The promise that most projects can’t keep

When we set out to build Queensland Foundation, we spent a long time thinking about one word: permanent.

Not permanent in the marketing sense — the kind of word that appears in a brochure and disappears when the company does. We mean permanent in the plainest, most literal sense. An address that exists today will still exist in fifty years. An address registered by someone in Cairns or the Gold Coast or anywhere across Queensland will still belong to that person — or their estate, or whoever they choose to transfer it to — long after the people who built this project are gone.

That kind of permanence is a serious technical and philosophical commitment. It is not something you can deliver with a well-intentioned business plan and a reliable operations team. It is something that has to be designed into the architecture of the system itself. And the only architecture we know of that can support it is a decentralised one.

This post is our attempt to explain why we believe that, and why we think it matters so much — not just for Queensland Foundation, but for the broader question of what it means to own a digital address in the twenty-first century.

What the traditional domain system actually is

Before we can explain why we chose to build differently, it helps to understand clearly what the existing domain system is and how it works. Because most people who use the internet have never had to think about this, and the model is so normalised that its strangeness has become invisible.

When you register a traditional domain — a .com, a .org, a .au — you are not buying it. You are licensing it. You are paying for the right to use that name for a defined period, typically one year, after which you must pay again to keep it. If you forget to renew, or your credit card expires, or your renewal email ends up in a spam folder, the name can be released and acquired by someone else. The concept of owning a domain, truly owning it the way you own a car or a house, does not exist in the traditional system.

Sitting behind all of this is a layered hierarchy of organisations. At the very top is ICANN — the Internet Corporation for Assigned Names and Numbers — a not-for-profit body that coordinates the global domain name system and authorises who is permitted to operate each top-level domain. Below ICANN are the registries, which maintain the databases for specific TLDs. Below the registries are the registrars — the businesses you actually deal with when you buy a domain name. They are the ones who sell you the licence, collect the renewal fees, and hold the administrative keys to your address.

This is, by design, a centralised system. There is a chain of command, and your name sits at the bottom of it.

For the average internet user going about their daily business, this has been fine. The system works, mostly, most of the time. But when you start asking harder questions about permanence — about what happens over decades rather than years — the fragility becomes clear.

What happens when the centre fails

Let us be concrete about what we mean. The centre of the traditional domain system is not one place; it is a series of places, each of which represents a point of potential failure.

Registrars are commercial companies. They operate with the same vulnerabilities as any commercial company: they can go insolvent, they can be acquired, they can change their pricing models, they can be bought by larger entities with different values, or they can simply wind down their operations. When a registrar fails, the domains it managed do not automatically transfer smoothly to a new home. There are processes — sometimes orderly, sometimes chaotic — that attempt to migrate those domains to another registrar. But in the disruption that comes with any corporate failure or acquisition, records can be lost, renewal windows can be missed, and the customers who depended on that registrar are suddenly scrambling.

When one registrar acquires another, that history can become fragmented and difficult to reconstruct. Customers discover that their account details have changed, that their support history is gone, that the pricing they had locked in no longer applies, or that the interface they relied on has been replaced by something unfamiliar. These are inconveniences for individuals; they can be serious operational problems for businesses. And they all stem from the same structural fact: the registrar is a central point through which everything flows, and central points can fail, change, or disappear.

Policy can also change. ICANN is a coordinating body with the authority to make rules that affect every domain in the system. The registries that operate specific TLDs operate under contracts that are renegotiated over time. Pricing agreements that were in place when you first registered your domain may not still be in place five years later. New restrictions on who can hold certain domain types, new verification requirements, new dispute resolution procedures — all of these can be imposed on domain holders who had no say in the matter and who built things around the assumption that the rules would stay stable.

This is not a theoretical concern. It is the lived reality of operating in a centralised system. The rules are set by bodies that have their own institutional interests and their own political dynamics, and those rules can change in ways that affect you whether you like it or not.

The deeper problem: you don’t actually own it

There is a more fundamental issue beneath all of this, and it is the one that drove us most directly toward building on a decentralised foundation.

In the traditional domain system, you do not own your domain name in any meaningful property-rights sense. What you have is a contractual licence. The domain name itself is a record in a centralised database, and the authority to modify that database belongs to the organisations in the hierarchy above you. If your registrar decides — for any reason, or no reason — to suspend your domain, they can. If ICANN determines that a registry has violated its operating agreement and needs to be shut down, the domains in that registry are at risk. If a government applies legal pressure to a registrar in its jurisdiction, the registrar may comply by removing or redirecting domains.

You may have legal recourse in some of these situations. You may be able to argue your case in a dispute resolution process or a court. But in the meantime, your address — the one you have printed on your business cards, embedded in your marketing materials, built your online identity around — can be taken from you or altered without your consent, and you have no technical means to prevent it.

This is not a criticism of any individual organisation in the domain system. Most of them are acting in good faith, trying to maintain a functional internet. But the architecture of the system means that your claim to your own address is ultimately subordinate to the decisions of organisations you have no control over.

We did not want to build a project on that foundation. When we tell someone that their Queensland address is theirs permanently, we want that to be a technical fact, not a contractual promise.

Why decentralisation changes the equation

Decentralisation, in the context of a domain project, means removing the single controlling entity from the equation entirely. It means moving the record of ownership onto a blockchain — a distributed ledger that no single organisation maintains, and that no single organisation can unilaterally alter.

When a Queensland address is minted on-chain, the record of that ownership lives on a blockchain that is maintained by a distributed network of nodes. There is no central database that an administrator can log into and delete your record. There is no billing department that can lapse your address if your credit card expires. There is no corporate acquisition that can move your address into a new company’s hands without your consent. There is no regulatory body that can unilaterally decide your address doesn’t belong to you anymore.

The ownership record is immutable. It exists because the network says it exists, and the network says it exists because thousands of independent nodes across the world have recorded and verified the same transaction. To alter that record, you would need to compromise not one organisation but the entire distributed network — a task that becomes harder the larger and more distributed the network is.

This is what we mean when we say the architecture enforces the promise. We are not relying on our own good behaviour, or on the continuing existence of Queensland Foundation as an organisation, to ensure that your address remains yours. The architecture itself enforces it. The smart contract that governs the TLD defines the rules, and once deployed, it operates according to those rules without needing us to press any buttons.

No renewals: not a feature, a philosophy

One of the things we have found when explaining Queensland Foundation to people is that the no-renewal aspect — pay once, own forever, no annual fees — tends to land as a pricing innovation. A nice deal. A welcome departure from the endless subscription model that has colonised so much of digital life.

But we want to be clear that this is not primarily a pricing decision. It is a philosophical one that flows directly from our commitment to decentralisation.

The renewal cycle in traditional domains is not just a revenue model for registrars. It is a mechanism of ongoing control. Every year, when your renewal notice arrives, you are reminded that your address is not permanent — that it exists at the pleasure of the system, subject to your continued compliance and continued payment. If your circumstances change, if you become ill, if you move countries, if you simply forget, the address you built your identity around can be taken from you.

The renewal mechanism also creates a class of people for whom domain ownership is effectively precarious: those who struggle with the administrative overhead of managing annual renewals across multiple addresses, those for whom the cost accumulates into something significant over time, and those who are never quite sure whether their payment has gone through and their renewal has been processed. In a world where digital addresses are becoming as important as physical addresses, that precariousness is a form of exclusion.

When we put our TLDs on-chain with a one-time cost and no renewals, we are not just saving people money. We are changing the nature of what ownership means. We are saying that once you have this address, it is yours in the same way that your name is yours — not contingent on continued payment, not subject to administrative revocation for non-renewal, not capable of being auctioned off because you missed an email.

That is only possible because we have removed the central entity that would otherwise collect those renewals and exercise that control. Decentralisation enables permanence. The two are inseparable.

The question of who guards the guardians

There is an objection that comes up often when we talk about this, and we want to address it honestly because it is a fair one.

The objection goes something like this: if Queensland Foundation is the entity that deployed the smart contracts that govern these TLDs, then Queensland Foundation is itself a central point of control. You chose the blockchain. You deployed the contracts. You set the rules. If your values change, or your team changes, or your organisation is acquired or wound down, what happens to the addresses then?

It is a good question, and it is precisely the question we asked ourselves while building this.

The answer lies in the difference between deploying a system and controlling it after deployment. A well-designed smart contract, once deployed to a blockchain, operates according to the logic embedded in its code. The deploying organisation does not have an ongoing administrative role in the way that a registrar does. The registrar model requires active, ongoing human intervention: a company that processes renewals, manages transfers, maintains the database, and holds the administrative keys. Remove the company and the whole system stops working.

The onchain model is different. The smart contract runs on the network. It processes registrations, records ownership, and governs transfers according to rules that were set at deployment and that are now enforced by the blockchain itself. If Queensland Foundation were to cease to exist tomorrow, the addresses already minted would continue to exist. The network would continue to recognise them. Their owners would continue to hold them. The logic that governs the TLD would continue to operate.

This is the critical distinction: in a centralised system, the organisation is the infrastructure. In a decentralised system, the organisation deployed the infrastructure — and then, by design, stepped back from it.

We take that responsibility seriously. We understand that the choices we made in designing and deploying these contracts have long-term consequences. We think carefully about the governance structures embedded in the contracts, about what rights are held by address owners, and about what we as a foundation are and are not capable of doing to those addresses after the fact. We err on the side of giving more power to the owner, not less.

Why place-based identity makes this matter more

We have thought a lot about why a domain project specifically matters to a community like Queensland, and why the decentralisation question carries more weight for us than it might for a generic global TLD.

A .com address is commercially useful, but it is not a marker of identity. It does not tell you where the person behind it comes from, what community they belong to, or what they are connected to. It is a neutral commercial instrument.

Our TLDs are different. A .queensland address or a .brisbane address or a .surfersparadise address is an expression of belonging. It says something about who the holder is and where they are from. It is a piece of identity that has cultural resonance, not just commercial utility.

When identity is at stake, the question of permanence becomes much more important. A business might be able to rebuild its online presence if a domain gets disrupted — it is costly and disruptive, but it is ultimately a practical problem with practical solutions. But if an address is a piece of someone’s identity, if it is the onchain expression of their connection to a place, then losing it is not just an operational inconvenience. It is a loss of something that cannot simply be replaced by registering a different address.

The same logic applies at the community level. If these TLDs became significant parts of how Queensland presents itself to the world — how businesses, institutions, individuals, and community groups identify themselves — then the fragility of the centralised model becomes a fragility that affects the whole community. A registrar failure, a policy change, or a corporate acquisition could disrupt not just individual addresses but the broader fabric of Queensland’s digital identity.

Decentralisation is what protects against that. By putting these TLDs on a blockchain, we ensure that no single organisation — not even us — can disrupt that fabric by making decisions that affect the whole ecosystem. The addresses belong to the people who hold them, and the blockchain enforces that in a way that no contract or policy ever fully could.

What immutability means in practice

We use the word “immutable” to describe onchain addresses, and it is worth being specific about what that means, because it is one of those technical words that can sound more abstract than it is.

An immutable record is one that cannot be altered after the fact. In the context of an onchain domain address, it means that once your address has been minted and recorded on the blockchain, that record cannot be changed without your participation. No one can reassign your address to someone else. No one can alter the record to show a different owner. No one can delete the record to free up the name for re-registration.

This is a stark contrast to the centralised model, in which the database that records your ownership is controlled by an organisation that has the technical ability to modify it. In the centralised model, you trust the organisation not to abuse that ability. In most cases, that trust is justified — registrars do not typically just reassign domains to other people for no reason. But the possibility exists, and that possibility is what makes the guarantee fragile.

In the onchain model, the possibility does not exist in the same way. The blockchain is a public record, visible to everyone, maintained by many, and alterable by no single party. Your ownership is not a trust relationship with an organisation — it is a cryptographic fact recorded on a distributed ledger.

Transferability is the other side of immutability. Because your address is recorded on-chain as a token you hold, you can transfer it to another wallet. You can give it to a family member. You can sell it if you choose to. You can leave it in your estate. This transfer happens on-chain, directly between parties, without needing a registrar to process a transfer request and without paying a transfer fee to an intermediary. The record is updated on the blockchain, and the new ownership is just as immutable as the old one was.

The long view: infrastructure built for decades

We want to say something about how we think about time, because it shapes almost everything about how we designed this project.

Traditional domain businesses tend to think in annual cycles. That is how they are structured financially — annual renewal fees create predictable recurring revenue. It is a sensible business model for a company that needs to sustain its operations. But it creates a structural bias toward the short term. The company’s interests are served by a model in which customers renew every year, and so the permanence of any given address is, at best, a secondary concern.

We are not structured that way. We are a foundation, and our goal is not to generate recurring revenue from address holders. Our goal is to establish a permanent, stable, community-owned digital infrastructure for Queensland — infrastructure that will still be functioning and still be serving its purpose long after anyone involved in building it has moved on.

That long view changes how you design things. When you are thinking in decades rather than years, the choices that matter most are not the ones that maximise short-term revenue or minimise short-term costs. They are the choices that maximise resilience — that ensure the system keeps working even as the organisations around it change, even as technology evolves, even as the people who built it are no longer available to maintain it.

Decentralisation is the answer to that design challenge. A system that does not depend on any single organisation to keep operating is more resilient than one that does. A ledger maintained by thousands of independent nodes is more durable than a database maintained by a single company. Smart contracts that execute their logic automatically are more reliable than processes that depend on human administrators being present and performing correctly.

We are building for the long run. Decentralisation is how you do that.

The tension that honest projects acknowledge

We want to be honest about something that a less candid post might gloss over.

Decentralisation is not a binary state. It exists on a spectrum, and the degree of decentralisation in any given system depends on the choices made at every level of the design. A project can describe itself as decentralised while retaining significant points of centralised control — in the deployment key, in the upgrade mechanism, in the governance structure of the underlying protocol, in the way the front-end interfaces with the contracts.

We know this because we have had to think through all of those choices ourselves. Every design decision has tradeoffs. More centralised control in the short term can enable faster iteration and error correction. Less centralised control means the system is more permanent but harder to fix if something goes wrong. The right balance is not obvious, and anyone who tells you they have found a perfect solution without tradeoffs is not being straight with you.

What we can say is that we are committed to the principle of moving toward more decentralisation, not less — that our design choices, wherever possible, are made in favour of the address holder’s permanence and control rather than our own administrative convenience. We think about what the system looks like if we are no longer around. We design accordingly.

That commitment is worth stating explicitly, because it is the heart of what we are trying to do. We are trying to build a system where the promise of permanence is enforced by architecture, not by trust in us. If we have succeeded, then the question of whether Queensland Foundation is still a going concern in twenty years is irrelevant to the question of whether your Queensland address still exists.

Sovereignty and the digital address

There is a word that sometimes comes up in these discussions — sovereignty — and it is a word worth taking seriously without inflating it into abstraction.

Sovereignty, in the context of a digital address, means simply that you are the final authority over it. Not a registrar. Not a registry. Not a regulatory body. Not the organisation that built the system you are operating within. You.

In a centralised domain system, you do not have that. You have a licence, with terms and conditions that can be changed, and a dependency on the organisations higher up in the hierarchy to honour it. Your practical ability to use your domain day-to-day may be entirely unaffected — but the sovereignty is not yours.

In an onchain system designed the way we have tried to design ours, the sovereignty is yours in a more meaningful sense. The record of your ownership on the blockchain can only be altered with the participation of your private key. No one else has the technical ability to move your address without your consent. The rules of the smart contract that governs the TLD are public and auditable — you can see exactly what rights you have and what rights we have, and those rules are enforced by the network, not by our good intentions.

We think this matters. We think digital addresses are becoming a significant part of how people and communities exist in the world, and the question of who ultimately controls those addresses is not a technical footnote. It is a question about power — about whether the infrastructure that people build their digital lives on belongs to them or to the organisations that provide it.

We built Queensland Foundation with a clear answer to that question: it belongs to you.

Why we chose this path

We want to close with something personal, because this project is personal to us.

We are from Queensland, or we have built lives here, or both. We care about this place in the way that you care about somewhere that has shaped you. When we think about Queensland’s place in the world over the coming decades — about the communities that will be built here, the businesses, the cultural institutions, the individuals who will call this corner of the world home — we want those people to have infrastructure that matches the permanence of the place itself.

Queensland is not temporary. The Gold Coast is not a passing feature of the world. Brisbane is not going away. The communities along the coast, inland, in the cities and the regions, have been here for a long time and will be here for a long time to come.

The digital infrastructure those communities build on should match that durability. It should not be subject to the commercial decisions of a distant registrar, or to the policy shifts of an international governing body, or to the failure of a single company that held a central database. It should be as permanent as the place it represents.

That is why decentralisation matters for this project. Not as a technical preference. Not as a way to seem sophisticated or forward-thinking. But because permanence — real, architectural, enforceable permanence — is only possible when you remove the single point that can make impermanence happen.

We removed it. That is the foundation on which everything else we have built is standing.