You have to understand that iThreat and CleanDNS are already deeply rooted in the operations of our critical infrastructure. This demands great care and responsibility. Like, the same diligence we expect from ICANN SSAC and PTI.
The things that CleanDNS does may be essentially good, but they must remain aware of their great influence and responsibility, while continuing to take the position of individual domain registrants โlarge and smallโ into account.
Particularly if you start using broad AI for abuse handling automation for major registrars and registries and it goes wrong.
Also, remember that iThreat is a large Internet intelligence company, and that they want to further expand their intelligence footprint in the future. Founded in 1997, iThreat has assisted hundreds of clients with thousands of Internet monitoring ops and investigations, including multiple successful multinational law enforcement operations.
The more 'fully managed' abuse handling contracts they can enter into with the CleanDNS product, the more information, signals, patterns and metadata they will be able to obtain about individuals, companies and [governmental] organizations
worldwide. This may involve highly sensitive information, that will be combined with other intel sources for profiling and machine learning. Essential core functions of domain registrars and registries are completely being outsourced to this commercial, US based, third party, which will become increasingly influential by combining all the data it collects from everywhere.
A comparison with the recent global outage incident caused by CrowdStrike is not entirely valid, but there are certainly some similarities. I do want to make people aware of what can happen when companies in the cyber security industry become too influential. And that our society as a whole will become too dependent on these few influential companies, now armed with highly experimental AI mechanisms. A development that cannot easily be reversed, mainly because the CleanDNS product is marketed as a major cost saver for registrars and registries. But also because the technical knowledge on this subject will no longer be natively available at registrar/registry customers.
Given the way in which the COO of CleanDNS plans to handle Sav abuse tickets via DM here on this external forum, and that they do not even want to substantively address the essential points and concerns raised by this community
that is also deeply rooted in the same Domain and DNS ecosystem, this doesn't bode well for the antenna that is needed to carefully and compliantly meet the high standards expected of this company. Especially when it comes to handling our sensitive data securely and responsibly.
Time for
@ICA to step in. Let's start with ICA and then scale up from there.
