We think a lot about what it means for a place to own its name.

Not in the abstract, philosophical sense — though we’ll get there — but in the deeply practical sense. What does it mean for Brisbane to be Brisbane online? What does it mean for someone on the Gold Coast to say, digitally, I am from here? And what does it mean that, right now, in the way the internet actually works, neither of those things is fully true? The names exist. The claims to those names do not.

That’s the tension we’ve been sitting with since we began this work. Cities have physical identities that are permanent: geography, history, architecture, culture. But their digital identities? Those are rented. And everything rented can be taken away.

We want to talk honestly about what that means — not to alarm anyone, but because understanding the problem is the only way to understand why what we’ve built matters.

The Internet Was Never Built for Permanence

When the domain name system was designed, permanence wasn’t the goal. The internet was an experimental network for academics and researchers, and the question of who owns what online was barely even asked. Names were assigned. Numbers were mapped. Traffic was routed. The whole thing worked well enough.

What nobody stopped to consider was what it would mean when those names became central to how billions of people navigate their lives — how they find their governments, their communities, their identities. By the time that became obvious, the infrastructure was already locked in.

It’s important to realise that you never truly “own” a domain name outright — you only have exclusive rights to it as long as you keep renewing the registration. That sentence, buried in the fine print of every registrar’s terms, is one of the most important and least-discussed facts about how the internet is structured. The entire edifice of digital identity — every website, every government portal, every local community hub — rests on a foundation that someone, somewhere, has to pay to keep from disappearing.

Organisations essentially rent the use of domain names, and they need to pay for them at regular intervals. That’s the baseline. That’s the deal. You don’t own your digital address; you lease it, and the lease has to be renewed every year, from a registrar you don’t control, under policies set by global bodies you almost certainly never interact with.

For a business, this is a risk worth managing carefully. For a city, it raises questions that go far deeper than administrative inconvenience.

What Happens When a City’s Name Lapses

Let’s be concrete about what domain expiry actually looks like in practice, because the consequences are not abstract.

When a domain expires, a website goes offline, making it inaccessible to visitors. This downtime can frustrate potential customers and reduce the site’s visibility. Worse, if not renewed promptly, the domain could be released back onto the market, allowing competitors or opportunistic buyers to claim it.

That’s bad enough for a business. But transpose that onto civic infrastructure and the stakes are categorically different.

When a domain name expires and is acquired by someone else, the new registrant gains full control over it, enabling a catch-all email configuration. This means every email sent to any address at that domain — even addresses that no longer exist — can be intercepted. Consider what that means for a city. Not just a website going dark, but every piece of digital correspondence, every citizen inquiry, every service email — redirectable by whoever picked up the name for the cost of a cup of coffee.

This isn’t hypothetical. In Belgium, hundreds of expired domain names and email addresses of government services were found available for purchase online. An ethical hacker ran a large-scale privacy investigation and purchased 107 expired domain names for roughly €8 each. Those domain names came from police zones, hospitals, and social and legal government services — and they gave access to 848 professional email addresses and hundreds of associated cloud storage accounts.

Expired domains with reputable histories are prime targets for phishing campaigns. Attackers can create convincing phishing sites or send malicious emails that appear legitimate, tricking unsuspecting users into revealing sensitive data.

A city’s domain name isn’t just a web address. It’s the authoritative signal that tells residents, visitors, and the world: this is real, this is official, this is us. When that signal can be captured, redirected, or counterfeited — because someone forgot to pay an annual fee, because a payment card expired, because an email notification went to an old address — the entire structure of civic digital trust is contingent on an administrative process that nobody is watching very carefully.

The Lifecycle of a Rented Name

When a business registers a domain, it’s effectively leasing it for a set period. If it fails to renew, the domain goes through several stages: a grace period where renewal is possible without additional fees; a redemption period where renewal still works but at a higher cost; a pending delete phase lasting five days before the domain becomes available; and finally, the drop list, where the domain is released on the open market for anyone to purchase.

At every stage of that lifecycle, the “owner” is fighting to retain something they should never have had to fight for. And at the final stage — when the name hits the open market — hackers and malicious actors use tools to monitor drop lists, identifying and acquiring potentially valuable domains.

This is the system that underpins every city’s digital presence today. Brisbane.com or goldcoast.com.au exist not because Brisbane or the Gold Coast own them in any meaningful sense, but because whoever holds the registrar account remembered to renew. Or because auto-renewal worked. Or because the credit card on file hadn’t expired.

Domains often expire simply because the registrant forgets to renew them. Common causes include failure to track the renewal date and outdated contact information — meaning renewal reminder notices from the registrar go unseen.

We’ve all seen what happens when even the most sophisticated organisations slip up. A major marketing software company once let its primary domain expire. Its website went immediately offline, client dashboards became inaccessible, and marketing emails were disrupted. Clients lost campaign momentum and revenue opportunities — all from one overlooked renewal. This wasn’t a small operator with no IT infrastructure. It was a company whose entire product was digital marketing.

Even a globally recognised sports organisation once allowed its domain to expire, which was quickly purchased by somebody else for just $9.99. For a brief period, one of the most recognisable brands in the world lost control of its digital front door.

Now ask yourself: if that can happen to organisations with dedicated technical teams and significant resources, what does the digital address security look like for a regional community group? A small-town council? A grassroots cultural organisation based in Surfers Paradise that’s been building its community presence for fifteen years?

The answer is that it looks fragile. Because it is.

The Deeper Problem: Who Controls the Infrastructure

Beyond the mechanics of renewal and expiry, there’s a more fundamental question that doesn’t get asked nearly enough: who actually controls the infrastructure that decides whether Brisbane gets to be Brisbane online?

The domain name system operates through a hierarchy. At the top is ICANN — the Internet Corporation for Assigned Names and Numbers, a private organisation based in Los Angeles — which oversees the global namespace. Below that are registries, which manage top-level domains. Below those are registrars, the companies that sell domain names to end users. The current Domain Name System, as core internet infrastructure, exhibits several shortcomings: its centralised architecture leads to censorship risks and single points of failure, making domain name resolution vulnerable to attacks.

Crucially, none of this infrastructure is owned by the places it names. .au is not owned by Australia in the way Australia owns its territory. .brisbane — if it existed as a traditional domain — would not be owned by Brisbane. The namespace is administered by bodies and companies that exist entirely outside the communities whose identities they hold.

Centralised DNS infrastructure is vulnerable to attacks such as domain hijacking, DNS spoofing, and DDoS attacks, as it relies on a hierarchical model controlled by registrars, registries, and DNS providers.

The registrar you buy your domain from can change its terms. It can be acquired by another company. It can go out of business. It can be subject to legal orders from courts in other countries. Sometimes, a domain might be placed on hold due to a legal dispute or a policy violation, which can prevent renewal until the issue is resolved. These are not exotic scenarios — they’re documented, recurring events.

Traditional domains can be taken down or restricted by governments, registrars, or hosting providers due to legal or political pressures. That’s the fine print underneath the fine print. Not only is your digital identity rented — it’s rented from landlords who answer to other landlords, in a chain of custody that leads away from the places being named and toward the institutions that profit from naming them.

For a community in Brisbane, or on the Gold Coast, or anywhere in Queensland, this is a structural problem. It means that no matter how much effort goes into building a digital presence — no matter how many years of community engagement, cultural documentation, local business representation, or civic information is accumulated under a domain name — that entire edifice rests on a lease that someone else can choose not to honour.

Why Cities Specifically Are Vulnerable

Businesses at least have commercial incentives to track their domain renewals carefully. Loss of a domain is loss of customers, revenue, and competitive position. The pain is immediate and measurable. So businesses tend to build systems: auto-renewals, internal reminders, legal protections, dedicated IT staff.

Cities and civic communities don’t always have those same pressures. Civic digital infrastructure often gets treated as a subset of IT operations — important, yes, but not at the top of anyone’s urgent priorities. Budget cycles change. Councils turn over. The person who originally registered a community domain might have moved on three times over, taking institutional knowledge with them. Contact information goes stale. Renewal notices from a registrar go to an old or unchecked email address. The domain expires. The name that the community had built its digital identity around is suddenly, silently, gone.

And there’s another dimension that’s specific to civic and place-based identity: the value of the name itself.

When a community builds its digital presence around a name that says where it’s from — when the name carries the identity of a place as its entire meaning — the loss of that name is not like losing a product brand. A business can rebrand. A community can’t. The Gold Coast is the Gold Coast. Brisbane is Brisbane. Those names carry hundreds of years of geography, settlement, culture, and memory. They aren’t marketing constructs. They’re facts of the world.

And yet the digital versions of those names — the addresses through which communities, businesses, and residents assert their place-based identity online — are subject to the same fragile renewal mechanics as a coupon website or a defunct startup’s landing page.

A city’s digital presence is its most visible and accessible public utility. It’s the primary channel through which residents find information, access services, and connect with their local government. The foundations of that utility are, right now, built on sand.

The Accumulation Problem

There’s a temporal dimension to this that makes it even more serious, and it’s one that tends to get overlooked because it operates slowly.

Digital identity isn’t static. It accumulates. Over years and decades, a place-based digital presence builds up layers of meaning: links from other sites, references in search engines, recognition by communities, citation in news articles, trust signals accumulated through consistent online behaviour. All of that accumulated weight attaches to the name — to the domain — and becomes inseparable from it.

When a domain is lost, all of that accumulated weight either disappears or, worse, gets transferred to whoever picks up the name. Losing a domain name means losing years of brand recognition and customer trust built around that web address. For a community, that’s not brand recognition in the commercial sense — it’s cultural continuity. It’s the chain of digital evidence that says: this community has been here, has been doing this, has been who it says it is, for this long.

The rented infrastructure model doesn’t just create risk of loss. It creates ongoing fragility in the accumulation itself. Every year that passes, every renewal that happens to go through, every year that auto-renewal happened to work — these are not acts of ownership. They’re acts of luck, dressed up as administrative competence. And the longer a community builds on that foundation without noticing how fragile it is, the more there is to lose.

Domain renewal is not just an administrative task — it’s a fundamental component of a digital business strategy. Failing to renew a domain on time can result in devastating consequences that extend far beyond temporary website downtime.

For a city, “far beyond temporary downtime” means something specific and serious. It means the potential loss of the digital name that ties a community together. And it means that every piece of civic digital infrastructure built on top of that name — portals, services, communications systems, community records — inherits that fragility.

What Permanence Actually Means

We want to be careful here, because the word “permanent” gets used carelessly in digital contexts. Everything digital is, in some sense, contingent. Servers go down. Companies close. Protocols change. So when we talk about permanent onchain addresses, we need to say precisely what we mean — and precisely what it changes.

Blockchain domains are typically owned by users rather than “leased” from a registrar. This enables users to fully control their domain names, including selling or transferring them to other parties.

That sentence contains a shift that is easy to underestimate. The traditional model is: you pay a registrar, the registrar holds your name in its database, and you have the right to use it as long as you keep paying and the registrar keeps operating. The blockchain model is: the name exists as a record on a distributed ledger, ownership is tied cryptographically to whoever holds the corresponding key, and no intermediary can revoke it, transfer it, or delete it without the owner’s action.

Blockchain-based domains leverage decentralised consensus mechanisms to eliminate single points of failure. Ownership and resolution data are stored on the blockchain, making it nearly impossible for malicious actors to alter or seize domain information.

This is the structural difference. Not permanent in the sense of “immune to all possible futures” — nothing is that — but permanent in the sense that matters most: no renewal required, no registrar to be acquired, no annual payment to forget, no administrative process that can fail silently and cost a community its name.

Onchain names are minted as NFTs or smart contract records, giving owners verifiable and transferable ownership. These addresses are multipurpose: replacing long wallet addresses with human-readable names, creating decentralised websites that cannot be censored or taken down, and establishing digital identity across applications.

The transferability matters too. Permanence doesn’t mean locked. A community, a business, or a resident who holds a permanent onchain address can transfer it to another party — sell it, gift it, reassign it — without involving a registrar or asking permission from any intermediary. The ownership is theirs to exercise as they see fit, for as long as they choose, and it cannot be taken from them by a billing failure.

What This Means for Queensland

We are building a permanent onchain namespace for Queensland. Not because we want to displace or compete with the existing web — we’re not here to fight that battle — but because we believe that the places and communities of Queensland deserve a form of digital identity that actually belongs to them.

The six TLDs we’ve secured — .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032 — are not domain registrations in the traditional sense. They are permanent onchain infrastructure. Each address minted under those TLDs belongs to the person or organisation that acquires it. Once. For life. With no renewal, no expiry, and no intermediary who can decide otherwise.

This is a genuinely different relationship between a place and its digital name. Instead of Queensland’s digital identity sitting on leased infrastructure administered by companies with no connection to the state, the names themselves become permanent assets of the people and communities that hold them. A business on the Gold Coast can own its .gold-coast address in the same way it owns its premises — not subject to an annual rent review, not contingent on an auto-renewal working properly, not vulnerable to a registrar’s policy change.

The historical context matters here too. Queensland has a clear stake in this moment. Online government services are increasingly regarded as critical national infrastructure. Because these services directly influence public trust, any disruption can have significant societal and political consequences. Yet their supporting infrastructures remain vulnerable to outages from natural disasters, geopolitical tensions, and targeted attacks. Building permanent onchain infrastructure for Queensland’s digital identity isn’t just a technical decision — it’s a decision about who owns the foundations of Queensland’s digital future.

The Question of Whose Infrastructure It Is

There’s a philosophical question underneath all of this that we find genuinely important, and that we think deserves to be named directly.

Citizens’ digital rights must be placed at the centre of cities’ digital policies and protected through the implementation of technological sovereignty and digital democracy policies. These rights include the rights of privacy, security, information self-determination, and neutrality — giving citizens a choice about what happens to their digital identity.

That framing — technological sovereignty — is not about nationalism or protectionism. It’s about a basic question of control: when a community builds its digital presence, should the foundations of that presence be owned by the community, or by the companies and institutions that happen to administer the naming infrastructure?

Right now, the answer is unambiguously the latter. The infrastructure that decides whether “Brisbane” can be Brisbane online is not in Brisbane. It’s not even in Australia. It’s in a chain of organisational relationships that runs from a registrar in one country to a registry in another to ICANN in Los Angeles, and at no point in that chain does the community of Brisbane get a meaningful vote.

We think that’s worth changing. Not because the existing system is malicious — it mostly works, most of the time — but because “mostly works, most of the time” is an inadequate foundation for the digital identity of a place. A city’s name should belong to the city’s people. The digital expression of that name should be permanent, transferable, and free from the administrative fragility of the rental model.

Blockchain-based domains represent a transformative shift in how domain naming and digital identities are managed. By leveraging the principles of decentralisation, immutability, and interoperability, these systems offer enhanced security, censorship resistance, and functionality that go beyond the capabilities of traditional DNS.

That’s the technical description. The human description is simpler: we’re trying to make it possible for a person in Brisbane to say, online, this is where I’m from — and to mean it in a way that can’t be accidentally deleted, administratively revoked, or quietly captured by someone with a credit card and a domain backorder service.

Rented Identity vs. Owned Identity

Let’s sit with the contrast directly.

Under the rented model: you register your city-name domain, you pay annually, you hope your payment systems stay current, you hope your registrar stays solvent, you hope no one registers a variant of your name when your renewal window lapses for three days, you hope the global bodies that govern the namespace don’t change their policies in ways that affect your extension, and you build your community presence on top of all of that hoping, year after year, without ever quite owning the ground you’re building on.

Under the permanent onchain model: you acquire your address once. It is recorded on a distributed ledger as an asset belonging to your wallet. No one else can renew it out from under you, purchase it at auction, or redirect its traffic by gaining access to a registrar’s system. This model ensures that domain ownership is immutable and transferable, providing a new level of autonomy for domain holders. The address is yours until you choose to transfer it — and that choice belongs entirely to you.

The difference is not incremental. It’s structural. It’s the difference between a place-based digital identity that exists at the pleasure of third parties and one that exists at the owner’s direction. That distinction matters less when everything is running smoothly. It matters enormously when something goes wrong — when an administrative process fails, when a registrar makes a decision that adversely affects your extension, when a geopolitical event creates a DNS disruption, when someone acquires your name because you were three weeks late on a renewal.

The Brisbane 2032 Dimension

There’s a specific dimension of Queensland’s digital future that gives this question an unusual urgency, and it’s the reason we secured .brisbane2032 as one of our six permanent TLDs.

Brisbane will host the Olympic Games. That is not a distant hypothetical — it is a fact that is already reshaping the city’s trajectory, its infrastructure investment, its identity on the world stage. The Games will bring an intensity of global digital attention to Brisbane that will transform what it means to have a Brisbane-rooted digital identity.

Consider what happens to the value — not just commercial, but cultural and civic — of addresses rooted in Brisbane in that period. Consider how many organisations, communities, businesses, and individuals will want to assert their connection to Brisbane and to the Games. Consider how much of that activity will be built on digital infrastructure that currently doesn’t exist.

Now consider doing all of that on rented infrastructure. Consider the administrative fragility of managing hundreds or thousands of domain renewals across the period leading up to and through the Games. Consider what it means when some of that infrastructure expires, gets captured, or becomes the subject of a dispute, at the moment of Queensland’s highest global visibility.

We secured .brisbane2032 as a permanent onchain TLD because that name deserves to exist as owned infrastructure — not as a rented asset that someone has to remember to renew every year in the lead-up to the event. The digital identity of Brisbane 2032 should belong to Brisbane, permanently, from the moment it’s established.

The Meaning of “Once, For Life”

When we describe our model — one payment, no renewals, permanent ownership — we sometimes encounter scepticism. The internet has trained people to think of digital services as subscriptions. Everything online is a monthly or annual payment for something that exists only as long as you keep paying. The idea of a digital asset that you own outright, that persists without any ongoing relationship with a service provider, feels unfamiliar.

But consider what it means from the other direction. Consider what it means that we’ve accepted, as normal, that the digital names of our places and communities are perpetually contingent on administrative processes that can fail. Consider what it means that the question “who owns Brisbane’s name online?” doesn’t have a clear answer — not because the question is unanswerable, but because the system is designed in a way that makes genuine ownership impossible.

The internet is entering a new era of digital ownership — and at the centre of it is a simple but transformative idea: what if you could own a domain name forever, without renewals, without intermediaries, and without the risk of losing it overnight?

That idea is now technically achievable. The infrastructure exists. The blockchain networks that make permanent onchain ownership possible are mature, tested, and widely used. The question is no longer whether this can be done — it’s whether the communities that stand to benefit from it understand what’s at stake, and whether they act before the window of permanent ownership closes for the names that matter most to them.

We built Queensland Foundation precisely because we believe those names matter. We believe .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032 deserve to exist as permanent infrastructure owned by Queenslanders — not as annual rental agreements held by registrars with no stake in Queensland’s future.

What Builds on Permanent Foundations

There’s a question worth addressing explicitly: does it matter, in practice? If most domains renew without incident most of the time, if the Belgian hospital example is an edge case, if city councils generally maintain their digital infrastructure adequately — does the theoretical fragility of the rental model actually change anything day to day?

We think it does, but not always in the dramatic ways the edge cases suggest. The deeper effect of building on impermanent foundations is subtler: it shapes what gets built.

When digital infrastructure is contingent — when every community member who starts a project, every local business that commits to a place-based digital identity, every developer who builds on a domain-rooted service has to account for the possibility that the foundation might not be there in five years — the result is caution. It’s the absence of long-horizon thinking. It’s the hesitation before investing deeply in a digital presence that might have to be abandoned or rebuilt.

Permanence doesn’t just eliminate a category of risk. It enables a different kind of building. When you know the foundation is there for life — when you know that the address you build your digital identity around cannot expire, cannot be captured, cannot be revoked by a third party’s decision — you build differently. You invest more. You commit more fully. You create things that are designed to last.

This is what we mean when we say that permanent onchain infrastructure changes the relationship between a community and its digital identity. It’s not just about preventing the bad outcomes. It’s about enabling the good ones.

A Queenslander who holds a permanent .brisbane address isn’t just holding a safer version of a traditional domain. They’re holding a digital asset that is unambiguously theirs, that accumulates value as Brisbane accumulates importance, that can be held for a lifetime and passed on, that exists as a genuine piece of digital property rooted in a real place. That’s a different thing from a lease. It’s a fundamentally different relationship between a person and their place’s digital name.

Sovereignty Is a Strong Word, But It’s the Right One

We use the word sovereignty carefully, because it carries weight. But we think it’s the right word here.

Technological sovereignty for cities means full control and autonomy of their Information and Communications Technologies, including service infrastructures and the digital names that anchor them. That’s not a radical political claim — it’s a description of what cities, communities, and residents deserve from their digital infrastructure: not dependence on third-party landlords, but genuine ownership.

Queensland is a place with a strong, distinctive identity. Its cities are not generic — they have specific cultures, specific geographies, specific stories. The digital infrastructure that carries those identities forward should reflect that specificity. It should be rooted in Queensland, owned by Queenslanders, permanent in the way that Queensland’s geography is permanent.

We’re not naive about the complexity of getting there. The existing DNS infrastructure isn’t going anywhere quickly. The traditional web will continue to matter for a long time. Building a new layer of place-based permanent identity doesn’t mean tearing down what exists — it means creating something that transcends the fundamental fragility of the rental model.

What we’ve done is secure the foundations. Six TLDs, permanently onchain, belonging to no registrar, expiring never. The names are anchored. What gets built on them is up to Queenslanders.

The Long View

The internet is still young. The questions of who owns what online, how identity is asserted, what permanence means in a digital context — these are all still being worked out. The rental model that currently dominates domain name ownership isn’t a law of nature; it’s a historical artefact of how the internet happened to develop. It can be superseded.

We built this project because we believe it will be superseded — and because we wanted the names that matter most to Queensland to be on the right side of that transition. We wanted the communities, businesses, and residents of Brisbane, the Gold Coast, Surfers Paradise, and Queensland as a whole to have access to a form of digital identity that matches the permanence of their actual identity. A place that has been here for millennia, and that will be here long after any particular registrar has closed its doors, deserves a digital name that won’t expire with someone’s credit card.

That’s the simple version of what we’re doing. The longer version — the one we’ve tried to lay out in full here — is about understanding the structural fragility of rented civic digital identity, and why permanent onchain infrastructure is not just a technical upgrade, but a fundamentally different answer to the question of who owns a city’s name.

We think the answer should be: the city’s people.

That’s what we’re building toward. One permanent address at a time.