IGF 2025 WS #280 The DNS Trust Horizon: Safeguarding Digital Identity

    Organizer 1: Technical Community, Western European and Others Group (WEOG)
    Organizer 2: Private Sector, Western European and Others Group (WEOG)
    Organizer 3: Technical Community, Western European and Others Group (WEOG)

    Speaker 1: Lucien Taylor, Technical Community, Western European and Others Group (WEOG)
    Speaker 2: Graeme Bunton, Technical Community, Western European and Others Group (WEOG)
    Speaker 3: Hilde Thunem, Technical Community, Western European and Others Group (WEOG)
    Speaker 4: Benoit Ampeau, Technical Community, Western European and Others Group (WEOG)
    Speaker 5: Swapneel Sheth, Technical Community, Western European and Others Group (WEOG)
    Speaker 6: Rima Amin, Private Sector, Western European and Others Group (WEOG)
    Speaker 7: European Commission speaker (TBC)

    Format

    Roundtable
    Duration (minutes): 75
    Format description: The goal will be for people to share their experiences and expertise as well as identify common threads and themes across three seemingly different topics - a roundtable is best suited to that kind of discursive approach where people should feel free to enter the conversation if they have a powerful point to make.

    Policy Question(s)

    What are the best ways to encourage active engagement across the complex Internet ecosystem? How can you introduce change and innovation into an established infrastructure while retaining confidence and security? How do you make digital spaces both inclusive and safe?

    What will participants gain from attending this session? As well as gaining an understanding of the different layers of the Internet from a purely practical perspective - how the technical layer connects to the content and application layers, for example - participants will also hear first-hand how the multistakeholder model works to connect very different groups of people - from technical communities to governments to civil society - connected through the same overall goal. The issues under review will enable people to interact easily on the internet in their native tongue (IDNs), incorporate new technologies into established infrastructures (blockchain), and collaborate together to stamp out pernicious criminal activity (online scams and fraud). The hope will be to illustrate both the struggles and successes that come in trying to drive large global change, and provide confidence that future efforts will also be achievable. Participants will be able to ask questions.

    Description:

    As the Internet continues to drive extraordinary change, we will use this session and the WSIS+20 process to look at digital trust and digital identity through the lens of two issues: blockchain identifiers, and multistakeholder measures to fight online harms including scams and fraud.

    Each of these requires the domain name system (DNS) to evolve, and each has struggled to achieve effective adoption or solutions - often despite significant support - because of the complexity involved. Nevertheless, 2025 may prove to be a turning point for both issues.

    We propose hearing from those that have played an important role in these topics to identify common concerns and challenges, and then identify the most effective solutions to overcoming them while at the same time retaining trust and resilience in the DNS itself. We will aim to provide a blueprint for navigating similar complex issues in the future.

    This session will traverse numerous action lines, sustainable development goals and objectives within the Global Digital Compact. 

    • Blockchain identifiers (GDC 2; WSIS C3, C5; SDG 9)
    • Fighting online harms including scams and fraud (GDC 3,4,5; WSIS C5, C10; SDG 9, 16)

    In keeping with the underlying principles of the IGF, this session will ensure gender parity and geo-diversity in its panellists, and include a broad range of multistakeholder voices.

    Expected Outcomes

    The session should give participants an insight into the complexities of making changes to how the global domain name system (DNS) operates while at the same time providing both philosophical and practical guidance for how to achieve it. We would produce a thoughtful summary of the session, encourage participants to share stories and contact details, and look to the session to provide inspiration for future research to be carried out by the DNS Research Federation. Our goal would be to inspire and encourage others’ efforts.

    Hybrid Format: The session will have a combination of online and onsite speakers to encourage participants in both spaces to actively engage during the session. The DC-DNSI will promote the activity between coalition members and its associated community to line up additional event participants – beyond the speakers– interested in actively contributing. To ease the flow between onsite and online participants, people in the room will be asked to join the virtual room. The online moderator will encourage online participants to join the discussion and bring those who request the floor online into the conversation. An online tool for audience interaction such as Slido will also be used to encourage engagement among both online and in-person attendees.

    Session Report (* deadline 6 July) - click on the ? symbol for instructions

    IGF Workshop Report: Building Digital Trust

    This workshop brought together stakeholders from the Dynamic Coalition on DNS Issues and the Dynamic Coalition on Data and Trust. The session was organized by Oxford Information Labs and EURid, and moderated by Keith Drazek (Verisign). 

    The session was in two parts: firstly there were presentations on blockchain identifiers and the DNS, and secondly there was discussion on the role of the DNS in online harms, particularly scams and fraud. Both segments focused on how the DNS and/or key actors within it, need to evolve to reflect the challenges posed by emerging technologies and the growing scale of online scams and fraud. The sessions also provided an insight into current efforts to understand and address the issues.

    Blockchain identifiers

    The first half of the session focused on the challenges that blockchain identifiers pose to the DNS as an alternative, non-interoperable naming system. Speakers emphasised that preventing name collisions between and within the blockchain environment and the DNS is essential for maintaining trust online. 

    Benoît Ampeau (Director, Partnerships and Innovation for Afnic) outlined the benefits of the DNS in guaranteeing uniqueness of names, and outlined the risks associated with blockchain identifiers, such as name collisions at the TLD level, and even within blockchains themselves. Benoît highlighted how Afnic is working in collaboration with Oxford Information Labs to develop a framework for assessing the risks of potential collisions, particularly ahead of ICANN’s launch of the next round of new gTLDs. He called for greater stakeholder coordination, concluding that there are risks to the stability of the current Internet ecosystem, and that maintaining trust in the DNS is crucial for digital identities.

    Swapneel Sheth (Senior Director, CTO Labs for Verisign) spoke to the increasing appeal of blockchain identifiers to represent cryptocurrency wallet strings. Swapneel also stated that integration could be an opportunity to safeguard the stability and security of internet infrastructure. He discussed efforts made by Verisign, such as publishing research to increase awareness of potential Server-Side Rendering (SSR) issues arising from integration. He also highlighted challenges such as expiry of domain names, compared with everlasting blockchain identifiers following integration, and the risks of inconsistencies and collisions. In addition to advocating for measurement studies, Sheth called for responsible DNS integration, safeguarding infrastructure and supporting the development of interoperability, trust and collective ownership.

    Speaking in a personal capacity, Esther Jaromitski (Senior Policy Adviser, Internet Governance at the UK Department for Science, Innovation & Technology (DSIT)) highlighted that fraud represents 40% of reported crime in the UK, and that 80% of that is cyber. Supporting multistakeholder approaches, she urged the integration between the blockchain and DNS environments. 

    Q&A between in person and remote participants included requests for clarity on plans to ensure responsible integration in a multistakeholder manner, and how to incentivize the blockchain community to participate in integration. One remote participant expressed skepticism on whether the threat to DNS posed by blockchain identifiers was real or hyperbole. In response to one speaker’s call to leverage the blockchain’s tamperproofing guarantees within the DNS resolution context, another participant questioned the environmental impact of such measures, and queried the wisdom of duplicating existing DNS security efforts such as DNSSEC.

    Discussions concluded that it is important to avoid collisions with blockchain identifiers to ensure trust in the DNS. The workshop highlighted how innovative, multistakeholder solutions, such as responsible integration of blockchain identifiers are emerging as an opportunity for the Internet community to stay ahead of the game and protect trust, aligning us all behind the collective goal to build a safe and reliable internet.

    DNS Abuse

    The second half of the session focused on DNS Abuse, with particular focus on efforts that are being made to overcome the growing scale of scams and fraud. 

    Hilde Thunem (Managing Director at Norid) gave insights into how Norway has maintained low rates of abuse such as phishing, malware and spam. Hilde attributed this to the success of a positive multistakeholder approach, as well as Norway’s regulation of domain name registration. Hilde reinforced that depending on the nature of the abuse, appropriate action can be taken at the registry or registrar level - or even in combination. However, she also highlighted the need to engage web hosts and CDNs, as they are the only actors who can take the surgical approach required to mitigate harm on the content layer of the infrastructure stack.

    Lucien Taylor (CTO and Founder) described the work being conducted by the Global Signal Exchange (GSE); a not-for-profit dedicated to real-time sharing of scam and fraud threat signals (that is, urls, domains, IP or email addresses used as vectors in cybercrime). Lucien acknowledged that cybercrime is rising exponentially, and that the DNS is a critical part of the fraud attack chain, as it enables threat actors to establish infrastructure and build a false identity, before engaging with victims and defrauding them. Lucien stated the need to “face up to” the technical, governance, and policy challenges posed by online scams and fraud across the entire digital ecosystem, and that by doing so, all stakeholders are better positioned to prevent harms. The Global Signal Exchange is a cross-sector platform which enables both international and multi-directional information sharing which will mitigate fraud and scams.

    Rima Amin, (Security Policy Manager, Community Defence) at Meta, described Meta’s work combatting deceptive techniques used by threat actors such as domain spoofing, redirects, and the use of link aggregators. She described how Meta is able to take action such as removing 15,000 harmful URLs in 2024, and signal sharing through existing programs, as well as joining the GSE. Rima spoke to the need for cross-sector collaboration and information-sharing both up and down and across the internet stack, as well as accountability policies to navigate DNS abuse.

    The final speaker was Graeme Bunton, Executive Director at NetBeacon Institute which actively works on reducing online harms. NetBeacon is another example of information sharing that is able to address DNS Abuse. A key insight was that a small proportion of registrars account for the majority of malicious domains, and in particular two very large registrars -as will be presented in a forthcoming publication.

    The session demonstrated the variety of successful multistakeholder approaches that are already being used in the fight against scams and fraud. The panellists highlighted how more collaboration is needed with hosting and cloud providers, and that new technologies such as blockchain, quantum and AI may facilitate the fight against DNS Abuse.