Domain industry news

Syndicate content CircleID
Latest posts on CircleID
Updated: 1 hour 30 min ago

US Department of Homeland Security Issues Emergency Directive Ordering Agencies to Audit DNS Records

Tue, 2019-01-22 21:57

The U.S. Department of Homeland Security has issued a rare "emergency" directive ordering federal agencies to audit all DNS records within ten days. The "Emergency Directive” issued today is in response to a series of incidents involving Domain Name System (DNS) infrastructure tampering. Multiple executive branch agency domains were impacted by the tampering campaign, allowing attackers to redirect and intercept web and mail traffic according to the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). To address the "significant and imminent risks to agency information and information systems", DHS has ordered a set of near-term actions for all .gov or other agency-managed domains to prevent illegitimate DNS activity and help detect unauthorized certificates.

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, DNS

Categories: News and Updates

Biggest Fine Yet: French Watchdog Slaps Google With a $57M Fine Under the New GDPR Law

Tue, 2019-01-22 21:10

France's data privacy watchdog has fined Google 50 million euros ($57 million) under the European Union's General Data Protection Regulation (GDPR) making it the most significant regulatory enforcement action since the law came into effect in May. The National Data Protection Commission (CNIL) says Google was fined due to "lack of transparency, inadequate information and lack of valid consent" in its ad personalization service. More specifically, the group has identified two violations:

A violation of the obligations of transparency and information: "the general structure of the information chosen by the company does not enable to comply with the Regulation. Essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information..."

A violation of the obligation to have a legal basis for ads personalization processing: "The company GOOGLE states that it obtains the user's consent to process data for ads personalization purposes. However, the restricted committee considers that the consent is not validly obtained..."

Google says: "People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We're studying the decision to determine our next steps."

Follow CircleID on Twitter

More under: Internet Governance, Law, Policy & Regulation, Privacy, Web

Categories: News and Updates

Government Shutdown Halts Trump’s FCC Deregulation Agenda, Says Tom Wheeler

Tue, 2019-01-22 20:15

Former FCC Chairman, Tom Wheeler, warns that the effect of U.S. government shutdown on the Trump Federal Communications Commission (FCC) will last a long time even if the shutdown were to end tomorrow. In a post published today by The Brookings Institution, Wheeler writes: "Lost in the headlines of a border wall shutdown is the work the federal government should be doing to oversee the connective tissue of our economy: the nation's communications networks. While the government was open, the Trump Federal Communications Commission (FCC) has been notable in its efforts to shut down regulation of the companies it is supposed to oversee. One would, therefore, assume that pausing what was already a shutdown of oversight would have no real impact. Closing the agency's doors altogether would seem to be the ultimate definition of success for an agency that has spent the Trump term undoing regulation. Yet, the companies that have been the beneficiaries of the Trump FCC's deregulation are now discovering that a government that does nothing cannot serve their interests."

Shutdown is hurting telecommunications companies: Noted in various examples of negative impacts FCC shutdown has had amongst telecom companies is the complete halt of T-Mobile and Sprint merger talks as well as that of Nexstar and Tribune.

The adverse effect on 5G progress: The push for 5G wireless that the Trump FCC calls a national security-tinged "race" with China is slowed if the Commission cannot approve new 5G-capable phones and infrastructure.

Follow CircleID on Twitter

More under: Policy & Regulation, Telecom, Wireless

Categories: News and Updates

Protect Access to Safe Online Pharmacies Through Cyber Policy

Tue, 2019-01-22 19:04

The high cost of prescription drugs has created a health and economic crisis in the U.S. Personal prescription importation gives Americans a lifeline for affording safe medications.

As prescription drug prices continue to skyrocket, the Internet has made it possible for Americans to access medications safely at considerable cost savings. As I've shared previously on CircleID, safety and affordability are the most important considerations when choosing an online pharmacy.

The Internet community should protect this access through cyber policymaking and effective Internet governance that embraces safe online pharmacies regardless of location.

We recently released the results of a survey of Americans who order their daily medications from licensed Canadian pharmacies, demonstrating the realities of personal prescription importation.

The overwhelming majority of respondents — 94 percent — cited cost as the main reason they order their medications from licensed, legitimate online pharmacies, which is an increase from last year's survey in which 79 percent of respondents cited cost as the main reason. In addition, 97 percent of survey respondents would recommend ordering prescription medications from an online pharmacy in Canada to their friends and family members.

Nearly half of respondents (48 percent) have been ordering their medications from Canada for more than four years.

This year's survey also showed an increase in the percentage of people who are hearing about online pharmacies from their healthcare provider or pharmacist: 39 percent of survey respondents indicated that a healthcare provider or pharmacist told them about online pharmacies compared to 26 percent in last year's survey.

Additional highlights:

  • Primary Reason is Cost: The majority of respondents (94 percent) - cite cost as the reason that they order their medications from an online pharmacy in Canada. Other reasons cited include consistency in pricing (9 percent); convenience (7 percent); consistency in availability (6 percent); and lack of availability in the U.S. (4 percent).
  • Spending through Ordering Online: Nearly half of respondents (48 percent) spend less than $99 per month ordering personal prescriptions from licensed online pharmacies in Canada. Thirty percent of respondents spend between $100-$199 and 12 percent spend between $200-$299. Among people who reported spending more than $300, the average amount they reported spending is $493 per month.
  • Savings through Ordering Online: We also asked survey respondents to compare what they would spend on their prescriptions in the U.S. to what they pay by purchasing them through a licensed online pharmacy in Canada. More than half of respondents (52 percent) report saving up to $199 each month by ordering through an online pharmacy. Among people who save more than $300 per month (38 percent of respondents), the average savings that they report is $910.
  • Years of Ordering Online: More than half of respondents (52 percent) report ordering their prescription medications from an online pharmacy for less than three years. Thirty-one percent have been using online pharmacies for between four and seven years, and 17 percent of respondents have been ordering for more than eight years.
  • Recommendations to Family and Friends: Overwhelmingly, survey respondents (97 percent) would recommend ordering prescription medications from an online pharmacy in Canada to their family and friends. More than half of respondents (55 percent) know someone already who has ordered their medications from Canada.
  • Initial Awareness of Ordering Online: Sixty-one percent of people surveyed heard about online pharmacies from friends or family members. Thirty-nine percent of respondents learned about online pharmacies from either a healthcare provider or pharmacist. [Note: This is up compared to last year's survey in which 26 percent of respondents cited learning about online pharmacies from a healthcare provider or pharmacist.]
  • Choosing an Online Pharmacy: More than 40 percent of people surveyed looked for a verified, certified site when deciding which online pharmacy to use. Twenty-eight percent of people surveyed use an online pharmacy that was recommended by a friend or family member. Twenty-nine percent of people selected a site based on ease of use or best price.
  • Knowledge of "Rogue" Pharmacies: The majority of respondents (88 percent) can properly identify the attributes of a rogue website that sells counterfeit medications, which includes pharmacies that do not require a valid prescription, do not have a licensed pharmacist on staff, do not protect personal and medical information, and pharmacies that sell controlled substances.

As this survey makes clear, importing prescription medications from safe, verified pharmacies in Canada provides a lifeline to those in need of affordable life-saving and health maintenance medications.

As a global Internet community, we must protect human rights as it intersects with digital technology and opposes anyone who uses the Internet to restrict Americans' ability to access safe and affordable medications.

For more information on personal prescription importation, please visit this link:

Survey methodology: CPPI conducted this online survey between September 3, 2018 and November 12, 2018. Based on the universe of followers of CPPI, this sample of 1,354 responses represents findings with a standard sampling error of plus or minus 5 percent. For more information on the surveys cited in this article, please visit

Written by Tracy Cooley, Executive Director, Campaign for Personal Prescription Importation

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation

Categories: News and Updates

Prudential Settlements for Alleged Cybersquatting/Reverse Domain Name Hijacking Under the ACPA

Tue, 2019-01-22 17:24

Given the number of awards endlessly arriving from Panels appointed to decide cybersquatting disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) (ten to fifteen published daily), the sum total of grievants filing de novo challenges under the Anticybersquatting Consumer Protect Act (ACPA) is remarkably small — one or two at most in any single year; and those rarely proceeding to summary judgment or trial. The number of direct actions under the ACPA on an annual basis (not including claims of fraudulent transfers and counterfeiting) is not significantly higher. There are two good reasons for settling plain vanilla claims, namely lack of merit is quickly sniffed out and separate and apart from the expense of litigation, the ACPA itself is crafted to encourage settlement, or be exposed to statutory damages and attorney's fees, §§1114(D)(iv) and 1117(d) of the Lanham Act of which the ACPA is a part (15. U.S.C. § 1125(d)) that if applied could at worst nullify the value of the prize and at the least be painful.

Parties settle disputes for a variety of reasons including business decisions based on the cost, time, and effort litigating the merits of their claims and defenses. While settlements in no way advance the jurisprudence of domain names, they can nevertheless play an instructive role. This is particularly the case when settlements memorialized in judgments or orders advertently reveal a recognition of what the parties agree their rights actually are. These memorialized settlements are like postmortems: they identify what the parties themselves conclude are the metes and bounds of their respective rights. They do not declare the law but they reinforce what it is.

More so than in commercial disputes that present complex matrices of facts, cybersquatting and reverse domain name hijacking claims are minimally faceted, thus highly predictable. This follows because the factors (expressed as circumstances in the UDRP) that go into determining merit are more likely than not dispositive of the outcome. The UDRP mentions seven circumstances, the ACPA nine; although the palette of factors is larger than those few.

Thus, for example, uncurated websites that contain links to rights holders' competitors or domain names incorporating well-known marks plus dictionary words that reinforce association with marks are patently infringing; while domain names composed of generic and descriptive terms and random letters are patently not, absent other factors that would make them so.

In a very early challenge to a UDRP award transferring the domain name to Complainant that went all the way up to the Fourth Circuit,, Inc. v. Excelentisimo Ayuntamiento De Barcelona, 330 F.3d 617, 624 (4th Cir. 2003) the court isolated the controlling factor as the registrability of a generic term. Although Excelentisimo Ayuntamiento De Barcelona held marks that included "Barcelona" it did not (in fact could not) own the geographic term itself. The Court also memorably held that the UDRP is "adjudication lite" and Panels' decisions are "not even entitled to deference on the merits." While the court is the ultimate judge of merit at the same time it discloses (as do prudential settlements) the key to its assessment.

Recognizing that after a judicial decision is made the result often appears inevitable, and for this reason, one should resist the temptation of claiming inevitability, it is nevertheless true that once the court identifies the controlling factor(s) all future disputes with like facts must be similarly decided. When judicial outcomes are predictable, it makes little sense to pretend otherwise.

A reasonable segue into prudential settlements is to briefly review three cases in which the parties failed to analyze the factors that inform outcome. They illustrate the cost of being wrong in federal court, two by UDRP losing rights holders and one by a losing domain name holder. Briefly, the operative factors in each of these cases were predictably dispositive of the outcome: demonstrable preparations of use, priority of acquisition, and poor website curation.

1) v. Airfx LLC, CV 11-01064 (D.Ariz. 10/20/2011) (from a UDRP award in favor of Complainant in Airfx, LLC v. Attn, FA1104001384655 (Forum May 16, 2011)).

In this case, the Court held the registration and renewal of the domain name was not unlawful absent proof of Respondent having taken advantage of the rights holder's mark. It not only entered judgment with substantial attorney's fees for two sets of counsel it also on a subsequent motion blocked the rights holder from appealing the judgment for failure to post a supersedeas bond to cover attorney's fees of $103,972.50. The determinative factor (predictable from case law) was the domain holder's use of the domain name in association with an emergent business.

2) Joshua Domond and Harold Hunter, Jr v. PeopleNetwork APS d/b/a Beautifulpeople.Com, Beautiful People, LLC, Greg Hodge, and Genevieve Maylam, 16-24026-civ (S.D. FL. Miami Div. 11/9/2017) (from a UDRP award in favor of Respondent in Beautiful People Magazine, Inc. v. Domain Manager / PeopleNetwork ApS / Kofod Nicolai / People Network Aps / Nicolai Kofod / People Network, FA1502001606976 (Forum May 4, 2015).

In this case Respondent's registration of <> predated Complainant's mark. Under the ACPA, rights holders have no actionable club for cybersquatting for marks postdating the registration of the domain name. Since "Plaintiffs' allegations in the Second Amended Complaint establish that Defendants have priority of use" plaintiff rights holder "simply cannot state claims" for either cybersquatting or trademark infringement. Judgment included attorney's fees in the amount of $62,434.25.

3) Lahoti v. VeriCheck, Inc., 708 F.Supp.2d 1150 (WDWA, 2007), aff'd 586 F.3d 1190, 1203 (9th Cir. 2009) and 636 F.3rd 501 (9th Cir. 2011) (from a UDRP award in favor of Complainant in Vericheck, Inc. v. Admin Manager, FA0606000 734799 (Forum August 2, 2006).

In this case, the Circuit Court affirmed the judgment dismissing the complaint with damages and attorney's fees exceeding $70,000. While "veri" and "check" are generic, combined as VERICHECK it is distinctive. The Court concluded that "[a] reasonable person in Lahoti's position — that is, a reasonable person who had previously been declared a cybersquatter in a judicial proceeding-should have known that his actions might be unlawful."

Since outcomes are predictable in 99.99% of cybersquatting/reverse domain name hijacking claims it follows that the first step to consider is who got it wrong, the UDRP Panel or the challenging party? The following postmortems illuminate the answer.

1) Francois Carrillo v. Autobuses De Oriente ADO, S.A. DE C. V, 18-cv-00347 (D. Colorado December 21, 2018) from the UDRP award in Autobuses de Oriente ADO, S.A. de C.V. v. Private Registration / Francois Carrillo, D2017-1661 (WIPO February 1, 2018) (hereafter "ADO").

A number of commentators pounced on the UDRP decision as wrongly decided (correctly pounced I think), and I discussed what I regarded as the Panel's errors in an earlier essay, What's So Outrageous about Asking High Prices for Domain Names. In their settlement in ADO, the parties agreed as follows:

(i) Plaintiff's interests in respect of the domain name are legitimate; (ii) Plaintiff did not register or use the domain name in bad faith; (iii) Plaintiff's registration and current use of the domain name do not violate Defendant's rights under the Anticybersquatting Consumer Protection Act, 15 U.S.C. §§ 1114, 1125(a) and 1125(d).

The settlement terms were preceded by the following statement: "the Motion is well taken and is GRANTED” (Court's emphasis for "granted"; my emphasis for "well taken"). Even though counsel drafted the Order, I interpret the combined emphases to mean the Court (since it did not strike the "well taken") was as unimpressed with the UDRP award as the commentators. There is no established procedure for providers acknowledging annulment of UDRP awards but once counsel forwards the order or judgment to provider and registrar the award is judicially vacated and no longer enforceable.

2) Corporacion Empresarial Altra S.L. v. Development Services, Telepathy, Inc., D2017-0178 (WIPO May 15, 2017) (<>). In this dispute, the Panel denied the complaint, concluded it should never have been brought, and sanctioned the Complainant for reverse domain name hijacking. The Panel called each limb correctly. However, instead of celebrating the trifecta, the Respondent commenced an ACPA action for reverse domain name hijacking damages, Telepathy, Inc, Development Services v. Corporacion Empresarial Altra S.L., 1:17-cv-01030 (D. District of Columbia, November 28, 2017).

Unusual though this tack was, to have the court put ACPA damages flesh on UDRP bones it must have been apparent to the defendant that this first impression claim carried an unusual risk of sufficient concern to strategically pay its way out of the lawsuit. It agreed to pay plaintiff $40,000 dollars.

Other cases include:

  • In an earlier Telepathy case, Telepathy, Inc. v. SDT International SA-NV, 14-cv-01912 (D. Columbia July 9, 2015), Telepathy as Respondent in SDT International SA-NV v. Telepathy, Inc., D2014-1870 (WIPO January 13, 2015) invoked Paragraph 4(k) and moved to terminate or suspend the UDRP proceedings. The majority ruled for termination; the dissent denied Respondent’s motion to terminate the proceedings on the grounds that the Panel should have considered the complaint and denied it with sanctions for reverse domain name hijacking. In the ACPA action, the parties entered into a Consent Judgement and Permanent Injunction that included judgment against defendant for $50,000.
  •, LLC. v. Wills, 14-cv-00946 (D. Colorado July 21, 2015) (Respondent in Austin Pain Associates v. Jeffrey Reberry, FA1312001536356 (Forum March 18, 2014). In this case, the consent judgment reads that "Plaintiff did not register or use <> domain name in bad faith and had no bad faith intent to profit from the domain name." Defendant agreed to pay plaintiff $25,000.
  • Jello, LLC v. Camilla Australia Pty Ltd. 15-cv-08753 (D. NJ 8/1/2016) (Respondent in Camilla Australia Pty Ltd v. Domain Admin, Mrs Jello, LLC., D2015-1593 (WIPO November 30, 2015) involving <>. The defendant rights holder agreed to a discontinuance with prejudice with the domain remaining with Plaintiff.

    And finally,

  • Domain Asset Holdings, LLC. v. Blue Ridge Fiberboard, Inc., 2:16-cv-00520 (W.D. Washington July 15, 2016) (Respondent in Blue Ridge Fiberboard, Inc. v. Domain Administrator / Domain Asset Holdings, LLC, FA1602001661150 (Forum March 29, 2016) (<soundstop>). In this case, the rights holder agreed that plaintiff retain control of the domain name.

In each of these UDRP disputes (excluding <> in which the Panel got it right), it might be said that Panels misidentified the operative factors that supported Respondents' claims of lawful registration. The important lesson from these cases is that once rights holders are challenged in federal court and compelled to recognize the operative factors, they prudently retreat.

Prudential settlement can also be seen in direct actions under the ACPA. The Estate of Prince Rogers Nelson (known to the world as "Prince") commenced an action against Domain Capital, LLC for cybersquatting and the defendant counterclaimed for reverse domain name hijacking. Result: settlement (terms redacted) reported by Andrew Allemann on Domain Name Wire. However, it is clear from the redaction, reading as it were between the lines, no less than in the UDRP challenges discussed above, that the Estate came to recognize that it had no actionable claim for a generic term, and no choice if it wanted the domain name, except to pay for it.

As with history, settlement terms are dictated by the winners and when the winners are domain name holders, they want the world to know (as a warning to future overreaching rights holders) their registrations were lawful. Whether the settlement terms are expressly stated as in <> or implied by redaction as in <> they are compacted versions of the predictable outcome a court would have arrived at should the matters have progressed to judgment. There is wisdom in knowing when to step away!

Written by Gerald M. Levine, Intellectual Property, Arbitrator/Mediator at Levine Samuel LLP

Follow CircleID on Twitter

More under: Domain Management, Domain Names, Law

Categories: News and Updates

Can Trademarks and Brands Help Save the Internet From Itself?

Tue, 2019-01-22 14:21

Trademarks and brands are often among a company's most valued assets. Customers associate trademarks and brands with producer integrity. They engender consumer trust. Without TMs and Brands, companies struggle for attention and find it more difficult to link the company's integrity and trustworthiness in the marketing of its goods and services. Representing company promise and customer expectations, they are uniquely positioned to symbolize common values and aspirations. For these reasons, there is a common interest to preserve the integrity of their intellectual property.

Why is it then, that any of the companies that are most protective toward their intellectual property are the same companies that are most aggressive in, and most vocal and active in defending their predatory and manipulative data mining practices? Why is it then, that today companies with a significant Internet presence, and strong digital TMs and Brands, are increasingly identified with a blatant disregard for the privacy, security and integrity of the data of their customers? They are increasingly invested in the engagement of subject-experts, opinion leaders and lawyers in their pursuit of minimally constrained access to consumer/user data. As a result, these trademarks and branded companies are perceived as an overly aggressive, self-serving and damaging element in the health and wellbeing of the digital ecosystem in general, and for Internet Governance in particular.

The key to understanding companies in the digital age is to understand their heavy dependence on digital data. A company's digital presence places the collection and processing of data at the center of its activities. For social media, service is the bait, the hook, the net that catches user data as their main produce and primary source of revenue. For providers of goods and services user data, and insights derived from its analysis, are not only used for product and marketing improvement but as with social media it can also be sold to third parties for commercial, political or in some cases even illegal or criminal purposes. Much of the design and function of many of today's digital products and services is driven not by innovative products and services, but by innovative methods to collect data. While products and services must minimally connect with uses needs or wants, their main goal is innovative means for data harvesting.

Even more harmful than the abuse of, and lack of respect for, the privacy and security of user data for product or service marketing purposes, is its use but to influence the behavior of persons, entities and even governments. The manipulated digital reality, populated by truths or falsehoods, as seen by the digital user can manipulate and influence behavior. This is occurring not just in product and service markets, but more widely and dangerously in social and political arenas, in particular in the democratic processes of open society nations.

As the strategy of a company shifts from a relationship of integrity with its consumers, one aimed at enhancing customer engagement with products and services, to one of promoting unregulated access to and use of user data, satisfied consumers are no longer the end game. Access to and the use of user data become central to the business. The integrity of the relationship (the Brand and TMs) is compromised, integrity is lost, and trust is violated.

While one may admire social media (Facebook, Twitter, Instagram) for their service innovations, and online "stores" such as Amazon and Alibaba for their marketing savvy, they have developed in a regulatory void when it comes to private/personal data privacy and security. They have also exploited that regulatory void in ways that will likely be seen to be both anti-competitive unacceptable to what should be the protected rights and obligations of persons, entities and even governments in the Internet ecosystem.

Does this user data mining business model have a future as the Internet ecosystem gradually evolves appropriate models of governance? Initially, digital companies projected significant brand images (FaceBook, Amazon, Instagram, Netflix Google) while obscuring predatory practices behind service innovations. However, widespread awareness of such predatory practices is growing. Companies are drawing on the goodwill associated with their brands counter the potential for loss of trust. More and more people are asking fundamental questions about their digital privacy, their digital identity, and the uncontrolled use of their data. A Brand's offer of cheap prices, convenient ordering and fast delivery is no longer enough.

Distractive ads, serious data breaches, and political manipulation of exponential magnitude are where we are today. Where we are is not good. Digital users feel as disenfranchised "subjects" within the Internet ecosystem, and not as engaged and empowered digital citizens. People, entities, and governments need respect from one and other for their digital integrity. The integrity of digital brands is eroding, goodwill being replaced by suspicion and even disgust. Promoting Brand altruism engenders suspicion of doing harm. There is growing evidence that the public reception of digital Brands is increasingly diminishing. (This example shall serve as one of many instances of trust erosion.)

Despite many public "mea culpas", apologies, and highly publicized damage limitation initiatives designed to save Brands and their businesses, companies have continued with predatory data practices. These are central to their core business strategy, and the future revenue from such practices are baked into their current market valuations. In the absence of a governance process, it is impossible to determine if there is anything inherently wrong, unfair or unethical with the "data for services" terms of service consumers are pressed to agree to and with other practices within the Internet ecosystem.

As legislators slowly grasp the nature, if not the scope, of the problems, there are moves to force companies to change through legislation. The European GDPR data protection regulations are a leading example of this. The effect is very limited as it only addresses one small part of the exploited data and does not address the fundamental causes embedded in business practices within the Internet ecosystem.

To explore solutions to the challenge facing digital brands and their waning goodwill we need to recognize that, with its rush to innovation and growth, cyberspace development has run roughshod over integrity, security and trust. We have failed to adequately define and establish the rights and duties of digital users as residents of the Internet ecosystem and failed to attend to its governance needs. Efforts to date have been piecemeal and failed to recognize the global aspects of the Internet ecosystem.

The Internet ecosystem is here to stay. It is a virtually ungoverned part of our expanded reality. We've gone too long without tending to the need to begin to build an infrastructure for an Internet climate of trust and digital integrity. How can it be achieved? To restore goodwill and integrity the TM and Brand companies need to adopt, promote and help implement both legal and cultural practices suitable for the digital age, practices and regulations which define the relationship between engaged digital citizenship and responsible business practices. TM and Brand companies cannot achieve this in the absence of appropriate governance that helps develop the rules of the game and rules of engagement.

The integrity of a TM or Brand rests on how it treats user data and is an important determinant of TM and Brand value. A lack of digital integrity puts both user privacy and Brand and TM worth at risk. Respect for, and helping advance the values of, digital citizenship will help TM and Brand companies protect their integrity and goodwill. Digital integrity, as respect for the rights and obligations of data ownership and the limits of data access, must be understood as not only a new and important aspect of consumer protection, but essential for preserving the integrity, goodwill, and asset value of TMs and Brands.

Companies and the Internet ecosystem require an urgent reset of current business models. TM and Brand companies, of course along with others, should lead the way to build new behaviors and practices that establish positive and sustainable "trusted" Brand values. To preserve the value of their TMs and Brands digital companies need to strike a "new deal" not only with their customers but the whole internet ecosystem. TMs and Brands have the opportunity of being lead stakeholders in the pursuit of digital Integrity and trust or run the risks of being marginalized by a user/consumer revolt from below, or ill-designed regulations from above. The call is for engaged TM and Brand stakeholders, working in concert with other stakeholder contingents.

In so doing, TM and Brand companies can pull the Internet, and themselves, back from the edge of a worrisome precipice of Internet ecosystem distrust and damaging disruption. The following offers some suggestions for how TM and Brand companies could play an active stakeholder role:

  • Constructing new internal capacities. Individuals and organizations have been long concerned with aspects of empowered digital citizenship and have developed content on digital integrity and its application. Through collaboration, this knowledge can be adapted, transferred and spread.
  • Developing as digital integrity competence centers. Unlike companies, many of their customers and business partners are unable to address digital challenges alone. Companies can assist to create and offer solutions, as "thought leaders", using their Brands goodwill. Awareness and capacity building around empowered digital citizenship and enhance corporate integrity will help build loyalty and create empathy and authenticity as a trusted partner in the digital age.
  • Strengthening the Brand promise. Just as Intel created the slogan "Intel Inside", companies should make "Digital Integrity " an integral part of its brand image. This includes their approach to the acquisition and use of domain names, an area of growing concern and waning integrity.
  • Application of digital integrity should be demonstrated by Brands in areas other beyond data integrity. Brands should reflect a lived entrepreneurial social responsibility by supporting not only a legal and social culture of digital integrity, but also integrity's relevance to other areas of the Internet ecosystem as they impact on broader society and related challenges in art, culture, health, food security, and climate change, to name just some.

Active participation of Brands as a stakeholder in shaping governance institutions and policies for the Internet ecosystem. This would include moving away from their increasingly indefensible predatory data practices and the restoration of the value and promise of their TMs and Brands. TMs and Brands need an ethical framework and a structure of governance that is universal and defines the rights and responsibilities of all stakeholders in the digital age.

Business models based on exploiting user data have a short future. Instead of investing in unfettered data mining, companies need to situate their TM and Brand worth in product and service innovation that itself rooted in integrity and trust. Both companies and Internet users will benefit from good Internet governance. The well-established legislative frameworks and organizational structures that TMs and Brands rely on may well contain elements for that task. The Internet is fueling increased transparency and companies will be pushed to execute corporate social responsibility. Appropriately done, the benefits to the integrity of their TMs and Brands, their goodwill, and the net worth will be measurably higher than it is possible through (currently short-lived) predatory data use business practices.

Written by Klaus Stoll, Digital Citizen

Follow CircleID on Twitter

More under: Intellectual Property, Internet Governance, Policy & Regulation, Privacy, Web

Categories: News and Updates

The .BEST Brand Protection (Interview)

Tue, 2019-01-22 13:59

Launching a social network based on a single domain name extension is seriously innovative, but such a concept also implies to give Trademarks a chance to protect themselves. I recently interviewed Cyril Fremont, the new operator of the .BEST Registry and also CEO of "THE.BEST Social Network" on his plan to allow Trademarks to protect their assets prior to the launching of the review network.

Jean Guillon: Hello Cyril, I was wondering how you were preparing for the Las Vegas introduction of your new social network at NamesCon and wondered if you had more information to share about the target of 100 Million potential reviewers advertised on

Cyril Fremont: 100 Million is a target but I see that'd you've dug to find about our program. We believe that offering anyone to review and be rewarded for this is a serious opportunity for anyone interested in generating an income from a domain name, and this is what the reviewers, using a ".best" domain name will be offered. Now, thinking twice, we considered that such an innovative offer could harm, or put at risks, other Internet users such as Trademarks, so our job is also to prevent this from happening.

JG: I understand that this is the role of but doesn't it look like some form of DPML?

CF: It is more simple than this since these offers require to be registered in the Trademark Clearinghouse: does not.

JG: Correct, and there is no Sunrise or Landrush period since the .BEST new gTLD was launched already.

CF: In fact, our offer is a straightforward one: Brand owners can submit a list up to 1000 terms that contain their exact match trademark terms. Once terms are accepted, they are blocked from registration at all .BEST Registrars for an initial period of 5 or 10 years.

JG: During that period, what does it do exactly?

CF: A domain blocked by Best Protection is not functional, it means that it may not be used for a website URL, e-mail address or other types of domain-related functionality.

JG: What about after 5 or 10 years?

CF: The Best Protection then can be renewed in increments of one to ten years.

JG: Understood. I navigated through the website and fell on that sentence: Protect your brand against "yourproduct.Best", what does it mean exactly?

CF: It means that users often hit "Best your product", "Best price your product", "Best your service" in search engines, where "product" or "service" are the name of a Trademark. Users assume that search engines will have information about the best of your business, but many fraudsters use Trademarks to divert traffic to illegitimate websites. For this reason, securing keywords on allows Trademarks to block fraudsters from using the name of their product or service and lose sales to other fraudulent websites or fake products.

JG: I get it. I have one last question about my personal business: as a person involved in domain name innovation and also offering online brand protection solutions, is it a service that I could offer to my clients or does all this go through your website?

CF: We already have IP specialists resellers such as Corporate accredited Registrars interested in offering this solution to their clients. We won't sell the protection ourselves since Trademarks are not our direct clients, Registrars are.

JG: A new tool for Corporate Registrars and Law Firms then but, for example, I secured and do you offer some kind of affiliate program that I could use my domain names with to offer potential visitors to secure their Trademarks on the .BEST registry, so I could generate an income from this?

CF: No, but we will consider the idea: do you mean some sort of form that you would put on your website where we would track registrations or some form hosted on our DNS where you would map your domain name to and we would track registrations?

JG: Yes, so users like me who sometimes park domains could find a use for them. Parking generates zero return on existing parking platforms so I'd rather promote a new service rather than offer an ugly parking page that generates a CPC close to zero.

CF: I doubt that we will do that as we want to focus on developing the Registry & the Social Network: "chacun son métier".

JG: Any other new services coming in the future?

CF: Brand Satisfaction monitoring but let us first present THE.Best Social network and the Best Protection program at the Namescon on January 29.

Written by Jean Guillon, New gTLDs "only".

Follow CircleID on Twitter

More under: Domain Names, Intellectual Property, New TLDs

Categories: News and Updates

ICANN Gives .amazon Talks a March Deadline

Mon, 2019-01-21 17:49

ICANN's board of directors has voted to put a March deadline on discussions concerning .amazon top-level domain. "Late last week, the board formally resolved to 'make a decision' on .amazon at ICANN 64, which runs in Kobe, Japan from March 9 to March 14," reports Kevin Murphy in Domain Incite. "It would only do so if Amazon the e-commerce giant and the eight governments of the Amazon Cooperation Treaty Organization fail to come to a "mutually agreed solution" on their differences before then." The vote comes following eight South American governments' strong denial in December for Amazon (the tech giant) being given the .amazon domain.

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, New TLDs

Categories: News and Updates

Google Is Installing 1.6 Million Solar Panels for Its New Tennessee and Alabama Data Centers

Fri, 2019-01-18 22:38

Google is building two new data centers in the Southeastern U.S., Tennessee and another in northern Alabama. The company has pledged that in the coming years, it will purchase the output of several new solar farms "as part of a deal with the Tennessee Valley Authority (TVA), totaling 413 megawatts of power from 1.6 million solar panels — that's equivalent to the combined size of 65,000 home rooftop solar systems."

Google's Senior Lead, Amanda Corio writes: "Located in Hollywood, Alabama and Yum Yum, Tennessee, the two biggest solar farms will be able to produce around 150 megawatts each. These solar sites will be among the largest renewable energy projects in the Tennessee Valley region, and the largest solar farms ever to be built for Google. ... electricity consumed by our data centers in Tennessee and Alabama will be matched with 100 percent renewable energy from day one, helping us match our annual electricity consumption as we grow."

Follow CircleID on Twitter

More under: Data Center

Categories: News and Updates

2018 Cybersecurity Venture Capital Investment Reaches Record $5.3B, Nearly Double that of 2016

Fri, 2019-01-18 20:49

2018 proved to be an active year for cybersecurity investing, with record highs in dollars invested which included increased average deal size, continued rise of investment outside of the US, a busy M&A and IPO market. According to a report by Strategic Cyber Ventures, Asia and Europe, together, now account for 22.6% of global investment in cybersecurity companies, double that of 2014 (12.7%), and as high as 24.1% in 2016. But the report notes California continues to lead the way, alone, accounting for almost half of global investment in cybersecurity companies in 2018 (46%).

This rate of investment is not sustainable, says Strategic Cyber Ventures. "This is the case with the broader tech ecosystem as a whole… In cybersecurity, there are likely many zombies out there. They've raised big rounds, growth has slowed, perhaps due to vendor fatigue or increased competition, and now these companies can't raise at increased valuations from prior rounds, or at all, and are being propped up by existing investors that will eventually grow weary of keeping them alive. These companies will eventually float to the surface over the next few years with less than desirable outcomes for investors and founders."

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

China Is Building a National-Level Cybersecurity Industrial Park

Fri, 2019-01-18 20:24

A national-level cybersecurity industrial park is under development in Beijing, China to boost the industry and tap into the potential of domestic tech companies. According to a press release issued this week, Beijing Municipal Bureau of Economy and Information Technology reports over ten companies specialized in internet security have signed a contract to move into the park. The construction on the park started at the end of 2017, and by 2020, the industrial output is expected to reach 100 billion yuan (about 14.5 billion U.S. dollars).

"The demand for internet security is growing in China as many of its cities roll out smart-city initiatives." Jane Zhang of South China Morning Post notes: "In 2017, the country's cybersecurity industry grew 27.6 percent year on year to 43.92 billion yuan and was forecast to hit 54.6 billion yuan for the full year of 2018..."

There are others: "Apart from the one in Beijing, CAICT listed three other major national-level cybersecurity industrial parks in its China Cybersecurity Industry White Paper last September."

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

Apple CEO Tim Cook Calls for New Privacy Law, Suggests Data Broker Clearinghouse

Fri, 2019-01-18 04:47

Apple's chief executive officer Tim Cook has called for the US Congress to introduce a national privacy law, attacking a "shadow economy" where personal data is bought and sold without their knowledge. Cat Zakrzewski reporting in the Washington Post: "Cook wants Congress to create a 'data-broker clearinghouse' within the Federal Trade Commission that would oversee these companies. Data brokers collect and bundle people's information and sell their profiles to other companies, often to enable personalized online advertising. Cook is proposing the government require data brokers to register with the FTC and allow consumers the ability to track how the brokers package and sell their data — and easily delete their data from services for free."

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation, Privacy

Categories: News and Updates

A Data Dumb Exposes 773 Million Unique Email Addresses, 22 Million Passwords

Thu, 2019-01-17 18:50

Close to 773 million unique email addresses and 22 million unique passwords were found to be hosted on cloud service MEGA. The data breach dubbed "Collection #1" by security researcher Troy Hunt, was reported today as a set of email addresses and passwords totaling 2,692,818,238 rows. He writes: "It's made up of many different individual data breaches from literally thousands of different sources."

The numbers: "In total, there are 1,160,253,228 unique combinations of email addresses and passwords. ... The unique email addresses totaled 772,904,991. ... There are 21,222,975 unique passwords."

Have I Been Pwned: All the 772,904,991 email addresses exposed have been loaded into Have I Been Pwned (HIBP). "This number makes it the single largest breach ever to be loaded into HIBP."

Where did the data come from: "Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service)," Hunt reports. "The collection totaled over 12,000 separate files and more than 87GB of data. One of my contacts pointed me to a popular hacking forum where the data was being socialised."

Follow CircleID on Twitter

More under: Cloud Computing, Cybersecurity, Privacy, Web

Categories: News and Updates

Forget it, Jake. It's China.

Thu, 2019-01-17 16:25

A timely article in The Wall Street Journal (that I only recently got around to reading): "The future's not here." American business people once saw China as dynamic, exciting and wide open. Not anymore.

To which I ask: When was China ever "wide open?"

An excerpt:

For years, American entrepreneurs saw a place in which they would start tech businesses, build restaurant chains and manage factories, making potentially vast sums in an exciting, newly dynamic economy. Many mastered Mandarin, hired and trained thousands in China, bought houses, met their spouses and raised bilingual children.

Now disillusion has set in, fed by soaring costs, creeping taxation, tightening political control and capricious regulation that makes it ever tougher to maneuver the market and fend off new domestic competitors. All these signal to expat business owners their best days were in the past.

Let's not blame the recent trade and tariff issues. China is a ruthlessly competitive market that, like so many countries, tilts the playing field in favor of its home-grown companies. And intellectual property is (to put it mildly) not well protected. I remember when Bill Gates traveled to China years ago to complain about the epic levels of piracy of the Windows OS (at the time, Windows was the leading operating system in China and yet Microsoft saw little in the way of revenues).

Other companies that have struggled in China include Cisco, Amazon and WalMart. And let's not overlook the fact that Google and Facebook are still desperately trying to squeeze their way in without selling their souls (and are close to doing just that).

One thing I have been telling companies in the early stages of going global for more than a decade now — if China is your first overseas market, perhaps you should select another. Going global is difficult, no matter what country or culture you target. But add in one of the most heavily and capriciously regulated intranets (China's Internet is in truth an intranet) and you face a very steep hill to climb. That's not to say you shouldn't target China, but go into it with eyes open and a long-term game plan.

And, frankly, that's true for any market. Every new market is a new frontier — with new rules, cultures, competitors. The experience of going global can be equal parts exhilarating and terrifying. But it is most definitely not boring!

Written by John Yunker, Author and founder of Byte Level Research

Follow CircleID on Twitter

More under: Multilinguism, Web

Categories: News and Updates

The Need for Sustainable Open Source Projects

Thu, 2019-01-17 00:09

As a long-standing contributor to open standards, and someone trying to become more involved in the open source world (I really need to find an extra ten hours a day!), I am always thinking about these ecosystems, and how they relate to the network engineering world. This article on RedisDB, and in particular this quote, caught my attention —

"There's a longstanding myth in the open-source world that projects are driven by a community of contributors, but in reality, paid developers contribute the bulk of the code in most modern open-source projects, as Puppet founder Luke Kanies explained in our story earlier this year. That money has to come from somewhere."

The point of the article is a lot of companies that support open source projects, like RedisDB, are moving to more closed source solutions to survive. The cloud providers are called out as a source of a lot of problems in this article, as they consume a lot of open source software, but do not really spend a lot of time or effort in supporting it. Open source, in this situation, becomes a sort of tragedy of the commons, where everyone thinks someone else is going to do the hard work of making a piece of software viable, so no-one does any of the work. Things are made worse because the open source version of the software is often "good enough" to solve 80% of the problems users need solved, so there is little incentive to purchase anything from the companies that do the bulk of the work in the community.

In some ways, this problem relates directly to the concept of disaggregated networking. Of course, as I have said many times before, disaggregation is not directly tied to open source, nor even open standards. Disaggregation is simply seeing the hardware and software as two different things. Open source, in the disaggregated world, provides a set of tools the operator can use as a base for customization in those areas where customization makes sense. Hence open source and commercial solutions complement one another, rather than one replacing the other.

All that said, how can the open source community continue to thrive if some parts of the market take without giving back? Simply put, it cannot. There are ways, however, of organizing open source projects which encourage participation in the community, even among corporate interests. FR Routing is an example of a project I think is well organized to encourage community participation.

There are two key points to the way FR Routing is organized that I think is helpful in controlling the tragedy of the commons. First, there is not just one company in the world commercializing FR Routing. Rather, there are many different companies using FR Routing, either by shipping it in a commercial product or by using it internally to build a network (and the network is then sold as a service to the customers of the company). Not every user of FR Routing is using only this one routing stack in their products or networks, either. This first point means there is a lot of participation from different companies that have an interest in seeing the project succeed.

Second, the way FR Routing is structured, no single company can gain control of the entire community. This allows healthy debate on features, code structure, and other issues within the community. There are people involved who supply routing expertise, others who supply deployment expertise, and a large group of coders, as well.

One thing I think the open source world does too often is to tie a single project to a single company, and that company's support. Linux thrives because there are many different commercial and non-commercial organizations supporting the kernel and different packages that ride on top of the kernel. FR Routing is thriving for the same reason.

Yes, companies need to do better at supporting open source in their realm, not only for their own good but for the good of the community. Yes, open source plays a vital role in the networking community. I would even argue closed source companies need to learn to work better with open source options in their area of expertise to provide their customers with a wider range of options. This will ultimately only accrue to the good of the companies that take this challenge on, and figure out how to make it work.

On the other side of things, open source is probably not going to solve all the problems in the networking, or any other, industry in the future. And the open source community needs to learn how to build structures around these projects that are both more independent, and more sustainable, over the long run.

Written by Russ White, Network Architect at LinkedIn

Follow CircleID on Twitter

More under: Networks

Categories: News and Updates

In a Rare Meeting, Huawei Founder Addresses Concerns Over Tech Giant Spying for Chinese Government

Tue, 2019-01-15 19:33

In a rare meeting, Ren Zhengfei the founder of the Chinese tech giant Huawei assured foreign reporters that his company would refuse to disclose secrets about its customers and their communication networks. The company has been facing escalating concerns over the controversy that it might be spying for the Communist government. Joe McDonald reporting in AP: "Ren's comments were the 74-year-old former military engineer's most direct public response to accusations the world's biggest maker of telecom network gear is controlled by the ruling Communist Party or is required to facilitate Chinese spying. The United States, Australia, Japan and some other governments have imposed curbs on use of its technology over such concerns."

Noteworthy: "Ren said he became a Communist Party member in the early 1980s after the state press published reports about his development of a measuring tool for an engineering project." But also insisted that he sees no connection between his personal political beliefs and company decisions.

Follow CircleID on Twitter

More under: Mobile Internet, Privacy

Categories: News and Updates

FCC Declines Emergency Briefing Request Concerning Location Data Collection

Tue, 2019-01-15 18:55

U.S. Federal Communications Commission (FCC) chairman Ajit Pai declined a top House Democrat's request for an emergency briefing on the wireless industry's data collection practices amid troubling reports about the availability of real-time location information, reports Harper Neidig in The Hill. The government shutdown was blamed for the refusal with the FCC stating that the issue could not be addressed at this time as it did not pose a "threat to the safety of human life or property." From FCC's statement: "Unfortunately, we were required to suspend that investigation earlier this month because of the lapse in funding, and pursuant to guidance from our expert attorneys, the career staff that is working on this issue are currently on furlough."

Follow CircleID on Twitter

More under: Mobile Internet, Policy & Regulation, Privacy, Wireless

Categories: News and Updates

New Book: Managing Mission Critical Domains &amp; DNS

Tue, 2019-01-15 16:35

Editor's note: We recently received Mark Jeftovic's latest book "Managing Mission Critical Domains & DNS" packed with information covering the whole spectrum of the naming system. A 20-year industry veteran, Mark has shared numerous aspects of the naming ecosystem stemming directly from his personal experience. It's a must-read for anyone interested in making sense of the DNS world. Here is Mark sharing some additional background and overview of the book.

The idea behind my recent book "Managing Mission Critical Domains & DNS" is to provide a unifying overview around the area of domains and naming where I think there exists an artificial divide, and that divide exists between domain policy, and managing ones' domain portfolio; and the DNS ops side of things: running your nameservers or outsourcing to a vendor, or both.

I've been doing this for over 20 years, I've seen almost every failure condition that can happen to your domain or DNS and even committed most of them myself (as I quip in the preface):

I'm not a DNS expert per se, unless you use Neils Bohr's definition of an expert as "somebody who has made all possible mistakes within a very narrow field".

I haven't seen a book, ever, that has tried to synthesize the dual aspects of domain portfolio management and DNS ops so I decided to write that book.

Figure 1: The two logical realms of a domain name

Overall, I think the book captures that.

It looks at the entire naming ecosystem:

  • the registrar/registry side of things
  • whois, ramifications of whois privacy, the GDPR,
  • registry locks
  • ICANN policies that can zap your domains
  • Common pitfalls, like scams and slamming techniques
  • Intellectual property issues, domain disputes: UDRP, URS, transfer disputes

Then over on the DNS operations side:

  • how queries work, debugging,
  • various nameserver daemons from a perspective of nameserver diversity
  • myriad use cases
    • adding secondary DNS
    • zone apex aliasing
    • advanced geo DNS
  • Other considerations like IP space and numbering decisions
  • anycast vs unicast
  • security: from
    • securing your vendors
    • DNSSEC
    • DDoS mitigation.

...and much more!

I'm aware of some formatting errors and through some miscommunication, all the chapter endnotes were converted into references, if it does well enough for a next edition I will be armed from experience to fix some issues.

The book is available directly from Packt Publishing or the usual channels like Amazon. Reviews would be greatly appreciated.


I found myself constrained by a character limit for the Acknowledgements section of the book, I was only able to list the names of those without whom the book would not have been possible.

Now I would like to take the space here to expand on that as I had it in the original manuscript:

I'm thankful that my staff at easyDNS always know "to do the needful" (inside joke), freeing me up to write this book. Special mention to our COO Tamas Acs and CTO Ranko Rodic — I would never have been able to write this book without you two minding the shop.

This business is blessed with some ethical, friendly gentlemen competitors like Steve Job at DNSMadeEasy (no relation), as well as Anthony Eden (DNSimple) and Dan Durrer ( If all business competitors were as noble as you guys there would be no strife in the world.

Jim Carroll was invaluable in mentoring me through the gauntlet of writing a book without completely losing one's mind. Rick Brockhead is a literary agent par excel‐ lance who advised me throughout the contract process.

Richard Lau and Jothan Frakes helped get the ball rolling on promoting the early version of the book by inviting me out to NamesCon.

I have to make a special mention to Peter Van Dijk, Matt Pounsett, Patrik Lundin and Cricket Liu; without them this book would have been unreadable.

  • Peter Van Dijk's review of the initial draft was exhaustive and he brought to my attention myriad factual errors, inconsistent thinking and flawed reasoning which, albeit painful and at times humbling, did help immensely.
  • Matt Pounsett did much of the same, diving down in innumerable places with crucial references, pointers and corrections.
  • Patrik Lundin was the very first reader to provide edits from the very beginning of the early-release schedule and went on to review the entire manuscript in detail and with comprehensive illuminating feedback.
  • Cricket Liu helped me understand that I had wandered off-message for a large chunk of the first draft and made it possible for me to refocus and retrench back to the original target audience and base concept.

Thanks also to: John Demco at Webnames/CIRA for proofreading;

Russ Nelson for reviewing the tinydns section;

Jan-Piet Mens for reviewing the book and offering additional feedback;

Jacques Latour from CIRA. Jack is a great guy ;-)

George Kirikos — an authority on policy issues and always happy to help;

and Joe Abley who allowed me to pepper him with a steady stream of questions.

If this book is deemed "a success", it wouldn't have been possible without these technical reviewers. Thank you.

Sandro Pasquale was responsible for getting me signed to Packt Publishing (who turned out to be an easyDNS customer, talk about karma)

Last but not least I'd like to nod to Bert Hubert and Paul Vixie who never fail to take time out from their busy schedules to answer questions and help clue me in.

Thanks also to everybody at Packt.

Written by Mark Jeftovic, Co-Founder, easyDNS Technlogies Inc.

Follow CircleID on Twitter

More under: DNS, Domain Names, Policy & Regulation

Categories: News and Updates

Not Another Yearly Recap: What 2018 Tells Us About .brand Domains

Mon, 2019-01-14 20:04

It's that special time again!

Time to unwind, spend time with loved ones — and to reflect on another 12 months of progress across the .brand movement.

Over the last few years, we've used this end of year assessment and our efforts with MakeWay.World to show you how the industry is being embraced globally — through a range of examples, statistics and predictions about how the year ahead will be our best ever.

Now… I'm not promising that there won't be a little of that in this blog — but I was reflecting recently on where we've come from and pushing myself to really consider how last year evolved and what we've learned.

And as you'll see below, the situation with .brands is a little different than perhaps how we had predicted.

No 'big bang' moment: where we got it wrong

A lot of the time, the news you'll see from me will relate to .brand site launches, from well-known brands in the most influential sectors and industries. And like many .brand watchers, we've long been hanging out for that one massive, shining example: the day Google or Apple or some other highly prominent household names start to use their TLD which causes an amazing domino effect and others instantly go 'all-in' on their .brands.

Yet, these massive organizations (and many others) have actually done some amazing things with their .brands in the last 12 months, without the expected fanfare and explosion of .brand usage across the industry.

Why you may ask? Whilst it's difficult to say with 100% certainty, I think one of our key lessons in 2018 was that organizations are embracing .brands for their own reasons and in their own time.

We've seen trends develop around the use of .brands to secure and improve social media links, to save money and time in managing corporate domain portfolios, and to redirect visitors to existing web content.

This leads me to believe that the importance of aligning to your company's strategy and ensuring that sufficient support and education has been garnered appears to be more important for this type of innovation, as distinct to responding to competitor movements or other industry trends.

Similarly, a number of our clients used their .brand last year for the first time simply due to the fact that a .com domain they wanted for a promotion wasn't available (or was at a high price) so they ended up registering in their .brand very quickly and inexpensively. Having realized how simple and reliable it is, they've told me they won't ever revert to that legacy behavior again.

All of these are 'simpler' strategies than the marketing and advertising revolution we predicted — but they are no less valid or clever options. In fact, they're probably easier to get started and will be more sustainable and scalable for many .brands.

You see, it's really education and awareness that is the key to continued adoption on the .brand space. Use of a .brand is neither complicated nor risky, and the vast majority of folks that have put their toe in the water rapidly advance to talented swimmer status relatively quickly.

Whilst there is unquestionably a groundswell of new .brand usage each year (which I'll go into a bit more below), the previously-held view that we're waiting for one big thing to tip the scale across the world for .brands shifted significantly last year and I think it's reasonable to assume that this will be a continual and gradual pattern of adoption in the years to come.

The stats don't lie - .brands are a maturing space

In 2018, 46 new brands used their .brand TLD for the first time. This meant we welcomed to the fold companies like American Express, Bosch, AOL, Nikon, Visa and many more.

Meanwhile, we also saw more growth in domains last year than we did in 2017 — by more than double. The industry sectors with the most domains registered (automotive and banking & financial at the time of writing) were also the ones that grew the most. Not only this, but actual usage of these domains is also still on the increase — up 18% in 2018.

And honestly, this is exactly how a maturing space should behave. In any new technology, you expect an initial spike of activity — but this isn't sustainable. In order to see longevity and future innovation, there have to be periods of settling and stabilizing between the peaks.

The first .brand TLD to be delegated went live in 2014. We're over four years past that now, and the fact that we're still seeing growth in domains and in usage is an encouraging sign for .brands in the long term.

This is another key takeaway for me as I reflect on 2018.

In previous years, we'd been very focused on maximizing growth at all costs, but the maturity in 2018 of the .brands movement across the world was equally rewarding last year, if not more so.

The highlights reel

Having said all this, I couldn't let a 2018 recap go by without calling out a few great examples of usage that emerged last year.

In September, Apple launched its new iPhoneX using, a mobile-based, promotional product site. As with anything Apple does, this gained huge media attention and likely drew a lot of eyeballs to the site. Apple has also had redirecting to its corporate news page for several months.

Following its move to a new international site at, Canon announced its move to .canon email addresses, explaining that "by leveraging the simplicity of the TLD, which is easy to remember and easy to understand, Canon aims to enhance the Company's global brand value."

As we commented on earlier in the year, the Australian Football League promoted its premiership finals series on, exposing the domain to millions of viewers in Australia via advertising on television, radio, social media and out-of-home.

We saw several new corporate sites on a .brand TLD from Google, including,,,,,, and more. Google's use of .google shows no sign of letting up and their passion towards this and other vital topics such as HSTS will continue to inspire others in years to come.

The automotive space continued to lead the way in .brand usage, with sites like,,, and

This is just a tiny, flyover sample of some of the sites that got us excited last year. But the sheer volume means there's no way we can give a full overview. If you want to see more of these, check out our Showcase on MakeWay.World.

So, was 2018 'the biggest year yet', with 2019 set to blow it out of the water?
Or have we just witnessed a vital pivot, cementing .brands as an innovation that will continue to drive the evolution in digital identity and branding for years to come?

Time will tell, but as we look towards the year ahead of us, let's not put ourselves under any illusions. 2018 showed us that .brand adoption will continue to be steady, but it also relies heavily on the community sharing our lessons and successes to help the marketers of tomorrow understand the inherent brand, security and efficiency benefits.

As for 2019, I for one am really excited to see this industry continuing to mature and finding its feet as a stable, sustainable part of brands' long term tech and marketing arsenal.

This article was originally published on MakeWay.World.

Written by Tony Kirsch, Head of Professional Services at Neustar

Follow CircleID on Twitter

More under: Domain Management, Domain Names, Intellectual Property, New TLDs

Categories: News and Updates

Why ".brands" Domains Make Sense

Mon, 2019-01-14 13:30

I receive spam on a daily basis from various Banks… as well as mine. None are legitimate but actually, that is not what is catching my attention receiving spam. There is something else and it deals with stealing information from me.

Creating a personalized ".brand" domain name extension allows avoiding all that.

Bank Emails

Many are familiar with receiving spam through phishing attempts to have you answering an email and providing personal information such as login and passwords: most of the time receivers know that they should not answer emails from any Banks since most offer to communicate with them from their online portal. This one is easy to avoid.

Another standard is to receive an email asking you to click on a link. Such spams are also standard phishing attempts trying to steal login and password from you on a fake website looking like the one from your Bank.

Answering the email to a person using a personalized domain name extension such as the one from your Bank CANNOT be faked.

When answering the email, the domain name extension to appear in the "To" field" cannot be faked using a homoglyph or a letter looking similar to a standard domain name extension such as a country code top-level domain or a generic one. The reason for this is simple:

  1. the owner of the domain name extension decides about his domain name extension and this one will be unique: most of the time the final domain name extension is his Trademark. On the opposite side, anyone can create a domain name using your Trademark and ending in ".com".
  2. the owner controls who creates domain names so when the email a clients answers to does not have the name of the ".brand" in the end, it means that he won't answer to the right person.

Emails ending with a ".brand" are seals, certifying that the answer will go to the right initial sender. When using a country code extension of a generic one such as a ".com", anyone can create what comes before the extension and, for example, change a letter from one to another: do you think that is very different from Who will notice when answering an email ending in

Bank surveys

Banks surveys are a new problem that I have identified. These are often legitimate and my Bank sends me surveys to check if I am satisfied with their service. The problem with such surveys is that they use the email and domain name from another service provider, asking me to answer questions on a website using either a ".com" or a ".fr" domain name which is not the one from my Bank. That is where I see a problem: how to ensure that these are legitimate? By trusting the person who sends the email? By trusting that website asking me questions? No way.

A personalized domain name extension offers this new opportunity to drastically increase the level of trust:

  1. Asking a client to answer a survey on a third party website implies that the sender of the email is trusted (not the case with my Bank, using a ".fr"): when the email is sent from the personalized ".brand" domain name, the level of trust is increased since it guarantees that the Bank is sending the email.
  2. Answering the survey on the subdomain of a third party website sends several wrong messages:
    1. "Our Bank is not able to create a form for our clients to answer us directly";
    2. "Your answers will be read by another company and we do not control the use they will have of your answers";
    3. "That link you click onto to answer our questions will probably offer our service provider to send you commercial emails in the future but we don't care about this";
    4. "We don't have the time to do the job for you, someone else does".

If it remains the job of specific companies to create the right surveys for Banks, having them hosted on a Bank's website operating its own personalized domain name extension is an easy thing to do: if this can be done on sub-domains, then it can easily be hosted on a ".brand" domain name. Companies offering survey services are probably already offering such services… but not in France apparently. Note that in these cases, external survey companies will deal with your data anyway but if hosted behind a ".brand" extension, it won't look like.

Size matters

The debate is a funny one when discussing "what a good domain name is”, and most of the time, you will hear that "the shorter, the better".

I strongly disagree with this for ".brand" domain name extensions since a Trademark wants to be noticed and when it comes to infringements, a Trademark wants to ensure that a client is talking to the right person when answering an email: the longer its domain extension will be, the higher the possibility will be to notice the name is different from a ".com". That is also what ".brand" domain name extensions offer: the possibility to highly notice a sign when offering a client to visit a website. Look at : such website just cannot be a fake one, and neither is receiving an email from them. The longer, the better.

The future is worth

Homographic attacks are an increasing risk for Banks and other Trademarks: these attacks increase unfortunately and they are harder to detect by final consumers (those to receive bank emails). To make it simple, a letter used in the domain name will look similar to the one used in a standard ASCII alphabet: can you make the difference between this "a" and this "ɑ"? Well, there is one and you probably won't check this when answering an email or navigating to a website using such letters.

The risk is very high here since the use of these letters exists in various domain name extensions offered to the general public. When using a ".brand" domain name extension, the risk to visit another website or answer an email to the wrong person ceases to exist since the ".brand" extension is the seal: you cannot create or add a different letter to a domain name extension… unless you have the patience to wait for the next round of ICANN applications to new gTLDs, and $185000.

An alternative for Banks

I see two alternatives for Banks who won't be interested in creating their ".brand" new gTLD:

  1. The price to acquire a personalized ".brand" domain name extension is high so an alternative for to use a domain name ending in ".Bank". The registry offering these domain names says that only banks can acquire one.
  2. Online brand protection offers to keep watching what's happening on social networks, rogue websites, marketplaces, fake boutiques, webstores, app stores, domain name registration websites (registrars), Google adwords and even… the DarkNet, to minimize the potential for fraudsters to profit from client's banks and brands. It does not cost much and some of these specialists not only do the monitoring for you but they also offer to take down infringers and recover your domains. I particularly like the new offers monitoring the DarkNet.Of course, you know what the DarkNet is right?

Just in case I forget...when choosing a domain name extension, don't forget to check if the extension is not similar to another one.

Written by Jean Guillon, New gTLDs "only".

Follow CircleID on Twitter

More under: Cybersecurity, Domain Names, New TLDs

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer