The most charitable explanation is that many such porn sites earn money by pageviews, they are simply intended to waylay eyeballs, even if only for a second. A more troubling explanation is that, as a considerable percentage of these sites were originally aimed at children, changing the ownership and content does not change that aimed at audience, it exploits it. While I haven't kept or can't link to more than a few of these stories, the following are typical, including the ratio of children's sites hijacked in such fashion, which seems at least 50/50 compared to sites which wouldn't be considered primarily children's sites. I doubt anywhere near half of all current sites online are intended for children, so that ratio of hijacked sites implies that this targetting of children by the porn industry isn't entirely random. |
The most recent example comes from this week's NY Times (free registration required), concerning a financial site for children that was taken over by a porn site when the name expired. And I seem to be damned to making Britney Spears references on ICANNWatch. Parents, or others, going to what had been a home schooling site, could instead apparently see her naked.
What can be done about this? Like the proir owner of the "Catylaine" site, perhaps one could complain to ICANN, except it is well known ICANN pays its message boards little attention so they can claim plausible deniability. Or perhaps one could complain to the Police, unless one is in
Flint, Michigan (or to the federal government, but not via whitehouse.com, which was not such a re-registration SFAIK, but has the similar intended effect).
In one of the most egregious examples I've heard of, the heidisearchcenter.org site for missing children, named after an 11 year old girl who was abducted and murdered in 1990, wound up as a porn site. The linked article is somewhat outdated. Within a few days of its publication, the site was back to its original function, though the homepage rather strangely uses a redirect to a Geocities site so I am not convinced without further checking that the domain name has yet been properly returned, the WHOIS is inconclusive. The Heidi article gets closest to giving an idea of the extent of this misuse (it seems to be standard operating procedure for some porn purveyors), as well as the possible intent, and lack of care.
A bit (too much) of history here. This appears to be an improvement on a previous technique, a semantic attack if you will, used by some in the online porn industry a few years ago. Some search engines were targetted by what was somewhat misleadingly called the meta-tag exploit. Many search engines allow repeated submissions of pages to be listed in their index (though with some restrictions ranging from days to months between submissions). The submissions could also come from anywhere, including various anonymous free and for-pay services, there was no check done that the submitter was the site owner, or acting on their behalf. In fact it wasn't unknown for a business to submit their competition's site more often than allowed (called spamdexing), thus getting the competitor's listing removed entirely from that search engine for apparently spamming their index. Many sites, even some belonging to large corps, are rarely submitted more than once by their owners, who are often unaware that one can resubmit so they have no reason to suspect others are doing so. The online porn industry took this loophole a step further and would simply copy another site's page, change the URL to their own, sometimes adding a line or two of redirect script that the search engines spiders ignored, and resubmit the listing. Because the content appeared identical the original listing and new listing often appeared one after the other when searching on a given term.
I had personal experience with this when doing a search for the term cheat+codes to help (?) a pre-teen neighbor with a computer game. A listing came up for the site avault.com, a games site, with an apparently identical listing immediately following. Without paying too much attention I clicked on the second link and was immediately mousetrapped and deluged with multiple pop-up porn windows, A rapid CTRL-ALT-DEL and subsequent browser shut down minimized the damage, but how many others, including children, wound up in a similar situation without knowing an easy way out? I did some research and wrote avault about this (I wasn't the only one, I did figure out they weren't to blame, others weren't so forgiving) and it was largely as a result of avault's complaints to the USG that such sites were cleaned up (avault were then negotiating to be bought out so really didn't appreciate being misused, and this was back in the free-flowing big money internet days).
Estimates at the time were as many as a million pages had been similarily hijacked, including religious sites and children's sites and, because of the nature of the exploit, most any indexed site was used as a target including otherwise normally assumed safe sites in .edu, .gov and .mil. It is impossible to imagine a million or so such submissions were done by hand, it had to have been done by automated scripts. If nothing else, the estimated billion dollar per year online porn industry can afford the best coders (and now, apparently, expiring domain names). As I recall there were a half-dozen or so people in Australia found to be responsible for at least some of this at the time and taken in by the police. I don't know if there were subsequent charges or convictions.
So much for history. Now we have a nextgen exploit that works even better and doesn't in any way appear to be against any ICANN policy, let alone illegal. By re-registering an expired name one doesn't mirror a previous search engine submission, one becomes it. And unlike the duplicate search engine technique, one also becomes the site, along with any description of it, on any other site which links to it, not just search engines. One also becomes the site that users have previously bookmarked, or that users time in their URL line, or that users send email to. Isn't this that situation M. Stuart Lynn spoke of in his anti-alternative root paper where one won't know where a given address goes? Well, this isn't an alternate root Mr. Lynn, it's yours, and it's targetting children with porn on your watch. Is it any wonder that the hammering of servers with requests for expiring names are being done by scripts? Where have we seen that before? And is it any wonder that it is sometimes difficult to re-register one's domain name? Why should a registrar re-sell you the name for a similar price when they can let it expire and then re-sell it, perhaps to the porn industry, perhaps at a markup?
This should hardly come as a surprise when ICANN Accredited Registrar register.com, using the name DiscountBin, auctions off childrenporno.com for $66. Discountbin is a register.com username (used on afternic, which it owns) for selling off names for which it wasn't originally paid. The sale has apparently gone through as that site now resolves with multiple pop-up porn windows and register.com makes more money than if it was a regular registration or re-registration, and supports childporn at the same time. Charming.
And BTW, while it seems to me of less potential damage, at least to children, it might get more of ICANN's attention (seeing as ICANN are almost entirely policy driven by the intellectual property folks). I'd like to ask why register.com is the putative owner of so many domains containing the string aol, for example, including many variations on aol and billing. Did America Online not pay their bill for these, or were they intended to be used for semantic attacks by others? Many ISP's including AOL, have been hit by the semantic attack in my previous submission on this topic, often tricking users into giving up passwords or even credit card info. As others asked, why use an obfuscated URL when you can use a real one? Indeed, get on over to afternic where they can be had for $12 to $56. If I was the first registrant, or a re-registrant of one of those names and attempted to sell it on afternic, I imagine I'd have some trouble. Interesting that register.com seems immune to the UDRP. Then again, ICANN registrars, once accredited, seem to have total immunity.
Seeing as register.com is not just auctioning names that were registered but never paid for, but they are now also auctioning off expired names, and seeing as the porn industry seems to have the most reason to register expired names, perhaps ICANN should become aware (assuming they aren't) to what extent the online porn industry, even the child porn industry, has become an ICANN source of funds. Oh well, not to worry, it seems even parents aren't above making ends meet through virtual pimping of children, though it is sad that father of the internet Vint Cerf has let his offspring fall so far from grace and into the gutter.
Given that ICANN's mandate is (apparently now) DNS security and (apparently now) the security of not going to alternate root URLs, and not the security of children to not be deluged by porn through alterated (I would say hijacked) second level domains for which ICANN has responsibility, and through its registrars which it seems entirely loath to police, no matter how loathsome their actions, perhaps this latest exploit should more properly be handled by the real government.
First time registrations in the legacy root are way down, first time registrations in the new TLDs are tepid and full of problems, re-registrations are also way down except (to some yet to be determined extent) for those taken by the porn industry. ICANN has a dirty little secret, a financial interest in the online porn industry, as they seem one of the few sources still willing and able to buy names in quantity. ICANN is not much closer to coming up with policies on expired names than they ever were, and that becomes less surprising when one sees the financial incentive to maintain the status quo. Clearly this semantic attack needs to be dealt with, and clearly it should be taken out of ICANN's hands, the sooner the better. -g