More like this

Networks

Pirate Bay domain suspended thanks to controversial verification system

File-sharing site didn't verify its Whois – and disappeared

The Pirate Bay's .org addresses have been suspended as part of a controversial verification process run by domain name overseer ICANN.

Visitors to "thepiratebay.org" are greeted with the message: "This domain name has been suspended. This domain name is pending ICANN verification and has been suspended. If you are the owner of this domain you can reactivate this domain by logging into your account."

That verification process has been in place for some time and has led to the suspension of over one million domain names, but this is perhaps the most high-profile example of a website being taken offline as a result.

Broadly, the companies that sell domains to users – called registrars – are now required to send a verification email to the domain name holders every time a new domain is registered or the domain details are modified. But in this case it's more likely that the suspension was a result of the annual validation email that registrars are obliged to send as well.

And it is this final requirement – under the revised 2013 contract that ICANN has with most of its registrars – that is causing a lot of problems.

In theory, the validation process is extremely easy: you receive an email from your registrar and simply have to click on a link to verify that the domain's registration information is true and accurate. Then you are done.

If you fail to do so however, 15 business days later there is a very real risk that your domain could be suspended. The suspension is under ICANN's control and there is little or nothing that your registrar can do about it. The problem of course is the system relies on people receiving and responding to an email.

Nice email

In Pirate Bay's case, that email address is "auto560120@hushmail.com," which belongs to Pirate Bay founder Fredrik Neij. Neij's Whois details are in fact inaccurate, as they still list his Swedish address while he currently lives in Laos. That email address is also associated with a number of other Pirate Bay domains including: piratebay.org, thepiratebay.com, piratebrowser.com, piratebaytorrents.info, anonfiles.com, piratebrowser.net, thepiratebay.pe, and thepiratebay.sx.

It's not known if Neij doesn't have access to that Hushmail account any longer, or if he hasn't checked it for a while, or he didn't bother to respond, or the verification email simply went into his spam folder and he didn't see it. But the fact that it has taken down a high-profile website will add fuel to the critics' fire.

Registrars can verify a domain through other means, such as calling the supplied telephone number, talking to the owner and then sending a formal response to ICANN providing the time, date, and call details. But in reality, very few registrars want to deal with the extra workload this would bring. It's also likely that in this case, Neij's Sweden phone number no longer works.

The whole verification process was introduced at the behest of law enforcement, which has long been frustrated with the wildly inaccurate Whois system that helps criminals to hide their identities when they register domain names.

Lies, damn lies, and statistics

As a part of agreeing to add the suspension element into their contract, registrars requested that law enforcement provide them with statistics to demonstrate that the policy was indeed helping to tackle crime. Those statistics have been notoriously difficult to get hold of however, leading to some testy exchanges at ICANN's public meetings over the past year.

Statistics produced by ICANN's compliance office show that over 80 per cent of the complaints it receives concern "whois inaccuracy."

Critics argue that having a verification process to register a domain name and so get a website up and running is very different from requiring people to respond to an email every year to keep the website up. They also question the logic of asking people to click on links in an email; most sysadmins actively warn users not to do exactly that for risk of being phished or otherwise compromised (and ICANN knows this only too well, having had its systems compromised by this very approach).

The current feeling within the registrar industry is that this domain suspension service is causing constant problems for little or no benefit. Law enforcement – particularly IP lawyers – will no doubt be secretly pleased that the process had taken down The Pirate Bay's website, however.

As to whether they will prompt them to provide statistics on the program's effectiveness, or push the registrars into revising their contract to pull it out – that remains to be seen. ®

Sponsored: The Nuts and Bolts of Ransomware in 2016