Home / Blogs

Domain Registry Models: Thin or Thick?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

The domain registrars discussion—despite the occasional bizarrity—mostly demonstrates that there is no unanimity among registrars on this issue. So, what arguments can be made in favor of either model, from a registrant’s point of view?

The thick domain registry model—under the assumption that registries are more diligent with registrant data than some registrars may be—helps take care of escrow concerns: When a registrar goes out of business or experiences some other kind of desaster that removes its data store, the data kept at the registry can help transfer registrations to a different registrar, and help registrants keep their domain names. Besides that, keeping registrant information at the registry helps registry operators enforce the new transfers policy, and may generally contribute to making the transfers process run more smoothly.

On the other hand, the thick model often involves transfer of registrant data (both the identifying information, and the sensitive information that is constituted by the link between a domain name and the registrant’s identifying information) across jurisdictional boundaries that may separate very different privacy regimes. This concern should weigh even heavier when the registry is not just keeping the thick data set, but actually uses these data for making its own WHOIS service available to the public at large. As Jens Wagner’s comment shows, thick registries can be used to design systems which make it hard for registrars to comply with applicable privacy legislation.

The thin model, on the other hand, keeps ultimate control over the publication, transfer and use of data with registrars, and with law enforcement authorities and courts that have jurisdiction over them. Registrants in many jurisdictions get the chance to chose a registrar in the same jurisdiction, and have assurance that their data don’t leave that jurisdiction as part of the registration process. The thin model also makes it easier to implement alternative WHOIS models like ALAC’s proposal, in which registrants are notified when their data are accessed.

Maybe it’s best to start thinking about thick registry designs that quack like thin WHOIS systems. Either by keeping the thin WHOIS paradigm despite thick registry design, or by actually giving the registrar fine-grained control over what data elements are actually displayed in thick registries’ WHOIS services. EPP [Extensible Provisioning Protocol] certainly looks like it is prepared for this approach.

By Thomas Roessler, Mathematician

Filed Under

Comments

Ram Mohan  –  Sep 20, 2004 9:07 PM

The logic flaw in the thin Whois model discussion above is that registrants will register names at a local registrar.

In a rapidly commoditizing domain name market, where price drives a great deal of demand, such an assumption is invalid.

The thin model shares the same jurisdictional problem as the thick model.

Registries have more work and data to store in a thick model; however, given that many registrars do not implement any escrow or data backup systems, from a registrant data safety point of view, the thick model provides a safety net that does not exist in the thin model.

-Ram

Note: I run the .info, .org registry operational teams.  We chose to go “thick” versus “thin” in .info for uniformity of data and consistency of policy implementation reasons (among others).

Thomas Roessler  –  Sep 21, 2004 1:47 PM

The point here is not so much that registrants automatically chose registrars in their local jurisdictions: The point is rather that they have the choice to pick a registrar “somewhere out there”—or to pick one in a jurisdiction where they know the rules.

Ram Mohan  –  Sep 21, 2004 2:36 PM

The new EPP RFC *requires* a <privacy> element for the registry and a <disclose> tag for each contact object.  This <disclose> tag is configurable by registrants - who can instruct their registrars whether or not their contact information should be disclosed.

We’re in good shape on the technology front - as usual, what it takes is good policy to make the technology do what it was designed to do.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC