Security Review: .tel domain

By eyezac at 9:01 pm on February 6, 2009 | 1 Comment

According to New Scientist, a UK company called Telnic is introducing a new top-level domain, .tel, with the intention of creating a “phonebook for the internet.” Users will only be able to register contact information, and this information will be accessible directly from DNS servers. In addition, Telnic has made available an API that can be used to extract and process this information. While this might make social networking as well as getting in contact with people easier than ever, it poses the possibility of some serious security risks.

Assets/Security Goals:

  • An example .tel page shows the large amount of information that users are expected to post about themselves on their .tel sites. With so much information made available about someone, the risk of identity theft increases. Users should be protected from having their identities stolen as a result of their underestimating the danger of making so many personal details public.
  • Users should be protected from phishing and other scams.
  • Users should also be protected from being impersonated on a .tel page by someone else.

Possible Adversaries/Threats

  • Identity thieves are probably the most important adversary. The large amount of information that people might post about themselves can make impersonations of those people more persuasive.
  • As .tel expands and gains legitimacy, having a .tel site with one’s name and contact information may become increasingly important and desirable. This creates a range of vulnerabilities. On the more benign side, someone could be made unable to register their name because someone with the same name has already done so. A moderate threat might be that someone could register someone else’s name on purpose, and then only sell it for exorbitant quantities (this would not be unique to .tel). Someone with a lot of financial resources could bet that .tel will become widely enough used that it would be worth it to invest in a large number of common names and use them in this way. Finally, on the serious side of the spectrum, an attacker could pose as someone else on .tel, either by using their name (if they haven’t used it yet), or by using an almost indistinguishable name. The attacker could then post some of their own contact information, which might trick others into providing them with sensitive information about the person.

Possible Weaknesses

  • Even if credit card numbers are not exposed, enough information could be made public that impersonations involving some amount of social engineering could be made very easy, as identity thieves are able to perform more persuasive impersonations.
  • The volume and uniformity implied by such a purpose-made online phonebook–especially given the tools it provides for specific application programming–would make it easy to sift through it quickly for what weaknesses might exist. An attacker could search specifically for profiles that contain an unsafe amount of information about someone.
  • This kind of technology is prone to a lot of abuse in the form of creating bogus pages that impersonate other people or organizations, or else simply lead to phishing scams.

Possible Defenses

  • Telnic will have to work to inform its users about the kind and amount of information that it is safe to publish.
  • Before using the API, developers could be required to undergo some kind of evaluation. I’m not sure how the API itself could be modified to be less dangerous, given that its goals include extracting and processing large amounts of information.
  • More authentication could also be required of users. For example, couchsurfing.com requires users to verify a bank account and lock their account to a particular address. This makes it much harder to have multiple and bogus profiles.
  • Telnic could also provide a service for allowing someone to claim a URL that someone else registered in their name. For example, the person could fax them their birth certificate, social security number, bank account numbers, driver’s license, and car keys.

Some of the risks involved in a technology like the .tel domain are very serious, but they also require some amount of carelessness by users. If the “phonebook of the internet” lives up to its nickname and becomes widely used, it is possible that knowledge about how to use it without compromising one’s security will also become more common.

Further, the potential for the kinds of risks that I mentioned is limited. Once .tel becomes well-established, the more exploits that occur, the more resources and effort will be put into preventing future exploits (whether on the part of the users or the developers). On the other hand, if too many compromises occur before .tel gets popular, these may cause it to simply flop, also acting as a safety mechanism. The maximum danger is in the middle, where .tel is neither too small to be a high-stakes target, nor does it have the user base and resources to stay secure.

Finally, given all of these considerations and the limits they would put on the usefulness of such a technology, I have to ask whether having another–albeit more streamlined than ever–phonebook of the internet is really worth the risk it entails.

Filed under: Current Events,Privacy,Security Reviews1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Matthew Lane

    February 10, 2009 @ 5:55 pm

    I enjoyed your article and agree with a lot of the points you make.

    My sense is that .TEL will become as ubiquitous as e-mail in the coming three or four years, but as you mention, there are technological, procedural and social issues that will evolve over time (disclosure: I work for a domain registrar ).

    There are a number of precedent technologies and associated behaviours that make us more ready for .TEL than in the past. The friending process that Telnic employ has been around for a number of years. To the best of my knowledge, I’ve never been successfully spoofed to either request, nor accept an invitation though ICQ, MSN, LinkedIn, Skype, Facebook, or any of the countless other permission based social or communication tools I’ve tried (btw thanks for not confusing the purpose or function of .TEL with Facebook in your article, although I’m sure you’ll get “I can do this with Facebook” in your comments).

    It’s not that various, often colourful invitations haven’t been proffered, its just that on the whole, we’ve become very good at knowing what’s legitimate and what isn’t and I don’t believe this will suddenly end with .TEL.

    It is true that good names are finite and that premium names will disappear quickly. But try getting a decent Gmail account name, Yahoo! ID, Twitter username, etc. The fact that premium names are finite does not detract from the functionality or benefits that are offered. Ultimately, your .TEL is simply a means to bind your contact details together for convenience and will end up in someone’s address book with a display name they create, irrespective of your actual .TEL name.

    Over time I think we’ll see schemas appearing to address issues stemming from user-defined labels; we’ll see bodies offering certification for a small fee or other business model; we’ll see .TEL names bundled with mobile phone plans as parts of strategies for provider differentiation; we’ll see some form of encryption for TXT and LOC records (or their derivatives) and most importantly, native address book support shipping with hardware. Eventually I hope to see the telephone number go the way of the IP address. It will always be there, but I don’t have to remember or key in the darn things.

    On a final note, I’d feel a lot more secure if blog comments one day accepted my .TEL name, instead of forcing me to input my e-mail address. 🙂

RSS feed for comments on this post