BOOKMARK
PRINTEnforcement
Where Did WikiLeaks Go?
Fri, 12/03/2010 - 09:00 — Anna Gayle — PermalinkNo doubt you’ve been hearing a lot about WikiLeaks lately, the site that has released hundreds of thousands of classified U.S. government documents to the public. Splashed across the news around the world, WikiLeaks and its founder have been the subjects of much debate, concern, and even potential litigation. Now, there’s a new twist to the tale – the site might be losing its domain name.
BBC News reported today that EveryDNS.net, the service provider for WikiLeaks.org, has rescinded its DNS services for the site, claiming that the site has been attracting attacks that put the entire EveryDNS.net infrastructure (and the 500,000 domains it supports) at risk. This comes right on the heels of Amazon’s ending the agreement to host the WikiLeaks site due to a failure to adhere to the appropriate terms of service (essentially by not owning the rights to the classified content that is being posted).
So, what happens to a site after it loses its domain name? The domain may have been taken down, but the IP address (the raw code for the location of this information online) still allows the content to remain available. Today, WikiLeaks tweeted its IP address to followers, hoping that Internet users would still navigate to its content. Within the hour, WikiLeaks informed followers that the site had moved to a Swiss domain: WikiLeaks.ch. The site redirects to the same IP address, meaning that WikiLeaks’ entire original content is still present and accessible.
This whole kerfuffle should serve as a reminder about how essential domain names are to directing visitors to online content. However, it also educates us on how bad actors are able to cunningly maintain their content by manipulating the domain space. The Internet is a global entity and a maze of many jurisdictions. Thus, if there is a will, it seems that there is a way to keep content online.
It’s easy to see that Internet governance is incredibly complex. Check back next week for a post about how these types of incidents are able to occur, pending legislation that is intended to create a remedy, and the role of ICANN in policing this space.
Flying Under the Radar
Sat, 01/10/2009 - 19:46 — Josh Bourne — PermalinkA little-known wave of massive-scale online infringement called affiliate fraud is gathering steam on the Internet. Affiliate fraud earns cybersquatters 50-100 times the fee per action of pay-per-click (PPC) sites and targets brand owners–all undetected.
Some brands offer affiliate programs, which allow Web site owners to post links and banners to that brand’s product or service on their site; in return, the owner of the site that is hosting the link receives a commission for every click-through that results in a purchase. These affiliate programs are meant to be mutually beneficial; brands get traffic funneled to their sites and their affiliates can earn a profit by providing that service.
Most Internet affiliate programs prohibit enrollees from using trademark-infringing domain names, yet many are doing just that.
Rather than using their unique affiliate identifiers to post links, cybersquatters are registering domains that contain a famous trademark or a typographical variation of one and redirect visitors to the very Web site that they expect to find. They then collect a commission once a sale is completed or once a visitor requests information. Some banks, for example, will pay Internet affiliates a commission as high as $30 each time a referred visitor submits a credit card application.
The best way to understand the practice of affiliate fraud is to actually see how it works.
One example is a typo of the large US cable operator “Comcast”—COMCASFT.COM—which redirects to a Comcast authorized retailer who pays commissions for referrals. When you enter COMCASFT.COM, you will see it eventually resolves to http://www.comcastadvantage.com/index.html?PID=cj:1735985. “cj: 1735985” identifies who should get paid the commission and—you guessed it—that person is the owner of COMCASFT.COM.
According to Comcast’s affiliate program terms, leads like this are worth as much as $35, which is many times more than the 50 cents or less that cybersquatters typically receive per click on the PPC sites that we’re all familiar with.
Unlike redirecting infringing domains to a PPC site loaded with ads, this scam delivers a more fluid online experience and a completely expected result to the end user; end users are less likely to recognize this as an infringement and many will simply assume that the legitimate company has done the redirecting. In-house counsel and brand protection companies of all kinds also typically fail to detect this use. As a result, this practice often flies under the radar of enforcement. That, along with the fact that it is a particularly lucrative endeavor, makes this practice extremely appealing to cybercriminals.
ICANN's AGP Limits Policy
Wed, 10/22/2008 - 18:12 — Phil Lodico — PermalinkOn Monday, ICANN posted its AGP Limits Policy and Draft Implementation Plan for public comment.
The important take-away from this plan is the intention to cap the number of domain name deletes that can be refunded by a registrar. The AGP Limits Policy prevents any refunds on domain names that are deleted in excess of 10% of the Registrar’s new registrations or in excess of 50 domains, whichever number is higher.
While it is always encouraging to see progress towards better policy, the pace at which these steps are being taken is disheartening. This policy, which is slated for implementation in March of 2009, is proposed as a remedy for domain tasting—a tactic used by some cybersquatters in which perpetrators leverage the 5-day add/drop grace period mandated by ICANN to “test-drive” a domain name—which started gaining ground almost two years ago.
I’m not suggesting that any plan should move forward without the appropriate considerations, in fact we’ve long been proponents of seeing ICANN use more fact-based research, but with the Internet community hurting from the lack of strong deterrents against domain name tasting there should be a sense of urgency associated with this process. The Internet is a rapidly changing medium with new enforcement challenges at every turn; policies addressing these challenges should be made in a manner that allows them to keep up with this pace.
Creating Boundaries in a Boundless Internet
Fri, 10/17/2008 - 15:02 — Phil Lodico — PermalinkYesterday, Kentucky Circuit Court Judge Thomas D. Wingate affirmed the Kentucky court order to seize domain names related to gambling. According to Poker News, Judge Wingate dismissed challenges of Kentucky’s jurisdictional reach, claiming that a domain name is a device used to enable gambling and is therefore illegal under Kentucky State law. In this case, Judge Wingate’s ruling extends a state’s court jurisdiction to cover where a domain name is used, not just whether the domain name is owned or maintained within that state.
This ruling revives some broader questions about just who (if anyone) has (or should have) authority over the Internet. Since its inception, there has been tension between those who believe in the need to govern the Internet and those who believe in the limitless freedom that the space can provide. Whether or not the court should have taken action here is debatable, but it is important to ensure that the domain space has appropriate governance in place to protect consumers and existing laws. It is the responsibility of the Internet community to call attention to gaps in governance as a way to continually strive towards building a better online community.
What are your thoughts on the ruling in this Kentucky case?
