He has an informal agreement with a informal group of organizations to respect his decision of what records to return in response to DNS requests. No one is obligated to follow that agreement. This form of abuse of that informal agreement should result in the group of organizations unilaterally terminating that agreement.
This kind of reply reminds me of the vitriolic replies that companies leveled back in the day against the guys who registered donotreply.com.
They would try to alert companies using a domain they didn't own for communications to their customers that this was a bad idea, and soon after got nastygrams from the company's lawyers saying they'd stolen their intellectual property and wiretapped their communications.
Consider this hypothetical: You buy a house, and its address somehow gets listed as an internal corporate postal address at BigCorp. You regularly get bag-fulls of corporate mail containing personal information. BigCorp refuses to changes their internal directories, and refuses to buy your home at a reasonable value.
The only real difference in the corp.com case is that instead of just one BigCorp, it's one BigCorp that's gotten a bunch of other SmallCorps and BigCorps to all incorrectly list the same address too.
On the same general note, "a business listed my phone number as theirs and refuses to change it" stories are pretty common, and often have the same "the business refuses to change it" quality.
No it's not. He has no legal agreement with my DNS provider for them to do jack shit.
He has some legal agreement with his registrar, and maybe indirectly with ICAAN, but that legal agreement means jack shit to DNS providers, who are the ones that ultimately matter.
For an example of DNS providers already using this fact for the public good, see AdGuard DNS
He's selling the domain through an auction/resale service [1], so any question of "aiding and abetting" goes to them, not him. At the high end, these services have extensive anti-fraud and anti-money-laundering checks (speaking from personal experience working for a small registrar), so the question of direct liability is pretty well covered.
Otherwise, you end up with a world where anyone who comes into possession of a dangerous item is obligated to potentially keep it forever and force all of their descendants to keep it forever.
The keyword is "knowingly". He's clearly well aware of the security risks and is doing his best to keep it safe (including asking Microsoft to acquire it for 10% of the revenue they make in an hour).
Yes, you're right, that is the keyword. This article, and statements like the following make it perfectly clear that if he follows through on his threat he will be knowingly aiding criminals.
> O’Connor said he hopes Microsoft Corp. will buy it, but fears they won’t and instead it will get snatched up by someone working with organized cybercriminals or state-funded hacking groups bent on undermining the interests of Western corporations.
A person can be reasonably confident that their immediate sale of an item is going to go to someone who will use it responsibly... while still worrying about its disposition five or ten years down the line. (Microsoft has already let this problem sit for 26 years, after all.) That still doesn't mean the person has any particular legal or moral responsibility to monitor their original customer indefinitely just because there's a future risk.
That is neither a threat nor proves that he knows anything about the buyer being a criminal. He's only worried about that possibility, which is a good thing considering he has been a good steward of the domain this whole time.
He has an informal agreement with a informal group of organizations to respect his decision of what records to return in response to DNS requests. No one is obligated to follow that agreement. This form of abuse of that informal agreement should result in the group of organizations unilaterally terminating that agreement.