Home / Blogs

Whois: If You Want Privacy, Pay For It

Netchoice, a lobbying group for the e-commerce industry had a strange reaction on the failure of the GNSO working group on Whois to reach a consensus.

After all, they say, “Privacy concerns with Whois that were identified years ago have already been addressed by in the marketplace”. In other words, if you want privacy for your domain name registration, you need to pay extra for proxy services.

I understand that the industry wants to always sell more services. That means money for them. However, those proxy services were developed as a workaround to the current Whois system, which does not protect privacy, and in wait for a more global solution.

But of course, the main question is that privacy is a fundamental human right under article 12 of the Universal Declaration of Human rights. As far as I know, human rights are for everyone, not just for those who can pay for it. What is next? Will we need to buy the right for freedom of expression or to organize in trade unions?

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Patrick Vande Walle, All around Internet governance troublemaker

Filed Under

Comments

Suresh Ramasubramanian  –  Nov 10, 2007 3:01 AM

Er excuse me, Patrick?  If you want privacy there are other alternatives to using those domain privacy schemes.

* A PO box / other maildrop
* A hotmail account used solely for whois

etc etc etc.

If you can come up with some slightly less harebrained idea than the OPoC, I’m all ears.

fnord  –  Nov 11, 2007 5:01 AM

I recently reported on ICANNWatch about how the .name registry is shifting at least part of the cost of WHOIS searches to those doing the searching, which is arguably at least as fair as having the domain holder pay for a proxy service (although there are free ones out there). .name’s WHOIS may now give some level of anonymity, at least from overzealous IP lawyers on fishing expeditions and spammers’ email address harvester bots.

A staggering percentage of sp4m, phishing, kiddie pr0n and other illegal sites are/were hosted by the Russian Business Network [Washington Post]. In this case having a public WHOIS helps IP and law enforcement how exactly? The RBN now appears to be on the move to a different netblock (perhaps in China, another bastion of international law and co-operation). RBN was shut down by their upstream providers, an effective (and hardly a new) tactic, although admittedly whack-a-mole. Still, if law and IP enforcement folks can’t figure out (and contact) a site’s upstream provider (or its provider, etc.) regarding nefarious domains without resorting to WHOIS then they’re in the wrong business.

@domainpawnshop. Thanks for the link to whoshouldbe.com, very interesting.

@Suresh. According to The Register, a Telnic proposal is being seriously considered by ICANN which doesn’t look much different than OPoC. The original proposal also included a .name like charge for WHOIS searches until they took it out under US pressure (as with .xxx, who will rid us of this meddlesome government?). I actually think the proposal is problematic, though hardly harebrained. If I register E.G. my-kewl-website.com (apologies if it is taken) and just put up videos of my cat I am probably a natural (if not normal) person. If I also include affiliate [Wikipedia] links to cat food, cat litter and similar sites from which I derive a profit, or at least an income, am I still just a natural person or a commercial entity? How about if I include affiliate links to pr0n sites (no jokes please) or phishing sites? Where is the cutoff, never mind that it might be different dependent on the relevant jurisdiction(s)? You can bet that many, not all of them those who play nice, will test the system to find out, and some of the not nice ones will still find ways to play outside the box. -g

Dave Zan  –  Nov 13, 2007 4:58 PM

DomainPawnshop said:

There’s also the other side of that issue too…

http://whoshouldbe.com/examples.php

Nice emotional sell. Too bad it’s not intellectually forthright.

Dave Zan  –  Nov 14, 2007 2:36 AM

DomainPawnshop said:

I like nice and am willing to concede to emotional. I’ll even throw in that I’m not one of the brightest stars in the sky. I suppose that’s why I can’t understand the intellectually forthright comment. However, wanting not to clutter Patrick’s article notes I invite you to explain yourself on the WHOShouldBe website discussion board.

Whoops, I meant the site itself and not you personally. My apologies.

While it might be nice if ICANN “adopted” the UDHR, “naturally” they don’t have to.

Patrick Vande Walle  –  Nov 14, 2007 7:28 AM

@ Suresh: You are basically confirming what I said. There is no privacy in the current whois system and if I want one, I need to pay for it. Even if provided as a free service, the extra step to needed to register for these free services is alreay a cost in terms of time.

@ DomainPawnShop:  I understand there may be legitimate uses of the whois data by law enforcement agencies to track criminals (or political opponents, in some countries) or the intellectual property business. Yet, the current system is broken beyond repair. There is a need for a new system that could manage fine-grained access rights to relevant parts of the whois data to pre-approved and clearly identified parties, which could be billed for the service. The essence being that there would be guaranteed privacy by default, and that data would be available to those who can clearly demonstrate they need it. Only when we have a reasonably secured system can we expect people not to cheat about the personal information.

With regard to the stability and security of the Internet, I do not see how the often outdated or bogus data of the whois can help. This is pretty much covered elsewhere, through the RNAME field in the SOA record of the domain name, according to RFC 1035 and 2142.

Dave Zan  –  Nov 15, 2007 1:47 AM

DomainPawnshop said:

And, since some of the names are years-long registrations they are being sold (in some cases for thousands of dollars) by the same registrars that were responsible for contacting the name holder.  So I worry about privacy infrastructures where the public cannot contact name holders without corporate clearance.

Registrars’ contracts state one another’s responsibilities, one of which holds registrants being “partly” responsible for renewing them on time. While it’s indeed a nice gesture on your part to try to tell those who don’t stay on top of them, why worry?

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign