RE: [gnso-rap-dt] Feedback from Ben Edelman regarding front running study

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

Dear Marika:

I have additional questions:

1) Can a list of the 200 sites Mr. Edelman tested by provided?  (The report
mentions that there were screen-captures taken during each test.)    

2) Of the tests, how many sent domain queries directly to registrars, versus
sending domain queries to a reseller, versus sending domain queries directly
to the .COM/.NET registry?  In other words: where did the various queries
go, and what party or parties saw each?  In how many tests did Mr. Edelman
directly and indirectly measure potential front-running by registrars?

3) The report says: "After each round of testing, automated systems checked
domain availability of each domain, twice per calendar day, for the next
seven days.  These checks consisted of NSLOOKUP requests, connecting
directly to authoritative names servers for the corresponding TLDs."  So,
Mr. Edelman queried the DNS to see if the names were registered.  However,
the DNS does not always tell us whether a domain has been registered -- only
the .COM/.NET registry could have answered that question authoritatively.
Why didn't Mr. Edelman query the registry?  It seems like test domains could
have been registered, but Mr. Edelman's method would have discovered them
only if the domains were associated with nameservers and therefore made it
into the zone file.  Response?

4) What department at ICANN commissioned the study?

With best wishes,
--Greg Aaron



-----Original Message-----
From: George Kirikos [mailto:icann+rap@xxxxxxxx] 
Sent: Monday, August 17, 2009 2:53 PM
To: gnso-rap-dt@xxxxxxxxx
Subject: Re: [gnso-rap-dt] Feedback from Ben Edelman regarding front running
study


Hello,

I'd appreciate having a list of the domains he attempted to register, and
the list of all sites he tested. Usually that kind of info goes into the
appendices of these studies, but there was no appendix to the report
published on ICANN's website (perhaps a more scholarly version exists with
the relevant info?).

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/

On Mon, Aug 17, 2009 at 2:42 PM, Marika Konings<marika.konings@xxxxxxxxx>
wrote:
> Dear All,
>
> Please find below the feedback received from Ben Edelman in relation 
> to the questions and comments made on the front running study. Please 
> let me know if you have any additional questions or comments.
>
> With best regards,
>
> Marika
>
>
> From Ben Edelman:
>
> My reply --
>
> Thanks to all on this list for their comments on my study.
>
> Several comments asked about the methodology by which I selected the 
> web sites to be tested.  For example, Jeffrey Neuman asked which 
> registrars were tested.  Jeff: I didn't keep specific record of that.  
> Instead, I used the selection method described in paragraph two of my 
> report -- choosing standard and reasonable search terms by which an 
> ordinary non-specialist registrant might try to find a site or service 
> on which to register a domain.  Of the 600+ sites I checked, most 
> either are registrars or have some link to a registrar (e.g. a search 
> box that passes traffic to a registrar, with or without compensation).  
> But I did not specifically track how many of the sites were themselves
registrars.
>
> To the method by which I tested for front-running: I completely agree 
> that front-running could run in any of various possible ways -- 
> limited to strings matching certain criteria, strings checked from 
> certain IPs or ranges of IPs, certain time of day, known registrant versus
unknown, etc.
>  George Kirikos raised several theories of which requests might be 
> most valuable for front-running -- though at the same time, we might 
> also think that those with the highest-value strings would be most 
> careful not to fall victim to front-running, e.g. by always checking 
> for domain availability using a trusted method.  On balance I believe 
> my methodology was appropriate
> -- testing a variety of sites, using plausible strings that make 
> logical sense and consist of simple, memorable English language words.  
> Certainly it's possible to devise countless variants, but I believe my 
> approach was a reasonable place to begin.
>
> Finally, Roland Perry points out that while I look at possible web 
> site front running, there are other methods by which front-runners 
> might get data
> -- e.g., Roland suggests, ISPs' logs.  Also possible: software on a 
> user's PC (e.g. spyware, adware, etc.).  I agree completely. However, 
> as my report indicates, these are not the front running methods I 
> looked at.  There would be some intereseting challenges in trying to 
> test front-running on a large number of ISPs (creating a need to 
> request nonexistent domains through a large number of ISPs) and in 
> trying to test front-running on a large number of spyware/adware apps 
> (creating a need to obtain a large sample of such apps, in operational 
> form, and test them one by one, probably on separate virtual PCs).  
> These tasks are definitely doable, but they are beyond the scope of the
work I have done so far.
>
>
> ------ End of Forwarded Message
>