[Gnso-ppsai-pdp-wg] Carlton's closing chat question
Bob Bruen
bruen at coldrain.net
Mon Jan 20 17:47:57 UTC 2014
On Mon, 20 Jan 2014, Volker Greimann wrote:
Hi Volker,
inline, bob
> Hi Bob,
>>
>> Not sure, what to say here, because I know you know better. Spam email
>> makes up about 75% to 85% of all email traffic. That is a lot more than a
>> few bad apples.
> I am sure you agree with me, that while the volume of spam may be high, this
> is usually sent by a small percentage of registrants. Actually, spammers do
> not even need a domain, they need a botnet.
Actually I do not agree with you. There may be a small number of bad
actors, compared to all registrants, but they register millions of domain
names (yes, I can verify that).
Yes, they use botnets for sending, but they need their own sites for
landing/transaction sites, which are they ones to be shutdown.
>
> So when looking at all registrants, the number of "bad registrants" is more
> likely to be in the thousands of a percent.
Not if you count the number of domain names.
>
>> It is also true that abuse reports can be delivered at a 40,000 to 50,000
>> per day level, if ICANN and the Registrars would take them.
>
> If you want to clog up abuse channels with duplicate reports and therefore
> extend reaction times to nearly infinite, then do that. I am sure the real
> criminals will love that.
You know that, for example. KnujOn eliminates all the duplicates. That
40k-50k are real, non-duplicated sites. If your abuse channels are unable
to handle that volume, perhaps you could consider not offering bulk,
automated registrations. I am also sure, that there are places that could
you help with your problem.
>
> That said, we take and review _all_ complaints we get.
>
>> Verification would make a huge difference and this has been shown on
>> several occasions by KnujOn and others. Currently, many registrations have
>> total nonsense in the fields and do not even meet format requirements (such
>> as email format). These are almost always done by criminals (spammers,
>> etc). The same guys who want p/p.
> Convince me then (but off-list, since verification is not currently what we
> are looking at).
>
> However, please also explain then how verification will not simply lead to an
> increase of identity theft and harassment of innocents who just happen to
> have their private details abused by a criminal in order to have verifyable
> data.
This is merely speculation on your part. The current situation is that
they put nonsense in the registration forms.
>>
>> They register domains in bulk, so looking each one up to get a real set of
>> public data would put a burden on them.
>>
> Not if they automate it. There are enough online databases and if they are
> sophisticated enough to create bbotnets and online storefronts, they will
> most likely also be able to parse a database in their bulk registration
> engines...
>
> Verification to me is a red herring.
>
> Volker
>
>
>>
>>
>> On Mon, 20 Jan 2014, Volker Greimann wrote:
>>
>>> I do not believe in making all our customers pay more just to exclude a
>>> few bad apples that can also be weeded out by making
>>> an abuse report.
>>>
>>> Verification will also not help against crime, at least not as long as
>>> there are public data register like phone books or
>>> public whois as any criminal can simply duplicate verifyable data.
>>>
>>> Volker
>>>
>>>
>>> Hi James,
>>> =====================================================================
>>> As Don has just said that this discussion is premature, I will stop
>>> answering these emails, unless something
>>> happens to change that. If you wish to continue the discussion with
>>> me, please contact me off list.
>>> ==================================================================
>>>
>>> Please don't be silly. Criminal whatever. And of course they lie.
>>>
>>> If Registrars actually verified registrations, this would not be an
>>> issue.
>>>
>>> --bob
>>>
>>> On Mon, 20 Jan 2014, James M. Bladel wrote:
>>>
>>> Criminal individuals, or criminal commercial organizations?
>>>
>>> And is it your contention that criminals provide valid
>>> identification/contact details to the P/P service?
>>>
>>> Thanks‹
>>>
>>> J.
>>>
>>>
>>> On 1/20/14, 10:20 , "Bob Bruen" <bruen at coldrain.net> wrote:
>>>
>>>
>>>
>>> Hi Tim,
>>>
>>> The harm is protecting the identities of criminnals. And
>>> I consider
>>> undermining whois a harm, as well
>>>
>>> --bob
>>>
>>>
>>> On Mon, 20 Jan 2014, Tim Ruiz wrote:
>>>
>>> What are the problems commercial entities that use
>>> p/p have caused?
>>>
>>> On Jan 20, 2014, at 8:11 AM, "Bob Bruen"
>>> <bruen at coldrain.net>
>>> wrote:
>>>
>>>
>>> Hi Volker,
>>>
>>> I was merely responding to Stephanie's
>>> comments about the
>>> difficulties, not advocating a position.
>>>
>>> However, as you are aware, I do advocate
>>> barring commercial
>>> entities
>>> from using p/p, because the use has already
>>> caused harm and we
>>> should
>>> fix that. The providers created the problem
>>> in the first place,
>>> so
>>> allowing them to continue to control it
>>> simply continues the
>>> problem.
>>>
>>> The discussion of all this is the point of
>>> this group (and other
>>> groups).
>>>
>>> --bob
>>>
>>> On Mon, 20 Jan 2014, Volker Greimann
>>> wrote:
>>>
>>> I agree that it would be possible to
>>> bar commercial
>>> entities from
>>> using p/p services, however I am not
>>> sure it is the
>>> sensible thing to do. Certainly, there
>>> is abuse, but
>>> by creating a
>>> blanket prohibition, i fear more
>>> damage will be done
>>> to
>>> legitimate interests than good is done
>>> to
>>> illegitimate ones.
>>> In the end it should be up to the
>>> provider which
>>> categories of
>>> clients it accepts.
>>> Volker
>>> Am 20.01.2014 02:08, schrieb Bob
>>> Bruen:
>>>
>>> Hi Stephanie,
>>>
>>> It is entirely possible to decide
>>> to bar
>>> commercial entities,
>>> create a definition of "comercial
>>> entities" and
>>> then deal with those which appear
>>> to
>>> problematical.
>>>
>>> The fraudsters probably will not
>>> be a set up as
>>> a legitimate
>>> bussiness, but their sites can be
>>> identified as
>>> spam, malware, etc types and thus
>>> taking money,
>>> therefore a
>>> business. I am sure there are other
>>> methods to deal
>>> with problem domain names.
>>>
>>> In general, exceptions or
>>> problems should not
>>> derail a process.
>>>
>>> --bob
>>>
>>> On Sun, 19 Jan 2014, Stephanie
>>> Perrin wrote:
>>>
>>> I dont want to keep beating
>>> a dead horse
>>> here....but if
>>> there is a resounding
>>> response of "yes indeed,
>>> bar commercial
>>> entities from
>>> using P/P services", then
>>> how are you going to
>>> propose that p/p
>>> proxy service
>>> providers determine who is a
>>> commercial entity,
>>> particularly in
>>> jurisdictions which
>>> have declined to regulate
>>> the provision of goods and
>>> services over
>>> the Internet? I
>>> don't like asking
>>> questions that walk us into
>>> corners we
>>> cannot get out of.
>>> Do the fraudsters we
>>> are worried about actually
>>> apply for
>>> business numbers and
>>> articles of
>>> incorporation in the
>>> jurisdictions in
>>> which they operate?
>>> I operate in a
>>> jurisdiction where this
>>> distinction is
>>> often extremely
>>> difficult to make. THe
>>> determination would depend
>>> on the precise
>>> use being made
>>> of the domain
>>> name....which gets ICANN
>>> squarely into
>>> content analysis,
>>> and which can hardly be
>>> done for new registrations,
>>> even if t
>>> were within ICANN's
>>> remit. I am honestly
>>> not trying to be difficult,
>>> but I just
>>> have not heard a
>>> good answer to this
>>> problem.
>>> Stephanie Perrin
>>> On 2014-01-19, at 4:38 PM,
>>> Holly Raiche
>>> wrote:
>>>
>>> Jin and all
>>> I agree with Jim here (and
>>> Don earlier).
>>> The important
>>> task here is
>>> agreeing on the questions
>>> to be asked of
>>> the SO/ACs. So
>>> we need to get
>>> back to framing the
>>> questions - not
>>> answering them,
>>> however tempting that
>>> may be.
>>>
>>> So the question of whether
>>> 'commercial
>>> entities' should be
>>> barred is still
>>> a useful question to ask.
>>> The next
>>> question would be
>>> whether there are
>>> possible distinctions that
>>> should be
>>> drawn between an
>>> entity that can use
>>> the service and one that
>>> can't and, if
>>> so, where is the
>>> line drawn. I agree
>>> with the discussion on how
>>> difficult that
>>> will be because
>>> many entities
>>> that have corporate status
>>> also have
>>> reasonable grounds
>>> for wanting the
>>> protection of such a
>>> service (human
>>> rights organisations
>>> or women's refuges
>>> come to mind). But that is
>>> the sort of
>>> response we are
>>> seeking from
>>> others outside of this
>>> group - so let's
>>> not prejudge
>>> answers. Let's only
>>> frame the questions that
>>> will help us
>>> come to some
>>> sensible answers.
>>> Otherwise, we'll never get
>>> to the next
>>> steps.
>>>
>>> And my apologies for the
>>> next meeting. I
>>> have a long day
>>> ahead on
>>> Wednesday (Sydney time) and
>>> taking calls
>>> at 2.00am won't
>>> help. So Ill read
>>> the transcript and be back
>>> in a fortnight
>>> (2 weeks for
>>> those who do not use
>>> the term)
>>>
>>> Holly
>>>
>>> On 16/01/2014, at 5:39 AM,
>>> Jim Bikoff
>>> wrote:
>>>
>>> Don and all,
>>>
>>> As we suggested earlier,
>>> and discussed in
>>> the last Group
>>> teleconference, it might be
>>> helpful, as a
>>> next step, if we
>>> reached a
>>> consensus on the groups of
>>> questions
>>> before sending them
>>> out to
>>> SO/ACs and SG/Cs.
>>>
>>> This would involve two
>>> steps: First,
>>> agreeing on the name
>>> of each
>>> group; and second,
>>> streamlining the
>>> questions in each
>>> group.
>>>
>>> In the first step, we could
>>> consider
>>> alternative headings
>>> (perhaps
>>> REGISTRATION instead of
>>> MAINTENANCE).
>>>
>>> And in the second step, we
>>> could remove
>>> duplicative or
>>> vague
>>> questions.
>>>
>>> This crystallization would
>>> make the
>>> questions more
>>> approachable, and
>>> encourage better responses.
>>>
>>> I hope these ideas are
>>> helpful.
>>>
>>> Best,
>>>
>>> Jim
>>>
>>> James L. Bikoff
>>> Silverberg, Goldman &
>>> Bikoff, LLP
>>> 1101 30th Street, NW
>>> Suite 120
>>> Washington, DC 20007
>>> Tel: 202-944-3303
>>> Fax: 202-944-3306
>>> jbikoff at sgbdc.com
>>>
>>>
>>>
>>> From: Don Blumenthal
>>> <dblumenthal at pir.org>
>>> Date: January 14, 2014
>>> 11:09:23 AM EST
>>> To: PPSAI
>>> <gnso-ppsai-pdp-wg at icann.org>
>>> Subject:
>>> [Gnso-ppsai-pdp-wg] Carlton's
>>> closing chat
>>> question
>>> Carlton posted an
>>> issue that
>>> shouldn¹t wait a week:
>>>
>>> ³John came up with 4
>>> groups. Do we have a
>>> notion that
>>> others
>>> might be extracted? And
>>> where do we
>>> include/modify
>>> questions
>>> to address Stephanie's
>>> issue?"
>>>
>>> Jim had four groups and an
>>> umbrella Main
>>> category, which
>>> may be
>>> instructive in itself in
>>> guiding how we
>>> proceed
>>> organizationally.
>>> Regardless, the
>>> consensus of commenters
>>> has
>>> been that his document is a
>>> significant
>>> improvement over
>>> where
>>> we were before, and I
>>> suggest that we use
>>> it as a baseline.
>>> However, we still have work
>>> to do on it.
>>> Feel free to
>>> suggest
>>> modifications.
>>>
>>> Don
>>>
>>>
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>>
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>>
>>>
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing
>>> list
>>> Gnso-ppsai-pdp-wg at icann.org
>>>
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>>
>>>
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing
>>> list
>>> Gnso-ppsai-pdp-wg at icann.org
>>>
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>>
>>>
>>> --
>>> Dr. Robert Bruen
>>> Cold Rain Labs
>>> http://coldrain.net/bruen
>>> +1.802.579.6288
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>>
>>>
>>>
>>> --
>>> Dr. Robert Bruen
>>> Cold Rain Labs
>>> http://coldrain.net/bruen
>>> +1.802.579.6288
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>>>
>>>
>>>
>>
>
>
--
Dr. Robert Bruen
Cold Rain Labs
http://coldrain.net/bruen
+1.802.579.6288
More information about the Gnso-ppsai-pdp-wg
mailing list