Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns Senate intelligence committee chair Mark Warner (D-VA) is demanding to know why, in the wake of the bust-up of a massive online Russian disinformation operation, the names of six US-based domain registrars seem to keep popping up as, at best, negligent facilitators of election meddling. Warner sent letters to NameCheap, …
This post has been deleted by its author
They're just unfamiliar with how any of this works. They are unaware that a registrar just takes money and gets the customer the domain they asked for. At best, they could try to make the registrar look for trademark abuses, which were in use at least some of the time during this operation, but I have a feeling they think the registrar should be policing the content available from the domain they purchased, which is unlikely to work.
Free speech is probably not really the issue here. While I don't really want to have to obtain a license to have a domain name, some TLDs do require verification without giving anyone censorship powers. My objection to it is simply that it won't work; any number of identities can be used by organized campaigns, including stolen, corporate, unclear, and misleading ones, and even if they were honest, it wouldn't likely make any difference. I don't have a problem with what the senator wants to prevent, but his ability to do so at all is limited and his ability to do it by way of domain registrars is dubious.
So yes, the registrars are exactly the right target.
It would be entirely reasonable for the law to require a registrar to refuse to register an easily typo'd or confused version of an existing domain to an entity that doesn't own the existing domain.
Currently it's absolutely trivial to register domains with intent to mislead or defraud, and the registrar will happily take your money despite there being no legitimate reason to register "tgeregister.com"
Agreed but it falls back to the age old internet question of who pays for it. Someone is going to have to check them. Sure, they can set up some similarity score system for domains but ultimately someone is going to have to check them either at that point or when someone appeals a decision. Someone is also going to have to maintain the list. Then we have the other age old problem which is the bottom line. Registrars are going to resist blocking revenue as much as they can regardless of it's honesty or intention. Finally, how would you write a law or regulation to cover this? How do you define the businesses and individuals to be protects from name manipulation? You would have to cover everything from google to banks right down to local credit associations then any business where money changes hands. I don't think there is an easy way to fix this at all.
And how would you apply it internationally? Say the US blocks typosquatting - they can only do it for domains they administer, such as .com, .gov etc. ccTLDs like .ru or .in or .io are going to have their own laws affecting their own registrations, and some like .tv for Tuvalu make a lot of tax money out of their registrations so won't want to restrict them either.
There are a couple of problems here:
1. Which existing domains are to be checked? All of them? If not where do you draw the line and how do you explain the decision to the owner of a domain that just misses out on the relevant criteria?
2. How do you distinguish between a malicious attempt and a genuine one? e.g. I have a .org.uk domain. There's a corresponding .co.uk. Both are genuine. OK, genuineish. The key word is a place name. I live there, the other is a domain squatter outfit hoping someone will come and buy it off them for £££££. But the principle applies - what hoops would I have had to go through to prove I wasn't typosquatting theirs by registering mine?
There are two separate problems with this.
First, if you want to implement this, what are your criteria for registrations that should be refused? Is it any domain name that differs from any existing one by one letter? That will create lots of false positives. It also won't prevent one of the most common methods of impersonating a domain, sticking something on the end. Tgeregister.com might be blocked, but what about theregisteritnews.com? If you try to prevent that, then you've granted whoever gets there first rights to so many things, because if I want to have the name theregisterofsomethingelse.com, that might be completely reasonable. If you're going to require something, you have to be specific about what it is.
The second problem is that, although that was sometimes in use here, another popular tactic in propaganda campaigns is to create fake outlets and then ascribe to them membership that they don't have. For example, in the United States, radio and terrestrial television statements are identified by call signs beginning with W or K. WUSA is a Washington-based television station and has a website. WUDA is a completely valid call sign that happens not to be assigned to anything. It's also a completely valid acronym for anything else, so you can't just prevent that domain being registered. It would be easy for a propagandist to set up a website and pretend it's a television network, and unless the registrar is visiting the site to police its content, they aren't in a position to prevent it.
It would be entirely reasonable for the law to require a registrar to refuse to register an easily typo'd or confused version of an existing domain to an entity that doesn't own the existing domain.
Only in the same sense that time travel is entirely reasonable.
First, which law and which jurisdiction? Next, who defines what is "easily typo'd or confused"? That involves someone making a subjective judgement. Which introduces human error and inconsistencies. It's also unclear who "owns" a given domain name. [These are held, not owned. But let that pass.] For instance, there are at least three wealthy companies who have trademarks for Polo. Which one gets to hold polo.whatever? Maybe that changes per TLD too.
It's very difficult to prove that a bad actor is actually bad and intentionally set out mislead or defraud. The dregs of the domain name business will surely be doing that. Proving it in court to the level of securing a conviction is another story.
Nobody really (needs to) care about what's in a domain name string these days anyway. Our google overlords are unlikely to point you at some bottom-feeding typosquatter's web site. When we mis-type search terms, google knows what we meant to type and takes appropriate action.
(1) A new excuse to charge extra fees and money funneled to registrar insiders to handle the problem. Not to mention an opportunity for show favoritism among customers.
(2) Solving the same problem at each registrar - duplication of effort
(3) Rules are not uniform - what the rule for being a typosquat? How close is too close? "theregistrar.com", "theresistor.com"? (both taken and posing severe threats). The chain is only as strong as the weakest link.
First and foremost I would like to see a law passed by congress requiring opt-out-able default setting of ascii only URL in the US. That's the biggest threat right there.
Most people are not fooled. Of those that "are" they largely have a preexisting bias they want to pamper, so nothing is lost.
Aren't many registrars tending to discount the fees for the first year of registration anyway so they aren't actually making much margin?
Maybe not for .com though perhaps.
After the first year they tend to take the mick with at least 100% markup over nominet etc. fees.
Because they're cheap.
How are they supposed to police things, if I register nsmbc.com or faxnews.com I suppose it is clear what I'm trying to do. But these disinfo sites aren't trying to do stuff like that, they'll register names that aren't trying to play on legit sites so much as "sound newsy enough" that people will believe them. I mean, when one of the bigger news sites for conservatives is called drudgereport.com it isn't like there aren't an infinite variation of possible domain names they can use.
To my knowledge they aren't using the domain names to fool people, they are using the headlines to fool people. You give them a headline that plays into their existing political bias to get them to read it, then outrages them with the first few paragraphs so they'll click "share" and get the next person in line.
There are limitations on who should be able to register a .us domain. I have no idea how strictly the rules are enforced. .com was intended to be for international corporations. It quickly became a form bragging for 2 bit American companies to claim they could export to New York and Los Angeles. These days .com is for world + dog and if there are any limitations they would be for things like goggle.com or mircosoft.com. Getting stricter rules agreed and enforced for .com would be difficult. Getting good rules applied to .us would be easier than convincing North American news sites to use .us domains. The real difficulties would be getting people to notice the difference between .us and .ru and at this point, some US citizens would decide .ru increases credibility.
Once more a US politician wants to change stuff for all the wrong reasons.
Where has he been all these years when these very self same corporate registrars have been facilitating criminality? Domains that were used to scam vulnerable people. Where was his faux concern then?
He's jumping on the bandwagon of self righteous virtue signalling. Incorporating the Enemy-Du-Jour into his argument.
Don't even get me started about the propensity of the USA thinking it's the world's policeman and it can make the rules and the rest of the world has to live by them.
Unfortunately the liberal apparatchiks in the US thought that "let the market sort it out" was an excuse for negligent goverment and now they're facing down the prospect of losing their cushy gigs. That the country will decline and shirk its core values is secondary.
(No, not a Trump voter - quite the opposite in fact.)
"liberal apparatchiks"
The precise terminology is "neo-liberal apparatchiks, which in economic terms is "laissez-faire" but in socio-political aspects rates as "conservative".
Yes, it is confusing, that 'politically conservative' economics is the implementation of 'neo-liberal' monetary policy, but you can thank the damn economists for that.
There's not enough substance to this politician's soundbite, yes there is some really slack regulation in this space, but if you hammer US registrars, the miscreants will move to another area with less regulation.
Prevention, not cure is really where the focus should be, at least in the long term.
If so many individuals are that gullible to fake news, what or how do you address that glaringly obvious issue?
The tech industry and Putin are on the same team, So are about 1/3 of the world's power hungry politicians. It's an attack on humanity, and it's been going on since about 2016.
There, now it's out in the open. There are very evil people (One might even call them inhuman) at war with normal civilization and humanity. They are doing it through our own technology, because we are so dependent on it. They have a goal, it's intentional, and they have really, really twisted peoples minds! Some will never be able to be deprogrammed. There is a reason people are putting down computers, dropping off the grid, and moving into the forest.
Little stat I just dug up.
"How many domains are there?
There are around 628.5 million registered domains at the time of writing.
Of these, 43% feature generic TLDs (top-level domains), making this the largest sub-type of domain names.
Over 37% are .com domains, making this the most common domain extension.
And 21.5% are registered in the US, making this the country with the most registered domains."
So how do you spot 20 or 30 dodgy names.
Remember this is registrations, not host.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
