The Austrian ccTLD hit a new milestone in September, reaching 1.4 million registrations according to the .at registry nic.at, with just over one million (1,023,492 as of 13 September) or 73.9% registered to Austrian registrants.
2021’s Domain Pulse is the latest conference to fall victim to the global COVID-19 pandemic. Originally scheduled to be held in Beethoven’s home town, the German city of Bonn, in February and hosted by DENIC, it will now be held in February 2022.
The annual free domain name conference of the German-speaking world, Domain Pulse, is heading to the North Tyrolean Alps city of Innsbruck in Austria in February 2020 with the organisers looking towards the future, asking attendees to âgaze into the crystal ball togetherâ with them.
Day 1 is dedicated to the question of what future will bring in terms of technology, internet governance and the world of work – and where the forecasts come from! On the second day, we will highlight the issue of risk – how much are we prepared to take in our personal lives, careers and as a society? And at what price?
The presentations will focus on the future of internet governance, the talents of tomorrow, does the domain name system tell us anything about the future, artificial intelligence, looking forward with 5G and its challenges in particular relating to surveillance and citizenâs rights and what should ccTLD registries expect in the future.
This yearâs Domain Pulse conference (which is not related to the DomainPulse.com domain name news site) will be held on Thursday 20 and Friday 21 February. In 2020 the conference is organised by the Austrian ccTLD manager nic.at, with the conference rotating to be hosted by DENIC in 2021 in Germany, then by SWITCH in Switzerland in 2022.
For presentations in German, there will be a simultaneous translation service into English, but not for presentations in English into German. However given that networking is as important as the conference topics, it can still be extremely worthwhile to attend.
To register, book hotels, check out the agenda and find out more information in general, go to: domainpulse.at/dp2020. There are plenty of trains passing through Innsbruck and a number of airlines fly to Innsbruck. Conference hotels start at â¬120 per night, plus thereâs the always wonderful Thursday evening event.
UPDATE: This article was updated to reflect a misunderstanding regarding translations. There will be translations of presentations into English from German, but not for German presentations into English. The original version of this article said there would be no translations.
Finding that elusive domain name can be difficult for even the most adept of us, so a few registries have developed services to make suggestions for when your first choice isnât available. The latest of those is nic.at who has launched Domainfinder, developed in-house by their research and development team.
To showcase their Domainfinder, nic.at has put together a simple video to show off how it works.
The most well-known of services to assist in finding that elusive domain name has been developed by Verisign and is called NameStudio for their .com, .net and .tv top-level domains. As with Name Studio, Domainfinder makes suggestions of alternatives for both second and third (.co.at and .or.at) level .at domain names.
nic.atâs RcodeZero DNS service has just started supplying Anycast technology to the Polish domain extension .pl. This means that nic.at infrastructure provides supplementary hosting and security to the seventh biggest ccTLD in the EU with over 2.5 million domains. According DNSperf statistics, RcodeZero DNS is one of the fastest anycast providers worldwide.
CEO Richard Wein is delighted with the new RcodeZero DNS customer NASK, the Polish national research institute responsible for the Top Level Domain .pl.
âAfter .nl and .eu, we have succeeded in convincing another major country code TLD with a couple of million domains to use our services. In an industry where you know each other very well, this is a big compliment for me: The relevant players trust the technical competence of nic.at. This shows that even a small country can provide services to the big ones so long as you focus on quality, reliability and flexibility.â
It is the clear goal of nic.at to gain more RcodeZero DNS customers within the TLD community â also on other continents.
The technical implementation for .pl is proof of nic.atâs ability to meet individual customer requirements. The .pl TLD consists of 159 subzones. Therefore â in contrast to other customers with fewer zones â every process and check has to be performed 159 times before distributing the zone to the servers all over the globe.
The constant expansion and upgrading of the RcodeZero infrastructure is also recognised in the worldwide Ranking of DNSperf where the DNS performance of the top Anycast providers is measured. RcodeZero DNS actually ranks sixth â not far away from well-known names like Cloudflare and Wordpress.
This nic.at news release was sourced from: https://www.nic.at/en/news/nic-at/another-tld-coup-for-nicats-rcodezero-dns
In my opinion, the world can survive very well without a public WHOIS. DP: What challenges and opportunities do you see for the year ahead? RW: I think the whole industry will have to make an effort to bring their products to the market in a way that is more understandable, simpler, and accessible without much (technical) know-how. In my opinion it is still far too difficult to register your own domain, then set up your own e-mail or create a new website. The subject of “digitisation” is currently on everyone's lips, but it has negative connotations; so a lot of work must be done to convert this to a more positive, beneficial impression. This involves domains and all associated products. DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now? RW: All in all (apart from a few exceptions), positive hopes and expectations have not been realised. Many of the gTLD registries are still struggling to survive, and I have not seen any evidence of the frequently described “dotbrand” hype, so the new gTLDs will probably remain a “niche” for another year. The consolidation process will continue, both with the registries and the backend providers, but also with the registrars. A few gTLD's will be established on the market (and among users), many of the others will disappear again. At the moment I do not see any need for a second round (at least from the demand side), but clearly some want to utilise their (technical and sales) scaling effects to offer new gTLDs as quickly as possible, and put them on the market. DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past? RW: A clear YES to this. If you look at the number of users of “social media”, such as FB or Instagram, there is a clear negative trend. It's not about either / or, but businesses in particular will develop a balanced “online strategy” and this includes their own website with one (or more) domains. Of course, there is some saturation, but there is still enough global potential to increase awareness of domains and to secure growth over the long term. Previous Q&As in this series were with EURid, manager of the .eu top level domain (available here), with Katrin Ohlmer, CEO and founder of DOTZON GmbH (here), Afilias’ Roland LaPlante (here), DotBERLIN’s Dirk Krischenowski (here), DENIC (here) and Internet.bs' Marc McCutcheon (here). If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.
Austria’s internet is celebrating a combined number of birthdays in 2018, all adding up to an 80th birthday celebration: 10 years of CERT.at, 20 years of Stopline, 20 years of nic.at and 30 years of .at!
In the latest nic//report, the regular report on .at domain name issues, they chart the 30 years of .at. There’s an interview with Dr Peter Rastl, long-time head of the Vienna University Computer Center, who had the initial responsibility for allocating .at domain names. Initially .at domain names were given away for free, one per organisation. But as the popularity of the internet, and domain names, grew, the burden on the university became too much. Fees were introduced, ISPA, representing internet service providers in Austria, together with the university, decided to professionalise domain name registration and nic.at was born in 1998.
In the same year nic.at was born, Stopline was also born. Stopline is an independent initiative set up by the ISPA to combat illegal content online, after images of child abuse were discovered on the server of an Austrian host provider. ISPA (then newly founded), nic.at, representatives of the police reporting centres, legal experts and other national stakeholders were involved in establishing Stopline. The challenge at the time was to raise awareness of illegal content online and publicise the existence of the new reporting centre without demonising the Internet as a whole.
Then 10 years later, and 10 years ago, CERT.at with the goal of making the internet in Austria more secure, as the primary contact point for IT-security in a national context.
When it comes to domain names, the number of domain names registered under Austria’s country code top level domain (ccTLD) within the country is closing in on the one million mark with 936,857 – 72.6 % of all .at domains out there as of 31 July. Every district within the country, even those tiny places with populations of below 70, has at least one .at domain name.
The remaining 27% of .at domain name registrants are in Germany (18%) while 1 in 11 (9%) domain names are registered in non-German speaking countries.
The province with the most .at domains per 1,000 inhabitants is Vienna with 148.8 per 1,000, followed by Salzburg (124.9) and Tirol (102.2), while the province of Burgenland brings up the rear with 73.5. But a look at capitals shows the capital of Burgenland, Eisenstadt, is out ahead with one in six people in the city owning an .at domain – putting it ahead of Vienna and Salzburg. Bregenz in Voralberg is the provincial capital with the least domain names (97 per 1,000 people).
To download the latest nic//report from nic.at, click here [pdf].
It was adopted on 14 April 2016 and after a 2-year transition period it becomes enforceable on 25 May 2018. Yet despite this timeframe, ICANN only approved a Temporary Specification for gTLD Registration Data to comply with the European Union’s General Data Protection Regulation on 17 May, with a draft published on 11 May. But it only gives registries and registrars 7 days to finalise and implement changes to their systems, or 14 days if they started when the draft was published. That is if they waited for ICANN’s snail-like process to take place.
The GDPR has been developed by the European Commission to give individuals more control over their data that businesses hold, including domain name Registries and Registrars. It also applies to businesses outside of the EU that hold data on citizens and residents of the EU. It’s impact is far-reaching and penalties for breaches are severe – fines of up to €20 million or up to 4% of the annual worldwide turnover, whichever is greater.
ICANN’s approval of a Temporary Specification [pdf] is the result of 12 months of consultation with the community and “is an important step towards bringing ICANN and its contracted parties into compliance with GDPR,” said ICANN’s Chair Cherine Chalaby. “While there are elements remaining to be finalised, the adoption of this Temporary Specification sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR before its 25 May enforcement deadline.”
One can’t help but feel it’s an extraordinary failure by ICANN and the community given the time they’ve had to develop a solution. The Temporary Specification will be revisited by the ICANN Board in 90 days, if required, to reaffirm its adoption. And whether the Temporary Specification meets European Commission’s requirements remains to be seen. In early April the EC’s Article 29 Data Protection Working Party wrote to ICANN [pdf] noting they weren’t satisfied with what ICANN had then proposed.
So what will happen on 25 May? Registry Operators and Registrars will still be required to collect all WHOIS information for generic top level domains (gTLDs). However, WHOIS queries will only receive “Thin” data in return, which includes only technical data sufficient to identify the sponsoring Registrar, status of the registration, and creation and expiration dates for each registration, but not personal data. For third parties with legitimate interests in gaining access to the non-public data held by the Registry Operator or Registrar, there are still ways to access that data. Queries can be made through the sponsoring Registrar and they are obligated to respond in a reasonable time. If a response is not received, ICANN will have a complaint mechanism available. If it is thought individual parties are not complying with their obligations under these temporary specifications or their agreements with ICANN, ICANN’s Contractual Compliance Department can be contacted to file a complaint.
The changes are not unlike those being implemented by several European country code top level domain (ccTLD) registries. And while quite a few Registries and Registrars will have been waiting (or rather sweating) on ICANN’s announcement this week, some decided they couldn’t wait and have been developing solutions on what they believed ICANN’s response would have been.
Within Europe, some ccTLDs, such as the Austrian registry nic.at have implemented a “thin” model for individuals registering domain names, but legal entities or businesses will continue to have “thick” WHOIS data published. Others such as DENIC, the German ccTLD registry, will only record the contact details of the domain name registrant, two additional email addresses as contact points for abuse reports and general and technical requests as well as the usual technical domain data, which is similar to the ICANN model.
Registrars are frustrated. One, the German EPAG, which is part of the Tucows group, spoke of their frustrations to Domain Pulse at the Domain Pulse conference (unrelated) in Munich in February.
“We wish that ICANN had started work on this a year ago,” said Ashley La Bolle, Managing Director of EPAG Domainservices GmbH. “Of course, we will try to accommodate changes, but in absence of new consensus policies, we have to develop solutions that we believe will ensure our own compliance with the law.”
“The domain industry has been really late to the game on GDPR implementation,” La Bolle went on to say. She noted how frustrating it was that the entire industry was slow to develop solutions and that solutions were only beginning to be finalised back then. The changes require significant resources to be thrown at implementing changes. In an industry that operates on razor-thin margins, it’s not an ideal situation.
“The GDPR requires contracts to be revised, additional staff training, and customer education. Our approach has been to change our systems and processes to handle as much of the impact of the GDPR as possible so that our customers can continue to use our services as they always have.”
It has also been claimed that the changes will be a boon for cybercriminals. While Krebs on Security admit that while “cybercriminals don’t use their real information in WHOIS registrations … ANY information they provide — and especially information that they re-use across multiple domains and cybercrime campaigns — is invaluable to both grouping cybercriminal operations and in ultimately identifying who’s responsible for these activities.” And while some cybercriminals do take advantage of privacy protection services, “based on countless investigations I have conducted using WHOIS to uncover cybercrime businesses and operators, I’d wager that cybercrooks more often do not use these services.”
Krebs also notes that while “it is true that the European privacy regulations as they relate to WHOIS records do not apply to businesses registering domain names … the domain registrar industry — … operates on razor-thin profit margins and which has long sought to be free from any WHOIS requirements or accountability whatsoever. Krebs believes they “won’t exactly be tripping over themselves to add more complexity to their WHOIS efforts just to make a distinction between businesses and individuals.”
“As a result, registrars simply won’t make that distinction because there is no mandate that they must. They’ll just adopt the same WHOIS data collection and display polices across the board, regardless of whether the WHOIS details for a given domain suggest that the registrant is a business or an individual.”
A week before the European Unionâs General Data Protection Regulation (GDPR) comes into force on 25 May, the Austrian ccTLD registry nic.at has introduced changes to its Whois policy as well as to the registration and management of .at domains.
The most important changes that came into effect for the Austrian country code top level domain (ccTLD) on 16 May are:
1) New Whois policy
Under the new Whois policy, registration data for individuals (natural persons) will not published any longer. Data on individuals will only includes the domain name, the registrar responsible and necessary technical information. Whois data for businesses (legal persons) that register domain names will continue to be published as before and individuals can request the publication of their data.
2) New Terms and Registration Guidelines
4) Check of data accuracy by domain holder
Domain holders (registrants) can at any time request their current Whois data online by using the web form âmotivated requestâ. They can also ask for their domain certificate (featuring only the domain holderâs name and address) to be sent to their email address via an online form.
5) Information on private domain holderâs data to third parties
Only people who provide proof of identity and are able to prove a legitimate interest in finding out who the domain holder is, will get information on private domain holdersâ data. They can be law enforcement agencies, lawyers or people who contact nic.at following domain disputes and who can prove that their rights have been infringed. They have to start aÂ webform request with defined obligations for supporting documents on this webform.
6) Abolishment of admin-c
As the admin-c never had any legal function in the administration of .at domains, it is abolished as of 16 May 2018.
From mid-May individuals who have registered .at domain names will have their registrant details hidden by default, although they can have the data published if they wish, while businesses will continue to have their contact details published in WHOIS as is the case now. The change is a result of the looming introduction of the E.U.'s new privacy law.
The coming of the E.U. General Data Protection Regulation (GDPR) is causing a bit of havoc among the domain name business. It comes into effect on 25 May. Gradually European ccTLD registries are rolling out how they’re going to comply. The GDPR is intended to give individuals in the European Union more control over their data held by business, with one data protection law for to strengthen and unify data protection for all individuals within the 28 member states of the E.U. It also addresses the export of personal data outside the E.U.
In recent weeks Nominet and DENIC have announced their plans. Nominet have opened a consultation to 4 April on their proposal that will mean they will no longer display any registrant’s name or address while DENIC will only record the contact details of the domain registrant, 2 additional email addresses as contact points for abuse reports and general and technical requests as well as the usual technical domain data.
“The GDPR”, nic.at’s CEO Richard Wein told Domain Pulse following the Domain Pulse conference in Munich in February, “is the biggest change in policy and procedures in the domain name community in many years. While EPP was a big change, it happened over time and there were no rigid deadlines, but change was smooth and happened quickly.”
Currently the nic.at WHOIS database, the public register of all registered .at domains, currently contains details on the holders of and contact persons for .at domains, regardless of whether they are companies or private individuals. Under the EU General Data Protection Regulation (GDPR), nic.at will only publish legal business data from mid-May 2018. Individuals can still have their data published if they wish.
For decades, it has been standard practice in domain administration to display domain holders’ data in a public database called WHOIS. The domain holder is informed of this when registering the domain. nic.at’s terms and conditions (T&C) form the legal basis for publication. This practice will change when the GDPR comes into effect.
“The GDPR defines special protection requirements for natural persons, so we will not publish their data any longer, although we still need to receive their details during the domain registration process,” explained head of nic.at’s legal department Barbara Schlossbauer. “The regulation is comes into force in mid-May 2018 and this will also lead to amendments in nic.at’s T&C and the registration guidelines for .at domains.”
In the future, the data shown for domains registered by individuals will only include the domain name, the registrar responsible and necessary technical information. If a company or organisation owns the domain, the holder’s name and address will still be published, although contact data like email address, telephone and fax number can be hidden upon request. The registrar submits information on whether a domain is held by a natural or legal person when registering the domain. If a private individual requests that their data be displayed, the registrar can also arrange this. “There will certainly be a lot of cases where people will definitely want to show that a real, trustworthy person is responsible for a particular website,” explains Schlossbauer.
Until now, domain holders’ data have been publicly accessible at nic.at. From mid-May, this will no longer be possible. “In future, natural persons’ domain data will only be accessible to people who identify themselves and have a legitimate legal reason for finding out who the domain holder is,” Schlossbauer points out. This includes law enforcement agencies, lawyers or people who contact nic.at following domain disputes and can prove that their rights have been infringed.
The adaptations in the WHOIS policy will not affect the public domain availability check, explains Schlossbauer: “When it comes to obtaining accurate information on whether a .at, .co.at or .or.at domain is still available, nic.at will remain the first point of contact for reliable availability checks.”
But the changes being adopted by each country code top level domain registry across Europe are a missed opportunity according to Wein.
“The opportunity for the ccTLD registries across Europe to work together and propose one solution was a missed opportunity,” said Wein.
“Every ccTLD appears to be doing something different, even if very slightly, and it’s a pity that the industry couldn’t develop one standard. It will mean registrars will have to implement 10, 20, maybe even 28, different solutions depending on how many ccTLDs for EU countries they sell. The situation is a nightmare.”
“Then there comes the problem with no WHOIS available to law enforcement, government bodies and brand protection. How can they get the registrant information? Registries are not allowed to give out information such as to the police without a good reason. Potential buyers of a domain name will have no way of contacting the registrant unless their details are provided on the website. While under the law of many countries, including Austria, the website owner is required to provide information about who owns the website, it is difficult to verify if this is correct, and will be next to impossible when the GDPR comes into effect.”
“When there’s a request for WHOIS information from law enforcement, for example,” Wein continues, “it will require someone at nic.at to manually check that the required authorisations such as a court order are in place and then to provide the information. Currently enquiries are machine-to-machine, but from 25 May it will be human-to-human and only available in business hours. It will mean a change of procedures and in many cases be much slower.”