Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
HumanCCF 3 hours ago

> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?

We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.

> No parking, squatting, or reselling

Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.

SahAssar 3 hours ago | parent | next [-]

> Think of it as a similar model to ISRG and LetsEncrypt.

In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?

> rule of one person per subdomain

What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.

HumanCCF 2 hours ago | parent [-]

> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?

We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!

> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.

There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.

SahAssar an hour ago | parent | next [-]

To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".

---

To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:

A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)

B) Automated domain validation in a standardized way (ACME)

C) Long term commitments of sponsorships to ensure people could trust it would stick around

---

I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.

DonHopkins 2 hours ago | parent | prev [-]

You need to find a benevolent selfless soul who will sponsor you.

al_borland 3 hours ago | parent | prev [-]

How is one person per subdomain enforceable? How is a person uniquely identified and tracked?

dom96 3 hours ago | parent [-]

My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/

kokanee 2 hours ago | parent | next [-]

I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?

SahAssar 2 hours ago | parent | prev | next [-]

So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.

Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.

teraflop 37 minutes ago | parent [-]

The "how it works" page for that website says that the ID data is "digitally signed by the issuing government". But there doesn't seem to be anything in the docs about how to get or verify that signature. So it seems like they are just asking users to trust them to do the verification.

2 hours ago | parent | prev [-]
[deleted]