I recently blogged about two reports related to business practices of web-related companies. One of those companies, Directi, was the direct target of the KnujOn report and was mentioned in Jart Armin's report, as well. I blogged about Directi's response to the KnujOn report last week.
This week, Directi, KnujOn, and HostExploit (Jart's company) released a joint statement:
In light of recent developments, Jart Armin of HostExploit.com, Bhavin Turakhia, CEO of Directi and Garth Bruen of Knujon have had an open dialogue and mutually agreed to release this joint statement as an accurate representation of facts, clearing any previous misconceptions and reaffirming their common goal to combat abuse on the Internet.
You can read the statement for the specifics, but I want to applaud the public commitment by all three parties to working together to fight badware. So far, Jart tells us that they have removed thousands of badware and spam domains. It will be interesting to see how this plays out and, in particular, how Garth, Jart, and other members of the security community evaluate Directi's follow-through.
Also this week, both Directi and EstDomains (which was mentioned prominently in Jart's report) contacted us to request that we send any data about domains registered through their respective services to them so they can take appropriate action. We don't currently analyze registrars, though we hope to sometime soon, and we will, of course, make the data available to the registrars to the extent practicable if/when we have such data.
All of this activity raises an interesting (and long-standing) question about the role of domain registrars in policing content of sites. Should a domain registrar be expected to deactivate a domain that is known to be associated with badware? If so, who is the authority that decides which sites should be taken down? How is the process kept transparent? How are errors corrected? What about legitimate sites that have been infected without the owner's knowledge (like many of those that are in our Clearinghouse?) What about sites that are potentially "bad" in other ways, like violating local laws, perpetuating defamation, or trafficking in child pornography? Let us know what you think in the comments.