Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.
Our goal is for .self to be more than just another TLD string, we want to specifically empower the self-hosting use case with local clients that integrate directly with the TLD and operate shared services like mail servers as a public good. We want to dramatically simplify the effort it takes to set up a domain for homelabs and offer free services that are directly tied to the domain like email.
We don't necessarily, however there are many benefits for doing so. We could simply purchase a domain and then build our initiative beneath it but then everything we do would be beneath that domain, meaning there would be two dots in what is our effective TLD. That would also mean we are a bit beholden to whichever TLD we are beneath and also whichever registrar we purchased our domain from. With the services we hope to offer around things like TLS certs and emails, it just makes more sense for use to own the whole thing from the root.
<something>.duckdns.org. works fine, and being "beholden" to ICANN is no worse than being a client of one of the big traditional gTLDs. If you want "one person, one name", well, .name is there for that.
It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?
If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".
I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.
> It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.
> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.
What do you mean by "US domains?" Domains registered by US citizens? Hosted in the US (in which case does that include territories)? Regardless of the definition, I don't see an easy way to do this, nor a reason to, since domains can change hands (and hosts) across countries.
What is the expected price range for registration and renewal under this TLD?
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
It simply cannot be both free and free choice of domain.
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
I've been looking to get into the TLD game. It's gonna cost about $600k, and it's a coin toss as to whether or not you'll get your money back. The two I've been eyeing, is .ion and .ness. Anyone want to go in on either of those with me?
We plan to operate a shared mail server than can be used by users of the domain and we will work to ensure it is trusted by imposing usage limits. We will assume that every endpoint in our domain is someone's personal homelab, meaning small-scale use. For large mailing campaigns and newsletters there are plenty of services to choose from that enable those but for just sending personal emails, it should work.
I am disappointed that icannt.org is taken and is not an alternative root.
Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.
Of course we wouldn't rate limit you, or anyone else, for an innocuous comment.
We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.
I've been using .lan, referenced in rfc6762[1] as a good alternative to the multicast .local
> We do not recommend use of unregistered top-level
domains at all, but should network operators decide to do this, the
following top-level domains have been used on private internal
networks without the problems caused by trying to reuse ".local." for
this purpose:
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
Not enough allowance to fund a .com domain, had to use freenom / tk + cloudflare for my first years of self hosting
In the mid 2000’s, I moderated a domain name discussion forum in exchange for free hosting. “X forum posts per month = x gb of bandwidth”
My goal was to post enough for them to give me WHM access so I could try to resell it.
Those were the days.
I once mailed $70 cash (multiple months of allowance) to someone to code a MVP of something I wanted to build.
They ripped me off and disappeared.
And… that’s when I decided I needed to learn to code!
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
> Everyone entitled to a subdomain at no cost
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
https://www.iana.org/domains/root/db
Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?
Inb4 they give away .docx
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
They're allowing comments and obviously the first thing there is a scam.
No way any goodwill on the Internet is going to prosper. Not anymore.
That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.
However .me (https://namegulf.com/tld/cctld/me) is a ccTLD managed by the Government of Montenegro, they set their own rules
It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?
If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".
I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.
So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.
> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.
.zip .pdf .mp3
I'd like to thank Caribbean island of Anguilla for having a ccTLD that helps identify which websites aren't worth your time in one quick look.
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
How/Why is this linked to a TLD and not a hosting provider ?
> - Everyone entitled to a subdomain at no cost
One subdomain, or one subdomain? Would I be entitled to something like "pavel.hosts.self"?
[0] https://en.wikipedia.org/wiki/Will_Self
Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.
We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.
How will you ensure this?
0 - https://www.rfc-editor.org/rfc/rfc8375.html
> We do not recommend use of unregistered top-level domains at all, but should network operators decide to do this, the following top-level domains have been used on private internal networks without the problems caused by trying to reuse ".local." for this purpose:
[1]: https://datatracker.ietf.org/doc/html/rfc6762