Home / Blogs

Whois Privacy vs. Anonymity

The Internet is often a lawless place. Everyone knows that there are many tricks and traps lurking on the Internet, just waiting to prey on unsuspecting and innocent users. Some of these traps will trash your computer while others will turn your PC into a zombie that will broadcast messages at the virus writer’s command. Still other traps steal people’s identity and in addition to stealing their money and good name, victims have to endure an incredible amount of hassle. Then there’s spyware. The list of annoyances and downright criminal activities seem endless.

Law enforcement is just getting around to cleaning up the internet.

To make the Internet a safer place both legislators and law enforcement are now focusing on the Internet. In the crossfire that’s taking place there are many ideas that are being offered up. Some of them are good and some are not. One bad decision that was recently forced upon the Internet community (without hearings—more on this later) was to eliminate private domain name registrations for .US domain names. The purpose of this article is to explain why private domain name registrations are a good thing, and how they actually make the internet a safer place.

First, why the public WHOIS database is important.

The information in (or associated with) the WHOIS database is important to law enforcement, intellectual property and other attorneys, who use this data to locate domain name owners for the purpose of enforcing laws or addressing grievances. In certain cases, however, the information in the WHOIS database is not accurate. This is where the problem caused by anonymity rears its ugly head.

The problems with the public WHOIS database.

There are two big problems with the WHOIS database. One is that often times the information within the database is inaccurate. Inaccurate information happens mostly because some registrants who want to achieve anonymity—for a myriad of reasons, some of which are despicable—provide false information to begin with. The second problem with the WHOIS database is that there are many law abiding citizens who also, for a myriad of reasons, want their personal information not made available to the public.

Making the public WHOIS database 100% accurate has proven elusive.

Various government agencies, intellectual property organizations, attorneys, and others have long wrestled with how to improve the accuracy of information in the WHOIS database. To date, they have not been able to find a way to guarantee or even improve the accuracy of this information.

It is now illegal to provide false information when registering a domain name.

Last year, there was a brief attempt to make registrars responsible for the accuracy of the Whois database. Fortunately, that legislation failed. What did become law was a new, stiff penalty (7 years) for providing false WHOIS information. While this looming jail time might have some sway over US-based crooks, it will do little to get accurate information from those who live overseas.

Private domain registrations have the most accurate registrant information.

The most accurate domain registration information is that associated with private domain name registrations. The reason this information is accurate, is because people pay to make it private. If it wasn’t accurate, if the information was false to begin with, the registrant would simply leave it as is. There would be no reason to incur the added, small expense of a private registration. Most law enforcement agencies and other intellectual property oriented organizations understand this fact, and support private registrations. In fact, every intellectual property organization and law enforcement representative that has contacted us regarding our private registration service has supported the service because of the accuracy of the underlying data compared to the general inaccuracy in the WHOIS database as a whole.

The reason law enforcement supports private registrations is that in addition to the information being the most accurate associated with domain name registrations, there’s an added bonus. That bonus is accountability. Law enforcement knows that if it has an issue with a private domain name registration, that it will not only be able to find the actual registrant, but that the registrant will be accountable for whatever the issue happens to be. This is not the case with public WHOIS registrations, where anonymity is achieved by providing bogus information. There’s often no way to track down a registrant who provided false information when registering their domain name.

Making the entire WHOIS private is not a good idea.

One last comment concerning the importance of private domain name registrations: There has also been talk about making the entire WHOIS private. This would not be a step in the right direction. There are several reasons why it wouldn’t work. First, there are significant, additional costs for the registrar to manage private registrations. These costs include the daily processing of subpoenas, requests from law enforcement and complaints from companies and individuals. To this, add the cost to litigate lawsuits that are filed almost on a daily basis. These lawsuits typically involve copyright and/or slander complaints, and usually name the registrar as well as the domain holder. Presently, this cost is paid for by those who want private registrations. If all registrations are made private, the cost would be added to all registrations.

The other reason why making the entire WHOIS private is not a good idea, is that it would place an added burden on everyone (i.e., law enforcement, intellectual property and other attorneys, etc.) who need to get at the WHOIS information. Today, because of our public WHOIS, it is easy to determine if information associated with a public registration is valid or not. If the entire WHOIS would be made private, there would be a number of added and unnecessary steps to make this same determination. So you see, it’s much better to keep the WHOIS public but allow those who want private domain name registrations the ability to purchase them.

It’s important to understand the difference between privacy and anonymity.

This brings me to the issue of privacy versus anonymity. Not long ago, I was discussing this issue with David Lawrence, one of the most intelligent persons I know who just always seems to “get it.” After I finished describing to him that the National Telecommunications and Information Administration (NTIA) ruled, without hearings of any kind, that private domain name registrations for .US domains will no longer be allowed, David commented that the issue is really one of privacy versus anonymity. He explained that privacy should be allowed, because with privacy comes accountability. Thus, Americans and others who enjoy privacy are law abiding citizens, and have no reason to fear being accountable for their use of privacy.

The NTIA edict makes the Internet a worse, and less safe, place.

What the NTIA is concerned about, and what their recent edict does not achieve, is the reduction of anonymity. In fact, it does just the opposite, because it now encourages those who want privacy for .US domain names to provide false information—thus achieving anonymity.

Criminals seek anonymity, not privacy.

It’s been my experience that those who are the criminals of the Internet, and who are engaged in spamming, phishing, pharming, identity theft, etc., take whatever actions they can think of to make themselves as anonymous as possible. Thus, when law enforcement and others attempt to track these crooks down, it’s either very difficult or impossible. This is the problem with anonymity—there is no accountability. Often, those who seek anonymity typically do so because they are up to no good, and want to be sure that they don’t have to answer for whatever evil they are perpetrating.

Registrants who purchase private registrations have no problem with accountability.

In contract, those who seek privacy are fine receiving it with accountability. Law abiding citizens have no problem being held accountable for their actions. This is because, well, they are law abiding. So when people pay for private domain registrations they typically send three messages. The first message is that they are law abiding citizens; the second message is that they are willing to be held accountable for their actions; and the third and most important message, is that the registration information they are providing is valid.

Law abiding Americans are entitled to privacy.

The overriding message of this article is that the absolute, most accurate information associated with domain name registrations, is the information provided with private domain name registrations. The NTIA’s decision to eliminate private .US registrations accomplishes exactly the opposite of what it wants to achieve—better information that is more readily available. Instead, what the NTIA has done (besides denying law abiding Americans their Constitutional right to privacy) is to increase the anonymity in an already anonymous, wild, and often lawless Internet. And that is in nobody’s best interests.

Copyright C 2005 Go Daddy Software, Inc. All Rights Reserved.

By Bob Parsons, President & Founder

Filed Under


Tom Cross  –  Mar 29, 2005 8:17 PM

What law are you referring to? FOISA was debated last year but Thomas does not seem to indicate that it passed… This is the first I’ve heard…

Tom Cross  –  Mar 29, 2005 8:32 PM

Nevermind. Hr3632. This is a terrible, terrible law. The magic “savings clause” in no way diminishes the risk that people engaged in first amendment protected activities face if they are chagred with an IP crime, which otherwise would not be considered willful, and therefore in no way prevents the chill upon speech that this law will create.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global