Paul Walsh, the Irish Opportunist

I was asked today by Lisa Green from Common Crawl, what I thought of a blog post written by Stephen Wolfram, where he talks about the possibility of creating a .data TLD for

highlighting the exposure of data on the internet—and providing added impetus for organizations to expose data in a way that can efficiently be found and accessed.

I’ve been working on trying to solve a simple problem for the past six years; Google and other search engines don’t provide enough information about the content or its suitability, before visiting each site. To this end, I’ve been helping to create a new technology and methodology that exposes additional information that consumers will find useful. Couple this with MetaCert’s partnership with ICM Registry for the provision of labeling every .XXX domain and my early involvement in the W3C Semantic Web Education and Outreach Programme and you get an interesting mix of feelings and emotions.

I replied to Lisa’s email, but I was so compelled by the subject that I thought I’d write a post about it. This post doesn’t express the opinion of Lisa or Common Crawl in any way.

When reading Stephen’s ’s post, I couldn’t help but feel he’s trying to reinvent a more complicated concept than the Semantic Web and then making it even more complicated by adding in a new gTLD to the mix. If the Semantic Web hasn’t seen mass adoption with the backing of the W3C over the past 15+ years, what hope does anyone have in creating a new complicated standard for trying to achieve the same thing with a new TLD. If he was talking about a slick user interface for “consumers” to access such information more easily, without knowing/caring for the jargon, he’d be onto something. In fact, he’d do exactly what MetaCert is aiming to achieve. When I was Chair of the British Interactive Media Association for three years I rarely met a designer or developer who understood the purpose of the Semantic Web - let alone what RDF is, or any of that stuff about metadata. All they care about is making sure current/existing search engines expose their customers’ websites.

Why create a new gTLD for the data that lies beneath websites? What would the domain look like? data.data, awesomecontent.data OR, is the idea to sell a .data domain for each site that wants to expose the metadata that lies beneath - I certainly hope not. In the end it would cost about $1m for the new gTLD application. $180k is the base application fee but as any TLD expert will tell you, that’s likely to jump to a million bucks easily with all the legal fees etc. Stephen is much better investing that money in MetaCert - which has a six year lead, its method of labeling content is a W3C Full Recommendation, some partnerships that will help enable adoption, but more importantly, focus on what consumers need and sometimes want. I say sometimes want because they don’t always know what they need or want - that’s why we need to innovate.

MetaCert’s mission is to become the IMDB.com for the Web - providing consumers with more information about the content and its suitability before visiting a website. The first step was to help instigate the creation of a new standard for labeling content - this doesn’t guarantee adoption, but it certainly helps - and that piece of the puzzle alone took four and a half years.

The team is now building data sets, but only so tools can be built to make use of them - data alone is worthless unless it can be interpreted and easily consumed. The first data set we created is for the benefit of parents - they can now better protect their families from sexually explicit content. Adults who wish to find that type of content, but avoid it at work also benefit.

We have the largest data set of sexually explicit content worldwide, with an index of over half a billion webpages. The data by itself is worthless. Does a mother/father know what a data set is? No. Most don’t know what a browser is, let alone a browser extension or a plug-in (they are different). So we are building family safety tools that are easy to use. We are also in the process of encouraging mainstream players to update their existing family safety controls with our data set - as browser extensions etc. aren’t scalable across the entire web. We will build data sets for other useful purposes as soon as we have provided a whole product for family safety.

Going back to Stephen’s post, the aspiration/goal is admirable and similar to mine - but they require very different implementations.

A little insight to what most consumers would like to know about websites before visiting them.

• Is it child safe / safe to open at work or in front of my kids?
• Is it secure?
• Does it respect my personal information?
• Does this site really belong to this company?
• Is everything on this site free or do I need to pay for stuff?
• What’s the track record of this company (a little more tricky)
• Is this website accessible to me (can I increase the size of text for example)
  Etc.

I’m providing examples because it’s important to always keep the consumer in mind. How do they benefit? What difference will it make to their life? Protecting children online, making our parents feel more safe and secure, helping people with disabilities find accessible content, are all benefits.

Where does the time go?! I know, it goes into researching and developing a new standard, technology and company.

With Symantec’s acquisition of VeriSign for $1.2bn and Intel’s acquisition of McAfee for $7.7bn, the trust/certificate market has started to consolidate over the past couple of years. So it’s now time for a new player (MetaCert!) to enter this fast growing market and provide an alternative technology. Check out the new website. You can’t yet buy a product, but it will give you some insight to what MetaCert is all about.

Following more than 5 years of research and development, we are almost ready to launch a new technology company that will offer a brand new revenue stream for Web Hosting Companies, Internet Service Providers, Registrars, Agencies, Application Service Providers, System Integrators, and Value-Added Resellers, by enabling them to resell trust and standards compliance certificates direct to website owners.

Our method of classifying, labeling and certifying content is based on the open standard POWDER, which we helped to create back in 2006. Rather than launch yet another proprietary technology, we helped to instigate the creation of a W3C working group, chartered with creating a new industry standard for labeling content. Following four and a half years of the usual W3C review process, POWDER became a Full Recommendation, formally replacing PICS - the now-out-of-date standard still in use by Microsoft Internet Explorer 9 Content Advisor!

This method of labeling and certifying content is more flexible and granular than any other technology or method of tagging in use today. While SSL certificates and labeling methods such as PICS only allow website owners to make a claim about an entire website, POWDER allows you to classify and label entire websites and individual web pages.

It’s not easy and it takes a developer about 4 hours, to write the POWDER metadata, create the visual certificate and do all of the linking etc. However, at MetaCert, we have built a web application that enables a non-techie to classify and label a website in less than a couple of minutes. And for resellers, the process is completely automated through our suite of APIs.

Our products will be sold in a similar fashion to SSL Certificates. Although, our products are much easier for website owners to implement - no tags or scripts required - making it easier for partners to resell them.

I’m extremely proud to announce JP Rangaswami as our Chair, with Geir Rasmussen and Angus Bankes as Advisors. Sheetal Mehta Walsh is heading up International and Partnerships and Graham Anderson is our Technical Product Manager. I’d like to thank David, Aido and Kamrul for their continued hard work - 5 years is a long time to work on a project under the radar.

I’d like to thank Phil Archer. When Phil was the CTO at ICRA, he approached me for advice in how to increase the confidence in the ICRA brand by providing a Segala-verified label for child protection. (Un)fortunately we signed a contract with ICRA, but I later decided to wait and do a better job via MetaCert. ICRA has since stopped labeling sites altogether, which means the new Internet Explorer 9 is not only using an unsupported standard, it’s also using a standard that is no longer in use by Industry. I’d also like to credit Phil with coming up with the original idea to replace PICS. Together we kicked off the W3C’s first incubator project to get POWDER under way. And the rest as they say, is history.

You can sign up on the site if you would like to be kept informed of our launch date.

If you are a potential partner and looking to become one of the first to resell MetaCert’s trust certificates, please get in touch with Sheetal (sheetal@metacert.com).

Please let me know if you find any issues with the site.

Check out the new website

The world’s most heavily trafficked web domain, .COM, is now the riskiest, according to McAfee’s fourth annual Mapping the Mal Web report released today. Fifty-six percent of all risky sites end in .COM.

McAfee analyzed more than 27 million websites to uncover which domains are the most dangerous. While .COM is the riskiest top-level domain, the riskiest country domain is Vietnam (.VN). Japan’s .JP ranks as the safest country domain for the second year in a row. The report also found that 6.2 percent of the 27 million websites analyzed pose a security risk — up from 5.8 percent last year.

This report underscores how quickly cybercriminals change tactics to lure in victims and avoid being caught,” said Paula Greve, director of web security research for McAfee Labs(TM). “Last year Vietnam’s .VN was a relatively safe domain, and this year it jumped to the third most dangerous domain. Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught. A domain that’s safe one year can be dangerous the next.

A top-level domain, also known as a “TLD,” is the letter code at the end of a website that indicates where the site is registered. Most people do not pay attention to the TLD suffix when they search, and many click on the first result that looks interesting. This leaves the surfer vulnerable to criminals who optimize sites for search engines and take advantages of typos such as .CM (Cameroon) instead of .COM.

Country Domain Comparisons

The report reveals drastic changes in country domain rankings with .VN (Vietnam) skyrocketing to third place, up from 39th in 2009. In fact, 58 percent of the country’s registered sites are ranked as risky. By contrast, .SG (Singapore) became safer this year, dropping to the 81st most risky domain from 10th in last year’s report. Singapore’s registration process now requires appropriate documentation when seeking to register any .SG site, which helped to improve its safety levels, according to the Singapore Network Information Center. Click here to see an interactive map of the most dangerous domains.

Top Five Riskiest Country Web Domains   Overall Risk   Overall Risk
(ranked in most                             2010           2009
risky order)

Vietnam (.VN)                            29.4%           .9%
Cameroon (.CM)                        22.2%          36.7%
Armenia (.AM)                           12.1%          2.0%
Cocos (.CC)                                 10.5%          3.3%
Russia (.RU)                               10.1%          4.6%

Top Five Safest Country Web Domains     Overall Risk   Overall Risk
(ranked in least                            2010           2009
risky order)

Japan (.JP)                                  .1%            .1%
Catalan (.CAT)                            .1%            .1%
Guernsey (.GG)                           .1%            .6%
Croatia (.HR)                               .1%            .1%
Ireland (.IE)                                 .1%            .1%

Key Findings from the 2010 Mapping the Mal Web Report

Cybercriminals are opportunistic: Domain registrars set the guidelines for anyone who wants to register a site. As rules evolve each year, cybercriminals sniff out loopholes and create new ways to set up dangerous sites quickly. A clean domain deters cybercriminals: Cybercriminals move away from domains that have tougher restrictions. This year, Singapore (.SG) showed significant improvement. Safest domains: .TRAVEL and .EDU are the safest top-level domains with less than .05 percent of sites infected, which is one in 2,000 sites.

Tips for Consumers, Businesses and Domain Operators

What online surfers may not know is that simply viewing a page can return much more than they bargained for,” said Greve.

Cybercriminals lay invisible traps all over the Internet that are intended to steal consumers’ passwords, bank information or even identities.

Web surfers can stay protected from quickly evolving threats on the Web by using reputable, actively updated security software with advanced malware detection and prevention. Security suites like McAfee Total Protection(TM) keep users’ personal information and computers safe with several tools and technologies to protect against every facet of online risks.

Businesses can help users navigate Web risks by adding Web reputation functionality to their other defenses. Operators of risky TLDs can learn from the report as well. It is possible to turn around a risky reputation or maintain a good one.

This report is very reason I welcome the new .xxx TLD from ICM Registry following six long years of ICANN fence-sitting. Site owners that buy a .xxx domain sign up to a code of conduct that includes the automatic labeling of their website as ‘for adults only’. This will enable browsers and search engines exclude .xxx sites to help protect minors from inappropriate content on the Web in the future. ICANN is expected to sign the ICM contract this Thursday - my fingers are well and truly crossed.

I’m guessing McAfee are producing such reports about .com because its biggest competitor, Symantec, acquired VeriSign’s security business for $1.28bn earlier this year. In case you didn’t know, VeriSign own the .com TLD. McAfee was acquired by Intel for $7.6bn recently. Looks like the trust industry is consolidating. The market conditions are ripe for a newcomer* to take the helm. Watch this space!

As some of you know, I deleted my personal twitter account recently. It was great timing as the market conditions for MetaCert (my real work passion) started to blossom after about five years under the radar, meaning I needed more time to focus on what’s most likely to change the world. We’re in fundraising and partnership building mode at present, so there isn’t much else to say.

I will always update the company twitter account and promise never to hire a PR company or get someone else on the team to update it on behalf of the company. I won’t talk at you about the company, but I’m not likely to provide personal updates either, unless of course they’re related to the company. I’m not sure if that’s the right approach, so we’ll see how it goes - let me know if you have an opinion (even if it’s to tell me to stay away after enjoying the quiet time).

If you’re a marketing agency, registrar, hosting provider, security software or anti-malware reseller, get in touch as you’re a potential partner! If you’re a provider of trust in the form of a seal, we have a platform for you to help increase adoption of your own product.

Now… time to upset VeriSign, TRUSTe and others with low-cost products that are more scalable and based on the Open Web

It looks like the team at new search engine, Cuil, is either very dumb, or very intelligent. I’m assuming the latter. I noticed a tweet by Michele about how search results contain the wrong images. So, I did a search for Paul Walsh, only to find a guy far more handsome than me. Do a search and check out the handsome devil on the bottom right corner of the search result.

I don’t think they could be dumb enough to get something so simple, so wrong. I reckon they’re doing this for the free PR that people like me and others will give. Don’t give in - don’t tell anyone.