It’s been 10 years this month since Neustar launched .co, taking it from “just” Colombia’s ccTLD to a top-level domain recognised around the world.Continue reading .CO Celebrating 10 Years of Innovation
To celebrate Catalonia’s National Day, puntCAT is offering discount codes to renew .cat domains, but the last day to apply for a discount code is today, 18 November, with codes valid until 31 January.
To apply for a discount code, go to decomptes.fundacio.cat and answer the question, then share the promotion on social networks or subscribe to the newsletter and you will receive the code to your email. The code is valid until 31 January and it can be used to renew the domain name with registrars participating in the promotion.
puntCAT is also releasing one- and 2-character domain names with a 4 stage registration process. The first step is currently underway, a priority registration for member entities of the Board of Trustees of FundaciÃ³ puntCAT and entities that supported the launch of the .cat domain. This period runs until 8 December.
Following is a priority registration for Public Authorities and entities in Catalan-speaking territories that runs from 9 December to 19 January 2020. There will then be a priority registration for trademarks from 20 January to 1 March and then on 2 March 2020 it will be an open registration phase for any company and/or person. Applications will be processed on a first-come, first-served basis.
To apply for a domain, it is necessary to fill in the following form. Once received, a selection committee made up of 2 members of the .cat team and a member of the Foundationâs board of trustees will consider the applications. Applications will be assessed according to the following criteria:
- Domain pertinence and availability
- The applicantâs background and relationship with the domain
- Intention of use of the domain
The domains that have so far been registered are the following:
.ASIA domain names are now licensed for sale in China, the Hong Kong-based DotAsia Organisation announced in February. Following receiving accreditation from Chinaâs Ministry of Industry and Information Technology (MIIT), .asia domain names are now legally able to be registered through Chinese registrars and resellers and hosted with Chinese webhosters.
âWe are very excited to be in China again and look forward to taking our work with Chinese retail partners to the next level,â said Edmon Chung, CEO of DotAsia Organisation. âChina is an important market to the .Asia community we serve, we will be working closely with our long time technology partner Afilias to be there for our local and regional customers.â
âChinaâs domain name market is one of the worldâs biggest and fastest growing,â said Roland LaPlante, Senior Vice President of Afilias. âWe are eager to work with .Asia in this thriving digital market going forward.â
The move follows the announcement, also in February, of 20 of Afiliasâ gTLDs to be licensed for sale in China.
In their announcement, DotAsia note that with Chinaâs 21st century development strategy, the .Asia extension resonates with the countryâs vision of an enhanced regional connectivity. .Asia domains are perfect for companies doing business in Asia, and also for those that want to reach out to Asian communities across the globe.
In 2017, DotAsia suspended retail sales in China out of respect for the MIITâs licensing policy.
Globally domain name registrations grew to approximately 342.4 million at the end of the third quarter of 2018, an increase of approximately 2.6 million, or 0.8%, compared to the second quarter of 2018, according to Verisign's latest Domain Name Industry Brief. In the 12 months to the end of the third quarter registrations grew by approximately 11.7 million, or 3.5%. Continue reading As Global Domain Name Registrations Slowly Rise, .NET Slides and New gTLDs Growing: Verisign
Globally domain name registrations have grown 2.0% in the 12 months to the end of June, the latest CENTRstats Global TLD Report Q2/2018 reports, but growth rates vary markedly among top level domains. For example, in the 12 months .com grew 5.2% while their Verisign stablemate .net declined 6.0%. Continue reading Over Half European Domain Names Are ccTLDs, But .COM Has Higher Visibility
Itâs been 10 years since .me launched as a unique and memorable gTLD. The Montenegrin ccTLD has become one of the most successful ccTLDs that operates as a gTLD and is also recognised as a gTLD by Google. And now on their tenth anniversary .me is about to enable the registration of Internationalised Domain Names.
As of 12 November, .me will allow the registration of domain names in Arabic, Belarusian, Bosnian, Bulgarian, Chinese (traditional and simplified), Croatian, Danish, Finnish, French, German, Hindi, Hungarian, Icelandic, Italian, Korean, Latvian, Lithuanian, Macedonian, Montenegrin (Latin and Cyrillic), Polish, Portuguese, Russian, Serbian (Latin and Cyrillic), Spanish, Swedish, Turkish and Ukrainian.
âPersonal appeal and worldwide availability from the day one is what made .ME domains so popularâ, said .ME Registry CEO Predrag Lesic. âWe feel that November 12th is a very important day for us because, with the launch of .ME IDNs, people around the world will be able to register .ME domain names using their own national alphabets. It does not get more personal (or global) than this!â
.ME came about following Montenegro becoming an independent nation in June 2006 and .me was allocated that September. Then in September 2007, ICANN delegated .me to the Government of Montenegro, becoming active on 24 September 2007 with registrations commencing in 2008. Registrations at the second level were made available to anyone anywhere in the world while third level such as .co.me and .net.me are only available to Montenegrins.
The appeal of Internationalised Domain Names (IDNs) is that internet users and business can register domain names in their own language â not just the Latin alphabet letters A-Z, digits and hyphens. Although 70% of the worldâs population uses Latin alphabet, less than half of them use only letters A-Z, which makes IDNs very useful for the words that cannot be properly described without characters used in the local representation of a language.
As .me note in their announcement:
The DNS was originally developed to recognise only ASCII characters (âLatin alphabet letters A-Zâ , â0â9â³ and â-â ), and was not planned to manage characters used in other languages like Arabic, Chinese, Cyrillic, and Latin alphabet-based characters with diacritics or ligatures, such as German, Spanish and French (letters like Ã¦, Ã¤, Ã¶, Ã¼, Ä, Ã¢, Ã®, È, Ã±, Å¡, Ä, Å¾, Ä).
However, with the implementation of IDNs in the system, these scripts can be used to register a .ME domain. Now, when the registrant tries to register an IDN, the domain registrar converts the local-language characters into a sequence of supported letters using an ASCII-compatible encoding (ACE) in the domain registration process. That means that the ACE prefix, âxn--â is used to represent an IDN. When an IDN is typed in a Web browser, and nowadays all browsers support IDNs, it encodes the characters into an ACE string that DNS understands. The DNS processes the request and returns the information to the browser as with any other domain.
.ME IDNs may be registered for 1 to 10-year terms on a First-Come-First-Served (FCFS) basis with .ME accredited registrars or their resellers.
The .icu new gTLD has only been in General Availability for 3 months and itâs already the 50th largest of the more than 500 new gTLDs to have hit GA, and over 1,200 (including .brands) to have been delegated.
In a post to commemorate the 90 day milestones, the .icu team have released some milestones theyâre pretty happy with including they now have over 64,000 registrations, some of which are showcased at InTheWild.icu, as well as registrants in 82 countries.
Some of the categories the .icu team is seeing development of websites are cryptocurrencies (blogs, news and pricing platforms), personal sites (consolidation of social media profiles, personal and professional profiles) and tools such as link shorteners.
ICANN this week published an update to the gTLD Marketplace Health Index (Beta), which presents statistics and trends related to gTLDs.
The Health Index [PDF, 2.86 MB] is available for download.
The generic top level domains (gTLD) Marketplace Health Index (Beta) was first published in July 2016. ICANN currently publishes these statistics twice a year to track progress against its goal of supporting the evolution of the domain name marketplace to be robust, stable and trusted. A community Advisory Panel is working with ICANN to refine the Index in preparation for publishing version 1.0.
In a bid to “to protect the data collected in WHOIS”, ICANN last week sought a court ruling in a German court to “ensure the continued collection of all WHOIS data, so that such data remains available to parties demonstrating legitimate purpose to access it, consistent with the GDPR.”
The “one-sided filing” in Bonn, Germany, was against German registrar EPAG, these days part of the Tucows group. EPAG had recently informed ICANN that it would no longer collect administrative and technical contact information for generic top level domain name registrations as it believes collection of that data would violate the GDPR rules, and further, it wasn’t needed.
EPAG had advised ICANN it no longer intended to collect such data, citing the GDPR law implementation as its rationale. In a statement from their parent company, Tucows, they said they “realised that the domain name registration process, as outlined in ICANN’s 2013 Registrar Accreditation Agreement, not only required us to collect and share information we didn’t need, it also required us to collect and share people’s information where we may not have a legal basis to do so. What’s more, it required us to process personal information belonging to people with whom we may not even have a direct relationship, namely the Admin and Tech contacts.”
Through its contract with registrars including EPAG, ICANN requires the WHOIS information be collected. In an effort to comply with the European Union’s General Data Protection Regulation, ICANN recently adopted a new Temporary Specification regarding how WHOIS data should be collected and which parts may be published, which ICANN believes is consistent with the GDPR.
The late announcement of the Temporary Specification, a week before the GDPR came into being, already had registrars irate, as they had to have their systems compliant ready for its implementation. Speaking to Domain Pulse at the Domain Pulse conference (unrelated), EPAG’s Managing Director Ashley La Bolle said at EPAG they wished “ICANN had started work on this a year ago. Of course, we will try to accommodate changes, but in absence of new consensus policies, we have to develop solutions that we believe will ensure our own compliance with the law.”
The German court ruled in favour of EPAG, at least in part, ruling it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, said ICANN in a statement, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse the security aspects in connection with the domain name (such as criminal activity, infringement or security problems).
The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.
“While ICANN appreciates the prompt attention the Court paid to this matter, the Court's ruling today did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings,” said John Jeffrey, ICANN's General Counsel and Secretary. “ICANN is continuing to pursue the ongoing discussions with the European Commission, and WP29, to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.”
So where to from here? Michele Neylon from the Irish registrar and hosting company Blacknight suggests “there might be more at play here than initially meets the eye. ICANN is probably coming under a lot of pressure from the US government and other interests in relation to public whois. Recent speeches by US Department of Commerce’s head honcho David Redl in multiple venues have underlined the US government’s fixation with full public whois.”
It's not over yet. As Jeffrey noted, the ruling didn’t give the clarity ICANN sought. Watch this space.
It was adopted on 14 April 2016 and after a 2-year transition period it becomes enforceable on 25 May 2018. Yet despite this timeframe, ICANN only approved a Temporary Specification for gTLD Registration Data to comply with the European Union’s General Data Protection Regulation on 17 May, with a draft published on 11 May. But it only gives registries and registrars 7 days to finalise and implement changes to their systems, or 14 days if they started when the draft was published. That is if they waited for ICANN’s snail-like process to take place.
The GDPR has been developed by the European Commission to give individuals more control over their data that businesses hold, including domain name Registries and Registrars. It also applies to businesses outside of the EU that hold data on citizens and residents of the EU. It’s impact is far-reaching and penalties for breaches are severe – fines of up to €20 million or up to 4% of the annual worldwide turnover, whichever is greater.
ICANN’s approval of a Temporary Specification [pdf] is the result of 12 months of consultation with the community and “is an important step towards bringing ICANN and its contracted parties into compliance with GDPR,” said ICANN’s Chair Cherine Chalaby. “While there are elements remaining to be finalised, the adoption of this Temporary Specification sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR before its 25 May enforcement deadline.”
One can’t help but feel it’s an extraordinary failure by ICANN and the community given the time they’ve had to develop a solution. The Temporary Specification will be revisited by the ICANN Board in 90 days, if required, to reaffirm its adoption. And whether the Temporary Specification meets European Commission’s requirements remains to be seen. In early April the EC’s Article 29 Data Protection Working Party wrote to ICANN [pdf] noting they weren’t satisfied with what ICANN had then proposed.
So what will happen on 25 May? Registry Operators and Registrars will still be required to collect all WHOIS information for generic top level domains (gTLDs). However, WHOIS queries will only receive “Thin” data in return, which includes only technical data sufficient to identify the sponsoring Registrar, status of the registration, and creation and expiration dates for each registration, but not personal data. For third parties with legitimate interests in gaining access to the non-public data held by the Registry Operator or Registrar, there are still ways to access that data. Queries can be made through the sponsoring Registrar and they are obligated to respond in a reasonable time. If a response is not received, ICANN will have a complaint mechanism available. If it is thought individual parties are not complying with their obligations under these temporary specifications or their agreements with ICANN, ICANN’s Contractual Compliance Department can be contacted to file a complaint.
The changes are not unlike those being implemented by several European country code top level domain (ccTLD) registries. And while quite a few Registries and Registrars will have been waiting (or rather sweating) on ICANN’s announcement this week, some decided they couldn’t wait and have been developing solutions on what they believed ICANN’s response would have been.
Within Europe, some ccTLDs, such as the Austrian registry nic.at have implemented a “thin” model for individuals registering domain names, but legal entities or businesses will continue to have “thick” WHOIS data published. Others such as DENIC, the German ccTLD registry, will only record the contact details of the domain name registrant, two additional email addresses as contact points for abuse reports and general and technical requests as well as the usual technical domain data, which is similar to the ICANN model.
Registrars are frustrated. One, the German EPAG, which is part of the Tucows group, spoke of their frustrations to Domain Pulse at the Domain Pulse conference (unrelated) in Munich in February.
“We wish that ICANN had started work on this a year ago,” said Ashley La Bolle, Managing Director of EPAG Domainservices GmbH. “Of course, we will try to accommodate changes, but in absence of new consensus policies, we have to develop solutions that we believe will ensure our own compliance with the law.”
“The domain industry has been really late to the game on GDPR implementation,” La Bolle went on to say. She noted how frustrating it was that the entire industry was slow to develop solutions and that solutions were only beginning to be finalised back then. The changes require significant resources to be thrown at implementing changes. In an industry that operates on razor-thin margins, it’s not an ideal situation.
“The GDPR requires contracts to be revised, additional staff training, and customer education. Our approach has been to change our systems and processes to handle as much of the impact of the GDPR as possible so that our customers can continue to use our services as they always have.”
It has also been claimed that the changes will be a boon for cybercriminals. While Krebs on Security admit that while “cybercriminals don’t use their real information in WHOIS registrations … ANY information they provide — and especially information that they re-use across multiple domains and cybercrime campaigns — is invaluable to both grouping cybercriminal operations and in ultimately identifying who’s responsible for these activities.” And while some cybercriminals do take advantage of privacy protection services, “based on countless investigations I have conducted using WHOIS to uncover cybercrime businesses and operators, I’d wager that cybercrooks more often do not use these services.”
Krebs also notes that while “it is true that the European privacy regulations as they relate to WHOIS records do not apply to businesses registering domain names … the domain registrar industry — … operates on razor-thin profit margins and which has long sought to be free from any WHOIS requirements or accountability whatsoever. Krebs believes they “won’t exactly be tripping over themselves to add more complexity to their WHOIS efforts just to make a distinction between businesses and individuals.”
“As a result, registrars simply won’t make that distinction because there is no mandate that they must. They’ll just adopt the same WHOIS data collection and display polices across the board, regardless of whether the WHOIS details for a given domain suggest that the registrant is a business or an individual.”