ICANN Annual Report – Privacy & Proxy Services Under Spotlight

ICANN has released its 2009 Annual Report over the Christmas / New Years period (just when nobody was looking).

Here is one very interesting paragraph on private registrations. “ICANN has obtained preliminary results of its study of domain names, registered among the top five gTLDs, which appear to have been registered using a privacy or proxy service. ICANN published preliminary findings on its website (that 15-25% of these domain name registrations used these services) and will seek validation of the study’s findings with the registrars of record for those domain names.“  Of course, some would call that an invasion of privacy. The results will make an interesting read….

Overall, the 2009 report is a goldmine of breach notices, consumer complaints, terminations and non-renewals – far too many to list here. If need some humorous bedtime reading you can download it directly.

Chrome Hijacks 404’s & Discloses Info To Google

A picture tells a thousand words. Lets look at what happens when Google Chrome visits a web page that does not exist:

What Are The Issues?

1. Revenue from 404 pages down. Although that depends on if you park or develop yourself.

2. Look what happens when its http://www.secure-domain-blah.com/user.php?user=john&session=12345678. Google is now in possession of my User ID and session details.

I tried it out on a non existent test script on Domainer Income. For those technical people, this is what it looked like when I ran a packet sniffer over it:

—

66.249.89.100    HTTP    GET /tbproxy/lh/fixurl?hl=en-US&sd=com.au&url=http%3A%2F%2Fwww.domainerincome.com%2Ftest.php%26id%3Djohn%26session%3D123&sourceid=chrome&error=http404 HTTP/1.1

—

Yep, its sending it to Google alright. So that got me thinking…. what if this script just blindly accepts stuff like…. the Google home page not existing for instance ? I think I’ll leave that one for the kiddies.

3. Did I just consent for this confidential information to be analyzed by Google? Did you notice how it tried to split up the domain name into words for the search box?

Matt Cuts has stated on his blog that “I believe if Google Chrome sees a very short, stock 404 page (less than 512 bytes), it talks to Google in order to try to suggest other possible pages and options.” Interesting choice of words…. I believe….

Although there has been some healthy paranoia around the licensing agreement, I believe that your:

• Google Account: Knows your personal information.
• Google Mail: Analyzes email you send, and email sent to you.
• Maps: Knows where you are – even on your mobile phone.
• Search: Knows what you are looking for.
• Adsense: Knows what you click on = interested in.
• Analytics: Knows what sites you visit.
• Checkout: Knows what you buy and who you buy it from.

Can I make it any clearer than that?

When you put it all together, this is far worse than Microsoft back in the 90’s. What do you think?

Police Arrest Domain Name Blackmailer In Vietnam

Police in Ho Chi Minh City in Vietnam have arrested 24 year old, Huynh Chi Hieu for “domain name blackmailing”. Its been reported that the man was caught at a construction company, receiving VND30 million (US$1,860).

In Feb, the man allegedly called the website manager for the Lotus Steel Sheet Company (LSSC), and told them that he had their domain name for sale at $2,500. The company had a different domain name and subsequently didn’t pay the money.

In early May, Hieu allegedly posted damaging information on a fake website he had created and asked for VND50 million ($3,090). The company agreed to the deal and secretly contacted police.

Canada Hits 1M Domains and Adds Whois Privacy Law

CIRA, (Canada Internet Registration Authority) will institute new privacy policies on June 10 to protect whois data for .ca domains.

Of course, that doesn’t protect existing .ca domain name holders, as their whois information could be anywhere! However, its been reported that changes made to whois data after June 10, won’t be publicly available.

Is the start of the end for the good old whois database? What will the police do to track down Internet criminals and phishing websites? Will other countries follow in Canadas footsteps? Is CIRA leaning too far towards the privacy advocates? Will the additional privacy attract criminals wanting to hide their identity?