You might be interested in checking out https://handshake.org which is trying to create an alternative to the existing ICANN system that is resistant to censorship and seizure. The technology is really interesting and we’re building on it ourselves.
At the risk of being overly-nationalistic, this is exactly the sort of scenario that many were worried about when the rest of the world demanded that the US hand over control to an international governing body. Just as you see with - for example - the IOC, many international governing bodies have a dangerous tendency to devolve to the ethical standards of their most corrupt members.
It may be useful to note that the US government transferred control of DNS to ICANN in September 2016. I searched HN, and this seems to be the biggest thread from back then: https://news.ycombinator.com/item?id=12612033
At the time, consensus in the media seemed to be that this would have little effect. However, the debate was quite politicized, as the transfer to ICANN occurred towards the end of the Obama administration, with fruitless opposition from high-profile Republicans.
There is a reason for this, the American media is laregly Anti-American today. They believe in idea of "American Imperialism" and that America is the cause of most of the worlds problem. Thus they believed anything was better than "Corrupt American Control" over the internet.
There were many many people that predicted bad outcomes from this transfer, most are starting to come true
Corruption and causing financial damages intentionally for having personal benefits on it - especially by abusing a position against the very community they represent - is punishable by law in most country.
Aren't they subject of legal proceedings now by violating the law?
It seems to me that running an NIC for a major TLD almost has zero marginal cost: for each domain, you automatically interface with ICANN once in a while to update registration info, then serve some NS and associated A/AAAA records. So it’s kind of surprising to me that $10/yr is already a non-profit price. Am I missing something?
The $10 a year includes the markup of a profit making domain registrar which has marketing and support costs.
This article suggests Public Interest Registry's costs for third party technical services were about half their revenue, with the beneficiary of the rest of the funds being the Internet Society
https://domainnamewire.com/2019/10/28/pir-org-slashes-regist...
Still, you can see why those kind of margins and the ability to raise prices were an attractive combination to private equity
> The $10 a year includes the markup of a profit making domain registrar which has marketing and support costs.
I use Cloudflare Registrar these days for .com and .org. They claim to offer wholesale prices. My last .org bill was $9.90 + ICANN fee. And according to [1], Cloudflare directly work with PIR to offer .org, so unless they're lying, they are actually charged $9.90 per domain per year by PIR. Now, the article you linked to claims that PIR paid less than $2 per domain to the for-profit contractor who did everything technical for them (what's left? PR?). I wonder where the remaining $7.90 went...
We[1] are building on a new project called Handshake[2] which is trying to create a more secure (alternative) root of trust for domain names. It does so by storing certs on a distributed ledger instead of relying on CAs. Though this isn’t the main goal of the project, one of the benefits is that anyone can register their own TLD through a vickrey auction which is much more fair than the current ICANN system.
If we in the United States had a forceful, competent FTC or FCC, perhaps this would be investigated. I don't think a Sanders or Warren administration would ignore something like this entirely.
ICANN is a "non-profit". They do not issue a publicly traded security, and so they are not subject to the SEC's jurisdiction. The FTC is probably the best hope for intervention in a matter like this.
That's right but the right to get rich by corruption is the most important and most appreciated unalienable entitlement of US weenies, even more important than food or shelter or life itself. After all, in a thoroughly corrupt system all of those can be bought. Only corruption itself cannot be bought if the system doesn't already have the necessary level of corruption. It is the US's holiest mission to convince the rest of the world of the fundamental importance and indispensability of our way of corruption.
Would it matter? You're already locked into years, maybe decades, of brand building. You'd still need to redirect your old .org indefinitely.
.ORG should be properly managed and regulated, we shouldn't need to attempt to rebuild something because ICANN is corrupt and Internet Society is selling out non profits they promised to serve.
Not just brand building. How many accounts are linked to your email, and how many of us have had that email on a .org for 10, 20, even 30 years in some cases.
Do you even know how many accounts have that email address as either the primary, or backup/recovery email?
An email address is central to identity management these days.
Lose a long established domain, and you might lose access to most of your other internet accounts, especially the ones you don't use every day and are hard to remember.
This is just awful. For everyone wondering "how bad can it really be?", they can put whatever cost they like to keep your domain registered. I have a small carpooling site for ski fields in New Zealand - snowpool.org . I've run this for 10 years, as a fun side project. If they hike the fees to 3K a year (or whatever) then there's just no way I'd keep it going. I've have to migrate somewhere else, which would be a complete pain in the ass.
I find it just awfully sad (and probably corrupt) that this happened at all, and I really hope there's some higher authority that can roll this back - or at minimum bring back the price-cap.
Well, there's the US government. They could pass a law in theory at any rate. One of the arguments for allowing self regulating bodies like ICANN is they do a decent job but if that ceases to be the case it's kind of the governments job to step in.
This campaign needs a punchier call to action. It should be something like "Tell the New York state attorney general to prosecute Fadi Chehade for self-dealing if this sale goes through". This movement is lacking stakes. People need to go to prison for this.
.com has price caps. Imagine what happens when they remove those and they can just price everyone out of their .com names, names they may have had for 25+ years.
Imagine a world where whomever has the most money can control your brand. What happens when McDonalds buys the Burger King brand because BK was priced out?
.com, .org, and .net are long standing shared resources that should not have unlimited prices. They should be capped forever.
It will be more site the kind of wikileaks that could get effectively removed without having to go legal routes. Just have your friends price them out of their domains. Nobody needs to even buy the domains, they just need to be expensive enough to stay unused.
I agree with your principles. If it came to that, I'm pretty sure there would be a hard response by the worldwide body of developers and companies (especially the 80-90% of small businesses that make up rich economies; the biggest corporations altogether barely accounting for single-digit % of national GDP, so I don't know who's the target of price hiking to a ridiculous degree).
There are ways to circumvent DNS so long as IP works (I mean the "Internet Protocol suite"[1], "TCP/IP", the real-world implementation of OSI if you've been taught that theoretical model).
Maybe a 'public darknet' (a parallel "white net" really, nothing shady about it, by "darknet" I refer to how it works technically[2]) wherein we don't care about a global DNS, and use links + light VPNs to browse internal (firewalled) resources — I'd wager it's doable using tokens to auto-validate public VPN access like we'd greenlight an SSL connection, essentially, probably some 3-way handshake. The whole thing would be public, just circumventing DNS/TLD hierarchy, so indexes etc. would work just the same (it doesn't break Google Search).
A neat bonus is that companies could use whatever name scheme they like, "store.sony" would work, and even collisions could be resolvable through aliases.
Whatever works but if current DNS/TLD's become a corrupted theft, the world will definitely move away from it — and we don't exactly look back for these major PITA standards.
Another option will be using an alternative DNS root such as OpenNIC which is user owned and controlled. Besides offering resolv of ICANN root, it also adds its own TLDs. The now defunct ORSN was also another choice.
I've been thinking a lot about the sheer downsides of DNS overall. We need something different. Something decentralized, encrypted, something not reliant on a protocol that hasn't kept pace with security and privacy and we need something verifiable that provides accountability. As others have said TLDs have become a racket. Only the priveleged and nation states have the authority to use the system as a funnel of ridiculous revenue and rate manipulation. We don't need DNS anymore. It's become more of a lynchpin to bottleneck and advance control of the few and continues to erode our privacy as it stands today. What's next?
Looks likes you’re wanting the decentralized web [0][1][2].
The DNS equivalent technology there is DHT(distributed hash tables) [3] which was used in torrent technology for a few years.
Ever wondered about how you can find the torrent seeders without a centralized entity? The Bittorrent DHT is the underlying tech.
Well, it's for ease-of-use. Anyone can make an alternative DHT with their own bootstrap nodes, but the Bittorrent main one is the biggest, therefore most programs have that one hard-coded.
Anyone can make an alternative client that uses the exactly same tech with different bootstrap nodes, and once they gain popularity, there will be people using that.
Yes, sort of. That's one way to get peers, but clients support other ways to peers.
So in practice you can get peers from the list of previous peers, PEX (peer exchange), or a tracker for a given torrent.
So in practice once you talk to a few bittorrent peers (of millions) you likely are talking to another DHT peer and can bootstrap. Also given that there's typically millions of peers in the DHT, even brute forcing it by search IPv4 (4 billion addresses) for a few million peers is likely to only involve a few 1000 UDP packets or so.
GNS from the GNUnet project is the most interesting alternative to DNS that I've come across, and is orthogonal to projects like IPFS and Scuttlebutt (although I don't know much about Dat). It's basically DNS with DHT and some very cool crypto.
I'm not convinced we are talking about a decentralization issue.
We could achieve the same result with laws. Just make what is happening illegal, corruption is already illegal.
Furthermore, decentralization won't solve the basic economy rules of offer/demand. Even with a decentralized system, website will still be referenced by natural words ("domains"), which can be owned by only one site-owner at a time, which means there will always be people ready to spent a lot of money to acquire a domain/reference.
I'm for decentralization in general, but in the current case I fail to see how decentralization alone will make domain owning fairer
In this particular case, the problem is not that individual domains can be traded at market prices though.
The problem is that organisations have to rent their domains from a central authority that can hike the rent for an entire TLD to some fantasy price.
So the hierarchical structure of DNS is clearly what creates an opportunity for corruption and extortion.
And let's not forget that DNS is ultimately a global issue, which means that the rule of law cannot be taken for granted.
Laws have to be part of the solution. But it's easier to legislate effectively if the underlying structure doesn't invite corruption, authoritarian abuse and market dysfunction in the first place.
> And let's not forget that DNS is ultimately a global issue, which means that the rule of law cannot be taken for granted.
I think this strongly points towards ccTLDs being the best solution. It is very difficult to get all the different countries to agree on common rules/governance for the legacy TLDs, but if everyone gets their own independent corner then that should be easier to get agreements on.
Dividing the control by country also conveniently avoids any single one being able to cause as much damage as ICANN now is.
I think ccTLDs don't work so well in a globalised world. Many internet services are not country specific, and ccTLDs sort of put you in the local business category.
The companies and/or owners of those services do operate under a certain legal aegis, though. It’s not like they are stateless.
I just happened to read the text on a food product; it had text in three languages, and the www.* domains listed in the three texts were in the ccTLD for each country. No .com was mentioned anywhere.
Domain names should never change and be easy to remember whereas legal ties to countries are often complex (i.e not 1 to 1) and subject to change.
Should I really have to remember going to apple.ie because that's where the Apple shop happens to be legally based at the moment? Or should it be apple.eu because consumer protection is an EU matter? Or apple.us because that's where Apple's headquarter is located?
And when a company gets sold to a different country, should all their URLs have to change?
Multinational companies should be the exception, not the rule. “Designed by Apple in California”; will Apple ever stop being a U.S. company? Why would “apple.us” not be appropriate?
A company is an entirely legal construction, and, as such, is entirely bound to the laws of a certain country.
It is amusing that you believe government would stop corruption.
History proves that to be false
Further "just make it illegal" under which nations laws? That was the problem ICANN was suppose to solve, no one wanted the internet to be operated under the Laws of the US, which is why in 2016 the US removed itself from Internet Governance.
So do we put the Internet under the laws of China? or the EU both of which have Free Expression issues....
Which nation? or maybe the UN which has Dictators and human rights abusers in positions of power...
Decentralization is far far far better than looking to a government resolution
If you decentralize, you don't end up with something equivalent to "the internet" anymore -- you end up with several islands of things that (to varying degrees) resemble "the internet", and run on the same layer 4 fabric, but are largely isolated from one another.
I think we actually experience a mild version of this today, where entities publish their all their Twitter/Facebook/Instagram/Snapchat/Whatsapp/Linkedin etc profiles.
I can't help but see whatever this distributed DNS replacement is as basically being this situation but without the backstop of globally-accessible websites and e-mail addresses. You should have no doubt that, for example, Facebook would make a "the internet" which was 100% Facebook-operated sites.
Islands already exist, with national firewalls, corporate networks, dark nets, etc. Decentralization of DNS would just take middlemen out of the picture. A dominant decentralized system would probably handle most requests if one were to ever get off the ground, making it equivalent to what we have now.
> Islands already exist, with national firewalls, corporate networks, dark nets
And you don't see companies posting their addresses on those things. They still advertise "example.org" not "if you're in {county} use {county-specific address}, or on Tor use {onion address} or using {decentralized DNS} use example.com".
> A dominant decentralized system
How does this result in a different situation then the "centralized" DNS we have today?
> How does this result in a different situation then the "centralized" DNS we have today?
If, for instance, the DNS entries were tied to entries in a blockchain, such as namecoin, then no 3rd party would be involved in a transaction to transfer the domain, no annual fees would be required, and no one could block or remove an entry.
> You should have no doubt that, for example, Facebook would make a "the internet" which was 100% Facebook-operated sites.
AOL already tried that back when they were still sending floppies through the mail. They were the largest ISP on earth and couldn't keep people in their little walled off corner of the internet. I don't think anyone else is going to be more successful.
They might not have been able to keep people there forever, sure. But their walled garden was “the internet” to a major chunk of people in the US for quite a long time.
Remember when TV commercials would tell you a company’s AOL keyword?
Yeah, that was around the time the internet wasn’t even relevant to the majority of the first world population. Trying to make comparisons to how it might look today is pointless.
At AOLs peak, it had about 35 million subscribers. Comcast alone has nearly that many.
The problem is that DNS powers the internet as we know it, getting everything ever to switch over is at least another 30 years after you make a protocol (that would also need to have literally no downsides).
Not sure I agree. If FF & Chrome both supported it...it'd be in effect in < 5 years total.
Just look how quickly DoH is being rolled out, or Google's QUIC.
Realistically if Google, Mozilla, Cloudflare, Apple, Microsoft, and a few others agree that this move is bad, and wanted to stand up a new .org TLD...they could, and I don't believe it'd be illegal (IANAL).
Yes, but most of the internet is exposed to users via the web anyways. OSs would need to follow suit, sure — to make everything that’s not a browser work so that the alternative lookup mechanism is used instead of traditional DNS. How long do you think that would take? Not too long methinks.
All these Ethereum/Namecoin/Whatever solutions aren't really solutions. They're subject to namesquatting, arbitrary prices, arbitrary decisions regarding TLDs and they end up being centralized in the end for various reasons.
I think a good solution is to switch to using petnames instead of global names.
We don't want DNS anymore, but we don't have a replacement. It's the same as Facebook->Diaspora, Twitter->Mastodon. The non-centralized versions are too hard to deploy to all the non-techies out there, despite being the "morally" correct architecture.
> It's time another country step in and take control
What's to stop them from being just as corrupt? It's too much for any one country to have control over. It'd be far better to come up with a way to take the power out of the hands of any one entity so that we don't have to keep moving it around when the people holding all the power are inevitably corrupted by it.
Lots of distros are in .org aren't they? I see Arch, Debian, Gentoo, Fedora, Centos, OpenSuse, Raspbian, Damn Small Linux, Linux From Scratch, NixOS, Guix, OpenWRT, PfSense, FreeBSD, OpenBSD, NetBSD, OpenSolaris, Illumos, and probably lots, lots more.
GNU is also on .org.
Also languages, at least Python, Ruby, Haskell, Rust, Go, Clojure, Racket, Zsh, etc.
.org seems to be the go-to TLD for open source projects.
Projects losing their ability to run their existing site because money, losing it to <whatever> and significantly losing in visibility e.g. python.org or freebsd.org now advertising spyware or some shit with the historical ranking of a trusted and respected source.
Or these project having to plonk a significant amount of money in paying for their domains rather than <insert thing which is actually useful>.
I run a tiny carpooling site (not for profit) snowpool.org . If they turned around and upped the fees to 3K a year or something, it would basically force me to shut the service down.
This is an incredibly awful move, I'm completely astounded that it was allowed to happen.
Because I've built up a presence over 10 years of running the site, so, I'm not just about to move! It'd be a huge pain to move probably hundreds of email addresses over to a new domain etc too (I sign up with [domain]@snowpool.org)
It completely depends on what they do, I've renewed for 10 years so I have time now, if they put the fees to >500 a year then I'll definitely move.
Do you own a domain yourself that people have been using for 10 years? You might feel differently about the ease of "just moving"
Wells Fargo, eh? Your example is apt, but perhaps not for the reason you intended (unless you're making a subtle joke, in which case I apologize for not catching it.)
> This timeline charts the most significant events in the sales scandal that erupted at Wells Fargo [in 2016]
> Wells Fargo(WFC)charged customers a monthly service fee to maintain a checking account that many customers assumed was free and the bank is mulling how to respond to people who feel cheated, according to the bank and sources familiar with the accounts.
> Wells Fargo and an insurance company it worked with have agreed to pay $432 million to settle a class-action lawsuit brought by customers who say they were charged premiums for auto insurance they did not need.
IMO only fools and masochists would continue to bank with Wells Fargo.
Anyhow, Goldman Sachs have no business being anywhere near DNS or ".org" at all, at all. They're a bunch of crooks who make Monty Burns look sympathetic in comparison.
Whenever there are politicans robbing those who they claim to serve, Goldmans are there advising anc charging huge fees.
Whether it is this, Greece debt, 1MDB in Malaysia. Goldmans have no regard for their own reputation so we should assume anytime Goldman are advisors that the deal is a massive ripoff for which people should be going to jail. Goldmans may not have always been this way but they sure are now! They're a leading indicator of gross corruption.
I think it's fair to see private equity as red-flag, and I feel ideologically aligned with the folks raising the alarm here. OTOH, the concerns raised include a lot of speculation (in the form of "could do bad" or "has the power to do bad"), and that's also a red-flag.
As an outsider to the discussion, questions would be:
1. What are some specific problems facing the ".org" registration process for which capital/investment would be helpful? (Obviously, there's no perfect answer. But as an outsider, it looks like ".org" registration already works about as well as anywhere else, so one needs some examples to animate the problem.)
2. Would any of these folks care to improve their engagement/trust with each other? Talking more specifics about "Stewardship Council" and "Community Enablement Fund" might help. Or is some reason for bad blood?
3. What kind of track record does this private-equity shop have? Have they worked with other non-profit or socially-oriented endeavors? Maybe some founders/staff/customers can give some positive or negative testimonials?
They lied to get price caps removed on .org and then sold it amongst themselves to profit. I'm not sure how you trust people that start with a lie. Look into the history of how shady this really was.
Yeah, this comment https://news.ycombinator.com/item?id=21612033 links to an article on the Register which gives a lot more substance to the concerns/reactions. That deeper story helps to show where the mistrust comes from.
From the peanut gallery, it looks like the ball is in ISOC's+Ethos' court to demonstrate their good faith as stewards...
I saw this logic coming from a lot of people trying to push these changes through. They've been good so far, we should just trust them. They stick their heads in the sand and pretend we don't need rules because organizations, people, societies follow norms and that's enough. Until someone shits all over them, which is why we make rules in the first place. This whole nothing bad has happened yet, we shouldn't consider a bad outcome as a real possibility is ignorant and dangerous. The same people who if you look at ICANN mailing lists are still trying to play both sides, with whataboutism type arguments in an attempt to discredit people against .ORG being sold to a private equity company. I've dug into those people a bunch too, they're pretty much all connected to registry interests (https://reviewsignal.com/blog/2019/06/24/the-case-for-regula...)
I mentioned in my last comment about this being outright corruption by the Americans involved.
Now it is time to mention the 1 positive that the USA has that other countries(visibly) don't:
> The willingness and ability to sue as a collective
.org is a domain used by everyone from Wikipedia, UN, Debian and your national dog shelter.
Private Equity cares only about one thing: making money. Anybody with a toe in the finance world knows that these are the same people that will do "hostile takeovers" to strip companies of their assets, pile on debt and push out a sale.
A class-action lawsuit targeting the PE firm(or parties involved in the sale of .org) and then pushing your State Attorneys to investigate these corrupt individuals at a personal level will have the desired effect that appeals to the moral high-ground won't.
I wholeheartedly agree. Letters like this only work for congresspeople, and even then only some of the time. For everyone else, lawsuits, injunctions, and criminal investigations are much more effective deterrents.
In 1998 Jon Postel briefly "hijacked" the DNS root zone. Formal control over DNS had always belonged to the US government, but Postel commanded such universal respect from the internet community that they were willing to follow him, as head of IANA, over the government contractor that "officially" ran the root at the time.
This of course is why ICANN was created, to bring governance of the Internet closer to the community that developed and maintained it. But now ICANN has become just as remote and unaccountable as the bureaucrats and contractors it replaced. And Postel is long gone, and the Internet community has grown so big and fragmented that no one person will ever have anywhere near the towering position he once did.
TBH I’d be happy for the (AM/FM radio) airwaves to be privatized if it meant getting rid of the absurd, antiquated rules about not being able to say certain words in song lyrics.
It doesn't actually mean that. Look at censorship that Facebook implements for an example of what you can expect. Sure, there might be some obscure stations that wouldn't have such rules... and nobody would know about them.
Existing .org domains they can't move without overwhelming disruption, so most will just pay whatever it costs. But for the future, we need to move the Internet towards having peering relationships with TLDs such as OpenNIC.net.
Motivations:
* This issue of .org being sold for profit
* The fact that OpenNIC had to rename their TLD domains (e.g. .free to .libre) when ICANN created a colliding .free domain, demonstrating clearly that they are not peers.
Internet technologies such as browsers and operating systems should recognize ICANN and OpenNIC roots as peers, with DNSSEC to both. Should ICANN decide to create a .libre domain, existing browsers and operating systems should consider it a DNS attack and not recognize it. I think an organization like Mozilla ought to (1) flesh out any technical challenges, (2) support OpenNIC and (3) push for this.
OpenNIC is a poorly managed amateur project, built on shoddy infrastructure that was thrown together in the early 2000s -- it's completely incapable of acting as any kind of peer to the ICANN root. In particular:
- Their resolvers are not consistently available. Many of them are hosted on public cloud hosts (which also raises some questions about their security), and outages are not uncommon.
- It's not clear that they support DNSSEC, or that they have any plan to do so.
- The governance of the OpenNIC-specific zones that they offer is even shoddier than the DNS root itself. Most of them have no registry/registrar distinction, no domain transfer process, no WHOIS services, and sketchy to nonexistent abuse policies.
- Since OpenNIC TLDs cannot be resolved on the public Internet, it's impossible to issue a SSL certificate for one.
Most of your points are valid. That's why I'm suggesting Mozilla support it. It would be a lot less "shoddy" if someone shepherded it. I think it is the right idea.
The last point is only true because they aren't recognized, which recognition would immediately fix, therefore it is moot.
My concern would be that it's enough of a mess that Mozilla would have an easier time building an equivalent project from the ground up than reshaping this one into something reasonable.
I could be convinced that a community-based restructuring of DNS could be for the better. But I don't think that OpenNIC is the right project to base that around. The technical aspects of what they've built are not complicated, and much of that would need to be changed anyway to operate at scale; good governance is a lot harder to build.
Full disclosure here, I am the host of the ".epic" TLD on OpenNIC.
Knowing the maintainers of the project and the community at large, I doubt they'd take kindly to opening up the project to Mozilla's support/control. They've ran a tight game, relying on their own money and individual donations. Opening it up to Mozilla's big money would bring the democracy aspect of the project into compromise.
Personally, I'd find it interesting to see where OpenNIC would go with that kind of investment, though. I've poured plenty of my time and money into the project, and would like to see it grow. Perhaps not at the expense of the projects principles, though.
Again why does ISOC feel they have to do this? Are they starved for funding? This sale directly contravenes several of the founding ideals of the Internet.
Why did it happen entirely behind closed doors? No way they got this deal together just after price caps were removed. Was this orchestrated beforehand? Domain registrations for Ethos Capital pre-date the change and timing coincides with proposed contract change to remove price caps.
What does Andrew Sullivan get for this move? Is Jon Nevett connected as well considering his ties to Donuts which is connected to Abry Partners which was managed by now Ethos Capital CEO?
So many questions, all this happening in shadows means we shouldn't give any benefit of the doubt.
If you want oversight and international consensus it cannot be placed within a country. Only option I see is to put it under the UN but that will probably ramp up the politics.
But the value of preserving your existing address exactly, including .org on the end, mostly only exists in browsers, where humans find things initially.
Actually, I bet by now it doesn't even matter that much even there any more. Consider how the search in google already forms an effective alternative dns for many actual humans attempting to manually go somewhere.
If you have a .org domain, you can change all the non-browser uses of the domain pretty easily. The tools in the background of things don't care what the names are. You can change them and it's really not that much of a disruption.
Once someone finds your site, via their browser, you can populate that site with whatever kinds of urls and directions and references you want. Just like no one really cares how ugly and long all the urls to actual things other than the front page are. Your site can include say, the directions to access your API, and those directions don't have to say foo.org in them. Even existing api users that break if you have to change your name, can react to that change easily enough.
Email is probably the biggest problem. We will all simply have to never pin too much dependency on any single email address. But we already have to do that, so no loss.
If you had set up your own domain so you weren't at the mercy of google killing your gmail account and killing your ability to prove ownership of everything else in your life, well you would just need to have more than one email registered with everything like paypal etc. So me@mydomain.org can break and you don't die from it.
You just better realize your domain is going to break and unregister those emails everywhere before it goes into someone else's hands. Because when someone else owns a domain, then they can receive all emails sent to any name at that domain, including "reset password" mails.
It's not the most fun passtime, but it's not necessarily the end of the world either.
It really is human interactive web browser usage where the exact name matters most. So if cloudflare and google simply sent browsers to the right place and ignored the traditional root authority for .org, or any other name lookup, that would pretty much be good enough.
Google could do it already without even violating dns just through search results.
The aforementioned companies make more than web browsers. They make entire operating systems. If an OS changes how it interfaces with DNS, it will affect every service that runs on the OS.
To be honest I don't see this happening any time soon with the major commercial OSes. But in Linux you can install some programs to e.g. send all your DNS queries through a certain encrypted tunnel, and nearly every application installed on that box will happily use that tunnel.
I don't understand why everything must "grow and adapt ...".
Can't something just stop evolving? Its not like its failing or something, we don't need everything to do everything just be good - very good - at what you do.
I've always been a bit confused by the relationships among government agencies, ICANN, IANA, the registry-operating entities, etc., and this site doesn't seem to explain why the CEO of the Internet Society is the right person to appeal to. Can anyone point to an explanation that summarizes the overall flow of authorities and obligations involved here?
Only entities who could stop this, ICANN (this is being pulled off by insiders including former ICANN CEO). Internet Society - they did this deal in the first place. And... who the hell knows? Could the US Government step in? Maybe? They stepped back during Obama admin, I'm not a lawyer but someone needs to step up and I've lost faith in both ICANN and Internet Society.
It always astounded me that for the longest time until only recently, you were expected to pay additional money, more than the domain cost itself, for HTTPS security (and if you wanted a wildcard certificate, substantially more money.)
I guess when the gTLD explosion didn't result in massive new profits for the new TLDs (some are $100+/year!), the powers that be decided to focus on existing TLDs instead where there's extensive decades-long lock-in effects at play. No one needed company-name.ninja, but good luck giving up your company-name.org to a squatter or worse, your competition.
Why can't we simply configure clients to use a phonebook we like, rather than the phonebook we don't like?
Today, it's relatively easy to create something like a piece of software and a db of alternative roots. And any clients which have that kit installed are suddenly simply ignoring pieces of what the traditional roots say.
Yes it would be fractured for a while. But it's no worse than say, dns over https, and the way say, you can't reach archive.is while your browser is using doh, but can when you turn doh off. (unless they finally fixed that, but that was the situation for a ridiculously long time after both cloudflare and archive.is were made aware.)
We already have such things today, so might as well employ it as well as suffer it.
As a website owner, how do I track down all the alternate roots I'd need to register with? If each of those charge a fee, how much will I need to spend on each root? If I need to perform an OPS task like flipping to a new external load balancer IP, how many alternate robots do I need to coordinate with, and how much testing do I need to verify each root is updated?
It's amazing that .org avoided some powerful group injecting themselves as rent seekers even this long. It's a pity we've decided to run society this way generally.
I fully support any campaign against the .org TLD hijacking but it would be good to know who's behind that savedotorg.org domain name. A whois search gives me 'Registrant Organization: Data Protected'.
I'd like to know to whom are we giving our email addresses, and what are they going to do with them?
That could be due to GDPR. Some European registry companies believe GDPR makes the collection and publishing of WHOIS data illegal.
ICANN is currently suing a Tucows company in Germany [1] over their refusal to comply with WHOIS data collection, and ICANN published a Temporary Specification that allows/requires every other registry to hide WHOIS data globally pending the result of the GDPR court case [2].
Of course, that doesnt prevent savedotorg.org from posting their own "About Us" webpage explaining who they are.
Yes, an "About Us" page should be included on that site at least.
AFAIK GDPR protects personal data only, so if the savedotorg.org registrant is an entity of any kind then it shouldn't be any problem publishing that info.
This is essentially a hijacking of the DNS as far as I’m concerned. The sale of .org is heinous; And I’m an unabashed capitalist.
There is absolutely nothing defensible about this move that I can see.
Is there any argument that this is beneficial to anyone except Ethos and Internet Society? Is it even clear they have the right to sell it?
Has every person at ISOC submitted conflict statements? Are they willing to commit to never benefit financially from Ethos controlled entities for 10+ years?
TLDR: "Dear Mr Andrew Sullivan, even though you already had extensive meetings and plans to sell and you are fully aware of the damage you'll cause, and have decided instead to take the money and run, please reconsider."
Why would someone so greedy and tone deaf possibly give a damn about such a letter? He's walking away a rich man and he already made his choice fully knowing.
If you want to Save .org, abolish ICANN. It's time to take our medicine, ICANN with no oversight has predictably led us to an internet controlled by greed and corruption of a few wealthy elite.
At what point does the internet community simply decide to fork the DNS root?
I know it's a management nightmare, but the existence of an alternate root would put a cap on the value of the existing one.
Is there an effective direct action that can shake ICANN into some sense?
I don’t mean this as a serious suggestion, but as an example we could have a “drop dot org” month where resolvers refuse to forward queries to the ORG nameservers.
Not a great example because it would have a pretty negative impact on the domain holders, and no impact on ICANN. Can anyone think of a better example, equivalent to saying to ICANN “if you go ahead with this then we’re going to boycott dot org in a way that makes it worthless”?
I've found it curious that while there's a relationship to trademark for US domains (the .com/.org/.net ones) in anti-cybersquatting law and UDRP, the USPTO doesn't have a mechanism to tie a domain to a mark.
This would be useful if we could register our marks and tie it to a domain, along with the standard application fee. At least for certain TLD's (.com would be a good candidate).
FWIW, I have a long history of dragging registrars through the mud to get clients' domains back. As of this time, I am in a dispute with GoDaddy over a domain that was deleted because GoDaddy sells a 'business registration' service. My client renewed this thinking it was for his expired domain, GoDaddy updated the WHOIS nameserver records and the site came back online. 45 days after the initial expiration GoDaddy dropped the domain without notice and a broker picked it up. I can't even go through UDRP on this because the client never registered their trademark.
I think it is possible to do a "name drop" similar to a coin drop and either change the accepted ending for .org or remove ICANN's authority over namespace altogether.. One issue might be creating an acceptable authority for certificate registrar's, so let's encrypt has an explanation of what domains it confirms and how if not via the ICANN derived path.
If everything is as corrupt as some throwaway states why build a new domain registration system more free and open?
I know it's work however if done right (or better) a .org should be low cost for a NGO and how about a decent non profit tld so they could have it lower cost or free?
Sure it sounds hard but the automation and handling enrolling new domains is the real work
For more information about this transaction, please see this post from one of the Internet Society Board of Trustees members who voted for the sale (as did they all unanimously) - Why I Voted to Sell .ORG - http://www.circleid.com/posts/20191127_why_i_voted_to_sell_o...
When I ranted about how the transfer of DNS power under the Obama admin was a bad idea and stuff like this would happen I got called a crazy conspiracy theorist... I'm getting really tired of being right about bad things, the "I told you so" is very hollow.
Serious question, what are the actual downsides of this, if any? Or is the backlash due to the "private equity" being associated with evil? Doesn't seem like anything is actually changing other than who issues .org?
I haven't read the 2019 rules, but if the letter is to be believed, the new rule creates:
> The power to implement processes to suspend domain names based on accusations of “activity contrary to applicable law.” The .ORG registry should not implement such processes without understanding how state actors frequently target NGOs with allegations of illegal activity.
Under the previous rules, the registry level could (more or less) resist being bullied into taking down a domain due to government pressure, though the government could implement a firewall and threaten other service providers. Now, though, a large country could say "we will block .org domains, or .org DNS resolutions, if you don't suspend an activist organization's domain globally," and there would then be a PROFIT MOTIVE to take down the domain GLOBALLY, as the value of the registrar would decrease if .org domains were blocked in that country. And this would be permitted by the 2019 rules. This gives censors tremendous leverage to implement censorship around the globe.
I'm all for the role of private equity in helping companies to grow - while there are certainly firms that operate in bad faith, the PE industry overall doesn't deserve the bad rap it gets in the media.
But IMO this sale should absolutely be disallowed from a humanitarian and international security perspective. The incentives are just too badly aligned.
It costs like 3$/year (or less probably) to register a domain name. But once you build your brand/website/etc you are tied to your domain name, which is tied to that registry.
This gives the registry huge leverage over you. That 3$ that it actually costs them to run it can increase to whatever price they think you will be willing to pay and you can't not pay it...you would lose your spot and identity on the internet. Its not like with registrars, like godaddy, ghandi, bluehost, etc... that you can switch between in like 24 hrs.
IIRC .orgs were price controlled, so the price couldn't rise, but with this takeover, the price controls have gone away.
PIR currently charges registrars about $9/year per domain, with registrars allowed to mark that up however much they want without restrictions-- AFAIK neither the "wholesale" price nor the actual price from registrars is currently price controlled by ICANN.
Regardless, I don't see how moving .org's operations from a non-profit (PIR) to a private equity firm benefits anyone, except the owners of said private equity firm. You're basically taking something that could operate at-cost and giving it a mandate to turn a profit-- the only way that happens is if prices go up. Likely a lot.
PIR is already a rent-seeking organization designed to fund Internet Society. They don't actually handle the registry at all. It's outsourced, they put it out to bid. If you look at financials, they are paying <$2/domain.
Yes, ICANN granted a monopoly to ISOC in the form of PIR, who have been allowed to increase prices consistently for years but at a capped rate. And they wanted more. As costs have gone down.
Then everyone at ICANN talks about not being a price regulator and free markets. Ignoring the fact it's a monopoly, and not one ISOC/PIR played any role in creating, it was a gift from ICANN. A perpetual, no bid, contract with ever increasing prices on a decreasing cost monopoly good.
We can expect every .org owner, most of them non-profits and many not well-funded, to be squeezed and then shaken down for money. Not tomorrow, but it will start as soon as they think they can get away with it.
Serious question, did you even read the page? Specifically, the part where it makes specific complaints about the 2019 .org registry agreement, such as the ability to raise registration fees without ICANN approval?
If you have already owned your .org, have used it in publicity materials, use it for all of your emails etc. then yes you are pretty much stuck with that domain no matter how much they jack up the price. So the domain is inelastic, that is a change in price will not significantly change demand for those who already own them.
Exactly. As a community, we have routinely given the advice to “own your identity” by buying a domain. Since most of the good com domains are long bought, someone newer to the internet is likely to have looked at org. If someone took us up on our advice in, say, 2014 that means that he or she has had a domain for five years. Five years to integrate that into a life in various ways, remembered or not. And now, that thing could cost $75/year with no recourse.
Then there are people like me. My org domain is so old it can legally drink and soon be able to run for Congress. What is it worth to me? $200/year? $500? $1,000? I don’t know and it sucks to have to consider yet another astoundingly high cost of “living” in a world that keeps going up in cost.
> So it goes up by $1 or $15, how does that hurt non-profits?
In the aggregate, that's many, many millions of dollars going into Ethos Capital's pockets at the expense of charities and other non-profit organizations.
Registry can set prices for individual domains as well (see what Donut is doing). This means that a new domain could be priced $1, and renewal of WordPress.org set to $50, and npr.org to $50 million. What are you gonna do? Change your domain to something else? Yeah good luck.
The worldwide non-commercial Internet being controlled by an unaccountable private corporation is evil on its face. Burden is on someone to prove otherwise.
Let every site have a UUID, kinda like TOR addresses, and let the host/servers as well as users specify multiple human-readable shortcuts for that UUID.
So HN might get o4u20j4c9qwybv3u0p2hnxjq4k1n4vmcsvtvm2666kjn123 and no other site should ever get the same ID until the heat death of the universe, and you could access it by any name you want.
Something like that would be resilient to impersonation, takeovers, brand renaming, and other issues.
Already owned by PIR (which runs .ORG and is being sold to Ethos Capital). Sorry, it's a group domain fucking. You're welcome - Ethos Capital, probably.
Have to wonder if this campaign is just going to increase its value further.
Is .org really a valid way to verify legitimacy of a non-governmental organization? Should we be looking for another solution here or is this the right hill to die on?
It's up to the registrar to make the rules. If nic.io is fine with people outside of that territory to use their tld then it's okay.
Some TLDs do indeed have stronger requirements. I remember that for a long time getting a .fr was a bit of a pain because you had to prove that you were a french citizen or a french company IIRC.
I think I give up on the Internet that we know today. I'm too tired to fight anymore. Monopoly ISPs with data caps, DNS rent seeking, the walled gardens, the internet of shit where I cannot walk down my street without getting recorded by every house with a "ring".
I'm done with it. I don't want to partake anymore, I don't want to fight it anymore, I don't want to care anymore.
Let the Google's and Facebook's have the old Internet. I'm done with it.
The dream is over. The magic is gone for me. The old Internet is gone. Let them have the rest.
Maybe then, and only then we will rise up like a Phoenix, with a solution that cannot be stolen out from under us.
The internet is available to more people in more countries than ever before. There's more content on the internet than ever before. It's a part of every day life for nearly everyone in the world.
That's what's happening to the internet. It's no longer a corner where quirky tinkerers were the only ones who could access it.
And the promise of the internet was never to be just that.
It was meant to be a vehicle for humanity (along with all it's warts). That's what you're seeing. The rest of humanity coming on-line.
The attitude of "this isn't what it was meant to be" presumes that it was meant to be anything at all. Similar to a kid that doesn't want to share their legos with the rest of the class.
I think the sentiment was regarding the democratization of knowledge and access, which is shifting more toward an oligarchy. True, more of humanity is coming online. However, they can only participate if they can be monetized and controlled by those with all the wealth and power.
The internet was and remains the most democratic knowledge dissemination engine in several thousand years of recorded history. It is substantially more democratic than it was in the 90s and 2000s because there are more people accessing it now.
It isn't shifting towards an oligopoly unless you count things like Wikipedia as a monopoly. Which it isn't, Wikipedia is probably about as close to an ideal democracy as any human project ever attempted.
Wikipedia is a great example of a web site that has resisted the trend! It is a pretty ideal democracy for those of us whose ISP or nation-state[0] doesn't prohibit us from viewing it.
There was a project similar to Wikipedia, but for semantic data. It lasted for a little while before being swallowed up by Google and shut down[1]. Granted there are some alternatives, but after investing some time working with freebase data, I should be allowed to hold a grudge.
Google played a key role in muzzling more widespread usage of RSS[2], along with Twitter and Facebook discontinuing support for it. Similarly, jabber[3], XMPP[4].
These days it's risky to even host your own mail server, since most people you correspond with are likely to use one particular email service that may arbitrarily block messages from lesser-known mail services[5].
Im saddened by the death of rss too, but i think its a lot to blame that soley on google. If the rss ecosystem was so weak, that shutting down a single rss client killed it, it couldn't have been long for this world anyways.
Imagine if google said tomorrow that email is dead and that they are closing down Gmail... This is basically what google did to RSS. They promoted it, adopted it.
Google made it impossible for existing solutions or upstarts to compete with their free tools, then slowly killed off marketing it and supporting it. The final straw was when they killed their reader.
Google killed RSS and they are actively killing other vital parts of the Internet in favor of their tech (forcing the use of their AMP tech for the best spots on their search engine results is anti competitive, Their web browser Chrome has saturated the market and is also making decisions which will undermine the Internets open protocols, but literally hiding the protocol in URLs, hiding the path in URLs, thus forcing people to search more).
Google is not alone in using it's capital as a destructive force on open protocols and standards. Facebook, Amazon, and Twitter are the same way.
> Wikipedia is probably about as close to an ideal democracy as any human project ever attempted.
wikipedia has their own drama. it has contributors who shape the content into what they want the world to see instead of staying objective on certain topics. often articles on simple topics are so complex because they are written by enthusiasts and aren't trying to inform beginners or curious.
> Similar to a kid that doesn't want to share their legos with the rest of the class.
You're being disingenuous and needlessly insulting.
We wanted to bring the freedom and egalitarianism of the early internet to everyone. Instead we got the jaded, corporate internet, but at least it's available to everyone. The GP is obviously mourning the quality, not the exclusivity.
You mean the death of the nerds-only Internet (a different kind of walled garden). There is so much creativity shared via the Internet by non-tech-savvy people that just wouldn't have been possible via the "old Internet".
There's certainly many problems with something this gargantuan, but I get very skeptical when people nostalgize and eulogize "the good old days" of anything.
I'll add, I say this with empathy to your feelings. I regularly feel a very strong nostalgia for those late nights of discovery on the Internet. But I do recognize that Internet involved a fraction of a fraction of the people using it today who are discovering and creating and sharing all kinds of stuff with greater ease than ever before.
I agree that "Internet" today is full of creative expression of millions of people able to do that mostly due the expansion it has seen into non-technical crowd. And that's brilliant.
Unfortunately, getting to their creations is ultimately harder: eg. searches for anything will now throw you at some lame stuff on pinterest, which will attempt to lure you into signing up just to find out if they have what you are looking for.
Basically, ability to really "browse" that humongous web is now gone. And most of those creations never reach their intended audience.
> There is so much creativity shared via the Internet by non-tech-savvy people that just wouldn't have been possible via the "old Internet".
Could you explain how you got to that conclusion?
It would be impossible for non-tech-savvy people to share things on the internet if there were no omni-present surveillance, manipulation, and centralization, because ... ?
I think their point was that "old internet" was harder to use as a publishing platform than the new one, not necessarily that what we got was the best evolution, but that it has enabled non-techies to publish more.
> I think their point was that "old internet" was harder to use as a publishing platform than the new one
harder to use as publishing platform by who? don't you mean businesses & corporations?
people have always been fine. myspace anyone? geocities? irc? icq? aol? msn? yahoo? the list goes on... also the remarkable thing is that people just move to newer and better back then.
I can't even imagine being small-minded enough to think that only tech-savvy people have anything interesting to express (and I say that as someone who thinks pretty highly of internet culture prior to its mainstreaming)
Same. Time for a completely different stack / protocol? Like a cloud that is actually a cloud rather than corporate centralization with a side order of surveillance?
It’s not about about being cool or making a hip new website. The point is that people won’t choose to pay for services when free ones exist. It requires a monetary obligation in the form of taxes. Countries don’t function because everyone decides they’d like to pay for the infrastructure that benefits everyone. They function because that money is collected in the form of taxes.
Haven’t seen that in awhile. Used to help run some EDI and PPP services hung off an x.25 node right down the road from CompuServe in Ohio. The PPP router didn’t even authenticate the user lol, just welcome to the network! I bitched about it for a long time before a demo changed minds.
The fact that data caps ever gained traction doesn't reflect well on the old timers ability to explain and protect the true value of their creations for the wider public.
Which is weird because they were obviously able to do that with cryptographic algorithms which are way more esoteric.
It's like teaching a generation of craftspeople to build all the intricate parts of a piano but never noticing nor caring that for some reason they're all selling pianos that have a single key.
What? Data caps had a very good reason to exist. Back in the 3G days if everybody would be online all the time the whole machine would just grind to halt. Nowadays the data caps are (in Europe at least) only a formality.
Host your own website? I have a web server, I manage a VPN for myself (good for traveling and questionable wifi points).
Much of the joy of the early internet came from the small groups and light website's.
Website's at scale gave a want hard time being small. Share what you care about on your own platform.
Ignore everyone's ring. If you aren't hosting a part of the internet you want. Why would you expect others to?
Any worthy .org's name will be domain-squatted on the other good TLDs, so they couldn't move it over.
Changing the domain of a site is very effective at killing a site, and a business or organisation, because all existing links to it break, emails to it break.
And if you give up the domain, it will usually get squatted quickly, so the links and emails carry on working - they just go to the squatter's site instead.
There is no way to update the majority of links to your site, if it's been around for a while. You can search for links and ask other site operaters to update, but it just doesn't happen much, and it's also extremely expensive to do when measured in time to write to thousands of site operators individually.
And when you have to change the name at the same time (because your name is squatted on other TLDs), you're effectively deleting the name recognition, literature, old podcasts, matching name you already have on Twitter, etc.
If you had a good name for a long time, chances are you will struggle to find another one like it, and even if you do, most people will think the new name is something else.
On top of that, your email is probably linked to your .org, and people aren't going to stop sending to that for years, no matter how much you tell people to via other channels. You can't know everywhere your email address and main web address are being kept by someone to use later.
And wherever there is a long-standing email domain, there are probably thousands of internet accounts that have that email as their primary or backup/recovery, which you will need to keep if you don't want to start losing access to other accounts. Updating those is very difficult unless you have been extremely diligent at keeping a database of every account you ever created. In practice, even very diligent organisations who attempt to do this don't succeed because accounts tend to be created bydifferent people.
Perhaps in extreme startup land where people start a new business from scratch every couple of years, and pay a lot in SaaS costs so hiked domain fees may sseem relatively cheap, this might not seem to matter.
But many .orgs have been around for decades, and are low budget but very well esablished.
Any many other .orgs are individuals, with email and thousands of online accounts linked to their domain.
Can we not do this sensationalist rhetoric on this forum?
If you feel like you got a bone yo pick with a current state of internet, post about a technology that addresses the problem so that people can become aware of it. And save the virtue signaling for reddit/facebook.
Earlier today I was trying to Google a website I found on my PC a while back. (Backing up its disk atm, and don't use Chrome sync.)
Clicked on an unrelated link, and was already in the process of reaching for the Back button when I realized I was looking at a cert failure (wrong domain in certificate). Heh. Idly curious I hit Continue... And was presented with my first
> Content Denied
> Access to this website has been disabled by an order of the Federal Court of Australia because it infringes or facilitates the infringement of copyright.
After recovering from the shock - this sort of thing only happens in 3rd world repressive countries, right??? - I went back and tried the domain referenced in the cert.
No! I agree with you that it seems like it should be cheap but imagine the UN ran it. China would veto ".tw" as just one example of the many problems with government type entity in charge.
I'm not arguing having Ethos Capital is good. I'm arguing the UN running it is not a solution. (nor any likely government body for that matter who will likely take down any organization they don't agree with)
I think the cert issue is because of DNS hijacking by my ISP so that they can (falsely) tell me the site has malware. I can’t view the cert now that I’ve made an exception to it.
Seems like he posted a lame joke. The appropriate response would be for other users to downvote him. I've seen his other comments and he'll regularly be downvoted, but I think you're overreacting a bit. Perhaps you should stick to making sure HN runs, and aside from that mind your own business?
Sadly, it's my business to deal with flamewars, personal attacks, trolling, and other abuses of HN. If flames are allowed to burn this place to a crisp, HN won't be HN anymore. And eventually there wouldn't be anything worth running or anyone to run it for.
Is $10 the magic number for 'orgs'? Say the PE raised it to $20, how bad would that be? If it were $5 and doubled to $10 still as bad? Why is $10 the just amount? What about orgs that can't afford that?
How high is it ok for the PE to go on fees? Why? (Tone is to point out how arbitrary this all is, genuinely curious otherwise)
Given the history of private equity in hiking up drug prices, I'm guessing the answer to "what is the magic number" is whatever number generates the most profit, regardless of what is just or whether small organizations can afford it.
> This article was brought to you by the domain squatters lobby
But seriously I don’t see what’s wrong with this sale. There are no restrictions on who can use a .org domain anyways, and the only people price increases really affect are domain squatters (real organizations can afford 10x the current price without batting an eye). I don’t see what’s wrong with this sale
ISOC CEO does not consider the public reaction or petition significant. He stated that a mere 10,000 signatures when there are millions of .orgs indicates lack of public concern or any serious opposition to the deal.
Ethos Capital paid $1.135 billion for total, unconditional, purchase of the PIR from ISOC.
ISOC just "grabbed the opportunity when Ethos presented it,"
ISOC have reviewed Ethos’s governance plans and approved them, but will have no means to enforce compliance with those plans.
The deal must be approved by the end of the 1st Quarter 2021 or it fails. The exact date is still confidential.
It must be approved by two bodies – ICANN and the Pennsylvania Orphans Court, which is a specialist court for estates and trusts.
The PIR is incorporated in Pennsylvania and this court must approve changes in the PIR charter in order for Ethos Capital to take ownership.
This is because “the Orphans’ Court judge is the ultimate defender and protector of the fund in question, and the Orphans’ Court will protect that fund and ensure that the fund is distributed to the correct beneficiary”
This means that if the Pennsylvania Orphans Court has not reached a determination by 1st April next year, or if that decision is being challenged in a manner which delays implementation, the deal fails.
You've created multiple accounts just to post on this issue. Single-purpose accounts aren't allowed on HN, and neither is using the site for political battle, even on an issue where the community is largely in agreement. Could you please take a look at this reply I posted to your other account? https://news.ycombinator.com/item?id=21660175
You're certainly welcome to participate as a community member, which means following the guidelines at https://news.ycombinator.com/newsguidelines.html and using the site as intended, for intellectual curiosity. But it's not ok to use it as a platform for a cause, no matter how good a cause it may be.
Also, please don't copy/paste comments here. That lowers signal/noise ratio and breaks the site guidelines, which call for curious conversation.
https://www.theregister.co.uk/2019/11/20/org_registry_sale_s...
"Former ICANN CEO Fadi Chehade personally registered the domain name currently used by Ethos Capital in May and it was registered as a limited company in the US state of Delaware on May 14. That date is significant because it is one day after ICANN indicated it was planning to approve the lifting of price caps through its public comment summary.
As such it appears that the plan to purchase the .org registry was predicated on the price caps going ahead and that those behind the deal had intricate knowledge of ICANN’s internal processes."