Home / Blogs

WHOIS Detractors and Advocates: Today’s Viewpoints Post-GDPR

Opposing parties continue to debate whether WHOIS should stay after the General Data Protection Regulation (GDPR) took effect across the EU in May 2018. While the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees WHOIS, is looking for ways to be GDPR compliant, experts from various fields are contemplating the problems pointed out by officials.

In this article let’s take a closer look at the stakeholders involved in the discussion regarding the future of WHOIS and the issues that get them busy these days.

Officials and GDPR Specialists


The GDPR authorities presented different arguments against WHOIS. One is ICANN’s proposed accreditation model that suggests tiered access to data should be granted only to specific user types and purposes. Officials were concerned that such access would be biased towards certain groups such as intellectual property holders while other relevant parties might be ignored.

Detractors also mention that, at the moment, the processing and protection of sensitive details are ambiguous and require more concrete solutions to comply with GDPR.


Meanwhile, on the opposite side of the barricade, advocates are asserting how turning down WHOIS might backfire to compromise people’s security. For example, domain registrars could have incentives to make the records inaccessible, which subsequently might impede investigative activities and security initiatives.

On top of that, promoters point out how even inaccurate WHOIS data are considered relevant to investigations, as experts can trace and connect them to other sources of information.

Cybersecurity Community


Critics say registrants’ data utilized by businesses is not a good indicator of security, as details extracted by companies might be exploited for the wrong reasons. That is why they call for ICANN to manage priorities well to improve cybersecurity in the next years.

Furthermore, there are already proposals on WHOIS’ replacement, for instance, by the Registration Data Access Protocol. Experts say RDAP, which is a more standardized version of WHOIS, might address WHOIS-related concerns more smoothly, including security cases. However, RDAP is not yet complete to answer issues around legal enforcement or comprehensiveness to name a few.


Many cybersecurity specialists defend WHOIS as an essential protocol to track perpetrators across registrars and networks and insist that abolishing it is a short-sighted decision. The fact is that cybercriminals often reuse registration details for multiple domains to save costs, so tracing contacts’ similarities is an efficient way to reveal malicious activities.

On top of that, restricting access to WHOIS records could also significantly hurt those professionals who fight against domain squatting and infringement.

Businesses’ Opinion


Business stakeholders discuss the other side of anonymity, as many consider privacy as one valuable criterion during registration. Detractors stress that, if all domain owners are obliged to display their details, harassment would be more likely. Therefore one determinant of WHOIS fate in terms of legal approval is ICANN’s capability to realize proper due processes when acquiring companies’ sensitive information.

Meanwhile, registrars are not keen on the idea of total transparency either, but for their own reasons. They advise users that publishing ownership data can attract spammers and scammers and want to offer privacy options to registrants for added fees.


Businessmen in favor of the protocol claim how it caters to the legitimate interests of stakeholders. For instance, certain marketing and security research efforts often rely upon the interconnectedness of data that WHOIS databases provide. They also highlight the value of domain records in decision-making processes notably to verify entities and protect brands.

As months go, it seems that the business sector will be carefully eyeing how much WHOIS will be preserved to aid diverse industries.

* * *

WHOIS is not perfect, and opponents refer to many relevant issues. However, it’s important to keep in mind the protocol’s comprehensiveness and decentralized nature for parties to come up with the best solution regarding its future.

By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byDNIB.com