|Privacy For Domain Owners To Improve|
| 4:23 pm on Mar 21, 2007 (gmt 0)|
|Many owners of Internet addresses face this quandary: Provide your real contact information when you register a domain name and subject yourself to junk or harassment. Or enter fake data and risk losing it outright. Help may be on the way as a key task force last week endorsed a proposal that would give more privacy options to small businesses, individuals with personal websites and other domain name owners.... |
...At issue is a publicly available database known as Whois. With it, anyone can find out the full names, organizations, postal and e-mail addresses and phone numbers behind domain names.
Hearings on the changes are expected next week in Lisbon, Portugal, before the Internet Corporation for Assigned Names and Numbers, or ICANN, the main oversight agency for Internet addresses.
Privacy For Domain Owners To Improve [usatoday.com]
| 4:35 pm on Mar 21, 2007 (gmt 0)|
Domain registrations should be transparent and open IMO
Your Home, your Vehicle registration , Your Company ,LLC , Properier whatever is already Transparent and domain ownership should be no different.
Domains can and are used for nefarious purposes every single day , from child porn to banking thefts ..The Idea that we give these people additional layer of protection ..just so that no one can see what names "we" are registering is ludicrous.
You want privacy get the H off internet..IMO
| 5:10 pm on Mar 21, 2007 (gmt 0)|
|Domains can and are used for nefarious purposes every single day , from child porn to banking thefts ..The Idea that we give these people additional layer of protection ..just so that no one can see what names "we" are registering is ludicrous. |
They don't need that additional layer as they aren't so stupid to provide real details anyway.
Only the users with legal websites provide real information and that information gets abused by the same people you mentioned for identity fraud and harassing.
The whois privacy is there to protect/hide real information from legal users; fake information from child porn and banking theft websites has no reason to be hidden.
| 5:28 pm on Mar 21, 2007 (gmt 0)|
|your Vehicle registration |
Actually, in California, vehicle registrations have been private for quite some time now. It's not possible for a member of the general public to obtain ownership information based on a license plate number. That is now restricted to law enforcement, insurance companies, etc.
This was a response to a number of high-profile "stalking" cases a few years ago.
| 5:34 pm on Mar 21, 2007 (gmt 0)|
There's a huge difference between domain registrations by private individuals and registrations by companies. A company should be required to give full contact details, an individual should retain his right to privacy (but should supply the information to the registry).
I believe that the .uk ccTLD works in this way in that an individual can opt out of whois listing. The .ca ccTLD is planning a similar initiative.
| 5:44 pm on Mar 21, 2007 (gmt 0)|
This is very important. We manage a few hundred domains for our clients, all with correct information. I see 20-80 spams per day sent to the admin contacts obtained by scraping whois database. In 7 years I think I have seen 1 or 2 legitimate enquiries. Clearly if a site is doing something illegal then the authorities should be permitted to access the owner information. However, whois desperatly needs some kind of scraper protection, otherwise it will become invalidated by legitimate domain owners entering rubbish info just to avoid the tirade of spam.
And yes, lets be clear about this: The domains engaging in illegal practices are NEVER going to advertise their true details, no more than you will find a calling card from the thief that breaks into your house. So lets protect the innocent damn it!
| 5:56 pm on Mar 21, 2007 (gmt 0)|
Put whois information in an open but user pay database.
At 25 cents a look up, the spammers will mostly go away and legitimate interests will be more than willing to pay. (unfortunately, some of the worst criminals such as stalkers will also be willing to pay as well).
| 7:27 pm on Mar 21, 2007 (gmt 0)|
I get requests for link exchanges in my contact email address. It really #*@@&# me off when I get that crap. I see no reason why this information has to be public. The registrar has your info, that should be enough.
| 8:13 pm on Mar 21, 2007 (gmt 0)|
|At 25 cents a look up, the spammers will mostly go away and legitimate interests will be more than willing to pay. (unfortunately, some of the worst criminals such as stalkers will also be willing to pay as well). |
This would only result in someone paying for it (once) to create a database and then selling that for smaller sums to all the spammers/scammers. And as you mentioned, stalkers are just as bad or even worse.
However, free whois services are very still very useful for the purpose they were intended to be used and hence shouldn't disappear completely. Just let people have the choice between private/hidden (rather small/personal websites) and public information (rather companies).
| 8:16 pm on Mar 21, 2007 (gmt 0)|
--Your Home, your Vehicle registration , Your Company ,LLC , Properier whatever is already Transparent and domain ownership should be no different.--
You can't look up someone's name based on their car plates, only public authorities can do that.
No one is suggesting that domains should be completely anonymous, just that the information should only be available to those who have a legitimate reason to require it (the police etc).
--Domains can and are used for nefarious purposes every single day , from child porn to banking thefts ..The Idea that we give these people additional layer of protection ..just so that no one can see what names "we" are registering is ludicrous. --
The information would still be available to those investigating crimes, but it wouldn't be available to every crazed lunatic with an internet connection.
What's wrong with that?
| 8:16 pm on Mar 21, 2007 (gmt 0)|
> an open but user pay database
Pay whom? Verisign? ICANN? The registrar?
I have no problem with a public email address showing in the whois for a "business" website, it's for a personal site by a private individual where the current situation is less than ideal.
| 8:53 pm on Mar 21, 2007 (gmt 0)|
There is no need for the whois info to be public. It should be 100% private. It is nobody's business what domains I own. It's about time ICANN woke up to this fact.
It doesn't matter anyway. Most people uses a private whois service these days, so it really is a moot point. And before there were privacy services it was very easy to use a p.o. box, etc. Still, while nobody can find my info on whois because I use a privacy service, it would be better if I didn't have to use the privacy service in the first place.
| 8:58 pm on Mar 21, 2007 (gmt 0)|
Is it really an offense to afford privacy to the masses for free when any average SOB gets to enjoy the same measure of privacy for the price of a cup of coffee at McDonalds?
| 12:03 am on Mar 22, 2007 (gmt 0)|
I am totally torn on this issue. There are times I have needed to know who an owner of a site is for legal reasons (stolen content), and couldn't find it. On the other hand, I get atleast one postal mail scam for "renew this domain" a week, and dozens of related email spam every day. Ultimately, as a site owner, we have specific responsibilities to the public trust, public Commons, and the laws of whatever land the business owner lives in. We really are mucking around with the foundations of our economies and countries with this internet stuff.
| 12:05 am on Mar 22, 2007 (gmt 0)|
|Pay whom? Verisign? ICANN? The registrar? |
Good point. Considering I pretty much despise the first two, (and well registrars are what they are) I withdraw the suggestion. Haha!
| 12:49 am on Mar 22, 2007 (gmt 0)|
Spam through the whois email addresses is pretty much a misnomer.
We actually get more genuine enquiries than spam though the whois email addresses. We know this because we track all spams and we use individual address for each of the fields.
This has been the case for the last couple of years so if you are getting a lot of spam change your email addresses in the whois.
| 2:24 am on Mar 22, 2007 (gmt 0)|
I get very little spam through my WHOIS email address.
(I use a Disposible Email Address, in any case. If the spam gets too much, I turn it off and assign a new one.)
I had some domains in the .at (Austria) registry. Now THOSE got a LOT of spam! My spam decreased 90% when I turned off those email addresses.
All in German, and goofy stuff. I mean, really goofy stuff. Little plastic Christmas trees, for example.
| 1:34 pm on Mar 22, 2007 (gmt 0)|
Sorry, I got carried away.
Scraping and selling off data, fraud and spam make me somewhat angry. But what makes me real mad is the incompetence and lazyness of the proper organizations to regulate.
Domains do need transparency in my opinion, but I think I too could live without the inconveniences of bots scraping, and certain entities selling whois data. Making it unavailable to the public wouldn't solve a thing out of this.
...Come on, right now it's a giveaway to registrars if I'm correct. Registrars like the one in the news last week? ( Regulate the d@mn registrars first, please. ) If whois was reduced to a level of non-public "internal use" which I guess registrars could still lobby for with success, not a single thing would change. ( No one ever said the data used to spam you have ever made it to the public. )
You know what the problem is?
It's not clear who should enforce the regulations.
See some quotes from the registrar agreement.
"current" ICANN Registrar Agreement (2001) [icann.org]
|3.3.1 At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited. |
... up until 2004 the agreement stated ...
|3.3.6 In addition, Registrar shall provide third-party bulk access to the data subject to public access under Subsection 3.3.1 under the following terms and conditions: |
184.108.40.206 Registrar shall make a complete electronic copy of the data available at least one time per week for download by third parties who have entered into a bulk access agreement with Registrar.
220.127.116.11 Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.
... and where it gets real tough ...
|18.104.22.168 Registrar's access agreement may require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties. |
22.214.171.124 Registrar may enable Registered Name Holders who are individuals to elect not to have Personal Data concerning their registrations available for bulk access for marketing purposes based on Registrar's "Opt-Out" policy, and if Registrar has such a policy, Registrar shall require the third party to abide by the terms of that Opt-Out policy; provided, however, that Registrar may not use such data subject to opt-out for marketing purposes in its own value-added product or service.
Then came this report in 2003 [icann.org].
And the consensus, the whois marketing restriction policy [icann.org] ( a year and a half later ).
|1) Section 126.96.36.199 will be replaced with the following language: |
"Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts."
2) Section 188.8.131.52 will be replaced with the following language:
"Registrar's access agreement must require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties."
3) Section 184.108.40.206 of the current RAA will be deleted. (It will no longer be applicable as a result of the modification to §220.127.116.11 indicated above.)
My question is simple.
Who would enforce this regulation?
ICANN or the registrars? The 3rd party services?
What if the visitors to the "value added" services are spammers?
Doesn't it all come down that by handing out the data to 2nd and 3rd parties, ICANN loses control over how it's used?
Shouldn't the flow of data just STOP at the level of registrars?
Or even before the registrars...
Some actual regulation or centralization would be needed in how and where whois information is stored and available, in my opinion. If there was but a single portal for this data directly under a specific organization, exactly for the purpose of transparency, no one could complain. Except those who have something to hide. And those who used to sell this data to 3rd (4th) parties.
And now onto part two of my message.
Which is, that I say let WHOIS be publicly available.
But make it much more safer. Perhaps only available directly from ICANN or something like that.
If someone doesn't have anything to hide, this is but for the convenience of not receiving scam/spam/fraud letters.
If someone has something to hide, this is losing a lead to tail them.
Yes it is. No matter how small of a lead.
If someone doesn't want the information to be there, use a disposable email address as most of us do, enter generic information that a bot won't be able to utilize. Bots would not be able, but people would be, so you don't miss out on anything, and keep yourself out of suspicion.
You'd be surprised, that no matter how small bits of info I've found in the whois, I was able to determine the site's "ownership status" and purpose. To me whois has always been a great tool to evaluate others' businesses.
If they turn that little ( apparently already completely editable ) thing off, this lead will fade.
And then, if it's not a mission of trying to guess others' intentions, but a tool to tail fraud... all that'd be left is mailing the virtual hosting companies which answer on and off on a whim.
That wouldn't be too good.
Whois information isn't just the owner's name and office address, it's the registrar company, the dates of registration, expiration, the technical staff email, often a hint on the country where the business is registered, a 25% chance to see if there's an address, p.o. box or just fake character strings, it's important in doing business.
Now some say it's an opportunity for scrapers / spammers to find you and try to pull one ( obvious ) on you... and that the solution would be to not have it at all?
I don't like this logic, but then again, it's probably me.
I'm doing business on the net, for the net, and not as an "extension" of other media. Seeing through the online behavioural pattern of others has surely become one of my strengths in determining the seriousness of another entity. And surprise surprise, secrecy was one of the main reasons for not being able to take someone's word. That's including the greats.
It's not that I like when my sites get spammed, linked to, scraped through whois from day -1. This has caused me setbacks before and I was sure mad as hell. But the solution is making the information safer, not making it secret. So I hope that this news means the first not the latter.
How come no one goes after those who have scraped themselves an entire database?
How come there's no regulation on how others can display/use this data?
If there is, why isn't it enforced?
If it can't be enforced as it is, why isn't it changed?
Why allow the leakage of data through fishy registrars when you know it'll be sold off/allowed to be scraped?
How many such "whois services" can you name?
Have it all at one place, then make it illegal to scrape/display/sell the data and enforce the regulations.
If the outcome would be "further privacy" that'd be like the uppermost organizations admitting their incompetence...
Although either because the method of diplaying / querying, all the leakage is happening at the registrar level, thus it could be another proof of whois info still being sold even before making it to the public? I'm not sure about that, but certain companies surely could respect domain owners just a bit more.
| 3:30 pm on Mar 22, 2007 (gmt 0)|
I am utterly sick of the junk mail I receive.... My best advice: Get a PO box for the domains and use a Gmail account to handle all the domain e-mail. It's got the best spam filtering around.
So, that leaves the phone number. Is it legiitamte to give the registrars phone number?
I suppose I could purchase a Skype number that only goes to voicemail.....
| 4:05 pm on Mar 22, 2007 (gmt 0)|
Too late IMO. Scrapers which became pay sites have a complete history of your domains' WHOIS data from the year dot and have been around for years now - if they tighten it up, people will still be able to look back at all the changes you made previous to that...
| 5:22 pm on Mar 22, 2007 (gmt 0)|
I only hope that any changes do not impede swift DMCA justice against plagiarizers in the Google AdSense program.
Also, increased privacy could make it easier for black hatters or gray hatters to create their own networks to manipulate SERPs.
| 11:36 am on Mar 23, 2007 (gmt 0)|
<I don't> like the idea of giving Pedaphilles one more layer of protection.
[edited by: Webwork at 7:05 pm (utc) on Mar. 23, 2007]
[edit reason] WebmasterWorld TOS [/edit]
| 6:53 pm on Mar 23, 2007 (gmt 0)|
I don't like the idea of having to risk my life just to run a legitimate website. If some one wants to do something illegal with a website, privacy proxies or hidden information isn't going to matter, the info they give out is NOT going to be correct. So why make the innocent suffer?
[edited by: Webwork at 7:06 pm (utc) on Mar. 23, 2007]
[edit reason] WebmasterWorld TOS [/edit]
| 9:00 pm on Mar 23, 2007 (gmt 0)|
come on carguy youarer talking about the 1 in a few billion crime ..
I am talking DAILY BS ..there is no reason to give these fraudsters even more priavcy..
Your child ends up on smut site after she typos an address of a legit childrens site.. you'd be pissed as hell and even more pissed when you see them hiding behind a privacy address that YOU have to go through more BS just to find out who they are.. Thats not protecting the innocent ..it's protecting the criminal
The way it is set up topday ..if the registrants contact info that YOU cna see is not correct you can have the site shut down even at the registrar level .
They have privacy on YOU will have to get an court /police order just to get the name .which still may or may not be accurate..
| 9:23 pm on Mar 23, 2007 (gmt 0)|
|Your child ends up on smut site after she typos an address of a legit childrens site... |
Providing personal information without regards for safety because parents don't watch their kids isn't reason enough to have full disclosure on the owner of a domain name. My cheapy $400 firewall can prevent me from ending up on a site I'm not "supposed to be on" and all I had to do was plug it in. What you propose as a solution is taking away some serious liberties; we all have the right to protect ourselves, just as much as you have the right to go to courts and subpoena information as you see fit. Trying to paint some one as a protector of "evil doers" is going no where, just as trying to require people to input accurate information in WHOIS will be just as dire. It will never work and it won't happen, ever. All of my domain's whois info are through a proxy, that proxy's info is legitimate, and under a court order they will provide my accurate information. Why should it be easier to obtain my address, phone numbers and email address for criminals or people who want to cause me harm? I don't see the logic in it.
| 12:26 pm on Mar 24, 2007 (gmt 0)|
|All of my domain's whois info are through a proxy, that proxy's info is legitimate, and under a court order they will provide my accurate information. Why should it be easier to obtain my address, phone numbers and email address for criminals or people who want to cause me harm? I don't see the logic in it. |
Surely that's the worst of all worlds?
1) If there is a problem like Registerfly how do you sort out the mess if the registrars systems fail?
2) A naughty registrar could claim the names as their own.
3) There may be an ambiguity in some legal jurisdictions as to who is responsible for (even owns)the name.
4) The ease of 3rd parties looking to get the information will be inconsistent and vary by registrar.
5) Search Engines and other web businesses can not build trust by knowing a network of sites.
6) Savvy consumers can not build trust before buying.
7) Bad actors get another layer of protection.
8) It doesn't scale and becomes very expensive for multiple domains.
A simpler and more effective solution (apart from .us) would be a PO BOX and a Gmail/Hotmail account for personal non commercial websites.
In the UK the Government requires a Geographical address for websites conducting any commerce at all to be clearly displayed on the website.
| 8:38 pm on Mar 24, 2007 (gmt 0)|
|A simpler and more effective solution (apart from .us) would be a PO BOX |
I believe that a PO box is acceptable for .us. Private registration is not, however.
|and a Gmail/Hotmail account |
It's better to use a DEA (disposible email address) service. I use a service that costs me $10/year, and allows me to have 100's of DEAs that forward to my regular email account. I can turn-off any given address in a control panel, or even turn-off mail from certain senders on a given address.
I use a different DEA for EACH online forum, site registration, etc. Any time I am required to give an email address online, I generate a new DEA for that particular site.
For domain registrations, I peridocally issue a new DEA, once the spam reaches a certain level. (Similar to the way Netsol private registration email addresses work, but not automated - but certainly easier than having to sign-up for a new Hotmail or Gmail account.)
| 1:35 pm on Mar 27, 2007 (gmt 0)|
I can't begin to say how many times a whois lookup has saved my hide when I'm transferring a domain from one registrar to another for a client.
A lot of the time, the client had previously gone through some dude in a basement to register their domain (not that there's anything wrong with working out of a basement. My office at work is in a basement of sorts). Anyway, they have this person register their domain, then the relationship disolves for one reason or another, and they decide that they want to transfer their domain and site hosting to us.
You can take a wild guess as to how helpful the previous guy is in the transfer. Using the whois to find out what email the domain has listed as the authority (luckily it's always been one of the clients') has helped us take control of domains that are basically being held hostage by disgruntled webmasters.
Sometimes you've gotta pull some secret agent stuff for ligit reasons.
| 6:49 pm on Mar 27, 2007 (gmt 0)|
THank god is all I can say.
Because of WHOIS, I was harrassed to the point that all my personal details were plastered all over the web. With WHOIS and the electoral role, it's possible to get almost any kind of infomation you want on someone.
Start getting threatening phone calls from a complete stanger, then see if you think making WHOIS information public is still a good idea!