.js should be a top level domain
not only would the owner get rich off all the libraries clamoring to use it, but it would also create needless confusion and possibly cause some problems, who knows
.zip was great, but I say we need more
#TLDs
Recent searches
Search options
Administered by:
#tlds
1 post1 participant0 posts today
#TLDs
I understand the purpose of restricting cTLDs to people with connections to the respective countries... but man it would be super cool to have bry.ie
Last day of #ICANN82 Community Forum here in Seattle! Our team stays committed all day long today to answer all of your questions about how Afnic can be your trusted partner for the next gTLD round.
Beyond actively participating in key discussions this week the Afnic delegation was thrilled and immensely proud to introduce Afnic Registry Services to the community.
See you in Prague for the #ICANN83 Policy Forum!
Time is flying here in Seattle during #ICANN82 as day 5 is already unfolding! Discussions about the next round are more relevant than ever.
Let's connect on our booth floor 7 before the week wraps up!
Our team including Emilie TURBAT, Pierre Bonis, Marianne Georgelin, Benoît Ampeau and Régis Massé is committed to answer all your questions and show you how we can work together.
Afnic Registry Services has all it takes to manage a TLD for your clients : a robust infrastructure and a strong technical expertise in full compliance with the ICANN requirements.
Let's meet during the #ICANN82 in Seattle and discuss business opportunities on our booth (floor 7)!
Building the future of domain names requires strong partnerships. At Afnic Registry Services, we provide a robust, proven backend registry solution for new TLDs and ccTLDs alike.
Let's discuss how we can help you attract the right clients. Meet us this week in Seattle during #ICANN82 Community Forum, our team Emilie TURBAT, Régis Massé, Benoît Ampeau, Pierre Bonis and Marianne Georgelin is standing by on our booth (7th floor)
Day 2 at the ICANN 82 Community Forum in Seattle!
Come discover all the business opportunities Afnic Registry Services has to offer for the next ICANN round on our booth (floor 7) and meet with our fabulous team: Emilie TURBAT, Pierre Bonis, Marianne Georgelin, Régis Massé and Benoît Ampeau!
It's Day 1 at the #ICANN82 Community Forum in Seattle! Don't forget to pick up your Welcome bag today!
Read the Afnic Registry Services flyer inside and swing by our booth on floor 7.
This week make sure to meet with the members of our team: Emilie TURBAT, Pierre Bonis, Marianne Georgelin, Régis Massé and Benoît Ampeau
Via Porkbun's website, small price increases for certain (niche) TLDs coming April 1 (and no, it doesn't appear to be an April Fool's joke 
) https://porkbun.com/blog/domain-name-prices-increase-april-2025
#Business #Explorations
Do we need even more top-level domains? · The good, the bad, and the ugly of new TLDs https://ilo.im/1618io
_____
#Domains #TLDs #DNS #ICANN #Branding #Spamming #Phishing #Development #WebDev #Backend
ilo.imDoes the internet really need even more TLDs?ICANN
announced it is looking for applicants for new generic
top-level domain names (gTLDs) - but do we really need
more TLDs? Really?
»Why #Phishers Love New #TLDs Like .shop, .top and .xyz: rock-bottom #prices and no meaningful #registrationrequirements.« https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/?eicker.news #tech #media
krebsonsecurity.comWhy Phishers Love New TLDs Like .shop, .top and .xyz – Krebs on Security
Continued thread
Why, you ask?
Is it because we've filled up all existing #TLDs and ran out of space?
Or is it because consumers, widely recognized for understanding so well the intricacies of the internet, are clearly asking for more TLDs?
Or could it be because ICANN will charge applicants $227,000, and if they get even half the number of applications they did in 2012 (1,930) that adds up to a cool $220M?
Replied in thread
@spamvictim and @briankrebs : it's big tech that makes money out of this - by facilitating cybercrime.
Last week https://www.bleepingcomputer.com/news/security/fraud-network-uses-4-700-fake-shopping-sites-to-steal-credit-cards/ referred to https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers.
After a bit of research I found that Cloudflare proxies more than 1,000 fake webshops at one IPv4 address alone, all created over the last few days (source: https://www.virustotal.com/gui/ip-address/104.18.73.116/relations and https://crt.sh). In this case it's Cloudflare and Shopify who make money to begin with.
Just to name a few, abusing brands and logos:
hxxps://playmobil-sale[.]shop
hxxps://zarahome-eu[.]com
hxxps://amazstore-us[.]online
hxxps://www.asicsshoes-eu[.]top
hxxps://shopping-matel[.]com
hxxps://snowboots-ugg[.]com
hxxps://ugg-usaoutlets[.]com
hxxps://zalandostorevip[.]shop
hxxps://www.oralb-eushop[.]top
hxxps://gaborshoes-eu[.]shop
hxxps://costairlines[.]com ($500 gift cards for $199)
hxxps://wayfairblackfriday[.]com
(EclecticIQ mentioned
wayfareblackfriday[.]com in their list of IOC's)
etc.
Note that there were also approx. 6 fake Lego sites, apparently they *were* taken down by Cloudflare.
The actual websites may be hosted at Google (e.g. https://www.virustotal.com/gui/ip-address/35.244.245.121/relations, example: hxxps://wayshunz[.]shop - also a Waifair imitation) or Amazon. If the real sites are taken down, the crims just let Cloudflare point to another server.
Adding more TLDs indeed means that it's harder for internet users to distinguish between fake and authentic websites.
A domain name is hardly meaningful nowadays. Initially its purpose was to replace hard to remember IP-addresses, but by now many of them have become as hard to remember as strong passwords. Worse, phishing works because even if people look at domain names, more TLD's means that there are more ways to create lookalikes.
This is exactly what leads big tech to make more money. I would be surprised if it's not THEM pushing ICANN to add more TLD's.
Started wondering about domains along the lines of xxx.xxx, but fewest amount of x's still available is 25 (xxxxxxxxxxxxxxxxxxxxxxxxx.xxx) which is maybe too many. Funnily enough 11 and 20 x's are each considered premium domains
Mattel apologises after Wicked movie dolls mistakenly link to porn website on packaging
"Over the weekend, individuals began sharing photos online of the dolls’ packaging, which showed a link to wicked.com, instead of wickedmovie.com"
The Guardian · Mattel apologises after Wicked movie dolls mistakenly link to pornography website on packaging
If chat.com was $15M, how much for ch.at? 
At least if they can get control of open.ai by suing the owner into oblivion they might save some money on that one
https://www.theverge.com/2024/11/6/24289768/openai-chat-chatgpt-sam-altman-hubspot via @verge
The Verge · Did OpenAI just spend more than $10 million on a URL?
#UK #Anguilla #TLDs #AI #GenerativeAI #DomainSquatting #CyberSquatting: "The tropical British territory of Anguilla wasn’t known to many outside those who sought out its sun-kissed beaches. That was until the generative AI revolution. Suddenly, the island of around 16,000 people became a key broker in the future of our digital lives.
In the 1990s, it was given the domain name ending .AI. Back then, gTLDs (or generic top-level domain names) didn’t go much beyond .com, .org, or .net. The only real envisaged market for .AI domain name endings was local businesses on the island. Until ChatGPT changed everything, and the market for .AI domain names exploded.
Today, more than half a million .AI domain names are registered with Anguillan authorities, who have until now used a local firm called DataHaven.net. The domain names registered include x.ai and claude.ai but notably not open.ai, which is currently held up in a long-running dispute between an individual who claims to have invented the name and concept of OpenAI before Sam Altman unveiled it in 2015—and has a surprising amount of documentary evidence to support his case."
Fast Company · .AI domain names are the next big thing on the internet. That's great news for AnguillaThe British territory of Anguilla has made millions from a happy accident: having the .AI domain name. Now comes the challenge of scaling up.
"Once [the country code] IO is removed, the [Internet Assigned Numbers Authority] will refuse to allow any new registrations with a .io domain. It will also automatically begin the process of retiring existing ones. (There is no official count of the number of extant .io domains.)"
https://every.to/p/the-disappearance-of-an-internet-domain
via https://infosec.exchange/@jerry/113272637623967392
EDIT: See a note from @proactiveservices: https://fosstodon.org/@proactiveservices/113273992151197926
every.to · The Disappearance of an Internet DomainHow geopolitics can alter digital infrastructure
@tasket : you clearly did not (entirely) read my toots.
And I dislike that you ignore my arguments and even deliberately misquoted me, rendering this in an unfair discussion. I wrote:
« Big tech have turned certificates into something comparable to passports that only show a totally meaningless SSN (Social Security Number). »
If you continue like this, I'll ignore your subsequent toots.
Furthermore, I'm not stating that DV is worthless: it may be fine for non-critical sites or servers, provided that it is perfectly clear to visitors that the overall authentication is weak.
To reiterate: the problem is that the system is deliberately withholding very inportant information from internet users who the owner is of, for example, mcafeesafezone[.]com - and in which jurisdiction the responsible person or organization is settled.
Anonimity was deliberately increased by adding lots of meaningless or even misleading (e.g. .zip) TLD's - for the financial benefit of criminals - and primarily big tech.
BTW, the problem that I refer to is unrelated to the cryptography used by this PKI infrastructure. Even the name "Let's Encrypt" is misleading: certificates are not required for encrypted connections. Since forward secrecy is used, they have exactly one purpose: authentication.
You wrote:
« Now tell me, if I give out my fedi address "@tasket@infosec.exchance", why would the exact spelling of that address (verified with the help of CAs) not matter?? »
The exact problem is that spelling matters for 100%. If I'd get a DM from "@tasket@infosex.exchance", I could easily be fooled into believing it to be you - because I'm a human being (apart from the fact that I have no idea who "tasket" is nor where he/she/? lives).
If I attempt to read "your" DM by opening it on the actual website, I want my browser to warn me - if I've never (or too long ago, or the certificate changed since) opened that website. I want my browser to tell me, detailed, who the owner is before even downloading content - helping me to see that I made a mistake, and providing me with the option to bailout. *And* I want my browser to reveal to me how reliable the authentication of the owner by the CSP took place, and how reliable the CSP and CA are.
Although I gave plenty of examples why DV is risky (e.g. here: https://infosec.exchange/@ErikvanStraten/113125611232033225), here's another one: https://crt.sh/?id=11860140411 .
How did "chenpinji[.]xyz" obtain a certificate that was ALSO valid for "14.au.www.download.windowsupdate.com"?
Note that *this* exact example may not be as critical as it may seem, as most Microsoft updates are downloaded via http anyway, but it proves my point: if a certificate is valid for a zillion of domain names (e.g. https://crt.sh/?id=7293782180), you not only do not know who actually is responsible for a server: you don't even know for sure *which* of many servers your browser is communicating with, neither how many MitM's are on the line.
It renders the internet unnecessarily insecure, which causes lots of people and organizations to get into serious trouble.
Turning authentication into a binary "low-probability" or "no-its-not", is doomed to fail.
![Firefox on Android with the screen in landscape mode, showing the full domain name "git.git.git.git.git.petit17.clveenlandbsmtp.prokatavto32[.]ru" in the address bar (I've manually inserted '[' and ']' to prevent you from accidentally opening that domain name as a link in your browser).](https://media.mstdn.social/cache/preview_cards/images/060/694/185/original/088ef527d362c26f.jpeg "Firefox on Android with the screen in landscape mode, showing the full domain name \"git.git.git.git.git.petit17.clveenlandbsmtp.prokatavto32[.]ru\" in the address bar (I've manually inserted '[' and ']' to prevent you from accidentally opening that domain name as a link in your browser).")
Infosec ExchangeErik van Straten (@ErikvanStraten@infosec.exchange)Attached: 3 images
Firefox on Android to steal more space from the address bar.
I never use the Home button (at the left, outside of the address bar). Why is it not in the menu behind ⋮ (where "Bookmarks" is hidden)?
And now I sometimes get to see *two* addtional icons *within* the address bar.
That is, while the most relevant part (to the right, including the TLD) of overly long domain names is hidden by Firefox anyway.
I don't understand why such decisions are made.
The first two images below show a pointless domain name (probably used by a parking service for domain name washing), but you get the point.
In the third image I cannot see whether this is the real https://www.moenchengladbach.de website, or something like "moenchengladbach.de.whatever.pages.dev". This makes users of Firefox on Android more vulnerable to phishing.
See also https://infosec.exchange/@ErikvanStraten/113124204291514950 why people get phished and how to fix (not only) this problem.
Opinions?
#Firefox #Android #DomainNames #Phishing #Certificates #DV #Identification #Authentication #Impersonation #Cloudflare #AnonymousWebsites #DistinguishBetweenRealAndFake #DistinguishBetweenFakeAndReal
Afnic fully supports the implementation of a policy development process (PDP) dedicated to Latin script diacritics version of gTLDs.
Read our public comment on the ICANN website https://lnkd.in/e6qmQjw8
