Saturday, May 20, 2000
5/20/2000 5:41:49 PM
Friday, May 19, 2000
5/19/2000 8:40:16 PM
ICANN unilaterally invoicing ccTLDs.
Long-simmering tension between ICANN and the historical regime of
country-code top-level domains is beginning to boil. Last week TBTF's
man on the ccTLD front, Irregular Ant Brooks <ant at hivemind dot
net>, sent this note from Fay Howard of
CENTR, the Council of European
National Top-Level Domain Registries.
Last year Willie Black of Nominet UK circulated a report to the
ccTLD list on the outcome of the ICANN Task Force on Funding for the
year 1999-2000. This envisaged the ccTLD community as a whole
providing some 35% of the income budget of ICANN amounting to
$1.49M. He also suggested a possible self-select banding structure
where the larger ccTLDs would pay more and this included a small
"starter" band of $1. We all strongly rejected the idea of any link
between payments and the number of Domains Registered.
In addition, ICANN staff were present at a CENTR General Assembly
meeting in December 1999 at which several of the CENTR members
agreed to make one-off donations pending ICANN's clarification of
the services they would be providing in return for the funding.
You will now have seen that ICANN have issued invoices to all ccTLDs
based on a Domain Name tax model. This situation was discussed by
the CENTR Executive Committee who have recommended to the CENTR
members that the ICANN model and associated invoice be rejected.
They re-iterated that the voluntary banding model be the basis for
donations to ICANN for the year 1999/2000 and will be progressing
the details at their meeting in June.
CENTR Excom strongly urges all ccTLDs to reject the Domain Name tax
model and not to respond to the invoices received. Acceptance could
prejudice your rights in the future.
Now Brooks writes live from the RIPE conference in Budapest with this
paraphrase of the comments of ICANN CEO Mike Roberts on the issue:
In most jurisdictions, only properly constituted government bodies
can implement a tax -- ICANN is not such a body, so the ccTLD fees
are not a tax. If the fees proposed by ICANN's staff are not a tax,
what are they?
There are a number of possible ways of allocating the fees agreed by
the funding task force amongst the ccTLDs. ICANN wants the ccTLD
community to decide how best to do this, but after waiting for six
months for a proposal from the ccTLD community, ICANN staff felt
that they had to proceed with some sort of funding model.
ICANN decided to use the same model recommended by and implemented
for the gTLDs, but this model may not be appropriate for the ccTLD
community. ICANN is open to counter-proposals from the ccTLD
community for a better way of allocating the funds.
5/19/2000 5:33:53 PM
Real / NetZip "Download Demon" is spyware.
The current number of the
Privacy Forum contains the unwelcome intelligence that RealNetworks,
despite all its past
privacy woes, has plunged
into the spyware
racket. Real bought NetZip (when did that happen?), and now a NetZip utility
called Download Demon silently rides along with Real Media downloads.
Lauren Weinstein reports that Download Demon, virus-like, quietly installs
itself when you install whatever Real software you thought you were buying
into, and makes itself the default FTP agent invoked by your browser.
Download Demon then proceeds to report back to home base the name and URL of
every file you transfer. All "anonymously," of course.
It turns out that Download Demon has a
subject to change without notice, of course -- though you would ordinarily
have no reason to go looking for it.
Here's Weinstein's take on this cavalier attitude towards user privacy:
The "trust us, it's anonymous, you have nothing to be concerned
about" philosophy expounded in so many complex commercial
privacy policies might satisfy Alfred E. Neuman ("What, me
worry?") of "Mad Magazine" fame, but seems increasingly
inadequate for the rest of us.
I've had it with Real. In my experience, with every release their products
get more bloated and intrusive and more likely to freeze up or crash my
machine. Perhaps their increasing reliance on sleazy, privacy-abusing
marketing tactics is the company's desperate reaction to getting Netscaped
by Microsoft. I wish they would just gracefully admit defeat and go sell
themselves to America Online.
Wednesday, May 17, 2000
5/17/2000 4:11:30 PM
Monday, May 15, 2000
5/15/2000 2:09:52 PM
Bughunters been busy.
Bennett Haselton is on a roll. Here are four security or privacy bugs he has found
and publicized over the last 9 days. For the final bug, MSIE's "open Cookie Jar,"
Haselton worked with Jamie McCarthy.
- Fri, 5 May 2000
A security hole in Internet Explorer 4.x and 5.x that lets a
malicious Web site steal passwords, email addresses, browsing
history, real names of visitors, and other information simply
by loading a Web site into a user's browser
- Tue, 9 May 2000
Fake Mail Form Security Hole
A method for intercepting passwords used at free Web-based
email services including Yahoo Mail, USA.net, and MailExcite
- Wed, 10 May 2000
A backdoor in HotMail that lets you break in to any HotMail
account, by sending the person an email with an HTML file
attached to the message
- Thu, 11 May 2000
Open Cookie Jar
A way for a Web site to read all cookies stored by Internet
Explorer -- including cookies that were never intended to be
visible to a third-party Web page.