[clug] .com vs .org

[Scott Ferguson]

On 05/02/13 22:01, Craig Small wrote:
> On Tue, Feb 05, 2013 at 04:25:32PM +1100, Scott Ferguson wrote:
>> And you trust a registrar/reseller who doesn't follow the legal
>> requirements for registering a domain name - to manage your domain name,
>> and look after your credit card details?
> It was an org not org.au (I and others have made the difference in
> previous emails) .org is used for a lot of software projects which is
> what the domain was for.
> 
> Actually if I wanted an org.au and the registrar didn't care then,
> hypothetically I wouldn't either. I know that some might find that
> troublesome. org is cheaper anyhow.
> 

Well you kind of answered my question... (thanks).

There's no difference between the eligibility requirements for a
commercial (.com, .com.2LD, .net, .net.2LD) and a private non-profit
(.org, .org.2LD, and various others). Only the scale of non-compliance
is higher in the US (mainly by resellers for one particular AR). I don't
know if that's related to the size of the population.

Your are correct in that many domain name *resellers* (mostly
unregistered) don't care about proof. Actual accredited registrants tend
to be a lot more careful - they can't just switch product providers if
they get called out for breaking the rules, and they usually have put a
lot of money up to become accredited.

My main complaints are the lack of enforcement of policy at 1st and 2nd
levels - especially over front running and hijacking (very common), but
also over the price differences and the rental term limitations. The 2
year limit on .au domains is a massive rort - as is the base price.
ICANN is a/the problem - but I certainly don't propose the UN as a solution.

One of the biggest threats to a viable web based economy is the rampant,
unpoliceable fraud (and other "cyber" crimes) - one of the solutions to
that (IMO) is strict domain registration *and* dnssec *and* ssl
certificates *and* encryption. At present few sites use dsnssec - so ssl
certificates are meaningless, and even when domain name "renters" (you
can't buy a domain name) do check the bona fides of a renter - they
still live in the stone age (fax me photo of your business
registration!). Encryption is the only way to verify identity over the
internet - and commercialising that is counter-productive.

And so we come back to the situation where people (have to) make, um,
dumbass, assumptions about whether to trust a site based on such
unreliable indicators as the type of *LD, ssl certificates, how the site
looks, whether it's on a self serving white list authority (various
extortionist safe site lists) etc.

But back to Bob's original question. Is an .org safer than a .com (or
the 2LD equivalents)?

Yes, and, um, no...
Is a punch from the left worse than a punch from the right?
Is an elephant better than an apple?

They're not answerable questions - even with statistics on the number of
occurrences of Privacy breaches by *LD types (note I'm not even
addressing fraud and other crimes) - without incorporating *severity* of
the breaches, or scale, or the time period, any answer is meaningless -
which is probably why people cling to intuitive "guides" to
non-intuitive and complex situations (and other superstitions).

I propose instead that the critical factor for determining the
trustworthiness of a site is the number of fonts used - more than 3 is
very suss, colour of headings - red is dangerous, text alignment -
centred is high risk, and number of pages - the fewer the riskier.
Try and avoid long, single page sites, that use of more than three fonts
with red headings and centred text alignment.

Oh - and all caps, definitely a sign of criminality. Likewise a hotmail
address and the frequent use of shorthand like "lol" and "rotflmao".

(and I'm more than half serious) :)


Kind regards