Of all the things which have come through to the inbox in the past 12 hours or so, from the fascinating to the banal, from the sane to the lunatic, none was more stupid and at the same time evil as a seemingly innocuous development called WAP.
Yes, WAP. If you’re not a blogger, if you have no domain, this is not for you. If you do blog, then this is a game-ender, not a game-changer. This is how evil gets in – through quite innocuous beginnings which no reasonable person could possibly oppose.
How could anyone object to visiting a site which an organization has prepared for you to go to, under coercion, for you to click on a box there within a given short time frame, on penalty of losing your blog?
What could possibly go wrong? What is the definition of phishing*? To details:
easyDNS [the site of the article writer] has met the automatic renewal requirements under our ICANN Registrar Accreditation Agreement and will thus renew into the 2013 RAA on June 23rd, 2015.
This means that as of June 23rd we will be subject to enforcing the new Whois Accuracy Program (WAP) which was enacted by ICANN earlier this year. All registrants of any domains under which easyDNS is directly accredited (.COM, .NET, .ORG .BIZ, and .INFO) will henceforth be subject to the WAP.
Before jumping off the deep end yet, it’s as well to see whom this applies to:
Key domain lifecycle points or events that trigger the WAP are:
- Registration, renewal or transfer of a domain name using a new (previously unverified) contact data.
- Modification of a domain’s Whois record to new values that are not previously verified.
- If an administrative email such as a renewal notice, or a Whois Data Reminder Policy (WDRP) bounces or is otherwise undeliverable.
In any of these case, a Whois Accuracy Program process is initialized which takes the form of sending emails to the Registrant (yes, this can mean sending this notice to the same address that bounced and started this process in the first place), requesting them to verify their Whois data
That would seem to cover most people as far as I can see. So, if an event as just mentioned occurs, then a trigger kicks off a 15 day period, during which you must be phished. If you fail to click, there goes your domain.
Nice. This is pure Ascended Masters enacting their next stage of the internet shutdown.
Penultimately, from the author:
You can thank ICANN for this policy, because if it were up to us, and you tasked us with coming up with the most idiotic, damaging, phish-friendy, disaster prone policy that accomplishes less than nothing and is utterly pointless, I question whether we would have been able to pull it off at this level. We’re simply out of our league here.
Lastly, Haiku comments:
No creep involved: it’s a downright charge … We will ignore the more obvious weaknesses e.g. domain theft & the fact that I could probably register “Google.com” in my name.
*Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
Hot on the heels of this is straight internet censorship coming to South Africa. In by the back door, as we’ve noted.