Privacy Advocates Bemoan the Problems With WHOIS

An anonymous reader writes "The Globe and Mail is reporting that net privacy advocates are spurring ICANN into scrapping WHOIS. The advocates complain that the system doesn't do enough to protect domain owner information from spammers and fraudsters, and compare the problems to those being experienced on a broader scale by email users. 'WHOIS, much like e-mail, is an age-old Internet relic that comes from a time when the Internet was almost considered a network of trustworthy users. E-mail has, quite clearly, some massive problems coping in the modern age, but it's still here. It stands to reason, then, that WHOIS won't be going anywhere any time soon. Just like e-mail, it's prone to abuse. But again, just like e-mail, it's too useful to axe.'"

Whois is useful?

[morgan_greywolf (835522)]

For what? These days, everybody is registering private domains through people like DomainsByProxy. Whois is becoming more and more useless. Might as well chuck it.

Re:Whois is useful?

[mwvdlee (775178)]

And what kind of method is DomainsByProxy using to check domain name availability?

A better whois could do the same thing

[Foktip (736679)]

Whatever, they can make a new "WHOIS" that doesnt give out your address, phone number, email address, and basically all your private contact information - on the internet. Before someone can get whois information, they should be questioned to make sure they have a legitimate claim - and then the questioner should forward that complaint/information to the site owner, and allow the site owner to decide whether to divulge their information to that person or not. Basically, its what a lot of domain services a

Re:

[Metaphorically (841874)]

I think giving out the owner name to anyone that asks is very important. Other than that I agree - the contact info should be private.

Sites are already supposed to monitor a handful of well-known email addresses like abuse@ and whatever else. That should be enough.

The Trademark Gods want the Owner's True Name

[billstewart (78916)]

There are two reasons you'd want the owner's name - you're trying to contact them because of content on their website / email, or you're trying to sue them because you think you should own their domain name due to trademark law. If you want to contact them, use the contact info on their website; if it's not valid, then the whois owner information probably isn't either.

The trademark ownership issue has been a major driver since before ICANN - the IETF Ad-Hoc Committee that was trying to expand the number of

Job-title whois email reduces spamming

[billstewart (78916)]

Having some kind of contact methods for the administrative, technical, and billing users is valuable, but there's no need for it to be a personal email address - especially for a domain that belongs to a business, where that information is likely to change or be handled by a group of people. You might as well have generic addresses like domreg_admin@yourdomain.com. Spammers are still going to try to abuse it, but if nothing else you can put an auto-responder that tells the sender to use a web form.

The tec

Re:

[ztransform (929641)]

I have to agree.

I've tried to privately register every single one of my domains, and end up paying more for what is effectively "not listing my number in the telephone book", just because I don't want SPAM.

I say scrap whois. But still make registration of e-mail mandatory so the registrar can still contact domain owners.

I would guess the real-world equivalent is car registration (number) plates. In most countries the name and address of the registration plate owner is not publicly available presumably to de

for plenty of us

[CarpetShark (865376)]

Speak for yourself. I use whois every day. It's invaluable.

Re:

[unlametheweak (1102159)]

Speak for yourself. I use whois every day. It's invaluable.

Are you a spammer?

There would be no other reason to use whois since it is unreliable. If people want to give out their information to the entire World Wide Web then they should do it on their own Web sites. People should not have to pay extra money, or risk losing their domain names (because they are breaking ICANN rules), or possibly risk going to jail (in at least some countries I would presume) for not wanting spammers, stalkers, poperotzy, or law enforcement officials to know where they live (police a

Re:for plenty of us

[CarpetShark (865376)]

Are you a spammer?

There would be no other reason to use whois since it is unreliable.

Then why are you asking a question you think you know the answer to, if not that you think you're wrong? As it happens, you're VERY wrong. It's not the be-all-and-end-all of domain details, no, but it's very useful; for quickly finding out the status of a potential customer's domain, for finding out who owns an IP address that's exhibiting abuse, etc.

Re:for plenty of us

[hackstraw (262471)]

Speak for yourself. I use whois every day. It's invaluable.

Really? Can someone elaborate on its usefulness? I gave up on it years ago. (also, I simply don't need to know this info anymore)

When I was a SPAM vigalante, I would do whois lookups, and usually the information was clearly bogus. Often, if the info was not bogus, it was outdated. And I've heard from many people that are legitimate people doing legitimate things with their hostnames that would never give real information for whois lookups because they simply don't want to be the target of SPAMers or whatever else could come from having any personal information laying around for some random person to have fun with.

I would never put accurate or relavant info into a whois lookup, and I don't expect anyone else to do so either. Nothing good can come from it, unless maybe you hold the killer domain and you hope someone will try to buy it from you.

I also lie about any personal info to protect my privacy, unless there is something explicity beneficial for me for someone else to have relevant info. I also tell all of the door to door sales people trying to sell me some crap for my house that I rent. They immediately say "Oh", and walk away. I also pay extra to have my phone number unlisted.

I'm still on some lists, but not that many. And the fewer the better.

Re:

[davebooth (101350)]

Really? Can someone elaborate on its usefulness? I gave up on it years ago.

The whois database has one MAJOR use.. Most firewalls dont bother to look up DNS before they filter packets - too much overhead, in most cases. That means when you're creating firewall rules you're working purely in numeric addresses. So, if I determine that a bunch of cracked machines or scriptkiddies is making a nuisance of themselves, how do I blackhole an entire ISPs dynamic allocation block without being able to look up that I

For verifying a domain exists, for example

[wsanders (114993)]

In response to customer inquiries about why such-and-such a domain isn't resolving, I do hundreds of checks a month to verify that domains actually exist, since a sizable percentage have non-functioning DNS. I also query to see if domains we are about to drop from our authoritative DNS service are actually gone.

Not to say the whole whois scheme is a mess, but some sort of non-DNS, free service needs to exist to verify that a certain domain either exists or doesn't.

The other thing that irritates people the m

Re:

[nuzak (959558)]

You don't need whois to check for the existence of a domain. Just look up its NS glue record.

What WHOIS is really good for is getting the registration date of a domain, which is a nice indicator of whether a domain is actually a throwaway spam domain or an established site. It'd be nice if the dates actually came back in a consistent format, but at least it's usually human-readable. IP whois is also nice when you're looking at an ISP that actually bothers to fill out SWIPS records for allocations. I've

Re:

[jani (4530)]

Name server records are not what "defines the domain's very existence", it only defines whether the domain exists in DNS.

There are cases where e.g. name server changes or domain name transfers results in a loss of name server data in the root servers. The domain still exists, but it is or will quickly be in an unusable state.

So, to reiterate:

DNS shows you whether the domain works.
WHOIS currently shows you whether the domain exists, as well as domain ownership information.

If ICANN wants to get rid of whois f

Re:

[emj (15659)]

Regging domains anonymously is free at Dreamhost.

Re:

[emj (15659)]

Eeeh, bit too fast posting there, *if* you pay hosting fees.. ;-)

Re:

[Metaphorically (841874)]

So just as free as 1and1 and a bunch of other providers then.

Re:

[smitty_one_each (243267)]

Why not just make the database private?

Oh, so people can set up a business based on information control?
Look, three credit reporting agencies (in the US), with a several hundred dollar/multiple hour investment required just to correct their non-command of database management, is a notable example of why this idea draws vacuum.

Re:

[kebes (861706)]

lets say Microsoft has a pro-windows or anti-Linux blog talking about how their company found that many Linux distros contain trojans. Now lets say these blogs are done with anonymous registration? Is this kosher?

If by 'anonymous' you mean 'not publicly visible, but recorded somewhere' then yes, that's fine. Anyone can use the internet to say what they want. If what they publish on their site becomes a problem (spam, slander, etc.), then obviously there should be a procedure for finding out who owns the domain so that you can contact them with your concerns.

But there's no need for the "default public" policy that WHOIS historically operated on. Moreover, if someone like Microsoft wanted an anti-Linux site, it wo

Re:

[Metaphorically (841874)]

But there's no need for the "default public" policy that WHOIS historically operated on. Moreover, if someone like Microsoft wanted an anti-Linux site, it would be trivial for them to outsource its operation to some other company. The current WHOIS actually doesn't provides a robust mechanism for determining who runs and operates a domain name.

You've got a good point that it's trivial to dodge the name requirement in Whois now. I think that should be a reason to fix it though, not drop it. Pro-MS/Anti-Linux or whatever is one example where astroturfing means big dollars but there are worse ones like political blogs and medical stuff.

The ability to outsource slander is a problem and not just with Whois. Look at political ads - they carry a tagline that's supposed to say who produced it but they can make up a name like "Save the Children Foundat

Even "Heroes" agrees

[Kelson (129150)]

In one episode last season, Ando showed up at Niki's house, having been able to find her because she listed her home address on the WHOIS record for her website.

(The unspoken moral: use a PO Box, or some guy from halfway around the world will drop in on you unexpectedly.)

What is the problem?

[by Anonymous Coward]

The advocates complain that the system doesn't do enough to protect domain owner information from spammers and fraudsters

Every major domain registrar lets you do a "private domain registration" for a few bucks extra. They replace the WHOIS data with generic info plus a uniqueID, which lets you contact the domain owner through the registrar.

Pretty simple - not rocket science.

I am sure that the registrars will happily hand over the actual domain registration info to duly authorized law enforcement with a cour

I'd Rather it Be Accurate than Abolished

[InitZero (14837)]

It used to be when I had to contact someone, the whois information was accurate, complete and, when I dialed the number, I got a live human being that actually was able to address my issue. And, life was good.

Now, it seems even reputable domains are hiding behind private registrations or have outdated or deliberately incorrect information. Bleh. Problems that used to be able to be solved with a pleasant phone call now require hours of my time if the task is even possible.

So, my first choice would be that whois domain information take a giant step backward to the days when it was useful information. If that isn't an option (and going back in time rarely is possible), get rid of it altogether.

*ring ring*

[circletimessquare (444983)]

"hello?"

"hi, this is some random yahoo you don't know who is looking at your website. i have my own agenda about what needs to be 'fixed' on your website. whenever i go to your website it doesn't do x, and i want that done"

"oh, ok sir, we'll get right on that, give me a few hours"

when was that ever a valid scenario for you

i hope you're talking about fighting email spam or worms from rogue domains

Re:

[InitZero (14837)]

I know that interpersonal voice communications conducted over an old fashion telephone line between peers is the antithesis of all that is the tech world and Slashdot. Still, it can be rather effective at times.

True story...

I was the IT Director for a mergers and acquisitions company. We were a couple days away from closing on a mid-sized ($72 million) transaction. Money had already been wired into escrow. We are in the United States but the company's owner was vacationing in South Africa. The company we we

Re:

[dkf (304284)]

I don't have the time or resources to take calls from Joe in Seattle who wants to sell me his company's ASP.NET expertise (especially when I'm a LAMP operation)!

Remember, you're allowed to just say "Fuck off." and put the phone down.

Re:

[tftp (111690)]

Even that will cost him 15 seconds of his time, and probably a few minutes more to regain the lost thought. Can you work at all if telemarketers call you every minute? They can, there are enough people in the world (or even in the country) who are not qualified for anything better.

Re:

[InitZero (14837)]

> I don't have the time or resources to take calls from Joe in Seattle who wants to sell me

        I'd spend 20 minutes a month telling sales holes 'no' than spend five hours trying to track down an admin at another site to fix a problem that, when I get the right person, takes five minutes to fix.

        Matt

stalker "found" me thanks to WHOIS

[gsfprez (27403)]

i sold an old Mac laptop with system 7.5 to a girl for $200 with a printer about 7 years ago. She had little money, and for what she needed - a way to type homework in her dormroom and print it - $200 seemed reasonable - it did what she told me she wanted it to do, and she tested it at my place and everything worked just fine (2 cheers for Word 5.1 on system 7!). I made it clear that this was *not* an internet workhorse, and that if she wanted that, she needed to go to the bookstore and buy a new computer. "No no, i just want to type papers and print them in my dorm room".

So, of course, the first thing she did was attempt to install a bunch of new internet software (browsers, school's First Class server client) on it which of course didn't work. Then she took it to the school helpdesk, and they (rightly) had no idea what to do, so instead of telling her to get jammed, they screwed it up completely. So, she calls and says she wants to return it because it doesn't work. I'm like - yeah, what the hell do i want with a fscked up powerbook and printer? I don't want to buy it - i just sold it to you like two weeks ago.

time passes... and i start getting threatening emails from some guy on a yahoo account with ($myname)fucker@yahoo.com. Then he starts saying that he's going to come after my wife and hes watching her car when she comes home at night. That was fscking it. Its the girl's mental patient boyfriend.

Long story short - he was actually stalking whoever in the hell was in my old apartment - it was pure coincidence that the new tennants also owned a Honda Civic too.

Where, do you think, he got the address? Of course, from my whois entry when i didn't have any money to buy a PO Box.

Yeah, if you think i'll ever give out my information to my actual home or office location - ever - you've gone daisy, my son. ICANN and everyone else can demand all they want that my info be correct - but i don't answer to them, so they can kiss my ass.

In fact, because of this, a guy who started, then stole, the website of a non-profit (they've set the donations address to their address, but the actual non-profit is in Africa, so its hard for them to fight the problem) is going to be getting a legal foot up its ass because i know where he is and where he lives and his work address - all because he's broadcasted it in whois and on his webpage.

ICANN can't make me do anything.

Re:stalker "found" me thanks to WHOIS

[LiquidCoooled (634315)]

Wouldn't it be more likely that the stalker got your address from his girlfriend?
Afterall you just said she came to your house to check out the computer.

Re:

[InitZero (14837)]

> if you think i'll ever give out my information to my actual home or office location

Don't confuse privacy (or safety) with anonymity.

Just because you don't give out your address doesn't mean you're safe. A false sense of security is often worse than a real sense of caution or even fear.

What's the goofy slogan bantered around Slashdot so often? Security through obscurity and all...

Matt

Re:

[tftp (111690)]

Well, this is exactly why I do my best to never sell anything privately, especially such a complicated thing as a computer. In the gsfprez's case it's obvious that the sale was not very profitable. The sale was legal and all that, but some people just don't understand what they are buying, and even if they do they like to think that the sale contract can be changed at will, at any time, as long as one side wants it bad enough. Do you think this girl's boyfriend would be stalking the local Fry's manager, for

Re:

[Bill, Shooter of Bul (629286)]

The lesson I take away from your story is to never ever sell someone a computer that wont do what they want it to do, even if they tell you they don't want to do it. Plus, Macs with out OSX are worth less than nothing, charging anything for them should be a felony.

WHOIS can be useful, but it's often not.

[mr_mischief (456295)]

It does me no good to try to contact someone through WHOIS with their nonexistent email address, their disconnected phone number, and their fake shell company. In those instances where I can work out a networking problem with a legitimate company, university, or ISP based on accurate WHOIS info, it makes life much easier than calling a techno-peasant receptionist and explaining who it might be int what possible department that might handle the kind of thing I need to talk to someone about, only to find out

It's a matter of publishing

[Red Flayer (890720)]

The internet is a venue for free speech, and any discussion of privacy concerns need to keep that in mind. From the American perspective, free speech is sancrosact, and one guarantor of free speech is anonymity. WHOIS (in theory) removes the ability to publish anonymous content via a self-owned website.

Most of the people clamoring for WHOIS to remain are those who have intellectual property to protect (especially trademarks). Without getting into a debate about whether trademarks should exist (please! t

Re:

[tomstdenis (446163)]

It's also a matter of liability. If someone is putting up illegal content (libel, slander, kiddie porn, warez) it would be nice to know who owns the domain [and presumably the servers it points to].

And as I'll point out for the 20th time on Slashdot ... "freedom of speech" is FROM THE GOVERNMENT, not private citizens. If AT&T doesn't want to host your website anymore, that's up to them, not you. At most it's a breach of contract not a violation of the 1st amendment.

Tom

The Domain Registry of America

[daedalusblond (1037302)]

Anyone who has had to deal with the Domain Registry of America will understand this.

Soon after one of our clients register a domain with us, these lovely people will send a very convincing snail-mail to the customer based on their whois data with a payslip attached, saying words to the effect of "Your domain will expire unless you register with us!"

In the UK, the Office of Fair Trading seem to have turned a blind eye to this despite numerous complaints.

-daedalusblond

email too

[oyenstikker (536040)]

So when are we going to replace email with Internet Mail 2000?

I own several domains, and agree completely.

[sherriw (794536)]

I own a number of domains and I completely agree that the WHOIS system needs a major overhaul. For one or two domains I actually purchase extra whois privacy from GoDaddy, but for the most part this is just added cost for me to patch a broken system. Why can't I pick and choose what info to show?

On top of it, if I own a .ca domain, I'm forced to use my real name not my company name and my .ca registrar does not offer domain privacy on .ca domains.

I get a ton of spam to the email address I use for my domains, so this address has it's anti-spam set WAY up. I even get occasional phone calls about my domains- usually scams, but recently it was a good thing because I sold one of my domains for $5K (though why the person couldn't just use the contact info on the actual website is beyond me).

But, basically I think you should be able to opt for privacy at no cost. Seems like a no-brainer to have a privacy flag as part of the database. Or maybe provide a url of a contact page where you can determine what to show or just provide a contact form box.

I am suing Moniker for providing anonymous whois

[www.sorehands.com (142825)]

I am suing (http://www.barbieslapp.com/spam/e360/timeline.htm) Moniker for providing anonymous whois to David Linhardt (http://www.spamhaus.org/organization/statement.lasso?ref=3).

Moniker has been providing Linhardt/e360Insight, with hundreds of anonymous domain names. This makes it difficult, if not impossible, to determine which domains are his. With anonymous registration you cannot tell if the 1000 of spam you received today are from 1000 different companies that may have mistakenly added you to their list or from one hardcore spammer.

Legitimate businesses have no reason to hide their identity.

Fix it or flush it

[Opportunist (166417)]

What is it useful for? To contact a domain owner and inform him about abuse or fraud, or identify someone who is using a domain for criminal activity. So far the theory.

In practice, you can rest assured that not a single domain used for things like ID theft has ever been registered to a real name. Earlier, they registered with registrars who didn't check information (so you had funny entries like some guy whose information was already grabbed in an earlier phish registering a domain for a server in Malaysia), and when registrars felt the pressure, they simply use registrars now that allow you to put their name in instead. Complaining with those registrars results in a "we're looking into it" until the domain is no longer used by the ID thief, so the problem solves itself.

So either require people to put in truthful information and remove registrars that don't comply, or get rid of it altogether. In its current state it serves no useful purpose. The current system only aids criminals, on both ends.

Idea for a More Functional WHOIS

[Apple Acolyte (517892)]

WHOIS is rather lame because of fake data, and most who fake data do usually do so because they don't want to give worthwhile contact details to the whole world. However, a lame WHOIS is better than no WHOIS in my opinion. I think it's valuable to have at least a registrant name provided in WHOIS, at the very least to serve as some record of who originally registered a given domain name in the unlikely but not unheard of issue of hijacking. I think perhaps ICANN should build and maintain a private contact d

What could be used for business accountability ?

[damn_registrars (1103043)]

I would say the best use of WHOIS is when you need to contact the owner of a business domain. Like many others I've seen boatloads of complaints from people here about their own private domains and how badly they hate WHOIS.

To those private owners, I could care less if their home information is available through WHOIS, as long as they aren't selling illegal merchandise through said domain and pumping spam for it all over the world.

However, when international criminals register domains to sell pirated software / bogus pills / etc ... I do believe WHOIS is still useful. When you can obtain the WHOIS information for the criminal domain, it gives you someone to contact about that activity. People who care enough to do this have managed to progressively change the policies of registrars who were frequently used by spammers for nefarious purposes.

And further investigation into WHOIS data can lead someone to even more critical information, as well. Being as the WHOIS record contains information on the DNS servers that are resolving the domain, a person who wants to really dig deep can find where those were sold as well. A little hint: the spammers often use only a short list of DNS servers for a large number of their domains.

So in summary, before people rally around ICANN with pitchforks and torches to demand the demise of WHOIS, I ask you please consider a solution for the applications where WHOIS is still useful before insisting that it goes away completely.

Whois is very important, don't scrap it

[guruevi (827432)]

I use whois everyday to check domains and IP's from command line. The simplest way to get an IP range is just "whois xxx.xxx.xxx.xxx" and then block/allow the whole range depending on your needs.

It's an invaluable network tool and just like DNS, you can't just scrap it. That there is abuse is always going to be a problem and that can be done with any list you put your data on. Ever wondered why you get so much credit card offers in your mailbox? Yes, it's because your name and address is somewhere on a list and most likely you have put yourself on it by using your address with either a banking institute or a vendor. You can't stop abuse by taking away services just like you can't say that you are going to solve those credit card offers in your mailbox by removing the postal services. If you do, the abuse is just going to shift from whois to your webhosters' site or DNS just like the credit card offers will be carried out by FedEx or UPS.

Businesses are not entitled to "privacy".

[Animats (122034)]

The actual ICANN report, [icann.org] shows they're deadlocked, all right. See this timeline. [ncdnhc.org]

Most of the privacy advocates are referring to the European Directive on Privacy. That only applies to individuals not engaged in business. For businesses, the The European Electronic Commerce Directive (2000/31/EC) [sitetruth.com] applies. And it's very clear. Any "natural or legal person providing an information society service" must disclose name, real-world address, and E-mail address. No exceptions.

California has a similar law. It's more narrowly drawn, only applying to sites that take credit cards, but it's a criminal law - six months in jail for not disclosing the "actual name and address" of the business.

WHOIS policy should take that into account. There's a legal obligation to disclose name and address information for businesses. It's not optional.

Our SiteTruth [sitetruth.com] system is based on these laws. If a web site is selling or advertising something, and we can't find a business name and address for it, its rating is toast. We scan each site for human-readable postal addresses (some people would call this "semantic web" technology). We check commercial business databases. We check SSL certificates. We look at Open Directory. If we can't find a business name and address after doing all that, the site's rating is a red "do not enter" sign, and we kick them down to the bottom of search results. Once we have a business name and address, we have something to look up in business databases, corporation records, business license records, credit ratings, criminal records, etc. Plenty of data is available about businesses once you have a name and address. No more "on the Internet, no one knows if you're a dog". We know.

We haven't found WHOIS data very useful in doing this. WHOIS data quality is awful. Many entries are phony. Mailing addresses on the web site itself tend to be more accurate. Using a phony business address is felony fraud in most jurisdictions, so that's relatively rare, and mostly shows up on phishing sites. So we cross-check with anti-phishing databases to kick those sites out.

It's quite possible to use this approach to check WHOIS information in bulk. If ICANN actually cared about WHOIS data quality, they'd check the data against postal databases and business databases. They don't.

Reasons to dislike whois

[Tolvor (579446)]

I have had a long dislike of whois.

For one it gives people a major way to steal domain names. People look up the domain name that they want in the public record, find the email address, and try to crack the email. If they can get the access to the email then more than likely the domain can be stolen. Then us poor techs get a call several months later from the true customer wondering what happened to their domain. Whois reveals too much information.

Secondly it isn't accurate. People see their name in whois and think that means they get to make decisions on the account/domain. Just because your name appears in whois does not mean you are listed on the account itself. But try explaining that to their ex-(terminated)-webmaster.

And lastly WhoIs is a major pain to explain. Try telling a paranoid customer that all domains appear in whois, and that you can't remove a domain itself from whois. My sup can't remove it from whois. The president of MegaDomainRegistrar can't remove it. Sorry, no, I don't have a phone number for ICANN. We can hide the info, but we can't make it disappear.

But then to be fair, I can't think of an alternative system to keep the domains and websites fair and accountable. Compaining to a registrar/webhoster about a domain/site is next to useless unless it is unquestionably illegal or definately a trademark issue. Most cases get shunted to the legal department which give the unhappy complaintant a copy of the AcceptableUsePolicy and asked to submit proof of infraction (yeah, good luck). Usually it takes a dedicated lawyer to get things done in these cases. So for now, whois stays.

Privacy? Abuse?

[PPH (736903)]

I've owned a domain name for a number of years now. Other than using a P.O. Box for the contact info. I've never had any problems with fraud or abuse. I get the occasional offer to buy it (its a somewhat popular name) but nothing I'd consider to be a nuisance.

I think hiding the ownership of a domain (or IP address information) opens up opportunities for more fraud and, balancing that against privacy, I'd rather know who I'm communicating with.

If someone needs privacy, there are ways to get it.

Re:

[IBBoard (1128019)]

Ditto for UK domains. As long as you're a non-commercial individual then you don't even need to cough up for the privacy fee that they charge for .coms.

I've never seen the point of my (personal) details being on a WhoIs record. If it was a corporate held domain and there was some validation that the details were correct then it might be useful, but for any Tom, Dick or Harry buying their own domain then it seems like a major security risk (ignoring the more low-level privacy invasion of posting it on the Ne

Re:

[tlhIngan (30335)]

I've never seen the point of my (personal) details being on a WhoIs record. If it was a corporate held domain and there was some validation that the details were correct then it might be useful, but for any Tom, Dick or Harry buying their own domain then it seems like a major security risk (ignoring the more low-level privacy invasion of posting it on the Net).

Yeah, it's really annoying. Heck, I filter my email (thanks procmail) to only allow email from my registrar (who actually check that the info is vali