Protect your privacy:
Get NordVPN
[
Deal: 73% off 2-year plans + 3 extra months ]
- Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
- RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
- Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
- NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
- Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.
The application of the European General Data Protection Regulation (GDPR) to the DNS is a hot topic within the ICANN community. However, since the implementation of the GDPR on May 25th, 2018, there has been little public data on: How many WHOIS data requests have been made at the registry level, and; How the registries are handling them.
To further the factual and evidence-based discussion within the ICANN community, we gathered quantitative data about WHOIS access post-GDPR, by surveying the geoTLD registries. As these registries operate under the authority of their respective governments, geoTLDs have a particular responsibility to the public interest of their target communities, including in respect of data protection.
Participants
39 geoTLD Registries from around the globe participated in the survey. 25 out of the 39 participants are geoTLD Registries within the European Union (EU); 14 are from the rest of the world. The participating geoTLD Registries represent over 600,000 domain registrations.
The survey was performed with SurveyMonkey.com. Answers were collected between 15 Aug and 04 Oct 2018.
Findings
The GDPR has been in effect for several months, but little information has been published on its operation at the registry and registrar level. Unfortunately, this has opened up space for speculation and even “alternative facts” being used to incorrectly influence ICANN, governments and other community members in their decision-making. This study aims to provide data-driven evidence of how GDPR is working in practice, in order to ground the debate at ICANN in facts, not hypotheticals.
Overall, our findings are that while EU-based geo TLD registries take GDPR seriously and have enacted measures to protect citizens’ personal data, the number of requests to access the data is vanishingly small, and these requests are being dealt with efficiently. This study of the geoTLD registries shows there is no evidence-based need for a universal access model, based on how GDPR is working in practice.
The survey results can be summarized as follows:
- All EU-based geoTLD registries have implemented operational measures to limit the publication of registrant data by the WHOIS, in-line with national legislation.
- Almost all EU-based geoTLD Registries have implemented measures to allow for access to unpublished registrant data by legitimate interests.
- Although the geoTLD registries account for over 600,000 registrations, less than 50 WHOIS data access requests have been received so far.
- The vast majority of requests was dealt with in a response time of 1 – 2 days. Only one request waited for 7 days.
- The majority of geoTLD registries have received no requests for WHOIS data access since 25 May 2018; 76% of EU geoTLDs received no access requests, and 79% of the non-EU geoTLDs received none.
- Of the geoTLDs that received access requests, most received fewer than ten requests. Four registries received fewer than 10 requests and two received more than 10 requests, but less than 20 each.
- A majority of EU-based geoTLD registries (60%) consulted with their local ccTLD to harmonise their WHOIS publication and access with the ccTLD practices, while non-EU geoTLD mostly (17%) have not.
- Across all requests, over 50% were legitimate. They came in equal parts from law enforcement, right holders, lawyers, registrants and other parties.
More Details
More details on the list of questions asked and answers received, with separate recognition of EU-based geoTLD Registries and the of participating geoTLDs Registries can be found here.
CENTR, the association of European country code top-level domain (ccTLD) registries has also issued a survey which can be found here.