ICANN Finds No Wrong Doing in Domain Front Running

eldavojohn writes "Remember the investigation ICANN did in domain name front running? Well, it turns out that there was no wrong doing going on at all. What went wrong? Domain name 'tasting', which involves a free five day trial of a domain name, was the big culprit. From the article: 'In some cases ... the committee found that a separate practice of domain name tasting may be causing problems. That refers to someone testing the financial viability of a name for up to five days and then returning it for a full refund, using a loophole in registration policies. Domain tasting can tie up millions of Internet addresses, including ones someone checks but does not buy.' If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play."

Nice.

[Creepy+Crawler]

Predatory domain name "Owner" finds no wrong with predatory practices.

Captain Obvious to the rescue!

I guess it's high time to support truly free DNSes, rather than the corporates. All they do is scam and then hide.

Re:Nice.

[gujo-odori]

No kidding. Besides being in IT, I also hold a real estate license, and if I were to do - or even attempt to do - the equivalent of front-running, I would be at risk of discpline from the real estate commissioner's office and the board of realtors, possibly up to losing my license, as well as wide open for a lawsuit (real estate is a more litigious business than even the patent industry).

An example: I'm acting as your agent, or you are considering retaining me as your agent. There's a property you're interested in that appears to be a great deal. You tell me about it and ask my opinion. I tell you I'll check it out and get back to you by tomorrow. Recognizing that it is indeed a great deal, that evening I put in an offer to buy the property myself and leave you out in the cold.

That is both unethical and illegal, and is essentially the same thing that NetSol or any other registrar does when they practice front-running (they're in the position of being your agent, or prospective agent). It's hard to see how ICANN sees nothing wrong with that. True, it may not be illegal or against ICANN's rules, but it certainly ought to be.

Re:Nice.

[IdeaMan]

It's not quite the way you describe.
It's like you go place a reservation on the property in your name in order to prevent some third party from getting buying it before your client does. However, by doing this you also prevent your client from using another agent to buy the property.

I'm describing the Network Solutions tactic, not anyone else. Were you saying that NS will refuse to sell it to you while they squat on it or take it over as their own? I hadn't heard of any cases of them doing that.

I still think their practice is at best highly questionable, and most likely predatory, but just wanted to make sure that their practice was being accurately represented.

Re:Nice.

[Thought1]

In either case, the proposed change to ICANN policy would stop even NS's practice, because they'd be charged the $0.20 fee for every domain name they did that with, which would add up to expensive really fast. They've stated that they would stop the practice if the ICANN implements the "no registration fee refund" policy, though their claimed reasons are that their users would be less at risk.

Re:Nice.

[suso]

This is one reason I created saferdomainsearch.com. It uses direct DNS lookups against the root name servers. No logging is done of what you search for.

Re:Nice.

[canUbeleiveIT]

Okay, so I'm a dumbass. I tried it without the "www" and it worked fine. My apologies for my error and my thanks for your selfless actions.

Re:Nice.

[kimba]

1. You can not query the root name servers to identify the availability of domains like "google.com". The root name servers are only authoritative for top-level domains. You would need to query the authorities for .com, for example.

2. Domain registration != Domain availability in the DNS. It is entirely possible to register a domain and not be able to query it in the DNS. You can only use WHOIS to verify it.

Yeah, but how exactly are they "seeing" this?

[transporter_ii]

If I go to register a domain host and see if a name is available, I should be the only one who can see that. Especially if you are checking on a domain register that has ssl. I could see checking on some odd web site, that was actually set up to farm domain names, but if you go to somewhere mainstream, it should be a given that nobody sees the lookup but you.

Transporter_ii

It certainly is deceptive...

[jea6]

I think the practice is certainly deceptive and should be explained by the registrant ahead of time. But I agree that the real problem is domain tasting. I don't see too much of a reason for refunds beyond, say, 12 hours. That's plenty of time to recognize a typo and correct it. The financial hit for a legitimate registration is much less than what it used to be. So, when NetSol was the only game in town and was charging $100/year for a registration, I'd probably want a refund. When it went down to $30/year but there were other players, I'd still want a refund. But for legitimate purposes (and I'm not including landing pages in that category) there is no reason that an uncorrected typo shouldn't have some consequence. The domain tasting practice is a lot worse for the community at large.

Re:It certainly is deceptive...

[techno-vampire]

Trust me, there'd still be typos. For some people, an OK button has an irresistible attraction; if they see one, they can't resist clicking on it, without looking at what they're agreeing to.

> I used to do telephone tech support for software. I quickly learned that if there's an OK button on the caller's screen, I never said OK, because the odds were that the caller would click on it. I can easily see this type of person clicking OK five, or even ten times on a typoed domain name without bothering to read the message even once. No, if you want to avoid typos, have them type the domain name twice, like many programs do with setting passwords and not continue unless they match. Yes, people can always use copy/paste to get around that, but if there's only so much you can do to protect people from their own missteaks.

Re:It certainly is deceptive...

[Viceroy+Potatohead]

Trust me, there'd still be typos. For some people, an OK button has an irresistible attraction; if they see one, they can't resist clicking on it, without looking at what they're agreeing to. I agree. And don't even get me started on "SUBMIT" buttons, I can't help myself, and click them before I've even fini

Not even "fair" here.

[khasim]

Because the people who can "see" the domains you research have access that YOU do not have.

If they were randomly guessing domains and "tasting" them, who would care?

It's when they have info that you do not have that this becomes a problem.

Re:Not even "fair" here.

[moderatorrater]

Since domain tasting actually doesn't cost them anything, there would be no harm for them to taste every possible domain, regardless of whether it's actually useful or not. That's the real problem with domain tasting. If it cost $1 every time, then at least they would have a financial incentive not to do this bullshit. As it stands now, they can get away with just about anything.

Re:Not even "fair" here.

[ciscoguy01]

' If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play."

The solution to all this is for registrars to be prohibited from selling domain names, they should only be in the business of providing their "clerical" service, registering your domain name and putting your numbers in the root nameservers.
By their buying and selling domain names themselves they have created a giant conflict of interest.
I don't say they shouldn't be able to buy and sell domains, just not while they are a registrar.

They should give up their registrar business, or only own the domain name they operate under. And no others.
Registrars have a special position, they have access and knowledge that others do not.

Like the real estate agent mentioned in the parent- he has knowledge he gains due to his position that professional ethics prohibit his using for his own gain.

Similarly registrars have knowledge that others do not, and by their using it for gain they are cheating everyone who is not in their special position. Unfortunately they have no ethics so they have no problem using their special position to screw everyone else.

It's a conflict of interest.

We need to give them ethics by prohibiting their trading in the commodity they have their special position in. Domain names.

Re:Not even "fair" here.

[a_nonamiss]

I don't think you're stupid, the issue is somewhat complex. The $0.20 charge is not for the consumer, it's for the registrant. The scripts would be written by folks like you and I, (or a million other nerds that read Slashdot) and they would be designed to generate lots and lots of noise so that the companies could stop using their positions of power to take advantage of the regular folks on the Internet.

Here is an experiment that I encourage you to try on your own: I just now, right now, made up the domain flipperjikk.com. Make up your own and follow along. Use long random strings of letters to make sure it's not an accident. I went to GoDaddy and did a search and the domain is available. Great! I then went to Network Solutions and searched for the same domain name, just to be sure. Yep, it's still available. Immediately, I went back to GoDaddy, and lo and behold, in the 15 seconds since I checked the first time, somebody else must have come up with the exact same domain name as I did, because flipperjikk.com appears to have now been registered, and is no longer available. And it cost Network Solutions nothing to register this, because they can just get a refund in 5 days if I decide not to register it. The insidious part is, odds are that domain may NEVER become available again, because once the 5-day period expires, some squatter will see it's expiring, someone's interested in it, and register it for themselves, using the same technique. Domains can sit in limbo for months going back and forth between different shell companies using this trial period. Nobody pays a dime (or two) for all this activity.

The script I mentioned could search the availability for random domains all day. djiuqeruoweit.com, agrhlreijilaer.com, wejhafkljherk,com, etc. The registrants would be overwhelmed with searches, and they would no longer be able to tell which domains people were actually interested in, and which ones were garbage. If they register all the searches using an automated script (which they clearly did with flipperjikk.com) it would cost them millions per day.

This $0.20 tax would in no way hurt you and I. It would just discourage the registrants from registering every domain that they think people might be slightly interested in, because now it costs them money.

ICANN finds many coincidences...

[jea6]

"The ICANN committee said cases suspected of front running often turned out to be coincidence, with multiple parties interested in the same names."

That, of course, is a load of horse feathers. There were countless examples of the practice being exposed by people searching for domains like NETSOLSUCKSALOT12300091.COM. Were there really many parties interested in that domain?

Re:ICANN finds many coincidences...

[Actually,+I+do+RTFA]

NETSOLSUCKSALOT12300091.COM.

Shit, you were the one who took that?

Did not examine Network Solutions

[22_9_3_11_25]

"The report, brought before the ICANN board in New Delhi on Friday, did not examine a controversial practice by domain name seller Network Solutions LLC of grabbing names that people search for on its Web site but don't immediately register."

Re:Did not examine Network Solutions

[snowlick]

People can buy domain names wherever they choose. That's the way the game operates now, it's for a reason. This practice is quite plainly anti-competitive since domain names are unique. It's nothing but a cheap attempt to lock in buyers in a way reminiscent of the "good old days".

Despite the fact that you "never kept any", you still stole the right to buy for a period of days. Can you imagine that happening with another commodity? Take lawnmowers for example:

"Can I buy a John Deere 324 here?"
"Yep. Now that you have asked, we're the ONLY place that you can buy it for the next 5 days. Oh, during that period we'll be willing to sell it to you for five times more than home depot."
"Punch in the face"

Re:Did not examine Network Solutions

[generica1]

Maybe I Googled "domain name registration" and used the "I'm feeling lucky" button but I already have another registrar in mind. Maybe my preferred, inexpensive registrant, has an excellent interface on their website but a crappy WHOIS client that's overloaded and runs slow. Conversely, maybe I really really really like the WHOIS tool that is on your site because I can select multiple TLDs, but I find NetSol's prices to be too high (which I do, not that it matters).
 
Or maybe it's because YOUR WHOIS SERVER IS ON THE PUBLIC INTERNET AND WE SHOULDN'T HAVE TO HAVE A REASON.
 
If you don't want non-customers to WHOIS on your server than make people pay for WHOIS requests, and we'll see how the free market reacts to that. You're telling me NetSol with its higher prices and HUGE legacy customer base can't compete with the cheap-o registrars to the extent that they will tie up someone's domain name in order to gain a competitive edge against .. their customers? It doesn't sound like you are a very good domain name registrar if people using your web site for WHOIS lookups is actually a serious business concern that has effected the bottom line enough to be this greedy about it.
 
Even just considering what intelligent observers who register a lot of domain names would think of a dick move like this should be enough for a large company to consider the public relations problems that come with deceiving potential customers like this.

Whew

[ShakaUVM]

Whew, I'm glad they realized there's no conflict of interest between internet registrars and internet registrars stealing domains from people who go to them to register domains.

That's a load off my chest!

Re:Whew

[amasiancrasian]

For those that don't know, Bruce Tonkin, Chair of the Generic Names Supporting Organisation (GNSO) of ICANN, holds shares in Melbourne IT, which is an ICANN-approved registrar. Hence a conflict of interest. So don't ever run a WHOIS query on a registrar you intend to buy the name from!

In Other News....

[grcumb]

"ICANN fails to find own ass with both hands."

Film at 11. If we can find it.

They didn't examine NetSol's practice

[wanted]

FTA:
"The report, brought before the ICANN board in New Delhi on Friday, did not examine a controversial practice by domain name seller Network Solutions LLC of grabbing names that people search for on its Web site but don't immediately register."

I wonder why -- that should be the hot topic of the meeting. NetSol is using another loophole in the ICANN process (after previously being responsible for wildcard *.com records scandal, then under Verisign name) and ICANN has other topics to talk about? WTF?

Wow, I just got hit by this today.

[Alonzo+Meatman]

This is kinda ironic, because I just got hit by this today. I used Network Solutions lookup tool to search for a domain - simply out of habit - and then when I went to buy the domain at my usual discount registrar, I was told that the domain name was already taken. Then I went back to Network Solutions, did the lookup, and lo and behold, it's still available! Confused, I did a whois lookup, and saw that the site was apparently registered to Network Solutions. So I called up the customer service line for NS, and I was like, "hey, do you know what's going on?" And here's the kicker - the guy tried to make it sound like NS was doing me a favor!

The logic went something like this - some "unethical third party" could be snooping on my connection, and, seeing that I was looking into a domain purchase, they could snap up the domain and then try to sell it to me at an inflated rate. Of course, if they were to buy the domain from Network Solutions, nothing would stop them. But if they tried to buy it somewhere else, good old NS has my back. Isn't that swell of them?

Fortunately, the guy was reasonable, and released the hold on the domain. He then tried to upsell me on some stupid hosting service, and I'm like, "Umm, no, I do my own development. And I'm going to buy this domain someplace that doesn't charge $30 a freakin' domain."

Easy workaround - Buy without checking first

[billstewart]

If the problem really is just domain-taster scum kiting every name they can generate that gets them ad-banners, then stopping tasters from doing that will cut way back on the problem.
On the other hand, if it really is front-running, charging for formerly-free tasting will reduce it a bit (because the front-runner will need to spend actual money, not just kited money), so you'll only get ripped off by people who think it's worth gambling the proposed 20-cent ICANN fee or maybe the whole $6 on selling you the domain name.

It's easy to work around that, though - if you think of a name you might want to use, and want to check if it's available, just buy it from your favorite registrar rather than checking; if it's already in use you'll get rejected. That's less helpful if you want to buy the .com, .net, .org, .info, .biz., .etc., but worst case is *you're* stuck having tasted a name you don't want to keep and paying the 20-cent ICANN restocking fee to return it. The .com name is the most likely to get ripped off, so if you can't find a registrar who'll do an atomic transaction, you could try just the .com or the .com and .net, and then check the others if you succeeded on the first two.

Also, of course, if front-running sticks around after there's a fee for tasting, it's much more effective to run an automated check-lots-of-names bot that costs front-runners money on gambles that always lose than if it's only costing them free kiting. (There are ways to fight back - captchas on name queries, for instance - but there are also name-grabbers who use DNS/Whois queries, and you can keep querying those without captchas, and not only do those people deserve to lose even more than registrar name-grabbers, but the DNS operator for the .com domain has proposed selling information on queries to (ahem) interested customers, and this'll discourage that.

Bullshit

[Zorque]

"If you check for availability of a website and someone sees you do it and they reserve it before you, it's fair play." The hell it is. That's the exact opposite of fair play, that's being underhanded. If someone sees you typing in your PIN and drains your bank account, is that "fair play"?

What a surprise

[bjorniac]

And vampires think that sucking blood is fair game.

What ICANN is

[rs79]

ICANN went through three stages of evolution. At first it was bunch of - by their own admission - clueless board members picked in secret by the US government, specifically Ira Magaziner, Clintons senior science advisor, and Roger Cochetti from IBM.

Next they were taken over by intellectual property attornies from multinational corporations. Once they'd had their way with internet law and policy came... ... the "domainers" and registration people. That's who goes to ICANN meetings and populate the various ICANN committees.

Is it any wonder they didn't find anything wrong with the practice they invented and make money from?

The US Government mandate ICANN operates under says they must be "open and transparent" and are not to create policy, but to determine the consensus of the Internet community and implement policy based on this. I have personally watched them chnage their bylaws retroactively to prevent the "wrong" poeple from being a part of the organizatin. I've personally watched them kick people out of meeings advertised beforehand as "open to anyone". I've personally wathced them adopt policies where only 13 out ot 1000 people agreed with the policy. I can go on for hours about things like this.

They are one of the most secretive Internet organizations to ever exist. Does anybody else remember Karl Aurbach, when elected to the board had to sue just to see the books? How many organizations do you get to be a board member off but the corporate books are kept secret from you? Why would you need to keep those books secret in the first place.

ICANN was supposed to be a "membership organization". A decade has gone by. Can you find any way to become a voting member of ICANN? Nope. Doesn't exist. You know why? They're scared they'd be voted out of office and for damn good reason.

ICANN runs on a $60M a year budget and it a beurocraic nightmare more complex than the UN in terms of its org chart. (cf. Rutkoswki's brilliant diagram of same. It does NOT fit on a regular sized piece of paper). Now keep in mind the job it does used to be done by Jon Postel as a part time task ("IANA") for $15,000. a year.

When Jon announced there would be new tlds coming ("300 at least, 75 in the first year") the intellectual property attornies made his life a living hell and he sought a legal entitiy as IANA had no legal personality and he himself did not want to assume personal legal liability for adding .web or whatever. His employer, USC/ISI would not back him up. Jon died of heart failure 3 years later.

If you think ICANN is the best and the brightest of the internet you're sadly mistaken, and if we, as the internet community cannot do better than this, then shame on us all, squared.

Scrap ICANN. Make something useful.

A good starting point would be the consensus points from the last IFWP conference - this was to have been ICANN before thart effort, and a years work to reach that consensus, was scuttled by the actors operating in the shadows who have controlled it ever since in a regime where only they benefit.

Or roll your own root. The only reason ICANN is on power is because they control the legacy root zone. If nobody used it any more, they would fade into the sunset where they belong.

If Linux computers used a different set of root servers, who cares what Microsoft and ICANN did.

Read this: http://iconia.com/before_the_dns.txt

What ICANN should do

[surmak]

The only legitimate reason for reserving a domain is to protect a buyer who is purchasing multiple, related domain names (e.g. foo.com, foo.net, and foo-xxx.com, and wants to be certain that all the domains can be obtained. If they cannot, the buyer would choose a different value.

To support this usage model without the kind of abuse we are seeing, reservation should be limited to one hour and should cost the registrar a small amount (maybe 1-20 cents) per reservation. If the customer eventually purchases the domain, the cost of the reservation will not have a ssignificant inpact on the profitability of the transaction.

A simple no refund policy will eliminate the domain kiting scams that are getting happening.

The other place where abuse can occur is when a domain expires. I would propose the following procedure to insure that nobody can lost their domain without really trying:

Once the domain expires, the DNS record is removed from the top level server. After this happens, the (former) owner will have the exclusive right to renew the domain for a period of 45 days. This renewal will be at the normal price, but will start at the expiration date, and not the renewal date. (Thus you lose the time that the DNS was disables.) The 45 days will allow the domain owner to notice that something is wrong, and should be plenty of time for a domain holder to notice their web site or email address no longer works.

After the 45 days, the domain becomes available via an auction which will last at least 15 days. The reserve price of that auction is the normal domain registration fee, with the domain's registrar receiving the proceeds of the auction (to encourage them to not game the system) The auction should have some mechanism to avoid ebay style sniping -- maybe the auction does not close until 1 full day after the last bid is received.

If the auction fails, then the domain returns to the pool, and is available on a first-come first-served as any unregistered domain is.

Slumming

[EdIII]

Unfortunately, and I have known this for years, buying a domain name involves just a little bit of slumming. It's truly a nasty business laden with unethical people extorting money out of others.

About the best you can hope for is:

1) Get a good domain name.
2) Hope that the registrar does their job to protect anybody from stealing right out from under you.

I have always recommended to my clients to have a couple of meetings beforehand and choose several names very carefully. Take their time and think it through. When they are ready to get the domain names, I have described it as being similar to sniping auctions on eBay. Be prepared to hit "click" as fast as possible.

Basically, don't be searching for a domain name. Already have an idea and be prepared to make a decision right there on the spot. That's the only way to truly stop domain tasting.

Rule of law

[Anne+Thwacks]

We have several centuries of experience of what happens when the lawmakers behave like this:

If you dont want people to support the Mafia, Jihadists, vigilanty groups and various kinds of thugs hitting people with baseball bats, drilling kneecaps with electric drills, or randomly killing and calling it "summary justice", then you have to have a better legal system. If people cant get redress for this kind of thing through the law, you can expect they will take the law in their own hands.

In short, its governments that behave like this that create third world countries.