Top-level domains (TLDs) control the internet. We don’t think of them, because they are common; but they run this entire thing. The most familiar is .com. Or .net or .org; or for countries, there is .au for Australia or .ke, for Kenya. All this is mostly fine. But there’s at least one odd quirk of history: .su.

And this quirk is no mere quirk: it’s allowed the worst people to run websites with that TLD and serve traffic to the general Internet. .su is the original top-level domain of the Soviet Union, which dissolved within months of the TLD being created. That’s not great, but its bad origin story gets far worse.

Now I don’t even mind the idea of an .su domain: my great-grandmother was a good Soviet, a good Bolshevik, and she’d love this domain — she’d be happy to see it survive for some historical purpose. But she won’t see it, of course — since she died in 1940, with her family, killed by Nazi bayonets and machines. And twice-over: .su isn’t being used for a historical purpose at all. In fact:

Today the .su domain is used, and abused, ironically and pathetically, by the Neo-Nazis of America.

The TLD remains online, because ICANN, which has control over these things, has vacillated, for over almost 15 years, on what is obviously dangerous. I hope they are proud —

Let’s take one prominent site making use of .su: The Daily Stormer, which consistently appears on Google, high-ranked, and after being kicked off many TLDs has found a home at .su.

It has an SSL cert, verified by letsencrypt:

lets-ssl

Lovely. That’s the same letsencrypt that we (naive developers) support: it’s a good thing, protecting commerce and security. Well.

There’s also nginx in front of it:

nginx

And a WordPress site behind it:

wp

Feels bad for me to have helped encourage adoption of nginx — and now this. Or who at WordPress, a fine company, would sleep well with their work used as a Nazi CMS? Or for me personally, no doubt, who surely wrote code that helps whoever does version control that powers this site? This is the ugly side of working on general-use software. So perhaps there’s only so much we can do. But yet:

Surely the .su domain can be stopped. ISPs continue to serve these .su domains, although they don’t have to in general. At least they could stop serving a subset of these websites of hate. After all, Comcast can block you into a walled garden after missing $39 in a monthly payment, so surely walling off a site that plays with genocide isn’t much harder.

More fundmantally, of course, is bureaucratic ICANN. Surely kill this domain? But no. I have no faith they can or would do anything, and no one I’ve talked to in the last few years about this thinks otherwise. It’s easier, of course, for them to answer such worries with intellectual abstracta (as they have), rather than facing concrete realities. And in the end ICANN will be manipulated, as they have been, yet again: unable to make a clearly good change because of, say, a single email objecting to a decision, all from a questionable source.

ICANN is now a sad thing, so be done with them — but there’s more that can be done of course, if we want to care. Cert shops don’t need to grant certificates; does letsencrypt have a denylist? If they don’t, why? And what are the limits?

There are things that go too far. I’ve brought this up before with Internet folks, and I’m met with the same boring pseudo-intellectual arguments about free speech: some classical who is to decide!, arguments from Ethics 102, and so on.

But in that, we worry too much about borderline cases; and in doing so, we do harm. A website, like the Daily Stormer, one that posts statistics about WHITE PERCENTAGE OF GLOBAL POPULATION goes beyond anything reasonable — it is the Internet equivalent of shouting fire in a crowded theatre, or worse. Yet as it stands we have to watch the theatre burn, it seems; and we shouldn’t.