Australian business owners urged to shorten web addresses to avoid cybercrime attack ABC News Sat 17 Sep 2022 https://www.abc.net.au/news/2022-09-17/new-domain-names-available-to-cut-cyber-crime/101446682
The venality of auDA in creating the .au domain is underlined by the follow-on actions of the Small Business Ombudsman: > ... businesses need to take action now to avoid their internet identities potentially being sold to someone else ... > "If you don't get control of the .au version of your domain name, a cybercriminal masquerading as you could try to reach your customers." There's also very belated recognition by the Australian Cyber Security Centre (ACSC) of how stupid an idea this is and always was: > [ACSC] also warned the new domain option provided another opportunity for cybercriminals to commit fraudulent activity like business email compromise, a specific type of phishing attack to trick people. Another indicator is the encouragement to cyber-squat: > The best thing for people to do is buy the .au website and sit on it for a year. ... If after a year it all fizzles out, then you can choose whether you need it or not". That's after every domain-owner in the country has had the time, effort and attention of its executives and managers, or of the sole-trader themselves, or of volunteer-committee-members, wasted on working out what this is all about, what it means, and what to do about it. Instead of performing its functions, auDA has converted itself into an exploiter of its monopoly position, to the detriment of the community it's supposed to serve. The sole winners from this are ISPs, lawyers, and auDA itself. That was all pointed out to them, multiple times, by academics, by the primary consumer advocacy organisation, and by myself. Their points were multiple times ignored, to the extent of entirely omitting from their publications the criticisms the subs contained, e.g. http://accan.org.au/files/Submissions/auDA%20Domain%20Names_Draft%20Recommendations%20Response%20Sept%202015_final.pdf http://www.rogerclarke.com/II/Direct2LDs.html (15 Jun 2007) http://www.rogerclarke.com/II/Direct2LDs-2015.html (9 Jun 2015) http://www.rogerclarke.com/II/Direct2LDs-2015-No2.html (30 Sep 2015) For further evidence of the malbehaviour of the organisation, see the email below reporting a major problem with another domain-owner-hostile manoeuvre by the organisation. My records show not even an ack, let alone a substantive response, let alone constructive action, from any of the designated contact-point, the auDA CEO or the auDA COO, who were all co-addressees. ____________ Date: Wed, 13 Jan 2021 10:44:24 +1100 From: Roger Clarke <[email protected]> To: Netregistry Support <reply-fe9915757562027d71-828_html-233197128-10000908...@myonlinesuccess.com.au>, [email protected], [email protected] ... You wrote that: > auDA has recently announced changes to the .AU domain eligibility rules and identified the below domains(s) you’ve registered will be impacted. The new rules come into effect on the 12th April 2021. ... I ... re-read your email, and discovered that: - your email refers to *UN*incorporated associations - you have written to an *incorporated* association (APF), and communicated that its domains are at risk - but incorporated associations are *not* at risk I'm an experienced Chair and Secretary of associations and companies, both for-profit and limited by guarantee, and a Visiting Professor in a Faculty of Law. And I was caught out by your email's wording. So there's a very strong chance that a lot of people who've received it are at least as confused as I was about what it means. Please re-issue an amended email to get rid of the ambiguities: 1. Your email should start with something like: THIS DOES *NOT* AFFECT YOU IF THE ASSOCIATION THAT HAS THE DOMAIN-NAMES LISTED BELOW IS ALREADY REGISTERED WITH THE A.C.N.C. OR WITH A STATE OR TERRITORY REGISTRAR OF ASSOCIATIONS. HOWEVER, IF THE ASSOCIATION IS *UN*INCORPORATED, IT WILL BE UNABLE TO RENEW ANY .org.au DOMAIN NAMES UNTIL IT HAS BEEN REGISTERED EITHER WITH A.C.N.C. OR WITH A STATE OR TERRITORY REGISTRAR. 2. Other sentences need to be amended to avoid the false implication that "you will need to register with the ACNC". The correct statement is "you will need to either incorporate through a State or Territory Registrar, or register with the ACNC". 3. It would be helpful if you would provide at least the relevant URL at the ACNC. The least-worst page on the site seems to be this one: https://www.acnc.gov.au/factsheet-unincorporated-associations-and-acnc-registration Please acknowledge receipt of this email. Please provide a substantive response in due course. ____________ Roger Clarke mailto:[email protected] T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
