[gnso-rap-dt] Feedback from Ben Edelman regarding front running study

[Marika Konings <marika.konings@xxxxxxxxx>]

Dear All,

Please find below the feedback received from Ben Edelman in relation to the 
questions and comments made on the front running study. Please let me know if 
you have any additional questions or comments.

With best regards,

Marika


>From Ben Edelman:

My reply --

Thanks to all on this list for their comments on my study.

Several comments asked about the methodology by which I selected the web sites 
to be tested.  For example, Jeffrey Neuman asked which registrars were tested.  
Jeff: I didn't keep specific record of that.  Instead, I used the selection 
method described in paragraph two of my report -- choosing standard and 
reasonable search terms by which an ordinary non-specialist registrant might 
try to find a site or service on which to register a domain.  Of the 600+ sites 
I checked, most either are registrars or have some link to a registrar (e.g. a 
search box that passes traffic to a registrar, with or without compensation).  
But I did not specifically track how many of the sites were themselves 
registrars.

To the method by which I tested for front-running: I completely agree that 
front-running could run in any of various possible ways -- limited to strings 
matching certain criteria, strings checked from certain IPs or ranges of IPs, 
certain time of day, known registrant versus unknown, etc.  George Kirikos 
raised several theories of which requests might be most valuable for 
front-running -- though at the same time, we might also think that those with 
the highest-value strings would be most careful not to fall victim to 
front-running, e.g. by always checking for domain availability using a trusted 
method.  On balance I believe my methodology was appropriate -- testing a 
variety of sites, using plausible strings that make logical sense and consist 
of simple, memorable English language words.  Certainly it's possible to devise 
countless variants, but I believe my approach was a reasonable place to begin.

Finally, Roland Perry points out that while I look at possible web site front 
running, there are other methods by which front-runners might get data -- e.g., 
Roland suggests, ISPs' logs.  Also possible: software on a user's PC (e.g. 
spyware, adware, etc.).  I agree completely. However, as my report indicates, 
these are not the front running methods I looked at.  There would be some 
intereseting challenges in trying to test front-running on a large number of 
ISPs (creating a need to request nonexistent domains through a large number of 
ISPs) and in trying to test front-running on a large number of spyware/adware 
apps (creating a need to obtain a large sample of such apps, in operational 
form, and test them one by one, probably on separate virtual PCs).  These tasks 
are definitely doable, but they are beyond the scope of the work I have done so 
far.


------ End of Forwarded Message