Top-level domains (TLDs) control the internet. That’s a problem.

We don’t think of them, because they are common; but they run this entire thing. The most familiar is .com. Or .net or .org; or for countries, there is .au for Australia or .ke, for Kenya. All this is mostly fine. But there’s an odd, bad quirk of history: .su.

And this quirk is no mere quirk: it’s allowed the worst people to run websites with that TLD and serve traffic to the general Internet. .su is the original top-level domain of the Soviet Union, which dissolved within months of the TLD being created. That’s not great, but its bad origin story gets far worse.

Now I don’t even mind the idea of an .su domain: my great-grandmother was a good Soviet, a good Bolshevik, and she’d love this domain — she’d be happy to see it survive for some historical purpose. But she won’t see it, of course — since she died in 1940, with her family, killed by Nazi bayonets and machines. And twice-over: .su isn’t being used for a historical purpose at all. In fact:

Today the .su domain is used, and abused, ironically and pathetically, by the Neo-Nazis of America.

The TLD remains online because ICANN, which has control over these things, has vacillated for 15 years about things that are obviously dangerous. I hope they are proud —

Let’s take one prominent site making use of .su: The Daily Stormer. This site, which consistently appears on Google, and high-ranked, was kicked off many TLDs on our ordinary clearnet until it finally found a public home at .su

It has an SSL cert, verified by letsencrypt:

lets-ssl

Lovely. That’s the same letsencrypt that we (naive developers) support: it’s a good thing, protecting commerce and security. Well.

There’s also nginx in front of it:

nginx

And a WordPress site behind it:

wp

This is ugly, but needs no explanation why it’s possible. We all do open source; anyone can use our work.

Yet the .su domain can be stopped. ISPs continue to serve these .su domains, although they don’t have to. Could they stop serving these websites of hate? Comcast can force you into a walled garden after missing $39 in a monthly payment—so surely walling off a site that plays with genocide isn’t much harder.

That idea, of course, is half-serious. More fundamental is bureaucratic ICANN. Surely kill this domain? But no. They would never. It’s easier for them to answer worries with intellectual abstracta (as they have), instead of facing concrete realities. And in the end ICANN will be manipulated, yet again — unable to make changes because one email objection from some deeply questionable source.

There are other ways. Cert shops don’t need to grant certificates: does letsencrypt have a denylist? If they don’t, why? And what are the limits? Not an easy question. But yet:

There are things that go too far. Bring these problems up with Internet folks, on moral grounds, and be met with boring pseudo-intellectual arguments about “free speech”. Hear banal who is to decide! nonsense. Hear arguments from Ethics 102. Worst of all, be dismissed in these worries by the lucky people in our industry: from the sort of people that read Dale Carnegie instead of Viktor Frankl, the people that assume some success obviates the need for subsequent thought or action.

In these sorts of things we worry too much about borderline cases; and in doing so, we do harm. A website, like the Daily Stormer, one that posts statistics about WHITE PERCENTAGE OF GLOBAL POPULATION goes beyond anything reasonable — it is the Internet equivalent of shouting fire in a crowded theatre, or worse. We watch the theatre burn, it seems; our own fault. And we shouldn’t do this.