Slashdot Mirror
The Sex.Com Story Continues
wherley writes "This story at news.com tells the tale of the lucrative sex.com domain, the incompetent Verisign transfer per forged request, and the $65 million dollars in damages hanging in the breeze."
← Back to Stories (view on slashdot.org)
Just kidding. This case is out of hand.
One note though, a lot of people see nothing wrong with someone "stealing" a porn website, because they think porn is wrong, and stealing is wrong. But pornography is legal, stealing is illegal. I'm sure that this is one huge reason this case hasn't been settled yet.
Moderation: Put your hand inside the puppet head!
You know, I hope someone steals the domain for goatse.cx so it points somewhere far more harmless.
My eyes have been permanently wounded by trolls posting that link here.
Try to hack my 31337 firewall!
Keep your head up man, your page has some of the highest quality tranny-midget porn I've ever had the displeasure of seeing.
And that frontal shot of the goatse.cx guy? Genius photoshop work.
Finally, math books without any of that base 6 crap in them.
They don't scam "us", they only scam really really stupid people.
I'm an American. I love this country and the freedoms that we used to have.
Or perhaps a floodgate of lawsuits where Verisign royally screwed up and did nothing to try to rectify the situation.
There is a difference from being down for a little while, and giving someone a domain that you paid for and registered. Then saying, "ooopps...well here is your registration fee back."
Fight Spammers!
THIS is why we need a nice complex, privacy intrusive, ID System, because otherwise cuplruits can easily take your personal porn domain away!!
"This case is out of hand."
It's not like they had both hands available to hold it down.
"Derp de derp."
I'd think that they can be held liable - not for $65 mill, perhaps, but let's face it: if not for their crummy system, and for really dropping the ball as far as security and verification are concerned, this never would have happened.
I've worked in banks for years, and I know if someone comes in claiming to be Ms. Smith, then steals all of the real Ms. Smith's money/safety deposit box items/etc, the bank is held accountable for fucking up. I don't see a big difference here.
Verisign should pay a fair and equitable amount for their mistake, improve the system (if they haven't already) so it never happens again, and go on.
52 Weeks, 52 Religions with John Hummel
Once you have payed for your domain name from dotster.com, they want you to buy the NameSafe service for an extra $10 per year, to "prevent any unauthorized changes from being made to your domain." Should I need to buy insurance, or should they guarantee their product?
This is an interesting question. Is a domain name physical property?
I think that it is. The line between physical and intellectual property is very fuzzy.
At the same time, should a company be punished for responding to a letter that looked official?
I suppose that depends on it. I think that if a lucrative domain name sends a letter asking for a transfer, the domain controller should be contacted. Seeing that he apparently wasn't, I think that the company is responsible.
"Who am I" and "Why are we here" are not the problems.
The problem is when someone asks "Why are they here."
As much as I do not like Verisign, I cannot see how Verisign can be held responsible for the transfer. After all, this was a forged transfer.
I can see how they could be held responsible for negligence in correcting the matter in a non-expeditious manner....
Anyway, there is a potential for a world of hurt, especially if a DNS server is considered to be a legitimate and unerring source of information linking a domain name with owner information. The liability would be incredible, as would the potential for mega-lawsuits!
Heh, cnet, being _one of the bigest site networks on the net_ can handle a puny little slashdot effect.. They have far more horse power and visitors then slashdot.. (hard to believe i know ;-)
... so no poor cnet here.. more happy cnet for free promotion
They actualy still make some money from trafic to
(cnet is often in the top 5 of largest websites on the world.. slashdot isn't even near the top100)
It took them almost 4 weeks and 7-8 calls their CS to configure my .ms domain to point to my own DNS servers. Their CSRs are clueless drones and you absolutely, positively cannot talk to somebody higher than a CS supervisor. Normally, I would use a different registrar (domaindiscover.com is decent) but there aren't many that can do .ms domains.
For what I care, they can be slapped with the 65mil damages, that will make my day...
Just my $0.02...
If con is the opposite of pro, is Congress the opposite of progress?
How can a domain name not be property, when the registration process allows you the EXCLUSIVE use of the domain, and a fee is charged for the transaction? Sure, I can't touch it, or put it in a jar, but that does not mean it isn't mine if I paid for it - and continue to renew the domain name when it comes up for renewal.
Is this another licensing thingy, where you are not the owner of the property, just being allowed to license it from the true owner - in which case it is still owned by someone, and therefore is property, or perhaps rental of database space? What about IP rights, would those apply - again, implying the domain name is property.
I would guess there is some slippery lawyer interpertation that will be introduced, and hope someone can explain it to me...
Acts of massive stupidity are almost never covered by warranty. --me.
You're KIDDING!! Verisign? Incompetent? The hell you say! Who could possibly have guessed? Why, I've had nothing but an easy time with them, and their procedures have been nothing but pleasurable to conform to. And I have *not* abandoned them for other registrars.
-brennan
First off, most /.ers don't read the articles to begin with. Secondly, we all know that there won't be any cool pictures in that article or any other CNet article. Third, keep in mind that CNet also runs download.com which I'm sure has a million users a day, all tranferring complete applications measureable in megabytes, where as the webpage is probably only 50k or so. I doubt they even noticed the blip on the OC999999999 utilization graphs.
They don't scam "us", they only scam really really stupid people.
That's a bit unfair -- we all know people who use Verisign. Or were you talking about different scammers?
Ah, but amending their policies indicates an admission that Verisigns (ok, NetSols) policies were inadequate. If he can show that Verisign/NetSol knew (or reasonably should have known) that their policies were inadequate, then they've been irresponsible, and can be sued for damages.
So, yeah...that's a case. A reasonable one, too.
When I was much younger (and I'm 20 now.. :) I did the security for a certain porn sites, and learnt a lot about how they work.
In the end it worked out more profitable to them to just redirect their traffic to the bigger porn sites than to try to deal with the customers themselves.
For every customer you get to do the $5 trial, we would get $20!
When spamming, we would get a hit rate of around 1 in 1000 - so basically if we sent 10k emails, we would get $200.
I only dealt with the security side, and didn't work there for long btw.
Just like there are variations of Joe69@msn.com, can't they just come up with www.sex#.com?
Karma stuck at 50? Add 2-5 inches.. err.. 2-5x Karmas Count to your pen1es.. err.. Karma all naturally and private
Why did it take 5 years to get the domain name back?
It seems that if he had pursued the return of the domain early, that there would not have been 5 years to run up $65million in lost revenues.
How is this verisign's problem? Forged documents - One letter, return of domain name. I just don't understand.
Did Verisign refuse to return the name registration??
Anything you say will be held against you.
...as a certain president of the united states who shall remain nameless pointed out, '69' ain't sex.
Funny how some people regard walmart has an example of the good side of the moral equation, huh?
Finally, math books without any of that base 6 crap in them.
Net domains and real property have more in common than difference:
1. Both are fixed - only one entity may occupy a particular "parcel" at a time.
2. There is a fixed supply of each (excluding adding stupid TLDs, and Hawaii)
3. Whether you "own" either is really just a description of what you own, stored in a central database which can be verified by a third party.
4. In general, any changes you make or sites you build are just superficial - they may add or detract from the value, but the basis of the value is more dependent on the site (location, location, location). Once you relinquicsh your license/deed, the next owner may keep or remove your additions, but the space hasn't really changed.
Of course, there are exceptions, however...
Owning real estate is just ownership of a document which has the force of law allowing you limited use within a prescribed boundary. Nearly identical to a namespace.
Is it just my observation, or are there way too many stupid people in the world?
Dolkas said people who feel they've been wronged in the domain name process already have a variety of private dispute resolution remedies. "There's no hole that needs to be plugged," he said.
I may be bad with names, but I'll never forget your IP address
I still use 'em - but it's inertia responsible. I registered my first domain back when domains were free, and I've just stuck with the defaults ever since. The dollars I'd save (I do multi-year renewals) is only marginally worth the pain in the ass it would be to transfer registrars.
But if I do any new ones, they sure as heck won't be with Verisign.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Verisign lawyers are really good. They managed to convince the judge of the original case that domain names are somehow "intangible" and Verisign can not be held responsible for the very service they sell. So I can send them a letter authorising the transfer of "slashdot.org" to Mr. William Gates III and Verisign will happily comply.
Maybe it is all for a greater good. If it holds maybe other intangible goods like future contracts and stock options can be so tranfered without much fuzz. We can them start redistributing Enron executives fortunes to Enron employees, for instance...
According to MediaMetrix, CNET was #10 in July 2002 with 22 million unique visitors. OSDN's advertising claims they get 6.6 million unique visitors per month, which probably would put them in bottom half of the top 100. Slashdot probably represents more than 50% of all OSDN traffic. So if Slashdot, by itself, isn't actually in the top 100, then it *is* close to it.
Let me create an analogy for a minute. Let's say I'm some prankster, and I call up the Local Telco here (Verizon) and say I want to foward the number of IBM to my home phone instead. Now, if Verizon were as stupid as Verisign, all I'd have to do is fax them a change order on IBM stationery, and it would go through and all of IBM's business would come to my home phone. Don't you think IBM would hold the phone company responsible if it took them a long time to resolve the situation (or even let it happen in the first place!)
Point is -- Verisign still thinks it's the wild west out here on the net, and they don't provide customer service of any kind. Furthermore, they are completely incapable of providing the services they offer. Criminal negligence is prosecutable. The fact that it's easier to change IBM's domian than it is to change IBM's phone number shows the maturity of the phone company -- they've already had to deal with pranks like that for decades.
And the fact that Verisign has no provision for knowing how to deal with these situations, and furthermore doesn't follow standard business practices (such as those provided by a phone company) makes them responsible for both "letting it happen in the first place" and "dragging their heels to fix the problem once it became clear what happened".
Just my 2 cents.
If telephones are outlawed, then only outlaws will have telephones.
What are you talking about, most people don't read the articles? You have it exactly backwards. Most people I mention Slashdot to read the articles, but never post, or even look at the comments. This explains why the top story on the front page can have "0 of 1 comment" comments and already be Slashdotted - most people are just clicking on the article link.
Please subscribe to see the more insightful version of th
Oh man, I know it's a joke, but it's very close to the real thing. I work for a domain reseller/hosting company and we currently get our domains through opensrs at reseller prices. Before opensrs we were using verisign, they charged us the typical $35 a year, and they ache every time we transfer a domain. They first called us and asked us pretty please to stop transfering domains. We basically laughed at them and told them we'd transfer back as soon as they could offer a cheaper price. I mean, it's a pretty simple service. Then came the shirts. They sent us a t-shirt for most of our domains that hadn't been transfered. We got some hemp ones, ones we didn't know or care we had. I'd much rather have a verisign shirt I can jog in and thrash instead of e-xxxcentral.com or whatever russian bride domain we might have registered over the years. And then the other day I call from Verisign *VIP* services. And the person reading the script said that we were valuble to the company. I tried to get them to voicemail because my boss didn't want to talk to them.
Why is my sig more popular than my posts?
"Derp de derp."
1: Start a porn site. 2: Find some strippers. 3: Profit!!! Whatever works :) But seriously, it would seem like you would would want to outsource the credit card stuff more than anything else... or were you just trying to keep "non-paying customers" out?
I would say that VeriSign should not be held in strict liability, where everything that goes wrong is their fault. However, I do think they should be liable for negligence. They should be held up to standards the same way that banks or real estate escrow companies are.
As it is now, you have almost no recourse, and they have little incentive to perform. I had a heck of a time getting a domain moved to a new host last year. Their system wasn't working for me and there was no other way to contact them. They were ignoring faxes and they don't have a customer service phone number.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
How about the part where it took 5 years and a court order to get it back?
Getting tricked by an official letter is one thing.. turning your back and telling the guy your not going to do anything about it is quite another.
They say that "a domain name isn't tangible property."
Uh huh. Tell that to people who wind up on the wrong end of 'cybersquatter' lawsuits, like this guy.
If a domain name isn't tangible property, then doesn't this ruling somehow negate or diminish the concept of a trademark, which is also in most cases just a name?
If a big corporation can sue for alleged misuse of their name or dilution of their trademark, then I would say that a name certainly can be tangible property and that the ruling that stated it isn't is flawed as all hell. Or is this just another case of monied corporations having rights that citizens don't?
~Philly
Does anyone else find it slightly ironic that VeriSign (you know, the company that markets itself as the electronic ID validator) is now responsible for damages resulting from a forged letter? I realize it was Network Solutions at the time, but this can't be good for their image....
Then again, they could always spin it and say, "See? See why you need to pay our monopoly^W company $xxx.95 for a VeriSign-certified PGP key?"
moto411.com
Or perhaps instances when the registrar refuses to transfer a domain as requested by the owner ... grrr
You touch, indirectly, on what I see as the main point of such a concern. A ruling against a company which places itself directly in the path of communications and commerce, then can't be bothered with ethical concerns deserves a slap-down. I can imagine the words in this lawyers head as he addresses his client's concern... "Please, please don't let lightning strike me, please!" If Veri$ign wants to be in that business, let them embrace fully the responsibilities and liabilities, or get the fsck out.
A feeling of having made the same mistake before: Deja Foobar
Ah but the pesky rules of evidence won't allow for such an inference. Assuming of course that the jurisdiction in question follows the Federal Rules of Evidence (which most do). Rule 407 specifically disallows evidence of subsequent remedial measures to be used as evidence to prove negligence (reasonable person stuff blah blah), culpable conduct, etc etc. Granted you can use this sort of thing to show anything other than negligence, but if this is what his case is resting on then it won't last long since he hasn't shown they are negligent...but then again I didn't read the case so I don't know what else he was offering.
Network Solutions should have returned the domain the same day they were notified it had been hijacked. The damages are their failure to promptly fix their own mistake, not the guy who actually took it.
At Burning Man last year, a skywriting plane was hired to trace "sex.com" in smoke above the city. People were pissed! Burning Man is supposed to be totally devoid of commericialization, and the skywriter's took advantage of our inability to stop them. On the ground, they would have been mobbed, but up there, they left with only a booing crowd. Lame stunt.
"Because your sig, being "Not Funny," it is remarkably "On Topic." This is unlike your posts, which are both "Not Funny" and "Off-Topic."
Makes me glad 'funny' isn't a scientific measurement.
So what real benefit do you get for marking me as foe? Any particular reason I should care? I'm not particularly educated on the 'friend/foe' features of Slashdot.
"Derp de derp."
Let's get one thing straight here... morally Verisign is completely in the clear, and this joker hiding in Mexico is completely to blame. Verisign received a forged letter, which they acted upon. They had no intent to harm the legitimate owner.
The question is, does Verisign have any legal responsibility. Ideally, no one would ever forge a letter to Verisign (or my bank), and it wouldn't be an issue. Since it's well known that seedy elements do exist in society, organizations have some obligations to guard against fraud. So what exactly should they have to do to guard against fraud?
Of course, in the end, it will come down to a judges interpretation of existing laws, and how they apply to domain names. For the purposes of this discussion though, I'd argue that they probably did enough and should not be held liable, certainly not for anything near the full 65 million dollar amount. It sounds like this occurred early in the development of the internet, at a time when procedures and practices surrounding domain names was just being thought out. Obviously now that movies about websites are being made (fear.com), the thought of turning over a domain without contacting the owner for independent verification seems negligent. And of course, they don't do that now. If someone told you about this in 1995 though, I doubt it would have seemed nearly so clear cut.
That still leaves open the question of why it took five years to get back the domain name. If Verisign was just lazy, well, that's another story, which we don't seem to have many details on. For now, I'll assume Verisign acted reasonably here (perhaps not a good assumption based on other comments about Verisign posted here...).
In short, it's an unfortunate situation (kind of... it is sex.com after all), but Verisign shouldn't have to pay.
"There's no hole that needs to be plugged," he said.
something isn't right...
You can't take the sky from me...
I decided to test it today after reading these posts. I'm transferring a domain that expires next February to a new registrar and renewing for another year. I have a deep dark sense of forboding about it because the new registrar made it clear that Verisign might just deny the transfer and there would be nothing they could do about it. I'm keeping my fingers crossed and knocking on wood.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
While Lisa Bowmans article seems unbiased, I feel it could have given greater analysis for the sake of a few extra lines.
Usually greater analysis in the media equates to corporate spin.
> In this phase of the legal saga, which has gone on for more than six years, the appellate judges are trying to decide VeriSign's culpability in the case.
VeriSign knew it possible to spoof transfers and DID NOT verify the transfer with original owner - so why aren't they guilty of gross negligence?
Objectively, who can say they are not to blame?
Should it not have been pointed out, for those new to this story, that the case was overwhelming against VeriSign?
> However, the court also ruled Kremen cannot sue VeriSign for the transfer because a domain name isn't tangible property. Now Kremen's hoping the appellate panel will overturn that ruling.
Is intangible property worth nothing when owned by individuals - but worth a fortune when owned by corporations?
Obviously, double standards are wrong.
VeriSign had a duty of care for this property.
> Judge Alex Kozinski wondered how VeriSign's DNS database of domain names was any different from a stock certificate, which he said connects an owner with some property.
> David Dolkas, a lawyer for Gray Cary Ware & Freidenrich who's representing VeriSign, said that if the judges were asking "is the DNS database somehow representative of an ownership right, the answer is no".
> "Why not?" Kozinski replied. "Why isn't that exactly what it is?"
Nobody can deny that the DNS is representative of an ownership right (as well as pointer to web address).
The article should have highlighted that David Dolkas spun a LIE in court.
> Judge Margaret McKeown also grilled Dolkas, asking him if the company is claiming that it has no responsibility at all in the case.
> Dolka reiterated claims that VeriSign shouldn't be held liable, saying the database is simply a neutral translator between Web addresses and domain names.
The database is a neutral translator between domain and web address - but that is not germane to this central question.
It is spin - evasion - deflection.
Article certainly should have highlighted this.
VeriSign are responsible for the security and accuracy of their database.
They also have a duty to their clients - which they are evading.
Ask anybody in I.T. - the essential requirement of any system like this is for ACCURATE SECURE DATA.
> He said a ruling against his company would "create a world of hurt", opening the floodgates for all types of suits, including contract and property claims from people whose domains are down for just a short while.
It is evasion again - article should have pointed out that this is not at all what the case is about.
The case will make registrars more careful about verifying transfers of domain with the original owner.
> Wagstaffe said the whole case could have been avoided if VeriSign had simply phoned or emailed Kremen and asked him if he approved the transfer. "They do it now. They should have done it then," he said.
Exactly - what else need be said?
> At one point, the judges chastised Cohen's lawyer for his characterisation of the federal judge who ruled against his client. Mike Mayock said the judge was "sucker punched" and "blindsided" by Kremen, an assertion that didn't go over well with the judges.
> "You're really standing there telling us he's a fool?" wondered an incredulous Kozinski. "I don't think it's appropriate for you to call a district judge a sucker."
Shame - Judge Alex Kozinski showed good insight earlier.
Cohen's lawyer was telling the truth, the judge was "sucker punched" - he never said the judge was a moron.
Clever people can fool us ALL.
It is an unwise person who thinks they or others cannot be fooled.
Who here is so arrogant - they think themselves so intelligent, they cannot be fooled?
Additionally: It is my informed opinion the facts are clear - should VeriSign 'get away with it', then either the court is an ass - they ARE morons OR the court is lead by corporations - they ARE corrupt.
P.S. On the Domain Name System, Corporations steal words that belong to everybody - abridging what words you can use - violating the First Amendment.
The Corporations illegally abuse and expand their brand using domain names - above all smaller businesses who use similar words - violating Competition Law.
The authorities LIE - they know how to make trademark domains unique and totally distinctive, as the LAW requires trademarks to be. Please visit the World Intellectual Piracy Organization - not connected with United Nations WIPO.org !
Shouldn't the plaintiff pursue a civil case against
the person who forged the letter to begin with?
Seems like a criminal charge of fraud together
with civil asset forfeiture would go a lot further
than trying to sue verisign for "65 million".
-fb Everything not expressly forbidden is now mandatory.
Fuck that; mark me as foe too. I want a tonka truck!
Real IP at least has an objective existence even if it's abstract. But domain names exist only subjectively. They are a server's opinion of what address maps to a name. Another server may have a different opinion. By saying that Verisign's opinion of a name mapping is somehow "property", you state-legitimize their opinion and hold it higher than everyone else's. This is an inappropriate position in a democracy, since ICANN does not represent people.
Furthermore, real IP involves creativity. Nobody involved in this case invented the word "sex". Comparing this to a trademark dispute, is ludicrous.
In Verisign is liable in any way, it should only be in terms of defaulting on a contract with a customer, to publish a mapping. This issue should be entirely limited within that scope.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.