Moral domain registrars: do they even exist?

I came across a recent blog post over at Wired, asking the famous question: who exactly is a worthwhile registrar?

http://blog.wired.com/monkeybites/2008/03/is-there-a-real.html

As I expected, “worthwhile” can be interpreted in many ways. For some, worthwhile means low-cost (whoever’s the cheapest). For others, it’s about privacy — and I happen to be one of the latter.

As someone who has provided 100% free hosting services to the world since the 90s, I’ve learned that it’s really not about price: it’s about quality and privacy. I like a registrar who offers a good control panel interface to managing your domains (for example, if I add/remove a nameserver I do not want to have to repeat the process for every single domain I have with that registrar — a bulk modification method is a must), and one who truly respects their customers’ privacy.

You might be asking “what exactly does the word ‘truly’ encompass?” It’s very simple, and any basic security-savvy administrator adheres to it: do not disclose any of the information I provide you, unless I provide prior consent. That means no one except employees of your company have access to the information I give you (excluding things like WHOIS records, or the “real” owner of a domain (which gets submit to ICANN)). I don’t want my information given to third-parties, associates, affiliates, or even contractors (I’m willing to exclude the last item only if the company provides its customers a copy of the legally-binding contract their contractors have to sign, and it must include statements of what the legal ramifications are if the contractor violates privacy policies in regards to customer information).

It gets complex when you consider that ICANN demands customer records (not WHOIS, but the actual/true owner of the domain) for themselves… but then requires registrars to make available that information to those who want it (usually through large resales; e.g. US$10K will get you the entire database, even with companies like OpenSRS).

I don’t mind ICANN having my information, what I do mind is companies like the Domain Registry of America (otherwise known as Domain Renewal Group) getting access to my name, address, phone number, Email address, and lots of other things. For tens of thousands of dollars, they can get all of my information — and I’ve never been comfortable with that.

It gets scary when you start looking for what I call a “moral” registrar: one who actually understands and complies with the above security concept. Let’s take a look at the privacy policies of the top 10 popular registrars, based on what http://www.registrarstats.com/ considers the top 10 (with a couple of registrars I consider “popular” thrown in):

1. GoDaddy
2. eNom
3. Network Solutions (VeriSign)
4. Tucows (OpenSRS)
5. Melbourne IT
6. Schlund+Partner (1&1 Internet)
7. Wild West Domains (explictly excluded, see below)
8. Moniker Online Services
9. Register.com
10. PublicDomainRegistry
11. Gandi (see below)
12. DomainDiscover

All of these companies or organisations have two common clauses: a clause mentioning they have to submit your real contact details to ICANN (which is true; there’s no avoiding that), and — this is the kicker — a clause stating they reserve the right to distribute your information to third-parties, affiliates, or other “mysterious entities”… but they never tell you who (and I’m willing to bet they never mail you to tell you who they go into business with either).

Wild West Domains was explicitly excluded because they have direct relation to the Domain Registry of America, who I won’t discuss based on past legal actions of theirs against bloggers. This is what I’m talking about:

http://blog.forret.com/2004/12/domain-registry-of-america-scam/

PublicDomainRegistry is absolutely amazing. See Section 13, subsection (2) of their Registrant Agreement PDF. I don’t know anyone in their right mind who would agree with this had they read it in full prior to a domain purchase.

Finally, Gandi. I read 4 separate PDFs of theirs, all of which are somewhat ambiguous in regards to what they do with your information. They don’t even state that said information has to go to ICANN; instead, it seems they imply the information in your WHOIS records is what they go off of. It’s amusing when you note that they offer “Whois protection”, except all they protect is your Email address.

Take the time to review all of the above policies. You’ll be quite disgusted with how open-ended they are; there’s absolutely no guarantee your information won’t be viewed by someone who isn’t a direct employee of the registrar.

It’s a very depressing situation we’re in; all these companies have shady behind-the-scenes ties with companies who are doing god-knows-what with your contact information — and I mean the stuff that’s associated with your billing data, not WHOIS data.

Netflix “Watch Now” PC limitation

While dealing with the DRM issue in my previous post, one of the things I ended up doing was — of course — reinstalling Windows XP SP2. I do this pretty often because I end up getting a “bad feeling” about the current state of Windows, and when I can’t fix/solve something, formatting + reinstalling is the best choice.

After reinstalling and loading up the Netflix Viewer, I was greeted with a message that said I had reached the limit of unique PCs allowed to view Watch Now content (the limit was 4), and that I was required to contact Netflix Technical Support before I could begin watching videos again. This problem is completely reminiscent of the Windows XP Activation issue, where if you change hardware or reinstall the OS + activate too many times, you’re forced to call Microsoft every time you reinstall.

This isn’t something I agree with, for what it’s worth. My hardware and software are my property: I will do with them what I wish. I have a legitimate store-purchased copy of Windows XP (hell, I’m a Microsoft employee — would you expect otherwise?!), which means I should be able to do whatever I want with it (within reason of course), which includes installing it as many times on my PC as I wish. I understand piracy is a problem, but as Steve Jobs said, piracy is a social problem, and it’s one you cannot solve with technology. Any attempts to solve it with technology results in nothing more than irritation and pain for customers — case in point.

Anyway.

I was on hold with Netflix for 116 minutes: yup, almost 2 full hours before I got to speak to a human. On the other hand, the human I spoke to was fairly technical, and didn’t give me much difficulty when I explained to him the situation and what I had done that likely induced the problem. I told him I had been dealing with a DRM problem which I had solved, but in the process had reinstalled Windows.

The tech was able to tell me that resetting the DRM settings via RESETDRM.EXE would not cause this problem, but reinstalling Windows XP definitely would. He also took the time to explain that the 4-license (or 4-PC) limitation is induced by movie studios (I took that to mean the MPAA). The way he described it was as follows: Netflix keeps track and allows up to 4 unique IDs (associated with your account of course) to play Netflix movies — probably to allow up to 4 PCs in the same household to use Watch Now. When a fifth is detected, the fifth will receive a message like what I got, and force you to talk to Netflix Technical Support if you want an explanation.

I explained to the tech that I’m a system administrator and thus I reinstall Windows fairly often, and that I pretty much reserve the right to reinstall the OS whenever I please for whatever reason.

The tech explained that Netflix argued the same point with the studios, and the agreement reached was that Netflix could be allowed to permit a “fifth and final permission” which would allow that system to play videos, but after that point would no longer be able to assist in any issues relating to the said limitations. Meaning, if any of your PCs got that message from then on, Netflix TS would refuse to help you.

He also added that every 365 days from the start of the year, all of the IDs associated with your account would be deleted. I sure as hell wasn’t going to wait until January 2009 to be able to use Watch Now. :-)

The tech then asked me if I wanted to use my fifth and final allowed ID. I told him yes, with one caveat: I wanted to know how to retain/save that ID, so if I reinstalled in the future, I could simply restore that ID and continue to use Watch Now without any problems.

The tech more or less refused to tell me how the system worked, or how I could back up the ID. He did, on the other hand, recommend that I use a reimaging system (such as Norton Ghost or Acronis TrueImage) to back up the current state of my PC as it was right now, because the ID itself was stored in the Registry.

He then enabled the ID in question and sure enough Watch Now began working immediately, urging me to take a system image ASAP. Two hours on hold for nothing more than a 10 minute conversation.

I reserve the right to choose to install my OS however I wish, and I choose not to use reimaging software. Why? I make my own XP CDs using nLite, slipstreaming latest updates and other whatnots into the image. I rebuild that image and reinstall using it. If you use a disk snapshot/imaging utility like TrueImage or Ghost, you’ll be forced until the end of time to use Windows Update to get said updates. Reimaging systems work great for massive corporate enterprise environments, but not very well for people like me. :-)

All of this got me thinking: if the ID is in the registry somewhere, backing it up is simple. REGEDIT.EXE and its Export option would suffice. So off I went, digging around in the registry.

Lo and behold, I found the following key:

HKCU\Software\Netflix\Movie Viewer\ID

I changed this ID to something different than what I had after the tech enabled the ID, and sure enough, I got the nasty message from Netflix (this time saying I had reached a 5 PC limit).

I restored the ID to the working value, and an interesting thing happened: immediately prior to the video playback, I was prompted for my Netflix login name and password. The window asking me for that looked to be something within the Netflix Movie Viewer itself, and not something from the web browser. I entered my credentials, and voila — Watch Now started working again!

Thus, after reinstalling XP, all one has to do is install the Netflix Movie Viewer software and restore said registry entry. I’m not sure why Netflix just doesn’t disclose the registry entry location; you can’t go copying the ID to random computers or give it to your friends, because they’ll need your login/password to be able to use it. It’s a generally secure system, so disclosing the path won’t circumvent anything.

I just wanted to share this piece of information with the world, because guaranteed there are many others like me. Remember to back up HKCU\Software\Netflix\Movie Viewer\ID before reinstalling your OS, folks!

Netflix “Watch Now” and error C00D11B1

I’m not going to bother listing off all the different threads and websites discussing said problem. You can use Google or any other search engine to find hundreds upon hundreds of reports, most with no solution. (I say most because some folks ran into this when trying to play Netflix films on their TV, thus were running into HDCP DRM issues). In my case, I’m watching Netflix movies on my PC — absolutely nothing fancy.

For months now I’ve been seeing said error, but in an odd fashion. Reinstalling XP seemed to solve it, until some “random point” in time when it would just stop working again. Naturally I thought “It must be some software I’m installing or some update I’m applying”, so I spent a few hours today trying to track it down. Things I tried to no avail:

• Using Netflix’s RESETDRM.EXE utility
• Uninstalling every piece of software I had installed (this took quite some time!)
• Downgrading to Windows Media Player 10 (which doesn’t work anyways, because Netflix will then tell you that you NEED to upgrade to WMP11 to watch their movies)
• Upgrading my nVidia video drivers (for a 7950GT) to the latest beta
• Tinkering with Creative’s sound drivers for the XtremeGamer (tried latest beta, etc.)

I was about to give up until I came across this post, which I’m very glad I read slowly and in full:

http://www.longdarktechtime.com/2007/12/another-twisty-maze-of-windows-error.html

The following paragraph caught my eye:

“The tech has me adjust some Windows Media player display settings to disable the video mixing render (he knows exactly where to send me) and then we try again. Boom! I get a new error message – this time is C00D11B1.”

The option referred to is in Windows Media Player 11, under Tools -> Options -> Performance -> Video Acceleration (Advanced button) -> Use video mixing renderer checkbox.

The reason it caught my eye: I uncheck said box because I watch/stream Japanese TV shows to a friend of mine in Michigan. We watch a couple shows a week together. The desktop capture driver I use, VHScrCap, cannot capture video when it’s being played in Overlay mode (understandable). So, rather than unchecking “Use overlays” (which is really what I should’ve been doing), I’ve been unchecking “Use video mixing renderer”.

Sure enough, this is what was causing me to get error C00D11B1 from Netflix/Windows Media Player’s DRM!

All I did was turn on “Use video mixing renderer” and instead uncheck “Use overlays” – voila, problem gone.

Bottom line: if you uncheck “Use video mixing renderer”, you break DRM in some bizarre way. Do I consider this a bug? Not really. However, Microsoft would do well to explain that the “Use video mixing renderer” option actually disables other stuff than what’s implied via the UI options.