Registrar Killing Zoho Over A Few Phishing Claims Demonstrates The Ridiculousness Of Having Registrars Police The Internet
from the this-is-not-good dept
For years, we've pointed out the dangers of the attempts to move the "policing" function up the internet stack (or down the internet stack, depending on your perspective) from the end-user internet services deeper to infrastructure players. We just recently warned about the mess that will be created by focusing on infrastructure players. Indeed, for years, we've worried about targeting domain registrars with takedown notices. There are a variety of reasons for this: first off, registrars are not at all prepared to be in the content moderation business. They just run a database. But, more importantly, their only tool to deal with these things is incredibly blunt: to effectively turn off an entire site by not allowing the URL to resolve.
And yet, there's increasing pressure for registrars to police the internet. This is mostly because of people (starting with the legacy copyright players, but others as well) over-hyping the fact that if some content/services are taken down, it just pops back up somewhere else. So, those who focus on censorship try to look further and further along the stack to see where they can block even more.
A story this week shows just how damaging this can be. Zoho is a very popular online service provider of tools for businesses. We've used Zoho a bunch at times, as they offer a really nice and fairly comprehensive suite of business apps at prices that are much more affordable than many of the larger players (while often being just as good, if not better). But earlier this week Zoho disappeared from the internet for a lot of users, after its registrar, Tierranet pulled the plug on their service, claiming it had received too many complaints of phishing attempts via Zoho. Zoho points out in response that (1) it had received a grand total of three reports from Tierranet of attempting phishing, and it had promptly removed the first two accounts and was in the process of investigating the third when all this went down, and (2) it received no warning that Tierranet was about to pull the plug on them and was given no way to reach out to the company in this emergency situation (leading the company to take to Twitter to try to get attention).
But, because Tierranet decided it needed to "police the internet" with its ridiculously blunt tool of completely removing an entire service from the internet -- despite its millions of users who rely on it for critical business services -- Zoho was put in the unenviable position of trying to explain why its entire suite of services completely disappeared. Apparently, (according to Zoho's explanation) Tierranet will automatically cut off websites after receiving three complaints -- which is astounding. It's even more astounding that a service the size of Zoho only received three such complaints. In a detailed post mortem / apology, the company says it's going to become its own registrar to avoid having anything like this happen again.
You have my assurance that nothing like this will ever happen again. We will not let our fate be determined by the automated algorithms of others. We will be a domain registrar ourselves.
But, really, every internet service out there shouldn't have to be their own registrar to avoid having someone take down their whole site for no good reason. We need to rethink this idea that someone must be policing every interaction online and that if anything bad gets through, liability and blame should flow through to everyone in the stack. It's not only a recipe for mass censorship, but for one that takes down important services by good actors.
Filed Under: domains, infrastructure, intermediary liability, phishing, points of failure, registrars
Companies: tierranet, zoho
