Verisign continues to run a monopoly on .COM/.NET with basically no checks or balances to its power. ICANN has effectively surrendered to it. A significant amount of ICANN's budget is coming from Verisign. ICANN refuses to exercise any oversight, it's likely an example of regulatory capture at this point.
Verisign is going to push every possible way to extract more money from .COM/.NET monopoly. They maximize price increases at every opportunity on their contracts (which has automatic renewal and no competition). For what? No added value to customers or the ecosystem as a whole.
SiteFinder was just one of many moves in a long series of bad for everyone but Verisign moves. Remember when .ORG had its price caps removed and then private equity tried to buy it? Guess where a lot of that backing came from...
Richard Barnes wanted ISOC to get an endowment by selling .ORG. having .ORG is great for the nonprofits but really isn't something ISOC can leverage to support IETF etc.
I believe the registry contracts are bid out every few years. However it's a very difficult business with fixed prices that depends on lots of operational efficiencies.
Having .ORG was the endowment. Selling off something they don't/shouldn't 'own' is bullshit. They were granted an endowment to manage .ORG to use the profits to support IETF.
They simply outsource the backend and collect a large profit. It's not a difficult business at all. The margins are insanely good in fact. They're doing at least 60% if not closer to 90% I suspect on the actual operations side if they competitively bid out their backend.
Registry contracts aren't bid out every few years for the most part, that's a giant problem. Why Verisign has a monopoly on com/net.
I don't really understand why people care specifically about .com when they're still one of the cheapest TLDs you can buy. Like if you wanted to pin this on Verisign specifically you're gonna have to explain why every other domain costs about the same or more. Like tech darlings .io=$71, .tv=$32, .me=$25. Even the worst domain ever .info is $23.
Because .COM has history before Verisign. Because businesses and people are locked in forever to renewing. It's the defacto TLD for the world. Why don't you care that a monopoly contract that extracts profit for shareholders alone with zero public good is in the best interest of the internet as a whole? Why does Verisign of all entities get to manage it?
There are cheaper TLDs, everytime they go up for bid, the costs to run them comes out and it's under a dollar per domain. And you're comparing .COM an original gTLD to country code TLDs, which are owned by countries. Countries that can make their own rules and charge their own prices.
See also ‘domain tasting’ (https://en.m.wikipedia.org/wiki/Domain_tasting), where registrars would temporarily register non-existent domains when someone attempted to load them, showing a ‘for sale’ page to skim extra money off registrations.
Did GoDaddy do this, too? I only remember Network Solutions.
Incidentally, I was paranoid about this kind of front-running for years before I knew it had actually happened, and would just use whois from the terminal when searching for domain availability.
godaddy 100% did it. i remember looking for a domain, taking a day to debate, they reporteded it registered and they 10x'd the domain price on me. When I reached out to ICANN about such a bs move they just came back with "GoDaddy isnt doing anything wrong." This was 10-15 years ago.
That was the last time i registered anything with GoDaddy
Does any money change hands for this kind of front-running? If so, I think there's a good opportunity to either cost them a ton of money or drain whatever budget they allocate to this practice by baiting out registrations.
Originally it did, and some companies still tried the buy-from-under-and-jack-up-the-price thing on what could be valuable domains. Back then I checked the availability of a four-character (letter-letter-number-number) domain and two days later found it taken by “someone” using the same registrar I check it was free on and there was a holding page there offering it for sale at a not-insignificant cost multiplier. Luckily I had other options and just took one of those (from a different registrar). I also checked the availability of other domains on the original registrar, and encouraged others to also. We probably didn't cause enough financial disruption for someone to notice, but I liked the petty revenge anyway!
Later the 5-day grace period was added by ICANN to deal with accidental registrations, a full refund would be given if the domain was released in that time. Supposedly to protect end users against mistakes like typos and other errors, though I'm not sure why that would need five full days. This made “domain tasting” an open season and a great many registrars would do it, even registering a few times to extend the five days. Some actually did it as an advantage for the end user: they were not going to get snipped by waiting a few days and the registrar didn't jack up the price. But many were a bit more nefarious.
They later added a small processing fee to the refunds in the grace period after the first few domains per account per period (or similar) which vastly reduced this happening, so it is now pretty much a historic problem.
If I remember correctly (probably from stories on HN a few years ago), GoDaddy had the ability to "taste" the domains—ie, pay for them, hold them for a few days, then get a full refund if you didn't end up buying through them. I don't recall whether this was something special for large registrars like GoDaddy.
I'm sure tasting still happens on dropped domains, though; registrars have data on search interest and can find dropped domains that are likely to be profitable even taking transaction fees into account.
It's unfair that registrars can abuse their position to pick up valuable dropped domains. But somebody was going to do it in the moment after they drop if not them. That feels like a different and less serious problem.
Years ago I wrote a script that would release and renew a DSL line (to get random IPs) while spamming several registrars with bogus domain availability lookups, and found that something like 10% of the available domains were registered within 2 hours of looking them up, and I spammed something like 200,000 bogus domains in one night.
From another angle, presumably they had some excellent engineering on their site to be able to handle the enormous up tick in server load following the change. A note from Wikipedia[0]
>According to the web traffic measurement company Alexa, in the year prior to the change verisign.com was around the 2,500th most popular website. In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
"BIND (aka named, the occasional remote sudo implementation)" made me chuckle! I wonder if Paul Vixie still holds the record for the largest number of CERT advisories due to a single author?
It’s a fair assessment of BIND4 and BIND8, but BIND9 has been a lot more solid. (The delegation-only feature was BIND9 only; I can’t remember if it has been removed yet.)
> VeriSign had sued ICANN, accusing the regulatory group that oversees the Internet's technical infrastructure of overstepping its contractual authority and dragging its feet on allowing VeriSign to offer new services such as a wait-list service and internationalized domain names. In the lawsuit, VeriSign claimed that ICANN stepped outside its charter by delaying the introduction of new VeriSign services, including its Site Finder service, which redirects requests for nonexistent Web addresses, and its ConsoliDate service, which manages multiple domains. VeriSign claimed that ICANN cost the company money because of its tactics
Was there ever a time someone who wanted to find out more about xorg x11 knew (without already knowing about it) to just type "x.org" instead of "x11.org" or "xorg.org" or "xorg.com" or "xserver.org" and so on, finding non-existent responses or alternative groups who call themselves x?
Collision and needing to "divine" the domain seem inherent to having a name system. Both this and the need for a TLD-insensitive lookup were solved by making the address bar also the search bar so people can use search engines to find new things instead of DNS.
They already serve informational purpose at best, the site belongs to a tld with certain restrictions, but why tld restrictions should be expressed in the domain name?
TLDs can be thought of as namespaces, and they have good reason to exist.
For one thing, changing how domains work like this would massively drive up the cost of any one domain to the point where hobbyists and open-source projects would be priced out. I have a few domains, none of which are duplicated across different TLDs, and each of which serves a different purpose. It would have been pretty much impossible for me to do this if everything was under one namespace.
In addition to the price aspect, it would pretty much force the system into being a much more restrictive version of the already-existing trademark system - except that there wouldn't even be any exceptions for different fields, as there is in the current trademark system. For example, one of my domains coincidentally (and unknowingly at the time I registered it over 20 years ago) collides with the name of a movie. It's in a completely different field (actually, it's a personal, non-commercial site for me and not much is public on it) but I almost certainly wouldn't have been able to get it if TLDs didn't exist.
If you have no duplicates, why can't you have them under one namespace? Namespaces are supposed to separate duplicates so that they don't conflict. Without duplicates namespaces don't serve their purpose. TLDs can be kept as a supplementary technical information, like, e.g. cname.
But there are duplicates. There are a vast number of cases where a domain name under one TLD isn't held by the same person/company who holds the same domain name under another TLD.
This reminds me of another ISP scam. Around 2010, my ISP would occasionally inject pop-up ads into clear text HTTP pages. Apparently the solution was to call in a complaint. The customer support agent would act surprised (lol) and promise to investigate, and no ad would be delivered to the complaining customer afterwards.
They implement this at the edge, so bypassing the nameservers bypasses the silly search page and doesn't change the authoritative domain name. Verisign was changing it at the root, for everyone.
A difference of degree, not kind. This technique is the predator of the attention ecosystem, singling out the "old and weak" if typos imply weakness!
An angle no one has mentioned it how this played into googles dominance. These predators made it legitimately safer to type into a search box than a URL bar. At least for a little while.
Do you have an actual disagreement to communicate, or just thought-terminating dismissal, because it seems that typos would be more frequent for users with poorer attention to detail, which sounds to me like the kind of user that is more likely to fall for a scam.
So yeah, preying on users who make frequent typos would also serve to target less observant users, who have the potential be exploited more easily than the general population. AKA: typos imply an exploitable weakness
Case in point: Verisign and Telekom squatting on typo'd domains to extract revenue from exploitable users.
> In the weeks following the change, the site came into the top 20 most popular sites, and reached the top 10 in the aftermath of the change and surrounding controversy.
Assuming you mean they get all URL typos for free, probably a lot less than days past. How many people can only ever Google things? Directly typing in a URL has to be a tiny minority of users.
Even less than you think, because even when they type in the URL it’s into a search bar which is smart enough to correct the typos.
Edit: What’s really going to bake your noodle though, is that given all the issues with various kinds of URL squatting, they’re actually safer than those of us typing in the URL directly. Let’s hear it for my Dad, cybersecurity thought leader.
Never got into bookmarks, seemed slower to have to grab a mouse and dig around to find the bookmark I was looking for, vs ctrl-t then the first few letters.
Except that bookmarks are searchable, and in most browsers that search is a) available by hotkey, and b) offered as suggestions in the autosuggest of the address bar, so bookmarks tend to be useful to me at least.
Fun fact: Firefox adds your whole window (url/search bar and pinned bookmarks) to your tab-stop queue. So you can just press tab to select the pinned bookmarks and use arrow keys to navigate the bookmarks.
That is, unless, the site you're on is Technically Fucking Braindead and decides to intercept keystrokes. Fuck those sites though. There's an about:config to disable that behavior but a some certain sites stop working entirely without it. Google Documents... I'm looking at you...
Tangentially, what are people using for DNS+e-mail today? Was a happy gandi customer but have migrated to Gandi for DNS and protonmail for e-mail since the Gandi takeover.
I am really looking for a No Bullshit™ host for these things.
I didn't knew Gandi was taken over (I was never a customer).
I recently started to use NS1, which was taken over by IBM. It's nice and fast, comes with a great API, which even their web control panel also uses. The only negative side is that it's now owned by IBM.
I use some RHEL-alike products anyway, so I didn't mind NS1 now being IBM. NS1 doesn't mention any pricing, and I'm using their free developer accounts for my personal sites. I think it will get very expensive really quick once you become enterprise customers.
Ooof! Well at least now someone has read my blog (•‿•)
I was just thinking this side-thread was a bit OT. And in my book, there are worlds of difference between Google and using Algolia’s custom HN search, which is really awesome IMHO. (I use it myself multiple times per week.)
But what the heck, I’ll bite and share my recommendations.
I personally prefer this setup:
• Google Workspace for email. FastMail seems to be a very popular alternative, I’ve never tried them. There’s also Tuta and Protonmail but personally I’m not interested in E2EE email. (I much rather use something based on Double Ratchet for comms that need E2EE.)
• Cloudflare for DNS. There are lots of solid options here. E.g. AWS Route 53.
• Dynadot as my registrar. Porkbun seems to be a solid alternative.
PS. I know some HN users has made book recommendation compilations based on HN threads. Would be cool if someone made the same for mail/DNS/registrar recommendations :)
ClouDNS.net + Zoho Mail. I chose ClouDNS as I have a bunch of .pl domains which at other registrars are either unsupported (Porkbun, Route53), unreasonably expensive (e.g. Hetzner Cloud wants €35/yr, ClouDNS €18/yr) or offered without WHOIS privacy screen (Dynadot). I am not excited though about having to pay extra subscription for having more than 1 DNS zone, so I'll be happy to get better recommendations.
Except those have even bigger problems, like allowing me to claim a domain that legally belongs to someone else in a way that courts can do nothing about. Or manual typosquatting (e.g. serving phishing sites from go0gle.com), again without any recourse.
Really surprised the HN crowd isn't more into ENS, but then again they see the word blockchain and their bias makes them turn off any ability to think rationally
>there's no way to claim the domain of somebody else.
That's a problem, surely, as it means all domain names become owned in perpetuity. That's good if you don't want governments to be able to have control, but it doesn't fit with current systems like Trademarks, but also just if there was an error or con that caused a domain to be transferred that you want to reverse. Also, over time domains become lost; which is sub-optimal in a limited namespace.
It's my personal opinion but there's been way to much overeach from governments, registrars and various bad middlewares to make me think that resolving without interference is the #1 problem with DNS, not trademarks.
The current DNS is a bit like having HTTP everywhere, we need to upgrade to a more secure scheme.
ENS doesn't solve that problem though. Middlewares can still intercept requests, unless you download the whole blockchain locally. DoH or DoT solve the problem of snooping or changing DNS requests, or alternatively DNSSEC solves the problem of changing as well.
The part that blockchain addresses would actually get generally worse: typosquatting is already a problem, but at least most registrars are working to limit it - some more proactively than others. ENS removes any ability to prevent typosquatting at all. I have never heard anyone complain that registrars or governments are being TOO proactive in delisting typosquatters or those using domains they don't own the trademark for.
If you flip that over, then trademarks will become the #1 problem, not resolving without interference. It will be just as bad, but different.
Maybe you're thinking of trademarks as some bureaucratic intellectual property nonsense but they are practically important as well. I could own ycombinator.com in that system. What would you do about it besides changing the name of Y Combinator?
> Maybe you're thinking of trademarks as some bureaucratic intellectual property nonsense but they are practically important as well.
I do think their importance is vastly overstated yes but that's another debate.
Right now domains are also suspended for a lot of reasons, typosquatting being pretty much the only one I would describe as a valid reason. And the downsides of allowing domain suspension seems greater than the upsides.
I'd be okay changing my mind on the subject if DNS was used as intended and not as a political tool to suppress newspapers or block pirate websites.
I haven't read RFC 882 all that thoroughly, but the section of it titled "Authority and administrative control of domains" strongly suggests that DNS from its very beginning allowed the name servers to implement whatever policies they wanted over the domain(s) they have authority over, so... DNS is actually working as intended?
You can't solve social problems with technical solutions, usually. One exception, for the time being, is Tor. But that's only temporary until they ban it.
We take a free internet for granted, but in places like China, the government knows exactly what you're doing on the internet. They have to, because they route your packets, and they won't send your packets to places they aren't already spying on. No technological solution can change that, except possibly by constructing a physically parallel internet, and that stops working when...
An FSF member recommended Tor to Uighurs. An Uighur responded: "You don't understand. They aren't just monitoring my Internet. They're living in my house."
Trademarks already have trouble on the Internet. Who gets dove.com, the chocolate company or the soap company? If I create a new Dove birdseed company and I register dove.biz will I get to keep it?
The bias is justified. I use crypto sometimes as a way to send money without linking it to my real identity, but that's all I use it for. I have no interest in how it's implemented, only that I have total privacy (at least with Monero).
* Each transaction is signed by a "ring signature", where it's known that 1 of a set of 8 keys signed the transaction, but not which one. This is your actual input plus 7 other random inputs drawn from the same probability distribution as actual inputs.
* Double-spending is prevented by a "key image" which is something mathematically related to your actual key (not sure how that's verified without knowing which key it is). Each key image can only be used once, or it's a double-spend.
* Input amounts and output amounts have to balance using some kind of zero-knowledge proof.
When you make a transaction on the Monero network, only the actual sender and recipient know the sender, recipient, or value of the transaction. This makes tumblers unnecessary and removes that whole ethical burden. If your Monero is ethically sourced (i.e. you mined it or bought it with your own money) then you can safely spend it without being subject to any tracking.
Verisign is going to push every possible way to extract more money from .COM/.NET monopoly. They maximize price increases at every opportunity on their contracts (which has automatic renewal and no competition). For what? No added value to customers or the ecosystem as a whole.
SiteFinder was just one of many moves in a long series of bad for everyone but Verisign moves. Remember when .ORG had its price caps removed and then private equity tried to buy it? Guess where a lot of that backing came from...