|How private is domain registration privacy?|
Would like an authoritative answer
I know that individuals are unable to gain access, absent special circumstances, to anonymous - domain proxy, privacy shield, privacy guard - WhoIs records.
That said, do registrars have the ability to "peer into" the shielded information of other registrars?
For example: I shield a domain at Moniker. Does GoDaddy have tools that would enable someone within the company to "discover" who the actual registrant is?
If Yahoo, Google, MSN etc take on the role of "domain registrar" and could they perform global - or select - scans of private registration information?
Do registrars have access to any tools that allow them to dig deeper or discover more that what we might assume?
Besides subpoenas or like legal process who can gain access to the shielded WhoIs information?
No - other registrars do not and cannot pierce the privacy vail as far as we can tell if it is a true privacy/proxy service. I am sure they do what we do when trying to find out who the domain is/was owned by - go to Whois.sc and Wayback Machine and look at the most current non privacy record. Also registrar offered Whois Privacy is totally protected as Per ICANN: It is specifically authorized by ICANN in the Registrar AccreditationAgreement:
Now, regarding privacy and SEO. I clearly put Matt Cutts and Tim Mayer on the table about this issue in front of everyone at WebmasterWorld in New Orleans and they both stated that whois privacy does not hurt rankings in any way. If you are black hatting, they know it already or will find them.
Hmmm. My registrar - for any given domain name - knows exactly who I am, because they require ID verification for financial transactions (purchase/renewal). They know my name, address, phone and email.
Google is a registrar. Are you saying that Google has NO access to personal information associated with domains that I have not registered - if I did not register the domains through Google? (Other than publically available WHOIS information?)
What information does a registrar posses - gained solely by virtue of being a registrar - on domain owners who have never registered a domain through that registrar?
Yes your own regsitrar knows who you are but other registrars do not. I thought that was the question/subject. We would always have to know who you are.
the main registry only saves the basic domain data, like expiration dates, lock status, etc.
All your personal information is in the registrar and only they know who you are.
BUT ...if you already used #*$! to monitor your domain registrant information, that information will be saved in their history database.
So, if you want full privacy, you must contract it since the very begining and never uncover it.
|the main registry only saves the basic domain data, like expiration dates, lock status, etc. |
That's if we're talking about .com and .net domains due to their current use of a "thin" registry.
A "thick" registry keeps full technical and social contact details, currently used by .org, .info,
Moniker_Man said it right that no other registrars can parse the WHOIS data of another if the
domain's using a privacy service. And that's why it should be suspended or turned off before
transferring the domain to another registrar. ;)
Just an add-on, though: at the very least, privacy services will hide the street address, email,
and phone number. Hiding everything will be up to the registrar.
Incidentally, one other registrar got sued because of that. Let me know if you're curious. :D
Google doesn't do anything just for the sake of doing it, especially now since they have shareholders to answer too. With that in mind, why did G become a registrar? It definitely wasn't to do a Whois search on public domains, they could and were doing that before. Does anyone have any solid proof that a registrar, such as G, can not pierce and view private domain registrations?
|Does anyone have any solid proof that a registrar, such as G, can not pierce and view private domain registrations? |
If you mean can G see thru the privacy services, then again it's no. If they're able to do so,
the other registrar (unless they're that stupid) will surely detect it and make a big fuss.
If you run a registrar like Moniker_Man and others do here, there's no valid reason why you'd
allow another to take a peek.
Well to beat a dead horse, I'm not talking about WHOIS. People lie in WHOIS so even when it's not made private it might not be legit. What IS legit is the credit card or other financial info that's needed to buy/renew domains. Hard to fake that, other than to put domains in the names of a spouse, relative or friend.
Bottom line question: Ignoring what is or is not visible in WHOIS, can a registrar I have no domains with peer into the records of a domain I have registered elsewhere, to find out my real name, address, email and whatever else I've provided? OR is that info exclusive to the registrar with whom the domain is registered.
Can/does one registrar ever contact another trying to find out this info, even if it's SUPPOSED to be exclusive to the registrar controlling the domain?
When can someone peer into that set of supposedly private records?
Only one other possible way: insider contacts.
|Can/does one registrar ever contact another trying to find out this info, even if it's SUPPOSED to be exclusive to the registrar controlling the domain? |
Registrars have their own databases. When they communicate with the registry they share SOME of their records, there is no need to send/receive creditcard data for example.
The model is more complicated for registrars which wholesale their services to registars. As resellers access the registars database rather than the registry.
But in both cases it is a matter of database security and access rights.
Caveman, take it a step further. Imagine this:
"Hmmmm . . . the registrars all take credit cards . . . seems so easy for companies that accept credit cards to pull up credit information about people they have or even might do business with . . . Google uses credit card information for AdWords campaigns and has access to identifying information (banking, SSN, TID, etc.) relating to AdSense accounts . . . I wonder if individually identifiable information about credit card charges for the purchase of domain names can be mined, upon request, from Experian, Equifax or TransUnion data . . ."
Expressed directly: Can a company that accepts credit cards request a credit report that drills down to the level of past charges for domain name purchases, perhaps even to the level of identifying individual domain names purchased?
I doubt that a SE would go so far as to seek such information from credit reports, thought it just might be possible.
One step removed from dealing with the credit reporting agencies would be a registrar attempting to mine this information from other registrar's domain record information.
I suspect that if the public learned that Google was secretively accessing and using people's credit card activity for its "indirect" business purposes, such as fiddling with the SERPs, that there would be an outcry and a devastating backlash.
>>there would be an outcry and a devastating backlash
There are a lot of things Google is doing now that merit outcries and backlashes, and two years ago we'd never have expected autolinking to actually go ahead. But it did, and the fuss died down. I wouldn't rule out any legal activity that gives an SE the advantage.
Back OT - bear in mind that no matter how secret your registrar keeps the data Google, or someone else, could buy the registrar tomorrow and all your data is now belong to new owner. In fact, they don't need to buy the registrar out; a simple partnership agreement could see them "sharing data".
G - can access a lot of info about domains by being a registrar....but they are not using privacy to down grade page ranks.
registrars have access to zone files, dns, creation dates, expiration dates, update dates, lock status, etc.
EPP registries provide full contact records as Dave was saying - Thin vs. Thick registries and info.
.net will be moving to EPP by year end and eventially .com will as well.
In either case, privacy still is protected if that is the whois output. the only times you must release true identity of registrants are for WIPO/UDRP, Court Order, and other legal/govermental authorized requests.
hope that helps with the additional questions/comments
Very interesting replies....
|the only times you must release true identity of registrants are for WIPO/UDRP, Court Order, and other legal/govermental authorized requests. |
Hehe. OK, for those who don't know me well, yes, I'm paranoid. ;-)
The thing is, "must release" and "sometimes do release" are not the same.
I've not yet seen anything in this thread that answers this question: If Google (the large and powerful company that it now is) comes knocking at the doors of three different registrars, asking for the name/address/contact info of a particular domain holder ... do they ever get it?
(This all aside from the point that when bought, any registrar's data becomes available to the acquiring company.)
P.S., Jeff, do you want a list of all the things that the SE's are doing right now that should be generating a devastating backlash? ;-)
Caveman - I can tell you that we would never breach customer privacy and confidentiality on your domains. We never have and we never will unless one of the scenarios I mentioned above occur. Even then, we let you know in advance so you can place a correct whois record on the domain prior to a legal response.
I cannot answer what other registrars would do for $$$$ or pressure.
caveman, just what the heck are you doing with those domains that you would need the privacy contract signed in blood? Undercover honeypot work for the NSA . .?
Ummm . . forget it.
I don't want to know. :)
MM, I wouldn't worry about you guys.
Jeff, not me in this case ... jus' trying to help someone sort something out.
More generally, privacy and the potential for abuse of information are subjects that interest me, more than ever right now, given some of what's going on on the Internet. :/
Caveman, I take it you read of one recent case where the registrar took off the privacy of a
domain and it caused!@#$% for that registrant? ;)
I tried to post these questions (unsuccessfully) in a new thread, and then I came upon this very related thread.
My questions pertain to this discussion.
Google recently became a domain registrar and I would like your thoughts on what Google can see when someone registers a domain.
Lets try this using an example.
I create an account with a domain registrar (not Google of course). I use "Address A" when creating my account with my registrar. I buy a domain with my registrar and use "Address B" for the address for that domain. I pay for the domain with a credit card which has "Address C" attached to the credit card.
I believe that Google has access only to "Address B", the address attached to the domain. I don't think they have access to "Address A", the address I used for the account with my registrar. I am almost positive they would not have "Address C", the address used for the credit card I bought the domain with. (I am certain, they would NOT have my credit card number ;-)
Please let me know what information you think Google has access to.
Lets not bring into this why "Address A" may be different from "Address B" and "Address C". This is an example used to find out what Google has access to.
Google does not have access to your address by being a registrar unless you registered your domains with Google or if they have the Whois data base for your registrar.
Registrars keep their customer WhoIs data bases locally...they are not made public in batch format. There are no alarms that go off when you change your address.
Now, what all registrars can see through zone file down loads are update dates, DNS, creation and expiration dates, and what domains are at what registrars.