Again why does ISOC feel they have to do this? Are they starved for funding? This sale directly contravenes several of the founding ideals of the Internet.
Why did it happen entirely behind closed doors? No way they got this deal together just after price caps were removed. Was this orchestrated beforehand? Domain registrations for Ethos Capital pre-date the change and timing coincides with proposed contract change to remove price caps.
What does Andrew Sullivan get for this move? Is Jon Nevett connected as well considering his ties to Donuts which is connected to Abry Partners which was managed by now Ethos Capital CEO?
So many questions, all this happening in shadows means we shouldn't give any benefit of the doubt.
This is essentially a hijacking of the DNS as far as I’m concerned. The sale of .org is heinous; And I’m an unabashed capitalist.
There is absolutely nothing defensible about this move that I can see.
Is there any argument that this is beneficial to anyone except Ethos and Internet Society? Is it even clear they have the right to sell it?
Has every person at ISOC submitted conflict statements? Are they willing to commit to never benefit financially from Ethos controlled entities for 10+ years?
> The sale of .org is heinous; And I’m an unabashed capitalist.
It's fascist, if anything.
The system was built by governments and government organizations. It is operated (milked) by the private sector.
There are hundreds of crypto currencies. Each works well for someone, some work great for many. All are private. A capitalist DNS system could work without state interference.
It always astounded me that for the longest time until only recently, you were expected to pay additional money, more than the domain cost itself, for HTTPS security (and if you wanted a wildcard certificate, substantially more money.)
I guess when the gTLD explosion didn't result in massive new profits for the new TLDs (some are $100+/year!), the powers that be decided to focus on existing TLDs instead where there's extensive decades-long lock-in effects at play. No one needed company-name.ninja, but good luck giving up your company-name.org to a squatter or worse, your competition.
No! I agree with you that it seems like it should be cheap but imagine the UN ran it. China would veto ".tw" as just one example of the many problems with government type entity in charge.
I'm not arguing having Ethos Capital is good. I'm arguing the UN running it is not a solution. (nor any likely government body for that matter who will likely take down any organization they don't agree with)
Would it matter? You're already locked into years, maybe decades, of brand building. You'd still need to redirect your old .org indefinitely.
.ORG should be properly managed and regulated, we shouldn't need to attempt to rebuild something because ICANN is corrupt and Internet Society is selling out non profits they promised to serve.
Not just brand building. How many accounts are linked to your email, and how many of us have had that email on a .org for 10, 20, even 30 years in some cases.
Do you even know how many accounts have that email address as either the primary, or backup/recovery email?
An email address is central to identity management these days.
Lose a long established domain, and you might lose access to most of your other internet accounts, especially the ones you don't use every day and are hard to remember.
TBH I’d be happy for the (AM/FM radio) airwaves to be privatized if it meant getting rid of the absurd, antiquated rules about not being able to say certain words in song lyrics.
It doesn't actually mean that. Look at censorship that Facebook implements for an example of what you can expect. Sure, there might be some obscure stations that wouldn't have such rules... and nobody would know about them.
Lots of distros are in .org aren't they? I see Arch, Debian, Gentoo, Fedora, Centos, OpenSuse, Raspbian, Damn Small Linux, Linux From Scratch, NixOS, Guix, OpenWRT, PfSense, FreeBSD, OpenBSD, NetBSD, OpenSolaris, Illumos, and probably lots, lots more.
GNU is also on .org.
Also languages, at least Python, Ruby, Haskell, Rust, Go, Clojure, Racket, Zsh, etc.
.org seems to be the go-to TLD for open source projects.
I run a tiny carpooling site (not for profit) snowpool.org . If they turned around and upped the fees to 3K a year or something, it would basically force me to shut the service down.
This is an incredibly awful move, I'm completely astounded that it was allowed to happen.
Because I've built up a presence over 10 years of running the site, so, I'm not just about to move! It'd be a huge pain to move probably hundreds of email addresses over to a new domain etc too (I sign up with [domain]@snowpool.org)
It completely depends on what they do, I've renewed for 10 years so I have time now, if they put the fees to >500 a year then I'll definitely move.
Do you own a domain yourself that people have been using for 10 years? You might feel differently about the ease of "just moving"
Projects losing their ability to run their existing site because money, losing it to <whatever> and significantly losing in visibility e.g. python.org or freebsd.org now advertising spyware or some shit with the historical ranking of a trusted and respected source.
Or these project having to plonk a significant amount of money in paying for their domains rather than <insert thing which is actually useful>.
Serious question, what are the actual downsides of this, if any? Or is the backlash due to the "private equity" being associated with evil? Doesn't seem like anything is actually changing other than who issues .org?
Serious question, did you even read the page? Specifically, the part where it makes specific complaints about the 2019 .org registry agreement, such as the ability to raise registration fees without ICANN approval?
If you have already owned your .org, have used it in publicity materials, use it for all of your emails etc. then yes you are pretty much stuck with that domain no matter how much they jack up the price. So the domain is inelastic, that is a change in price will not significantly change demand for those who already own them.
Exactly. As a community, we have routinely given the advice to “own your identity” by buying a domain. Since most of the good com domains are long bought, someone newer to the internet is likely to have looked at org. If someone took us up on our advice in, say, 2014 that means that he or she has had a domain for five years. Five years to integrate that into a life in various ways, remembered or not. And now, that thing could cost $75/year with no recourse.
Then there are people like me. My org domain is so old it can legally drink and soon be able to run for Congress. What is it worth to me? $200/year? $500? $1,000? I don’t know and it sucks to have to consider yet another astoundingly high cost of “living” in a world that keeps going up in cost.
> So it goes up by $1 or $15, how does that hurt non-profits?
In the aggregate, that's many, many millions of dollars going into Ethos Capital's pockets at the expense of charities and other non-profit organizations.
Registry can set prices for individual domains as well (see what Donut is doing). This means that a new domain could be priced $1, and renewal of WordPress.org set to $50, and npr.org to $50 million. What are you gonna do? Change your domain to something else? Yeah good luck.
We can expect every .org owner, most of them non-profits and many not well-funded, to be squeezed and then shaken down for money. Not tomorrow, but it will start as soon as they think they can get away with it.
It costs like 3$/year (or less probably) to register a domain name. But once you build your brand/website/etc you are tied to your domain name, which is tied to that registry.
This gives the registry huge leverage over you. That 3$ that it actually costs them to run it can increase to whatever price they think you will be willing to pay and you can't not pay it...you would lose your spot and identity on the internet. Its not like with registrars, like godaddy, ghandi, bluehost, etc... that you can switch between in like 24 hrs.
IIRC .orgs were price controlled, so the price couldn't rise, but with this takeover, the price controls have gone away.
PIR currently charges registrars about $9/year per domain, with registrars allowed to mark that up however much they want without restrictions-- AFAIK neither the "wholesale" price nor the actual price from registrars is currently price controlled by ICANN.
Regardless, I don't see how moving .org's operations from a non-profit (PIR) to a private equity firm benefits anyone, except the owners of said private equity firm. You're basically taking something that could operate at-cost and giving it a mandate to turn a profit-- the only way that happens is if prices go up. Likely a lot.
PIR is already a rent-seeking organization designed to fund Internet Society. They don't actually handle the registry at all. It's outsourced, they put it out to bid. If you look at financials, they are paying <$2/domain.
Yes, ICANN granted a monopoly to ISOC in the form of PIR, who have been allowed to increase prices consistently for years but at a capped rate. And they wanted more. As costs have gone down.
Then everyone at ICANN talks about not being a price regulator and free markets. Ignoring the fact it's a monopoly, and not one ISOC/PIR played any role in creating, it was a gift from ICANN. A perpetual, no bid, contract with ever increasing prices on a decreasing cost monopoly good.
I haven't read the 2019 rules, but if the letter is to be believed, the new rule creates:
> The power to implement processes to suspend domain names based on accusations of “activity contrary to applicable law.” The .ORG registry should not implement such processes without understanding how state actors frequently target NGOs with allegations of illegal activity.
Under the previous rules, the registry level could (more or less) resist being bullied into taking down a domain due to government pressure, though the government could implement a firewall and threaten other service providers. Now, though, a large country could say "we will block .org domains, or .org DNS resolutions, if you don't suspend an activist organization's domain globally," and there would then be a PROFIT MOTIVE to take down the domain GLOBALLY, as the value of the registrar would decrease if .org domains were blocked in that country. And this would be permitted by the 2019 rules. This gives censors tremendous leverage to implement censorship around the globe.
I'm all for the role of private equity in helping companies to grow - while there are certainly firms that operate in bad faith, the PE industry overall doesn't deserve the bad rap it gets in the media.
But IMO this sale should absolutely be disallowed from a humanitarian and international security perspective. The incentives are just too badly aligned.
The worldwide non-commercial Internet being controlled by an unaccountable private corporation is evil on its face. Burden is on someone to prove otherwise.
I've been thinking a lot about the sheer downsides of DNS overall. We need something different. Something decentralized, encrypted, something not reliant on a protocol that hasn't kept pace with security and privacy and we need something verifiable that provides accountability. As others have said TLDs have become a racket. Only the priveleged and nation states have the authority to use the system as a funnel of ridiculous revenue and rate manipulation. We don't need DNS anymore. It's become more of a lynchpin to bottleneck and advance control of the few and continues to erode our privacy as it stands today. What's next?
The problem is that DNS powers the internet as we know it, getting everything ever to switch over is at least another 30 years after you make a protocol (that would also need to have literally no downsides).
Not sure I agree. If FF & Chrome both supported it...it'd be in effect in < 5 years total.
Just look how quickly DoH is being rolled out, or Google's QUIC.
Realistically if Google, Mozilla, Cloudflare, Apple, Microsoft, and a few others agree that this move is bad, and wanted to stand up a new .org TLD...they could, and I don't believe it'd be illegal (IANAL).
Yes, but most of the internet is exposed to users via the web anyways. OSs would need to follow suit, sure — to make everything that’s not a browser work so that the alternative lookup mechanism is used instead of traditional DNS. How long do you think that would take? Not too long methinks.
We don't want DNS anymore, but we don't have a replacement. It's the same as Facebook->Diaspora, Twitter->Mastodon. The non-centralized versions are too hard to deploy to all the non-techies out there, despite being the "morally" correct architecture.
> It's time another country step in and take control
What's to stop them from being just as corrupt? It's too much for any one country to have control over. It'd be far better to come up with a way to take the power out of the hands of any one entity so that we don't have to keep moving it around when the people holding all the power are inevitably corrupted by it.
If you decentralize, you don't end up with something equivalent to "the internet" anymore -- you end up with several islands of things that (to varying degrees) resemble "the internet", and run on the same layer 4 fabric, but are largely isolated from one another.
I think we actually experience a mild version of this today, where entities publish their all their Twitter/Facebook/Instagram/Snapchat/Whatsapp/Linkedin etc profiles.
I can't help but see whatever this distributed DNS replacement is as basically being this situation but without the backstop of globally-accessible websites and e-mail addresses. You should have no doubt that, for example, Facebook would make a "the internet" which was 100% Facebook-operated sites.
Islands already exist, with national firewalls, corporate networks, dark nets, etc. Decentralization of DNS would just take middlemen out of the picture. A dominant decentralized system would probably handle most requests if one were to ever get off the ground, making it equivalent to what we have now.
> Islands already exist, with national firewalls, corporate networks, dark nets
And you don't see companies posting their addresses on those things. They still advertise "example.org" not "if you're in {county} use {county-specific address}, or on Tor use {onion address} or using {decentralized DNS} use example.com".
> A dominant decentralized system
How does this result in a different situation then the "centralized" DNS we have today?
> How does this result in a different situation then the "centralized" DNS we have today?
If, for instance, the DNS entries were tied to entries in a blockchain, such as namecoin, then no 3rd party would be involved in a transaction to transfer the domain, no annual fees would be required, and no one could block or remove an entry.
> You should have no doubt that, for example, Facebook would make a "the internet" which was 100% Facebook-operated sites.
AOL already tried that back when they were still sending floppies through the mail. They were the largest ISP on earth and couldn't keep people in their little walled off corner of the internet. I don't think anyone else is going to be more successful.
They might not have been able to keep people there forever, sure. But their walled garden was “the internet” to a major chunk of people in the US for quite a long time.
Remember when TV commercials would tell you a company’s AOL keyword?
Yeah, that was around the time the internet wasn’t even relevant to the majority of the first world population. Trying to make comparisons to how it might look today is pointless.
At AOLs peak, it had about 35 million subscribers. Comcast alone has nearly that many.
Looks likes you’re wanting the decentralized web [0][1][2].
The DNS equivalent technology there is DHT(distributed hash tables) [3] which was used in torrent technology for a few years.
Ever wondered about how you can find the torrent seeders without a centralized entity? The Bittorrent DHT is the underlying tech.
Well, it's for ease-of-use. Anyone can make an alternative DHT with their own bootstrap nodes, but the Bittorrent main one is the biggest, therefore most programs have that one hard-coded.
Anyone can make an alternative client that uses the exactly same tech with different bootstrap nodes, and once they gain popularity, there will be people using that.
Yes, sort of. That's one way to get peers, but clients support other ways to peers.
So in practice you can get peers from the list of previous peers, PEX (peer exchange), or a tracker for a given torrent.
So in practice once you talk to a few bittorrent peers (of millions) you likely are talking to another DHT peer and can bootstrap. Also given that there's typically millions of peers in the DHT, even brute forcing it by search IPv4 (4 billion addresses) for a few million peers is likely to only involve a few 1000 UDP packets or so.
GNS from the GNUnet project is the most interesting alternative to DNS that I've come across, and is orthogonal to projects like IPFS and Scuttlebutt (although I don't know much about Dat). It's basically DNS with DHT and some very cool crypto.
I'm not convinced we are talking about a decentralization issue.
We could achieve the same result with laws. Just make what is happening illegal, corruption is already illegal.
Furthermore, decentralization won't solve the basic economy rules of offer/demand. Even with a decentralized system, website will still be referenced by natural words ("domains"), which can be owned by only one site-owner at a time, which means there will always be people ready to spent a lot of money to acquire a domain/reference.
I'm for decentralization in general, but in the current case I fail to see how decentralization alone will make domain owning fairer
In this particular case, the problem is not that individual domains can be traded at market prices though.
The problem is that organisations have to rent their domains from a central authority that can hike the rent for an entire TLD to some fantasy price.
So the hierarchical structure of DNS is clearly what creates an opportunity for corruption and extortion.
And let's not forget that DNS is ultimately a global issue, which means that the rule of law cannot be taken for granted.
Laws have to be part of the solution. But it's easier to legislate effectively if the underlying structure doesn't invite corruption, authoritarian abuse and market dysfunction in the first place.
> And let's not forget that DNS is ultimately a global issue, which means that the rule of law cannot be taken for granted.
I think this strongly points towards ccTLDs being the best solution. It is very difficult to get all the different countries to agree on common rules/governance for the legacy TLDs, but if everyone gets their own independent corner then that should be easier to get agreements on.
Dividing the control by country also conveniently avoids any single one being able to cause as much damage as ICANN now is.
I think ccTLDs don't work so well in a globalised world. Many internet services are not country specific, and ccTLDs sort of put you in the local business category.
The companies and/or owners of those services do operate under a certain legal aegis, though. It’s not like they are stateless.
I just happened to read the text on a food product; it had text in three languages, and the www.* domains listed in the three texts were in the ccTLD for each country. No .com was mentioned anywhere.
Domain names should never change and be easy to remember whereas legal ties to countries are often complex (i.e not 1 to 1) and subject to change.
Should I really have to remember going to apple.ie because that's where the Apple shop happens to be legally based at the moment? Or should it be apple.eu because consumer protection is an EU matter? Or apple.us because that's where Apple's headquarter is located?
And when a company gets sold to a different country, should all their URLs have to change?
Multinational companies should be the exception, not the rule. “Designed by Apple in California”; will Apple ever stop being a U.S. company? Why would “apple.us” not be appropriate?
A company is an entirely legal construction, and, as such, is entirely bound to the laws of a certain country.
It is amusing that you believe government would stop corruption.
History proves that to be false
Further "just make it illegal" under which nations laws? That was the problem ICANN was suppose to solve, no one wanted the internet to be operated under the Laws of the US, which is why in 2016 the US removed itself from Internet Governance.
So do we put the Internet under the laws of China? or the EU both of which have Free Expression issues....
Which nation? or maybe the UN which has Dictators and human rights abusers in positions of power...
Decentralization is far far far better than looking to a government resolution
All these Ethereum/Namecoin/Whatever solutions aren't really solutions. They're subject to namesquatting, arbitrary prices, arbitrary decisions regarding TLDs and they end up being centralized in the end for various reasons.
I think a good solution is to switch to using petnames instead of global names.
"Former ICANN CEO Fadi Chehade personally registered the domain name currently used by Ethos Capital in May and it was registered as a limited company in the US state of Delaware on May 14. That date is significant because it is one day after ICANN indicated it was planning to approve the lifting of price caps through its public comment summary.
As such it appears that the plan to purchase the .org registry was predicated on the price caps going ahead and that those behind the deal had intricate knowledge of ICANN’s internal processes."
I worked at one of the main TLDs for years and was on one of the ICANN boards and got to know the industry well.
It is well know amongst the domain name community that ICANN is a poorly run organization, whose directors have in recent years have used their position of leadership to lead decisions from which they are afterwards benefiting themselves economically, in many cases by rushing decisions such as in these case.
Peter Dengate Thrush was famous for pushing for the new domain extensions (.anything) as chief executive of ICANN and quitting a month later to become the CEO for a company that was the main bidder for a large number of extensions. Fadi Chehade is doing the same with .ORG by lifting the price cap on the prices of an established domain name and then gobbling up the company that sells those domains.
Sadly, ICANN has little oversight and since its kind of in the air and doesn’t report to anyone, the directors get away with what would be legally considered corruption in most of the world. The fact that the internet community and most Internet companies have never care about it makes doesn’t help, since a lot or times the “multistakeholder” model that they claim to use in reality doesn’t work.
Ultimately, this is why the DNS and domain name industry feels so shady in general and why for most companies getting a name on the internet is a tortuous process that feels very scammy, which is unfair and costs more than it probably should. But so far we don’t have any good alternatives to the current system.
ICANN having little oversights is not an accident. It’s corrupt current and past leaders have ensured that. This organization is supposed to be non-profit international organization. If you ask me “who controls Internet”? it’s these guys. They have managed to convert ICANN into a perpetual personal wealth fund for friends and families.
The writing was on the wall when the board decided they weren't getting what they wanted from the at-large constituency & direct elections and shut them down, in doing so completely blowing off the Memorandum of Understanding. It's a bit surprising that it's taken so long to hit .org directly, it's a really obvious target if you want to find ways to turn an ICANN position into cash.
Full disclosure, I was one of those at-large members and they made it very clear that we weren't being good little peons.
That has been proposed for as long as I can remember. The result would be that dictatorships and authoritarian governments control the internet, because they make up the majority in the ITU. I don't think we want that.
Can you explain this a bit more? Afaik the ITU does a good if boring job. I can phone about anybody in the world. The system works.
Now ICANN? They seem a bad choice, as this story demonstrates. Tolerable as long as the internet wasnt very important, but today, a UN international body seems the obvious choice.
They would only control the assignment of TLDs, whereas all the stuff that's actually interesting from a censorship perspective happens on much lower levels than that.
For example, ITU also controls country code assignment for phone numbers. Does that translate to any meaningful capacity to censor? So far as I know, the only practical restriction that comes out of it is that unrecognized states don't get one assigned, but that's also generally true with TLDs.
It may be useful to note that the US government transferred control of DNS to ICANN in September 2016. I searched HN, and this seems to be the biggest thread from back then: https://news.ycombinator.com/item?id=12612033
At the time, consensus in the media seemed to be that this would have little effect. However, the debate was quite politicized, as the transfer to ICANN occurred towards the end of the Obama administration, with fruitless opposition from high-profile Republicans.
There is a reason for this, the American media is laregly Anti-American today. They believe in idea of "American Imperialism" and that America is the cause of most of the worlds problem. Thus they believed anything was better than "Corrupt American Control" over the internet.
There were many many people that predicted bad outcomes from this transfer, most are starting to come true
It seems to me that running an NIC for a major TLD almost has zero marginal cost: for each domain, you automatically interface with ICANN once in a while to update registration info, then serve some NS and associated A/AAAA records. So it’s kind of surprising to me that $10/yr is already a non-profit price. Am I missing something?
The $10 a year includes the markup of a profit making domain registrar which has marketing and support costs.
This article suggests Public Interest Registry's costs for third party technical services were about half their revenue, with the beneficiary of the rest of the funds being the Internet Society
https://domainnamewire.com/2019/10/28/pir-org-slashes-regist...
Still, you can see why those kind of margins and the ability to raise prices were an attractive combination to private equity
> The $10 a year includes the markup of a profit making domain registrar which has marketing and support costs.
I use Cloudflare Registrar these days for .com and .org. They claim to offer wholesale prices. My last .org bill was $9.90 + ICANN fee. And according to [1], Cloudflare directly work with PIR to offer .org, so unless they're lying, they are actually charged $9.90 per domain per year by PIR. Now, the article you linked to claims that PIR paid less than $2 per domain to the for-profit contractor who did everything technical for them (what's left? PR?). I wonder where the remaining $7.90 went...
The process of mapping name=IP is not remotely technically difficult, and I'd dare say most people reading this message could implement the backend to such a system in a few days.
Setting up the peering replication and nameservers around the world is considerably harder, but it's definitely not a $10 billion+ problem (the current value of registrars and certificate authorities.) A startup funded by YC could handle that easily.
Dealing with all the companies trying to sue you over others squatting their domains and having to decide who has the better claim would be the most expensive part.
I really hate to say it because it's so cliche and overused, but a blockchain-like system could remove the central authority, the server costs, and the lawsuit risks. But it would introduce concerns over trust, most likely.
The really hard, unsolvable part is the unwillingness of the browser vendors to support an alternative domain name system. If Chrome, Firefox, and Safari all supported a new TLD outside of ICANN's control as a public service (let's call it "Let's Resolve" which would offer free domains and would be funded through donations), it would be very successful. If even one of them didn't support it, nobody would ever consider using it for their websites. Browser extensions, even if they allowed access to intercept domain name lookups, would not work. It would have to be supported out of the box in every major browser, and well, good luck with that. Anything failing to herd those three cats right out of the starting gate is absolutely dead on arrival.
Who knows though, maybe they'll raise .org prices just a bit too much, and piss off an established non-profit enough to start a huge campaign to create an alternative. But probably not.
> The really hard, unsolvable part is the unwillingness of the browser vendors to support an alternative domain name system. If Chrome, Firefox, and Safari all supported a new TLD outside of ICANN's control as a public service (let's call it "Let's Resolve" which would offer free domains and would be funded through donations), it would be very successful.
Not sure I understand your proposal. Say every single browser in the world supports Let's Resolve. byuu.org is registered with ICANN; but someone now wants to register byuu.org with Let's Resolve. Do you let them? What about the other way round? And what if someone attempts to register byuu.org with ICANN, while another attempts to register byuu.org with Let's Resolve at the same time, causing a race. Who wins?
Also, unique, meaningful and memorable identifiers are a scarce resource. Offering free domains just open up the floodgate of squatting and hoarding (at unprecedented ease).
Edit: Parent suggested a new TLD; I read it as a whole alternative system. Well, the new TLD idea was already implemented as .bit AFAIK, and it's pretty crap.
You probably need a system that allows both roots to function together. Maybe a different URL scheme:
http: and https: use ICANN, httplr: and httplrs: use LR
If not specified, browser tries LR first, then falls back on ICANN.
Doesn't feel as solid to me, but they could also register a placeholder TLD that would be use for redirecting requests to LR, or the other way around:
google.com.lrns would tell the browser to resolve google.com in the LR root (hardcoded), or google.com.icann would tell the browser to resolve google.com in the ICANN root. When falling back from one to the other, the browser would display the hostname with the fallback TLD on it.
Just some ideas off the top of my head, I haven't fully considered the implications yet.
I think by "TLD outside of ICANN's control", GP meant a unique TLD that (currently) does not exist under ICANN. So it's not going to be byuu.org under ICANN vs byuu.org under LR, it's going to be byuu.lr (under LR) versus byuu.org (under ICANN)?
I agree. As long as there's scarcity, there's someone trying to exploit it.
I think it could be better to just accept that unique global names are not a great idea, and start identifying parties by certificates rather than name. Various chain of trust & reputation type arrangements can be used to ensure people won't confuse Their Bank (certificate issued by/for Their Bank) for Their Bank (certificate issued by & for scammer in Ukraine). Legit entities will have every reason to include information that minimizes likelihood of confusion.
Come on, I can have more than one James Smith in my phone's contact book too.. let's stop fighting over names.
> Various chain of trust & reputation type arrangements
The problem of course is that as you said, you still need authorities or a chain of authorities to tell you which one is the genuine Debian and which ones are trying to shove malware onto your machines. Today we go to debian.org, see the valid TLS cert, and assuming there’s no fraudulent issuance of debian.org cert and no attacker injected their cert into our device CA store, we can be reasonably sure the PGP key listed there is genuine.
You only need to look at .onion to see how well the keys without authorities idea turned out.
I don't have a problem with having authorities as long as we can choose which ones to trust (and have limitations on the scope of their authority), and form our own as necessary.
For example, I'll be happy to add and pin my government's authority for the services that they control. I'll be happy to add a group of FLOSS hobbyists issuing certs for open source projects, as long as they are transparent and can demonstrate that they have a handle on security. In both cases, there must be some way to limit the scope of their authority, and ideally do things like pinning the authority so that one can't sneakily take over the other in an attack that results from e.g. misconfigured scope.
I think establishing identity is something that we should learn to do. When John Smith gives me his phone number, I'm probably looking at his face and I know which John it is that is giving me their number. I should also be able to go to my bank and get their cert when I sign up for an account & credit card. I'd like to have additional confirmation of their identity (-> reputation) e.g. from my government, but I don't know if I want them to be automatically trusted just because there happens to be a chain that checks out.
If I'm looking at some entity that I cannot meet in person, I should be able to see who have vouched for their cert and make a judgement based on that.
Kinda like PGP I guess, at a larger scale and with better infrastructure (geek signing parties and wide open keyservers are not good enough). The system does not need to be centralized.
It should be possible to have certs signed by multiple parties, to help establish trust without having everyone agree on a single source of trust. (At this point, I'd like to use a term that sounds smaller and less powerful than authority)
I'm not particularly happy with the model where the chain of trust in every case is established starting at some international megacorps that do who know what, and countless issuers are directly or indirectly "trusted" from the get-go until someone points out their abuse and removes their certs.
The hope is to get a non-corrupt TLD in place that won't raise prices on you with no caps (and if possible while we're at it, won't charge you for certificate signing.) Ideally, a real winner would be a pay-once, own-for-life (say 100 years) TLD. I might be willing to drop $500 on a domain I know I'll never have to remember to renew.
As stated by another person, yeah I'd want it to not overlap with the existing ICANN TLDs. Not too hard to do, and we could fix one of the bigger annoyances of DNS and correct the ordering: bsnes.byuu.org -> #newtld.byuu.bsnes, for example could work, or even just #byuu -> #byuu.bsnes and only have a sole TLD for it.
I don't know how we stop squatters, maybe a one-time registration fee would be reasonable, but that would be discriminatory as $100 would be trivial for developers in the US, and impossible for service workers in Mozambique that just want a personal website.
It's not as though .com/.net/.org (and heck, even a lot of the new gTLDs) aren't absolutely filled to the brim with squatters already.
I mentioned Handshake in another comment. It has a good method for mitigating squatters. Names are won through a vickrey auction so they go to the highest bidder, and your funds are locked up for the duration of the auction (2 weeks) so it inhibits squatters from bidding on all the good names at once.
Browsers shouldn't be the entity deciding on address resolution, a domain system bound only to the web/httpx would be a huge leap backwards. This should be up to the os and whatever names resolution the os provides should be happily accepted by any network program, be it a browser, email client, ssh, irc or something completely different.
Unfortunately, with at least Chrome and Firefox moving to DNS-over-HTTPS, they are the entities deciding on address resolution for 99% of average-user requests.
I would agree with you in principle however, in which case there's an even more impossible goal: get Microsoft, Apple, Google, and every Linux/BSD distro to agree to a new OS-level alternate domain name resolver that functions out of the box. And also stop Google and Mozilla from rolling out browser-level DoH.
Wonder if this means Cloudflare - and/or the other termination points for DNS-over-HTTPS - could be an interesting place to start adding an alternative DNS resolution system?
Then it wouldn't need to be done by any browsers... if the DNS-over-HTTPS end point provider does the additional name resolution, it should "just work".
Browsers are the only ones actually willing to allow any change. If we wait for OSs to change nothing will ever happen. If it works well in browsers first then the OS will pick it up.
Similar to how email works and has various options to secure it but the reality is no end users were benefiting from it. How many OSs have enabled by default encrypted DNS? Browsers should primarily focus on providing the most secure and private browsing experience.
DNS is also not decentralized. It's centralised on ICANN and whatever company owns your TLD which is why this thread is here.
I may be mistaken, but I always thought DNS resolution was handled by the underlying OS, and not by the browser through HTTP. Support from browser vendors would probably matter a great deal for this, but not at a technical/implementation level, right?
Chrome already ignores OS-level name-resolution in favor of phoning home directly to Google DNS unless you block their IP#s at your border. I see it daily in etherape. Side-effect: Chrome users on my LAN have to type in IP#s to browse local resources because their browser ignores my dnsmasq, which resolves the split horizon.
Do you mean Chrome or the Chromecast? The Chromecast totally ignores network-configured DNS and uses 8.8.8.8. The Chrome browser has its own DNS client, but it doesn't phone home to Google DNS - it still uses the DNS servers configured by the OS.
Ah perfect, not your keys, not your domain. I mean now domain jackings can be permanent and irreversible! Apple.com can literally be stolen by Tim Apple and there’s not a thing anyone could do about it. Another clear win for the blockchain. Resolving this kind of dispute is why we have central authorities in the first place.
You’ve got it backwards. When the keys are lost or stolen you’re SOL. The dispute resolution process would restore proper ownership via existing legal frameworks like it’s been done for hundreds of years.
You don't need proof of ownership to obtain a judgement in your favor. It would make the process easier to be sure but you can make the case based on historical ownership and other indirect proof that a judge will accept.
You don't walk into a court and have the judge say "what you don't have the receipt?! case dismissed!!" -- the judge isn't a parking meter.
Handshake is trying to do exactly what you’re describing. It’s an alternative root of trust for DNS that uses a blockchain to secure names. One of the non-obvious security benefits is that you can store certs on the blockchain instead of relying on CAs, which is a source of failure in the security of the Internet today.
Browsing adoption is tricky, but people can point their DNS to Handshake resolvers pretty easily — it’s equivalent to switching to
‘S 1.1.1.1 service which many people already do.
How could free domain names possibly work? Good domain names are scarce so of they were free someone could just write a script to register every good domain and then resell them. The yearly renewal fee means people tend to let go of domain names they no longer and never will use.
The blockchain idea could work. There is a coin called namecoin which attempts to do this. I think on end user devices we should still use DNS so you don't have to store a 1tb blockchain on your device but the blockchain could be what the DNS servers source their data from.
(1) There exists a blockchain-based, decentralized DNS lookalike: https://handshake.org/
(2) Every major OS has has a way to plug an alternative DNS resolver (except maybe iOS), and every major browser has a control to switch off the DNS-over-https resolver. With any goodwill from the major mobile OS vendors, a new resolver could be rolled out to 99% of consumer devices or so, and work transparently.
(3) A new name resolution system should not clash with the DNS namespace. It could allow to copy established DNS domains (not parked) to the new namespace for a nominal fee.
(4) Many DNS tricks, like load-balancing, could go away. Running your own name server can become harder. The transition, should it occur, would not be fast.
Anything that doesn't work out-of-the-box is dead on arrival, though. I would never be willing to move my domain from .org to a system that people couldn't get to without installing additional software (eg OpenNIC.) But if every OS and/or every major browser supported OpenNIC, then I'd be willing to make the switch.
Indeed. My point is that supporting an additional name resolution system is mostly a political problem, and technically doable.without forcing people to even upgrade their OS, phone, or browser.
"but a blockchain-like system could remove the central authority, the server costs, and the lawsuit risks" This already exists, check out [ENS domains](https://ens.domains/) running on the Ethereum blockchain. They can be mapped to [IPFS](https://IPFS.io) hosted sites
In case anyone is wondering there is a blockchain that was made for such a reason. It's called namecoin. It spawned a project called chimera which was renamed xaya. In xaya the idea is you can reserve a name and the name has an alterable 2048 byte space for json data that you can update every block if you wish.
Namecoin though has always been around to reserve names and in particular domain names.
You're right that the technology is the very least of the difficulties. And that's the reason it won't change: nobody's going to do all the work of replicating all that bureaucracy just so there's even more organizations involved.
The only way I can think to end the corruption is to take away the financial incentive, and AFAIK that would mean either the government runs anything that makes a profit, or to remove price completely.
Corruption and causing financial damages intentionally for having personal benefits on it - especially by abusing a position against the very community they represent - is punishable by law in most country.
Aren't they subject of legal proceedings now by violating the law?
At the risk of being overly-nationalistic, this is exactly the sort of scenario that many were worried about when the rest of the world demanded that the US hand over control to an international governing body. Just as you see with - for example - the IOC, many international governing bodies have a dangerous tendency to devolve to the ethical standards of their most corrupt members.
> Ultimately, this is why the DNS and domain name industry feels so shady in general and why for most companies getting a name on the internet is a tortuous process that feels very scammy, which is unfair and costs more than it probably should.
Shady is putting it lightly.
I once tried to register a nice .wiki domain in order to host a wiki for myself. Those domains weren't available anywhere. I had to "request" one from the company that managed the TLD. So I emailed them and they asked me about my "plans" for the domain. Eventually they just said they'd host it on my behalf. They created a wiki on the domain I wanted, threw ads around it and told me to start contributing.
It's not really an equal playing field where anyone can buy a domain. They gatekeep not only by charging huge prices but also by simply refusing to sell the domain if they think you're not important enough.
Onion services don't have human readable namespaces. Independently of using onion services, whatever services we run should probably be registered on Namecoin and/or Ethereum Name Service. That's how we get out of the DNS cabal's grasp.
ENS is more focused on wallet naming than DNS. Have you checked out Handshake? It’s aiming to create a more secure root of trust for DNS that’s resistant to seizure and censorship. We (namebase.io) are building on it ourselves.
You highlight an interesting point which made me realize that no one actually owns their domain names on the Internet. We’re all just renters.
You might be interested in checking out https://handshake.org which is trying to create an alternative to the existing ICANN system that is resistant to censorship and seizure. The technology is really interesting and we’re building on it ourselves.
We[1] are building on a new project called Handshake[2] which is trying to create a more secure (alternative) root of trust for domain names. It does so by storing certs on a distributed ledger instead of relying on CAs. Though this isn’t the main goal of the project, one of the benefits is that anyone can register their own TLD through a vickrey auction which is much more fair than the current ICANN system.
If we in the United States had a forceful, competent FTC or FCC, perhaps this would be investigated. I don't think a Sanders or Warren administration would ignore something like this entirely.
ICANN is a "non-profit". They do not issue a publicly traded security, and so they are not subject to the SEC's jurisdiction. The FTC is probably the best hope for intervention in a matter like this.
That's right but the right to get rich by corruption is the most important and most appreciated unalienable entitlement of US weenies, even more important than food or shelter or life itself. After all, in a thoroughly corrupt system all of those can be bought. Only corruption itself cannot be bought if the system doesn't already have the necessary level of corruption. It is the US's holiest mission to convince the rest of the world of the fundamental importance and indispensability of our way of corruption.
Is $10 the magic number for 'orgs'? Say the PE raised it to $20, how bad would that be? If it were $5 and doubled to $10 still as bad? Why is $10 the just amount? What about orgs that can't afford that?
How high is it ok for the PE to go on fees? Why? (Tone is to point out how arbitrary this all is, genuinely curious otherwise)
Given the history of private equity in hiking up drug prices, I'm guessing the answer to "what is the magic number" is whatever number generates the most profit, regardless of what is just or whether small organizations can afford it.
I think it's fair to see private equity as red-flag, and I feel ideologically aligned with the folks raising the alarm here. OTOH, the concerns raised include a lot of speculation (in the form of "could do bad" or "has the power to do bad"), and that's also a red-flag.
As an outsider to the discussion, questions would be:
1. What are some specific problems facing the ".org" registration process for which capital/investment would be helpful? (Obviously, there's no perfect answer. But as an outsider, it looks like ".org" registration already works about as well as anywhere else, so one needs some examples to animate the problem.)
2. Would any of these folks care to improve their engagement/trust with each other? Talking more specifics about "Stewardship Council" and "Community Enablement Fund" might help. Or is some reason for bad blood?
3. What kind of track record does this private-equity shop have? Have they worked with other non-profit or socially-oriented endeavors? Maybe some founders/staff/customers can give some positive or negative testimonials?
I saw this logic coming from a lot of people trying to push these changes through. They've been good so far, we should just trust them. They stick their heads in the sand and pretend we don't need rules because organizations, people, societies follow norms and that's enough. Until someone shits all over them, which is why we make rules in the first place. This whole nothing bad has happened yet, we shouldn't consider a bad outcome as a real possibility is ignorant and dangerous. The same people who if you look at ICANN mailing lists are still trying to play both sides, with whataboutism type arguments in an attempt to discredit people against .ORG being sold to a private equity company. I've dug into those people a bunch too, they're pretty much all connected to registry interests (https://reviewsignal.com/blog/2019/06/24/the-case-for-regula...)
They lied to get price caps removed on .org and then sold it amongst themselves to profit. I'm not sure how you trust people that start with a lie. Look into the history of how shady this really was.
Yeah, this comment https://news.ycombinator.com/item?id=21612033 links to an article on the Register which gives a lot more substance to the concerns/reactions. That deeper story helps to show where the mistrust comes from.
From the peanut gallery, it looks like the ball is in ISOC's+Ethos' court to demonstrate their good faith as stewards...
Wells Fargo, eh? Your example is apt, but perhaps not for the reason you intended (unless you're making a subtle joke, in which case I apologize for not catching it.)
> This timeline charts the most significant events in the sales scandal that erupted at Wells Fargo [in 2016]
> Wells Fargo(WFC)charged customers a monthly service fee to maintain a checking account that many customers assumed was free and the bank is mulling how to respond to people who feel cheated, according to the bank and sources familiar with the accounts.
> Wells Fargo and an insurance company it worked with have agreed to pay $432 million to settle a class-action lawsuit brought by customers who say they were charged premiums for auto insurance they did not need.
IMO only fools and masochists would continue to bank with Wells Fargo.
Anyhow, Goldman Sachs have no business being anywhere near DNS or ".org" at all, at all. They're a bunch of crooks who make Monty Burns look sympathetic in comparison.
Whenever there are politicans robbing those who they claim to serve, Goldmans are there advising anc charging huge fees.
Whether it is this, Greece debt, 1MDB in Malaysia. Goldmans have no regard for their own reputation so we should assume anytime Goldman are advisors that the deal is a massive ripoff for which people should be going to jail. Goldmans may not have always been this way but they sure are now! They're a leading indicator of gross corruption.
I think I give up on the Internet that we know today. I'm too tired to fight anymore. Monopoly ISPs with data caps, DNS rent seeking, the walled gardens, the internet of shit where I cannot walk down my street without getting recorded by every house with a "ring".
I'm done with it. I don't want to partake anymore, I don't want to fight it anymore, I don't want to care anymore.
Let the Google's and Facebook's have the old Internet. I'm done with it.
The dream is over. The magic is gone for me. The old Internet is gone. Let them have the rest.
Maybe then, and only then we will rise up like a Phoenix, with a solution that cannot be stolen out from under us.
The internet is available to more people in more countries than ever before. There's more content on the internet than ever before. It's a part of every day life for nearly everyone in the world.
That's what's happening to the internet. It's no longer a corner where quirky tinkerers were the only ones who could access it.
And the promise of the internet was never to be just that.
It was meant to be a vehicle for humanity (along with all it's warts). That's what you're seeing. The rest of humanity coming on-line.
The attitude of "this isn't what it was meant to be" presumes that it was meant to be anything at all. Similar to a kid that doesn't want to share their legos with the rest of the class.
I think the sentiment was regarding the democratization of knowledge and access, which is shifting more toward an oligarchy. True, more of humanity is coming online. However, they can only participate if they can be monetized and controlled by those with all the wealth and power.
The internet was and remains the most democratic knowledge dissemination engine in several thousand years of recorded history. It is substantially more democratic than it was in the 90s and 2000s because there are more people accessing it now.
It isn't shifting towards an oligopoly unless you count things like Wikipedia as a monopoly. Which it isn't, Wikipedia is probably about as close to an ideal democracy as any human project ever attempted.
Wikipedia is a great example of a web site that has resisted the trend! It is a pretty ideal democracy for those of us whose ISP or nation-state[0] doesn't prohibit us from viewing it.
There was a project similar to Wikipedia, but for semantic data. It lasted for a little while before being swallowed up by Google and shut down[1]. Granted there are some alternatives, but after investing some time working with freebase data, I should be allowed to hold a grudge.
Google played a key role in muzzling more widespread usage of RSS[2], along with Twitter and Facebook discontinuing support for it. Similarly, jabber[3], XMPP[4].
These days it's risky to even host your own mail server, since most people you correspond with are likely to use one particular email service that may arbitrarily block messages from lesser-known mail services[5].
Im saddened by the death of rss too, but i think its a lot to blame that soley on google. If the rss ecosystem was so weak, that shutting down a single rss client killed it, it couldn't have been long for this world anyways.
Imagine if google said tomorrow that email is dead and that they are closing down Gmail... This is basically what google did to RSS. They promoted it, adopted it.
Google made it impossible for existing solutions or upstarts to compete with their free tools, then slowly killed off marketing it and supporting it. The final straw was when they killed their reader.
Google killed RSS and they are actively killing other vital parts of the Internet in favor of their tech (forcing the use of their AMP tech for the best spots on their search engine results is anti competitive, Their web browser Chrome has saturated the market and is also making decisions which will undermine the Internets open protocols, but literally hiding the protocol in URLs, hiding the path in URLs, thus forcing people to search more).
Google is not alone in using it's capital as a destructive force on open protocols and standards. Facebook, Amazon, and Twitter are the same way.
> Wikipedia is probably about as close to an ideal democracy as any human project ever attempted.
wikipedia has their own drama. it has contributors who shape the content into what they want the world to see instead of staying objective on certain topics. often articles on simple topics are so complex because they are written by enthusiasts and aren't trying to inform beginners or curious.
> Similar to a kid that doesn't want to share their legos with the rest of the class.
You're being disingenuous and needlessly insulting.
We wanted to bring the freedom and egalitarianism of the early internet to everyone. Instead we got the jaded, corporate internet, but at least it's available to everyone. The GP is obviously mourning the quality, not the exclusivity.
Any worthy .org's name will be domain-squatted on the other good TLDs, so they couldn't move it over.
Changing the domain of a site is very effective at killing a site, and a business or organisation, because all existing links to it break, emails to it break.
And if you give up the domain, it will usually get squatted quickly, so the links and emails carry on working - they just go to the squatter's site instead.
There is no way to update the majority of links to your site, if it's been around for a while. You can search for links and ask other site operaters to update, but it just doesn't happen much, and it's also extremely expensive to do when measured in time to write to thousands of site operators individually.
And when you have to change the name at the same time (because your name is squatted on other TLDs), you're effectively deleting the name recognition, literature, old podcasts, matching name you already have on Twitter, etc.
If you had a good name for a long time, chances are you will struggle to find another one like it, and even if you do, most people will think the new name is something else.
On top of that, your email is probably linked to your .org, and people aren't going to stop sending to that for years, no matter how much you tell people to via other channels. You can't know everywhere your email address and main web address are being kept by someone to use later.
And wherever there is a long-standing email domain, there are probably thousands of internet accounts that have that email as their primary or backup/recovery, which you will need to keep if you don't want to start losing access to other accounts. Updating those is very difficult unless you have been extremely diligent at keeping a database of every account you ever created. In practice, even very diligent organisations who attempt to do this don't succeed because accounts tend to be created bydifferent people.
Perhaps in extreme startup land where people start a new business from scratch every couple of years, and pay a lot in SaaS costs so hiked domain fees may sseem relatively cheap, this might not seem to matter.
But many .orgs have been around for decades, and are low budget but very well esablished.
Any many other .orgs are individuals, with email and thousands of online accounts linked to their domain.
Same. Time for a completely different stack / protocol? Like a cloud that is actually a cloud rather than corporate centralization with a side order of surveillance?
It’s not about about being cool or making a hip new website. The point is that people won’t choose to pay for services when free ones exist. It requires a monetary obligation in the form of taxes. Countries don’t function because everyone decides they’d like to pay for the infrastructure that benefits everyone. They function because that money is collected in the form of taxes.
Haven’t seen that in awhile. Used to help run some EDI and PPP services hung off an x.25 node right down the road from CompuServe in Ohio. The PPP router didn’t even authenticate the user lol, just welcome to the network! I bitched about it for a long time before a demo changed minds.
Host your own website? I have a web server, I manage a VPN for myself (good for traveling and questionable wifi points).
Much of the joy of the early internet came from the small groups and light website's.
Website's at scale gave a want hard time being small. Share what you care about on your own platform.
Ignore everyone's ring. If you aren't hosting a part of the internet you want. Why would you expect others to?
Earlier today I was trying to Google a website I found on my PC a while back. (Backing up its disk atm, and don't use Chrome sync.)
Clicked on an unrelated link, and was already in the process of reaching for the Back button when I realized I was looking at a cert failure (wrong domain in certificate). Heh. Idly curious I hit Continue... And was presented with my first
> Content Denied
> Access to this website has been disabled by an order of the Federal Court of Australia because it infringes or facilitates the infringement of copyright.
After recovering from the shock - this sort of thing only happens in 3rd world repressive countries, right??? - I went back and tried the domain referenced in the cert.
The fact that data caps ever gained traction doesn't reflect well on the old timers ability to explain and protect the true value of their creations for the wider public.
Which is weird because they were obviously able to do that with cryptographic algorithms which are way more esoteric.
It's like teaching a generation of craftspeople to build all the intricate parts of a piano but never noticing nor caring that for some reason they're all selling pianos that have a single key.
What? Data caps had a very good reason to exist. Back in the 3G days if everybody would be online all the time the whole machine would just grind to halt. Nowadays the data caps are (in Europe at least) only a formality.
You mean the death of the nerds-only Internet (a different kind of walled garden). There is so much creativity shared via the Internet by non-tech-savvy people that just wouldn't have been possible via the "old Internet".
There's certainly many problems with something this gargantuan, but I get very skeptical when people nostalgize and eulogize "the good old days" of anything.
I'll add, I say this with empathy to your feelings. I regularly feel a very strong nostalgia for those late nights of discovery on the Internet. But I do recognize that Internet involved a fraction of a fraction of the people using it today who are discovering and creating and sharing all kinds of stuff with greater ease than ever before.
I can't even imagine being small-minded enough to think that only tech-savvy people have anything interesting to express (and I say that as someone who thinks pretty highly of internet culture prior to its mainstreaming)
> There is so much creativity shared via the Internet by non-tech-savvy people that just wouldn't have been possible via the "old Internet".
Could you explain how you got to that conclusion?
It would be impossible for non-tech-savvy people to share things on the internet if there were no omni-present surveillance, manipulation, and centralization, because ... ?
I think their point was that "old internet" was harder to use as a publishing platform than the new one, not necessarily that what we got was the best evolution, but that it has enabled non-techies to publish more.
> I think their point was that "old internet" was harder to use as a publishing platform than the new one
harder to use as publishing platform by who? don't you mean businesses & corporations?
people have always been fine. myspace anyone? geocities? irc? icq? aol? msn? yahoo? the list goes on... also the remarkable thing is that people just move to newer and better back then.
I agree that "Internet" today is full of creative expression of millions of people able to do that mostly due the expansion it has seen into non-technical crowd. And that's brilliant.
Unfortunately, getting to their creations is ultimately harder: eg. searches for anything will now throw you at some lame stuff on pinterest, which will attempt to lure you into signing up just to find out if they have what you are looking for.
Basically, ability to really "browse" that humongous web is now gone. And most of those creations never reach their intended audience.
Can we not do this sensationalist rhetoric on this forum?
If you feel like you got a bone yo pick with a current state of internet, post about a technology that addresses the problem so that people can become aware of it. And save the virtue signaling for reddit/facebook.
I think the cert issue is because of DNS hijacking by my ISP so that they can (falsely) tell me the site has malware. I can’t view the cert now that I’ve made an exception to it.
Already owned by PIR (which runs .ORG and is being sold to Ethos Capital). Sorry, it's a group domain fucking. You're welcome - Ethos Capital, probably.
> This article was brought to you by the domain squatters lobby
But seriously I don’t see what’s wrong with this sale. There are no restrictions on who can use a .org domain anyways, and the only people price increases really affect are domain squatters (real organizations can afford 10x the current price without batting an eye). I don’t see what’s wrong with this sale
354 comments
[ 4.7 ms ] story [ 293 ms ] threadIt appears to be a corrupt inside job.
What does Andrew Sullivan get for this move? Is Jon Nevett connected as well considering his ties to Donuts which is connected to Abry Partners which was managed by now Ethos Capital CEO?
So many questions, all this happening in shadows means we shouldn't give any benefit of the doubt.
There is absolutely nothing defensible about this move that I can see.
Is there any argument that this is beneficial to anyone except Ethos and Internet Society? Is it even clear they have the right to sell it?
Has every person at ISOC submitted conflict statements? Are they willing to commit to never benefit financially from Ethos controlled entities for 10+ years?
It's fascist, if anything.
The system was built by governments and government organizations. It is operated (milked) by the private sector.
There are hundreds of crypto currencies. Each works well for someone, some work great for many. All are private. A capitalist DNS system could work without state interference.
At the last NANOG, the keynote speaker described three instances where companies have "hijacted" the DNS.
https://blog.apnic.net/2019/11/04/dns-wars/
The first "hijack" was Versisign wildcarding unregistered .com and .net domains (https://en.wikipedia.org/wiki/Site_Finder). The second was OpenDNS redirecting Google searches to an OpenDNS proxy (http://web.archive.org/web/20120518025819/http://www.opendns...).[1] The third is the EDNS client subnet extension.[2]
1. Acording to the keynote this led to the creation of Google Public DNS "within 45 days".
2. If I am not mistaken, OpenDNS was an early proponent of EDNS client subnet adoption.
I guess when the gTLD explosion didn't result in massive new profits for the new TLDs (some are $100+/year!), the powers that be decided to focus on existing TLDs instead where there's extensive decades-long lock-in effects at play. No one needed company-name.ninja, but good luck giving up your company-name.org to a squatter or worse, your competition.
Even with the usual governmental bureaucracy overhead I bet it’s be a rounding error. Seems a good fit for something like the UN to take over.
Here's the initial letter being sent from EFF & others to ICANN and the Internet Society: https://www.eff.org/document/coalition-letter-sale-public-in...
(Disclaimer: I work for the Internet Archive, and we are one of the initial signatories to this letter.)
With a better governance model.
.ORG should be properly managed and regulated, we shouldn't need to attempt to rebuild something because ICANN is corrupt and Internet Society is selling out non profits they promised to serve.
Do you even know how many accounts have that email address as either the primary, or backup/recovery email?
An email address is central to identity management these days.
Lose a long established domain, and you might lose access to most of your other internet accounts, especially the ones you don't use every day and are hard to remember.
Bad at math.
GNU is also on .org.
Also languages, at least Python, Ruby, Haskell, Rust, Go, Clojure, Racket, Zsh, etc.
.org seems to be the go-to TLD for open source projects.
This is an incredibly awful move, I'm completely astounded that it was allowed to happen.
Why not just move to a different domain, and while your old one is still "cheap", do a redirect etc?
It completely depends on what they do, I've renewed for 10 years so I have time now, if they put the fees to >500 a year then I'll definitely move.
Do you own a domain yourself that people have been using for 10 years? You might feel differently about the ease of "just moving"
Or these project having to plonk a significant amount of money in paying for their domains rather than <insert thing which is actually useful>.
You can do the math.
Then there are people like me. My org domain is so old it can legally drink and soon be able to run for Congress. What is it worth to me? $200/year? $500? $1,000? I don’t know and it sucks to have to consider yet another astoundingly high cost of “living” in a world that keeps going up in cost.
In the aggregate, that's many, many millions of dollars going into Ethos Capital's pockets at the expense of charities and other non-profit organizations.
Who says it stops at $15, too?
They could charge x.org $15 and y.org $150,000.
The few other types this happened, it has resulted in exorbitant prices across the board.
This gives the registry huge leverage over you. That 3$ that it actually costs them to run it can increase to whatever price they think you will be willing to pay and you can't not pay it...you would lose your spot and identity on the internet. Its not like with registrars, like godaddy, ghandi, bluehost, etc... that you can switch between in like 24 hrs.
IIRC .orgs were price controlled, so the price couldn't rise, but with this takeover, the price controls have gone away.
Regardless, I don't see how moving .org's operations from a non-profit (PIR) to a private equity firm benefits anyone, except the owners of said private equity firm. You're basically taking something that could operate at-cost and giving it a mandate to turn a profit-- the only way that happens is if prices go up. Likely a lot.
Important point: just before this rigged bid went through, ICANN conveniently decided to remove the price cap for .org registry prices.
Yes, ICANN granted a monopoly to ISOC in the form of PIR, who have been allowed to increase prices consistently for years but at a capped rate. And they wanted more. As costs have gone down.
Then everyone at ICANN talks about not being a price regulator and free markets. Ignoring the fact it's a monopoly, and not one ISOC/PIR played any role in creating, it was a gift from ICANN. A perpetual, no bid, contract with ever increasing prices on a decreasing cost monopoly good.
https://www.theregister.co.uk/2019/11/20/org_registry_sale_s...
> The power to implement processes to suspend domain names based on accusations of “activity contrary to applicable law.” The .ORG registry should not implement such processes without understanding how state actors frequently target NGOs with allegations of illegal activity.
Under the previous rules, the registry level could (more or less) resist being bullied into taking down a domain due to government pressure, though the government could implement a firewall and threaten other service providers. Now, though, a large country could say "we will block .org domains, or .org DNS resolutions, if you don't suspend an activist organization's domain globally," and there would then be a PROFIT MOTIVE to take down the domain GLOBALLY, as the value of the registrar would decrease if .org domains were blocked in that country. And this would be permitted by the 2019 rules. This gives censors tremendous leverage to implement censorship around the globe.
I'm all for the role of private equity in helping companies to grow - while there are certainly firms that operate in bad faith, the PE industry overall doesn't deserve the bad rap it gets in the media.
But IMO this sale should absolutely be disallowed from a humanitarian and international security perspective. The incentives are just too badly aligned.
The worldwide non-commercial Internet being controlled by an unaccountable private corporation is evil on its face. Burden is on someone to prove otherwise.
Just look how quickly DoH is being rolled out, or Google's QUIC.
Realistically if Google, Mozilla, Cloudflare, Apple, Microsoft, and a few others agree that this move is bad, and wanted to stand up a new .org TLD...they could, and I don't believe it'd be illegal (IANAL).
What's to stop them from being just as corrupt? It's too much for any one country to have control over. It'd be far better to come up with a way to take the power out of the hands of any one entity so that we don't have to keep moving it around when the people holding all the power are inevitably corrupted by it.
I think we actually experience a mild version of this today, where entities publish their all their Twitter/Facebook/Instagram/Snapchat/Whatsapp/Linkedin etc profiles.
I can't help but see whatever this distributed DNS replacement is as basically being this situation but without the backstop of globally-accessible websites and e-mail addresses. You should have no doubt that, for example, Facebook would make a "the internet" which was 100% Facebook-operated sites.
DNS worked just fine with nonprofits and government entities who weren’t leeches.
And you don't see companies posting their addresses on those things. They still advertise "example.org" not "if you're in {county} use {county-specific address}, or on Tor use {onion address} or using {decentralized DNS} use example.com".
> A dominant decentralized system
How does this result in a different situation then the "centralized" DNS we have today?
If, for instance, the DNS entries were tied to entries in a blockchain, such as namecoin, then no 3rd party would be involved in a transaction to transfer the domain, no annual fees would be required, and no one could block or remove an entry.
AOL already tried that back when they were still sending floppies through the mail. They were the largest ISP on earth and couldn't keep people in their little walled off corner of the internet. I don't think anyone else is going to be more successful.
Remember when TV commercials would tell you a company’s AOL keyword?
At AOLs peak, it had about 35 million subscribers. Comcast alone has nearly that many.
Handshake Name Service (HNS) is working on this problem from an interesting angle, with some significant institutional support.
The DNS equivalent technology there is DHT(distributed hash tables) [3] which was used in torrent technology for a few years. Ever wondered about how you can find the torrent seeders without a centralized entity? The Bittorrent DHT is the underlying tech.
[0] https://ipfs.io/
[1] https://dat.foundation/
[2] https://www.scuttlebutt.nz/
[3] https://en.wikipedia.org/wiki/Distributed_hash_table
The Bittorrent DHT is not fully decentralized, it needs a list of hardcoded bootstrap nodes. https://stackoverflow.com/questions/1181301/how-does-a-dht-i...
Anyone can make an alternative client that uses the exactly same tech with different bootstrap nodes, and once they gain popularity, there will be people using that.
Democratic, I would say.
So in practice you can get peers from the list of previous peers, PEX (peer exchange), or a tracker for a given torrent.
So in practice once you talk to a few bittorrent peers (of millions) you likely are talking to another DHT peer and can bootstrap. Also given that there's typically millions of peers in the DHT, even brute forcing it by search IPv4 (4 billion addresses) for a few million peers is likely to only involve a few 1000 UDP packets or so.
https://gnunet.org/en/video.html
We could achieve the same result with laws. Just make what is happening illegal, corruption is already illegal.
Furthermore, decentralization won't solve the basic economy rules of offer/demand. Even with a decentralized system, website will still be referenced by natural words ("domains"), which can be owned by only one site-owner at a time, which means there will always be people ready to spent a lot of money to acquire a domain/reference.
I'm for decentralization in general, but in the current case I fail to see how decentralization alone will make domain owning fairer
The problem is that organisations have to rent their domains from a central authority that can hike the rent for an entire TLD to some fantasy price.
So the hierarchical structure of DNS is clearly what creates an opportunity for corruption and extortion.
And let's not forget that DNS is ultimately a global issue, which means that the rule of law cannot be taken for granted.
Laws have to be part of the solution. But it's easier to legislate effectively if the underlying structure doesn't invite corruption, authoritarian abuse and market dysfunction in the first place.
I think this strongly points towards ccTLDs being the best solution. It is very difficult to get all the different countries to agree on common rules/governance for the legacy TLDs, but if everyone gets their own independent corner then that should be easier to get agreements on.
Dividing the control by country also conveniently avoids any single one being able to cause as much damage as ICANN now is.
The companies and/or owners of those services do operate under a certain legal aegis, though. It’s not like they are stateless.
I just happened to read the text on a food product; it had text in three languages, and the www.* domains listed in the three texts were in the ccTLD for each country. No .com was mentioned anywhere.
Should I really have to remember going to apple.ie because that's where the Apple shop happens to be legally based at the moment? Or should it be apple.eu because consumer protection is an EU matter? Or apple.us because that's where Apple's headquarter is located?
And when a company gets sold to a different country, should all their URLs have to change?
A company is an entirely legal construction, and, as such, is entirely bound to the laws of a certain country.
History proves that to be false
Further "just make it illegal" under which nations laws? That was the problem ICANN was suppose to solve, no one wanted the internet to be operated under the Laws of the US, which is why in 2016 the US removed itself from Internet Governance.
So do we put the Internet under the laws of China? or the EU both of which have Free Expression issues....
Which nation? or maybe the UN which has Dictators and human rights abusers in positions of power...
Decentralization is far far far better than looking to a government resolution
I think a good solution is to switch to using petnames instead of global names.
https://www.schneier.com/blog/archives/2006/02/petnames.html
https://www.theregister.co.uk/2019/11/20/org_registry_sale_s...
"Former ICANN CEO Fadi Chehade personally registered the domain name currently used by Ethos Capital in May and it was registered as a limited company in the US state of Delaware on May 14. That date is significant because it is one day after ICANN indicated it was planning to approve the lifting of price caps through its public comment summary.
As such it appears that the plan to purchase the .org registry was predicated on the price caps going ahead and that those behind the deal had intricate knowledge of ICANN’s internal processes."
I worked at one of the main TLDs for years and was on one of the ICANN boards and got to know the industry well.
It is well know amongst the domain name community that ICANN is a poorly run organization, whose directors have in recent years have used their position of leadership to lead decisions from which they are afterwards benefiting themselves economically, in many cases by rushing decisions such as in these case.
Peter Dengate Thrush was famous for pushing for the new domain extensions (.anything) as chief executive of ICANN and quitting a month later to become the CEO for a company that was the main bidder for a large number of extensions. Fadi Chehade is doing the same with .ORG by lifting the price cap on the prices of an established domain name and then gobbling up the company that sells those domains.
Sadly, ICANN has little oversight and since its kind of in the air and doesn’t report to anyone, the directors get away with what would be legally considered corruption in most of the world. The fact that the internet community and most Internet companies have never care about it makes doesn’t help, since a lot or times the “multistakeholder” model that they claim to use in reality doesn’t work.
Ultimately, this is why the DNS and domain name industry feels so shady in general and why for most companies getting a name on the internet is a tortuous process that feels very scammy, which is unfair and costs more than it probably should. But so far we don’t have any good alternatives to the current system.
Full disclosure, I was one of those at-large members and they made it very clear that we weren't being good little peons.
Now ICANN? They seem a bad choice, as this story demonstrates. Tolerable as long as the internet wasnt very important, but today, a UN international body seems the obvious choice.
For example, ITU also controls country code assignment for phone numbers. Does that translate to any meaningful capacity to censor? So far as I know, the only practical restriction that comes out of it is that unrecognized states don't get one assigned, but that's also generally true with TLDs.
At the time, consensus in the media seemed to be that this would have little effect. However, the debate was quite politicized, as the transfer to ICANN occurred towards the end of the Obama administration, with fruitless opposition from high-profile Republicans.
There is a reason for this, the American media is laregly Anti-American today. They believe in idea of "American Imperialism" and that America is the cause of most of the worlds problem. Thus they believed anything was better than "Corrupt American Control" over the internet.
There were many many people that predicted bad outcomes from this transfer, most are starting to come true
This article suggests Public Interest Registry's costs for third party technical services were about half their revenue, with the beneficiary of the rest of the funds being the Internet Society https://domainnamewire.com/2019/10/28/pir-org-slashes-regist...
Still, you can see why those kind of margins and the ability to raise prices were an attractive combination to private equity
I use Cloudflare Registrar these days for .com and .org. They claim to offer wholesale prices. My last .org bill was $9.90 + ICANN fee. And according to [1], Cloudflare directly work with PIR to offer .org, so unless they're lying, they are actually charged $9.90 per domain per year by PIR. Now, the article you linked to claims that PIR paid less than $2 per domain to the for-profit contractor who did everything technical for them (what's left? PR?). I wonder where the remaining $7.90 went...
[1] https://www.cloudflare.com/tld-policies/
Edit: Apparently overlooked the beneficiary part. Not a fan of mandatory donations but at least the numbers sort of add up now.
Setting up the peering replication and nameservers around the world is considerably harder, but it's definitely not a $10 billion+ problem (the current value of registrars and certificate authorities.) A startup funded by YC could handle that easily.
Dealing with all the companies trying to sue you over others squatting their domains and having to decide who has the better claim would be the most expensive part.
I really hate to say it because it's so cliche and overused, but a blockchain-like system could remove the central authority, the server costs, and the lawsuit risks. But it would introduce concerns over trust, most likely.
The really hard, unsolvable part is the unwillingness of the browser vendors to support an alternative domain name system. If Chrome, Firefox, and Safari all supported a new TLD outside of ICANN's control as a public service (let's call it "Let's Resolve" which would offer free domains and would be funded through donations), it would be very successful. If even one of them didn't support it, nobody would ever consider using it for their websites. Browser extensions, even if they allowed access to intercept domain name lookups, would not work. It would have to be supported out of the box in every major browser, and well, good luck with that. Anything failing to herd those three cats right out of the starting gate is absolutely dead on arrival.
Who knows though, maybe they'll raise .org prices just a bit too much, and piss off an established non-profit enough to start a huge campaign to create an alternative. But probably not.
https://www.namecoin.org/
Not sure I understand your proposal. Say every single browser in the world supports Let's Resolve. byuu.org is registered with ICANN; but someone now wants to register byuu.org with Let's Resolve. Do you let them? What about the other way round? And what if someone attempts to register byuu.org with ICANN, while another attempts to register byuu.org with Let's Resolve at the same time, causing a race. Who wins?
Also, unique, meaningful and memorable identifiers are a scarce resource. Offering free domains just open up the floodgate of squatting and hoarding (at unprecedented ease).
Edit: Parent suggested a new TLD; I read it as a whole alternative system. Well, the new TLD idea was already implemented as .bit AFAIK, and it's pretty crap.
http: and https: use ICANN, httplr: and httplrs: use LR
If not specified, browser tries LR first, then falls back on ICANN.
Doesn't feel as solid to me, but they could also register a placeholder TLD that would be use for redirecting requests to LR, or the other way around:
google.com.lrns would tell the browser to resolve google.com in the LR root (hardcoded), or google.com.icann would tell the browser to resolve google.com in the ICANN root. When falling back from one to the other, the browser would display the hostname with the fallback TLD on it.
Just some ideas off the top of my head, I haven't fully considered the implications yet.
I think it could be better to just accept that unique global names are not a great idea, and start identifying parties by certificates rather than name. Various chain of trust & reputation type arrangements can be used to ensure people won't confuse Their Bank (certificate issued by/for Their Bank) for Their Bank (certificate issued by & for scammer in Ukraine). Legit entities will have every reason to include information that minimizes likelihood of confusion.
Come on, I can have more than one James Smith in my phone's contact book too.. let's stop fighting over names.
The problem of course is that as you said, you still need authorities or a chain of authorities to tell you which one is the genuine Debian and which ones are trying to shove malware onto your machines. Today we go to debian.org, see the valid TLS cert, and assuming there’s no fraudulent issuance of debian.org cert and no attacker injected their cert into our device CA store, we can be reasonably sure the PGP key listed there is genuine.
You only need to look at .onion to see how well the keys without authorities idea turned out.
For example, I'll be happy to add and pin my government's authority for the services that they control. I'll be happy to add a group of FLOSS hobbyists issuing certs for open source projects, as long as they are transparent and can demonstrate that they have a handle on security. In both cases, there must be some way to limit the scope of their authority, and ideally do things like pinning the authority so that one can't sneakily take over the other in an attack that results from e.g. misconfigured scope.
I think establishing identity is something that we should learn to do. When John Smith gives me his phone number, I'm probably looking at his face and I know which John it is that is giving me their number. I should also be able to go to my bank and get their cert when I sign up for an account & credit card. I'd like to have additional confirmation of their identity (-> reputation) e.g. from my government, but I don't know if I want them to be automatically trusted just because there happens to be a chain that checks out.
If I'm looking at some entity that I cannot meet in person, I should be able to see who have vouched for their cert and make a judgement based on that.
Kinda like PGP I guess, at a larger scale and with better infrastructure (geek signing parties and wide open keyservers are not good enough). The system does not need to be centralized.
It should be possible to have certs signed by multiple parties, to help establish trust without having everyone agree on a single source of trust. (At this point, I'd like to use a term that sounds smaller and less powerful than authority)
I'm not particularly happy with the model where the chain of trust in every case is established starting at some international megacorps that do who know what, and countless issuers are directly or indirectly "trusted" from the get-go until someone points out their abuse and removes their certs.
I don't know how we stop squatters, maybe a one-time registration fee would be reasonable, but that would be discriminatory as $100 would be trivial for developers in the US, and impossible for service workers in Mozambique that just want a personal website.
It's not as though .com/.net/.org (and heck, even a lot of the new gTLDs) aren't absolutely filled to the brim with squatters already.
us.whatever: $100 mz.whatever: $0.80
I would agree with you in principle however, in which case there's an even more impossible goal: get Microsoft, Apple, Google, and every Linux/BSD distro to agree to a new OS-level alternate domain name resolver that functions out of the box. And also stop Google and Mozilla from rolling out browser-level DoH.
Then it wouldn't need to be done by any browsers... if the DNS-over-HTTPS end point provider does the additional name resolution, it should "just work".
I see what you’re saying in theory, but it can’t be cloudflare or a private company or else it’s more of the same.
Browsers should respect the OS instead of trying to circumvent it.
Lastly, DNS is properly decentralized out of the box. I don't get that some people who argue for a decentralized internet also argue for DoH.
DNS is also not decentralized. It's centralised on ICANN and whatever company owns your TLD which is why this thread is here.
Someone tell the guys pushing DNS over HTTPS that.
See DNS Wars, Episode 6: "Resolverless DNS":
* https://blog.apnic.net/2019/11/04/dns-wars/
* https://www.ietf.org/mailman/listinfo/Resolverless-dns
('Amusingly' I cannot view the mailman page because Cloudflare DDoS protection is blocking me. The same CF that is doing DoH for Mozilla.)
Fully automated system will only care about keys and cannot hand apple.com over from Apple Inc to Tim Apple because of his name.
Not if the owner lost all proof of ownership, which is the assumption your argument is based on.
You don't walk into a court and have the judge say "what you don't have the receipt?! case dismissed!!" -- the judge isn't a parking meter.
Browsing adoption is tricky, but people can point their DNS to Handshake resolvers pretty easily — it’s equivalent to switching to ‘S 1.1.1.1 service which many people already do.
The blockchain idea could work. There is a coin called namecoin which attempts to do this. I think on end user devices we should still use DNS so you don't have to store a 1tb blockchain on your device but the blockchain could be what the DNS servers source their data from.
(2) Every major OS has has a way to plug an alternative DNS resolver (except maybe iOS), and every major browser has a control to switch off the DNS-over-https resolver. With any goodwill from the major mobile OS vendors, a new resolver could be rolled out to 99% of consumer devices or so, and work transparently.
(3) A new name resolution system should not clash with the DNS namespace. It could allow to copy established DNS domains (not parked) to the new namespace for a nominal fee.
(4) Many DNS tricks, like load-balancing, could go away. Running your own name server can become harder. The transition, should it occur, would not be fast.
Namecoin though has always been around to reserve names and in particular domain names.
The only way I can think to end the corruption is to take away the financial incentive, and AFAIK that would mean either the government runs anything that makes a profit, or to remove price completely.
Shady is putting it lightly.
I once tried to register a nice .wiki domain in order to host a wiki for myself. Those domains weren't available anywhere. I had to "request" one from the company that managed the TLD. So I emailed them and they asked me about my "plans" for the domain. Eventually they just said they'd host it on my behalf. They created a wiki on the domain I wanted, threw ads around it and told me to start contributing.
It's not really an equal playing field where anyone can buy a domain. They gatekeep not only by charging huge prices but also by simply refusing to sell the domain if they think you're not important enough.
People should start making more onion services.
https://handshake.org
A practical DNS replacement would be nice. Something not amenable to governmental or legal attacks, or straight-up corruption like this.
You might be interested in checking out https://handshake.org which is trying to create an alternative to the existing ICANN system that is resistant to censorship and seizure. The technology is really interesting and we’re building on it ourselves.
[1]https://namebase.io [2]https://handshake.org
When you remove/replace the buzzwords that sounds exactly like a CT log, which is also a Merkel tree.
This is why the US Dept of Commerce should have never given up control
That is one good way to bring corruption into light.
[0] https://en.m.wikipedia.org/wiki/Fadi_Chehad%C3%A9
That's right but the right to get rich by corruption is the most important and most appreciated unalienable entitlement of US weenies, even more important than food or shelter or life itself. After all, in a thoroughly corrupt system all of those can be bought. Only corruption itself cannot be bought if the system doesn't already have the necessary level of corruption. It is the US's holiest mission to convince the rest of the world of the fundamental importance and indispensability of our way of corruption.
How high is it ok for the PE to go on fees? Why? (Tone is to point out how arbitrary this all is, genuinely curious otherwise)
If they had all domains at the same price, price hikes would be much less of an issue.
It is rent seeking.
What could I do in person to emphasize the point?
It's interesting to compare ISOC's blog (https://www.internetsociety.org/blog/2019/11/the-internet-so...) and the followups like EFF's blog (https://www.eff.org/deeplinks/2019/11/nonprofit-community-st...) and SaveDotORG (https://savedotorg.org). They touch on a lot of similar themes of community and transparency - which, on paper, makes it sound like there's some meeting-ground.
As an outsider to the discussion, questions would be:
1. What are some specific problems facing the ".org" registration process for which capital/investment would be helpful? (Obviously, there's no perfect answer. But as an outsider, it looks like ".org" registration already works about as well as anywhere else, so one needs some examples to animate the problem.)
2. Would any of these folks care to improve their engagement/trust with each other? Talking more specifics about "Stewardship Council" and "Community Enablement Fund" might help. Or is some reason for bad blood?
3. What kind of track record does this private-equity shop have? Have they worked with other non-profit or socially-oriented endeavors? Maybe some founders/staff/customers can give some positive or negative testimonials?
I'm not really sure how to address the idea that we shouldn't attempt to understand and interpret what things happening now might mean for the future.
From the peanut gallery, it looks like the ball is in ISOC's+Ethos' court to demonstrate their good faith as stewards...
> Goldman Sachs & Co LLC. is serving as financial adviser to both the Internet Society and PIR.
https://www.bizjournals.com/washington/news/2019/11/15/resto...
> This timeline charts the most significant events in the sales scandal that erupted at Wells Fargo [in 2016]
https://www.fool.com/investing/2017/09/24/a-timeline-of-well...
> Wells Fargo(WFC)charged customers a monthly service fee to maintain a checking account that many customers assumed was free and the bank is mulling how to respond to people who feel cheated, according to the bank and sources familiar with the accounts.
https://thecapitolforum.com/wp-content/uploads/2019/09/Wells...
> Wells Fargo and an insurance company it worked with have agreed to pay $432 million to settle a class-action lawsuit brought by customers who say they were charged premiums for auto insurance they did not need.
https://www.newsobserver.com/news/business/article237666879....
IMO only fools and masochists would continue to bank with Wells Fargo.
Anyhow, Goldman Sachs have no business being anywhere near DNS or ".org" at all, at all. They're a bunch of crooks who make Monty Burns look sympathetic in comparison.
https://en.wikipedia.org/wiki/Goldman_Sachs#Controversies_an...
Whether it is this, Greece debt, 1MDB in Malaysia. Goldmans have no regard for their own reputation so we should assume anytime Goldman are advisors that the deal is a massive ripoff for which people should be going to jail. Goldmans may not have always been this way but they sure are now! They're a leading indicator of gross corruption.
I'm done with it. I don't want to partake anymore, I don't want to fight it anymore, I don't want to care anymore.
Let the Google's and Facebook's have the old Internet. I'm done with it.
The dream is over. The magic is gone for me. The old Internet is gone. Let them have the rest.
Maybe then, and only then we will rise up like a Phoenix, with a solution that cannot be stolen out from under us.
Who is "us"?
The internet is available to more people in more countries than ever before. There's more content on the internet than ever before. It's a part of every day life for nearly everyone in the world.
That's what's happening to the internet. It's no longer a corner where quirky tinkerers were the only ones who could access it.
And the promise of the internet was never to be just that.
It was meant to be a vehicle for humanity (along with all it's warts). That's what you're seeing. The rest of humanity coming on-line.
The attitude of "this isn't what it was meant to be" presumes that it was meant to be anything at all. Similar to a kid that doesn't want to share their legos with the rest of the class.
It isn't shifting towards an oligopoly unless you count things like Wikipedia as a monopoly. Which it isn't, Wikipedia is probably about as close to an ideal democracy as any human project ever attempted.
There was a project similar to Wikipedia, but for semantic data. It lasted for a little while before being swallowed up by Google and shut down[1]. Granted there are some alternatives, but after investing some time working with freebase data, I should be allowed to hold a grudge.
Google played a key role in muzzling more widespread usage of RSS[2], along with Twitter and Facebook discontinuing support for it. Similarly, jabber[3], XMPP[4].
These days it's risky to even host your own mail server, since most people you correspond with are likely to use one particular email service that may arbitrarily block messages from lesser-known mail services[5].
[0] https://en.wikipedia.org/wiki/Censorship_of_Wikipedia
[1] https://groups.google.com/forum/#!topic/freebase-discuss/WEn...
[2] https://www.fastcompany.com/3013890/reader-may-have-died-to-...
[3] https://blog.twitter.com/en_us/a/2006/use-twitter-by-instant... (couldn't easily find press of the discontinuation of this service)
[4] https://news.ycombinator.com/item?id=9266769
[5] https://www.tablix.org/~avian/blog/archives/2019/04/google_i...
Why not shake them down for those sweet donations?
Im saddened by the death of rss too, but i think its a lot to blame that soley on google. If the rss ecosystem was so weak, that shutting down a single rss client killed it, it couldn't have been long for this world anyways.
Google made it impossible for existing solutions or upstarts to compete with their free tools, then slowly killed off marketing it and supporting it. The final straw was when they killed their reader.
Google killed RSS and they are actively killing other vital parts of the Internet in favor of their tech (forcing the use of their AMP tech for the best spots on their search engine results is anti competitive, Their web browser Chrome has saturated the market and is also making decisions which will undermine the Internets open protocols, but literally hiding the protocol in URLs, hiding the path in URLs, thus forcing people to search more).
Google is not alone in using it's capital as a destructive force on open protocols and standards. Facebook, Amazon, and Twitter are the same way.
wikipedia has their own drama. it has contributors who shape the content into what they want the world to see instead of staying objective on certain topics. often articles on simple topics are so complex because they are written by enthusiasts and aren't trying to inform beginners or curious.
we need better!
You're being disingenuous and needlessly insulting.
We wanted to bring the freedom and egalitarianism of the early internet to everyone. Instead we got the jaded, corporate internet, but at least it's available to everyone. The GP is obviously mourning the quality, not the exclusivity.
.org is gone, use .com or .net or any of the other hundred of domains.
> .org is gone, use .com or .net or any of the other hundred of domains.
What about all the broken MX records?
Changing the domain of a site is very effective at killing a site, and a business or organisation, because all existing links to it break, emails to it break.
And if you give up the domain, it will usually get squatted quickly, so the links and emails carry on working - they just go to the squatter's site instead.
There is no way to update the majority of links to your site, if it's been around for a while. You can search for links and ask other site operaters to update, but it just doesn't happen much, and it's also extremely expensive to do when measured in time to write to thousands of site operators individually.
And when you have to change the name at the same time (because your name is squatted on other TLDs), you're effectively deleting the name recognition, literature, old podcasts, matching name you already have on Twitter, etc.
If you had a good name for a long time, chances are you will struggle to find another one like it, and even if you do, most people will think the new name is something else.
On top of that, your email is probably linked to your .org, and people aren't going to stop sending to that for years, no matter how much you tell people to via other channels. You can't know everywhere your email address and main web address are being kept by someone to use later.
And wherever there is a long-standing email domain, there are probably thousands of internet accounts that have that email as their primary or backup/recovery, which you will need to keep if you don't want to start losing access to other accounts. Updating those is very difficult unless you have been extremely diligent at keeping a database of every account you ever created. In practice, even very diligent organisations who attempt to do this don't succeed because accounts tend to be created bydifferent people.
Perhaps in extreme startup land where people start a new business from scratch every couple of years, and pay a lot in SaaS costs so hiked domain fees may sseem relatively cheap, this might not seem to matter.
But many .orgs have been around for decades, and are low budget but very well esablished.
Any many other .orgs are individuals, with email and thousands of online accounts linked to their domain.
There is no "just" to a domain name change.
Changing that would be a proper PITA, and I'd hate to have to do it just because ICANN sold out in such a transparently corrupt way.
Your tiny cool self-regulating community, will either die, be eaten by Facebook or become Facebook.
Granted, I'm holding out hope that someone surprises us with a technical solution. I just don't have high hopes there.
Ignore everyone's ring. If you aren't hosting a part of the internet you want. Why would you expect others to?
Earlier today I was trying to Google a website I found on my PC a while back. (Backing up its disk atm, and don't use Chrome sync.)
Clicked on an unrelated link, and was already in the process of reaching for the Back button when I realized I was looking at a cert failure (wrong domain in certificate). Heh. Idly curious I hit Continue... And was presented with my first
> Content Denied
> Access to this website has been disabled by an order of the Federal Court of Australia because it infringes or facilitates the infringement of copyright.
> 1800 086 346 for information.
https://i.imgur.com/fwXRlTN.png
After recovering from the shock - this sort of thing only happens in 3rd world repressive countries, right??? - I went back and tried the domain referenced in the cert.
Haha I've probably lit a billion lists up like Christmas trees now... I got this: https://i.imgur.com/w37jfFt.png
Here's the cert error, for reference: https://i.imgur.com/dZmEcnd.png
I have no idea what the second site was.
I’ve never heard of anyone get arrested for low level piracy here, so I wouldn’t be all that concerned with requests that hit the piracy filters.
Domains registrars?
The fact that data caps ever gained traction doesn't reflect well on the old timers ability to explain and protect the true value of their creations for the wider public.
Which is weird because they were obviously able to do that with cryptographic algorithms which are way more esoteric.
It's like teaching a generation of craftspeople to build all the intricate parts of a piano but never noticing nor caring that for some reason they're all selling pianos that have a single key.
There's certainly many problems with something this gargantuan, but I get very skeptical when people nostalgize and eulogize "the good old days" of anything.
I'll add, I say this with empathy to your feelings. I regularly feel a very strong nostalgia for those late nights of discovery on the Internet. But I do recognize that Internet involved a fraction of a fraction of the people using it today who are discovering and creating and sharing all kinds of stuff with greater ease than ever before.
Could you explain how you got to that conclusion?
It would be impossible for non-tech-savvy people to share things on the internet if there were no omni-present surveillance, manipulation, and centralization, because ... ?
"It's bad that X has happened!"
"But Y has happened, too, and that is good!"
Yeah, so what? Unless Y happening is predicated on X happening, that is just completely irrelevant to the discussion?
harder to use as publishing platform by who? don't you mean businesses & corporations?
people have always been fine. myspace anyone? geocities? irc? icq? aol? msn? yahoo? the list goes on... also the remarkable thing is that people just move to newer and better back then.
Unfortunately, getting to their creations is ultimately harder: eg. searches for anything will now throw you at some lame stuff on pinterest, which will attempt to lure you into signing up just to find out if they have what you are looking for.
Basically, ability to really "browse" that humongous web is now gone. And most of those creations never reach their intended audience.
If you feel like you got a bone yo pick with a current state of internet, post about a technology that addresses the problem so that people can become aware of it. And save the virtue signaling for reddit/facebook.
https://www.ssllabs.com/ssltest/analyze.html?d=savedotorg.or...
"This site is blocked due to a security threat that was discovered by the Cisco Umbrella security researchers."
But seriously I don’t see what’s wrong with this sale. There are no restrictions on who can use a .org domain anyways, and the only people price increases really affect are domain squatters (real organizations can afford 10x the current price without batting an eye). I don’t see what’s wrong with this sale