Re: [gnso-rap-dt] Feedback from Ben Edelman regarding front running study

[George Kirikos <icann+rap@xxxxxxxx>]

Hello,

I'd appreciate having a list of the domains he attempted to register,
and the list of all sites he tested. Usually that kind of info goes
into the appendices of these studies, but there was no appendix to the
report published on ICANN's website (perhaps a more scholarly version
exists with the relevant info?).

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/

On Mon, Aug 17, 2009 at 2:42 PM, Marika Konings<marika.konings@xxxxxxxxx> wrote:
> Dear All,
>
> Please find below the feedback received from Ben Edelman in relation to the
> questions and comments made on the front running study. Please let me know
> if you have any additional questions or comments.
>
> With best regards,
>
> Marika
>
>
> From Ben Edelman:
>
> My reply --
>
> Thanks to all on this list for their comments on my study.
>
> Several comments asked about the methodology by which I selected the web
> sites to be tested.  For example, Jeffrey Neuman asked which registrars were
> tested.  Jeff: I didn't keep specific record of that.  Instead, I used the
> selection method described in paragraph two of my report -- choosing
> standard and reasonable search terms by which an ordinary non-specialist
> registrant might try to find a site or service on which to register a
> domain.  Of the 600+ sites I checked, most either are registrars or have
> some link to a registrar (e.g. a search box that passes traffic to a
> registrar, with or without compensation).  But I did not specifically track
> how many of the sites were themselves registrars.
>
> To the method by which I tested for front-running: I completely agree that
> front-running could run in any of various possible ways -- limited to
> strings matching certain criteria, strings checked from certain IPs or
> ranges of IPs, certain time of day, known registrant versus unknown, etc.
>  George Kirikos raised several theories of which requests might be most
> valuable for front-running -- though at the same time, we might also think
> that those with the highest-value strings would be most careful not to fall
> victim to front-running, e.g. by always checking for domain availability
> using a trusted method.  On balance I believe my methodology was appropriate
> -- testing a variety of sites, using plausible strings that make logical
> sense and consist of simple, memorable English language words.  Certainly
> it's possible to devise countless variants, but I believe my approach was a
> reasonable place to begin.
>
> Finally, Roland Perry points out that while I look at possible web site
> front running, there are other methods by which front-runners might get data
> -- e.g., Roland suggests, ISPs' logs.  Also possible: software on a user's
> PC (e.g. spyware, adware, etc.).  I agree completely. However, as my report
> indicates, these are not the front running methods I looked at.  There would
> be some intereseting challenges in trying to test front-running on a large
> number of ISPs (creating a need to request nonexistent domains through a
> large number of ISPs) and in trying to test front-running on a large number
> of spyware/adware apps (creating a need to obtain a large sample of such
> apps, in operational form, and test them one by one, probably on separate
> virtual PCs).  These tasks are definitely doable, but they are beyond the
> scope of the work I have done so far.
>
>
> ------ End of Forwarded Message
>