Forgot your password?
typodupeerror
Privacy The Internet

Exposing Personal Information in the Whois Database 323

Posted by CowboyNeal
from the a-better-way dept.
rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."
This discussion has been archived. No new comments can be posted.

Exposing Personal Information in the Whois Database

Comments Filter:
  • How else... (Score:3, Funny)

    by TheGreek (2403) on Friday September 12, 2003 @08:10AM (#6941182)
    ...am I going to find phone numbers so I can pick up chicks?
    • by march (215947) on Friday September 12, 2003 @08:17AM (#6941225) Homepage
      If you are looking for chicks in the whois database, it's no wonder you haven't had a date in a while....
    • Re:How else... (Score:3, Insightful)

      by einer (459199)
      Actually. That's a good question. ;) If the WHOIS database violates privacy concerns, then how can the phonebook be seen as any different? You have to pay to be unlisted (in the US, not sure about elsewhere).
      • Re:How else... (Score:4, Interesting)

        by fenix down (206580) on Friday September 12, 2003 @10:14AM (#6942092)
        The phonebook is local. WHOIS releases the same information no matter where you are, and no matter where the person looking you up is. If it's illegal to collect some kind of information in Taiwan, the Taiwan phone books won't collect that, and there's no problem.
  • amen (Score:5, Insightful)

    by Neophytus (642863) * on Friday September 12, 2003 @08:11AM (#6941187)
    Registrars under their status of registrars are required to HAVE FULL AND PUBLIC CONTACT INFORMATION for anyone who registers. For big biz this ok but for individuals (such as me) it is a big worry.
    • by gfody (514448) *
      and for big biz its usually accurate info and for individuals its usually ""
      Nobody Important
      1234 Nothing St.
      Nowhere NA
      (123)456-7890

      so whats this story about? think I'll go rtfa
  • Spammer source (Score:4, Interesting)

    by alecbrown (66952) * on Friday September 12, 2003 @08:11AM (#6941188) Homepage
    I certainly getted spamed on the email address I registerd for it.
    • Re:Spammer source (Score:2, Informative)

      by AchmedHabib (696882)
      Placing your email address in your whois information will ensure that you get at least 100 penis enlargement mails pr day to that account. Which is why all email adr. that I need to publish like in the whois or on websites, are on mail servers that use just about every rbl list and antispam program available.
  • I'd deem this an issue.

    However, how many Heywood Jablowmie's are there in the WHOIS database?

    • Yeah I've seen plenty of bogus contact info, except for the email address maybe, in whois records. Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that
      • a lot of "optin" email lists go thru my system.. and judging by the percentage of asdf@asdf.coms and blah@blah.coms I would say most people realize this.

        also doesn't take a whole lot of common sense when your filling out a form for an online comic strip registration and its asking you for your home address and phone number. I mean unless your buying something why would you give this info out? people that give out personal info simply because some form is asking for it.. dummies, period
        • I mean unless your buying something why would you give this info out? people that give out personal info simply because some form is asking for it.. dummies, period

          I agree that the "dummy" factor is the main culprit....but then I have to give them some slack here as well...they are buying something, the domain name, and since it's all "official" and on the internet, and they "own" the domain name now, they feel obligied to answer, it's assumed on their part,

          And as Benny Hill said, "Never assume...."

      • by AKnightCowboy (608632) on Friday September 12, 2003 @08:29AM (#6941307)
        Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that

        Or they do and realize an enemy could use that to his advantage to snatch away your domain. Providing false information is reason to lose your domain... or at least used to be in the carefree days when .edu domains were actually educational institutions, .com were businesses, .org were non-profit orgs and individuals, and .net were ISPs. *sigh* The good old days 10 years ago.

      • Your right they don't and the result can be down right hillarious.

        Two years ago after the whole WTC thing some idiot had a pro terrorist website he was spamming on ICQ from his university's computer lab.. imagine my supprise when I discovered it was his real name and address in his info...

        He was supprised too when he got busted and the University called the police. When be brought the website back up a year later all of his info was set to garbage. Guess he didn't know we could all read that.
    • However, how many Heywood Jablowmie's are there in the WHOIS database?

      Heywood must not care much to keep his domain. I recently received a letter from NetSol asking me to verify the information in my registration and reminding that incomplete or bogus records could result in the registration being invalidated.

      Also, I think someone else mentioned this, but it might be hard to defend yourself against a hijack case if you don't have accurate records in your registration "paper" trail.

      • And the whole sex.com boondoggle which used real contact information assures that my domains will not get ripped off either.

        If you've ever seen the movie Maverick, where Mel Gibson is talking to the Indian chief, the Chief states that the next place he's going to move is going to be a real dump so the white man won't kick him off of it. That's the way to pick domain names :)

        After all, aren't we all just little Indians?
  • by I Want GNU! (556631) on Friday September 12, 2003 @08:13AM (#6941195) Homepage
    that Google has this information from phone books as well (just google for a phone number or address), and there are many reverse phone books online. I think they should focus on solving identity theft in ways that if someone's info is already available (as it is everywhere) it can't be utilized well.
    • by mblase (200735) on Friday September 12, 2003 @08:19AM (#6941245)
      Yes, but Google also gives you the option to remove your information from their searchable database -- there's a link right next to your results if you do a search for your own information. So do most other reverse-phone-lookup sites.

      Whois gives you no such option, and would probably actively resist if you even asked.
      • Guess again(+) (Score:2, Insightful)

        by Mycroft_514 (701676)
        Of the 6 major reverse phone number / online phone books, about 4 of them are co-operative about removing info. The other 2 take weeks / months / years to remove an entry, if they bother to do it at all.

        For example, I tried to correct a bad entry for my mother-in-law for all 6 of the biggest ones starting 2 months ago. She moved, and went to an unlisted number in another state. I sent multiple e-mails to the ones who have YET to delete this bogus entry, based upon her husband's name (He died 30 years ago).
  • PO Box (Score:3, Interesting)

    by intermodal (534361) on Friday September 12, 2003 @08:13AM (#6941196) Homepage Journal
    that, my friends, is why I have a PO Box and why I don't volunteer my real phone number.
    • Yeah but with the current system you're breaking the T&Cs which means if a dispute or hijacking of your domain were to arise, you may well lose the case.

      Just something to be aware of, people have lost their domains under similar circumstances.

      To keep everything nice and bonified, there's always the 'privacy' domain registrations that companys such as GoDaddy [godaddy.com] offer (basically a proxy registration).
      • it's a legitimate PO Box and phone number, but you'd be hard pressed to get me on that phone. it's my internet line. Any legal dispute can be initiated through the post, so that's not a concern.
    • Re:PO Box (Score:4, Informative)

      by blibbleblobble (526872) on Friday September 12, 2003 @08:39AM (#6941378)
      If anyone's interested, I wrote to the Information Commissioner (formerly the data protection office) in the UK about this, since our data protection laws forbid sharing information with countries with incompatible data protection laws

      Their response summarised:
      (a) We don't care
      (b) We don't care
      (c) Domain registration is done in america anyway, where they don't have data-protection law
      (d) It's not up to Nominet to inform its customers of their lack of data protection

      I could probably find the actual letter somewhere...

      (Nominet should have got into trouble because (a) they unilaterally changed their terms and conditions, leaving people with a choice of publishing their home address, or losing their domain name, (b) they have monopoly on UK domain names, (c) anybody who's running a business is obliged by business law to publish their address anyway, and (d) any accusation of illegal activity associated with the domain should wait upon a court-order to disclose a person's home address.

      Information commissioner doesn't seem to think so. Some might wonder what he does do.
      • Re:PO Box (Score:2, Informative)

        by Geeky (90998)
        I'm in the UK, and I have a couple of domain names registered through uk2.net. A whois search reveals my name as registrant, but "UK2 Limited" is listed as the "Registrant's Agent". Hence no personal data.

        UK2 have a pretty clear policy on disclosing personal data: from the page listing their generic response to domain name disputes, I found the following:

        "UNDER THE DATA PROTECTION ACT 1984 WE CANNOT DISCLOSE INFORMATION ABOUT OUR CLIENTS WITHOUT BEING LEGALLY OBLIGED TO DO SO. UK DOMAIN NAMES HAVE NO REGI
      • (Nominet should have got into trouble because (a) they unilaterally changed their terms and conditions, leaving people with a choice of publishing their home address, or losing their domain name

        You're very out of date. The nominet T&Cs conditions did at one stage talk about releasing everyone's address, business or personal, however you will notice now that when registered or updating your *.uk domains you have the option to mark yourself as an individual and so stop your details being released to who

  • If you just want to hook a system to the Internet with DNS, it shouldn't take dumping your information out. The cases where this type of information would be useful it always seems to be faked by the domain holder, and for everybody else we get dumped on by every spammer and telemarketer in the book.

    It used to be helpful for looking up abuse information, but that almost always goes ignored nowadays too. Now it's just useful for finding virus writers.

    • by xtermz (234073)
      ...But i think contact info should be required to register for a domain, and I think there should be some sort of authentication mechanism.

      How else can we hold scammers and spammers accountable if they make it super hard to track them down. The majority of those "online pharmacies" have bogus WHOIS info and probably take good peoples money.

      Bogus WHOIS info sucks, plain and simple
      • by Future Man 3000 (706329) on Friday September 12, 2003 @08:33AM (#6941335) Homepage
        Something like this [domainsbyproxy.com], where contact information is available if you violate best Internet practices (such as by spamming) and people can get in touch with you if they need to let you know that your server has been taken over by a Russian junior high student, but if you are a good netizen you can get by without being hassled.
      • I ordered and payed 100euros for something over ebay.de which never arrived. E-mails to this idiot didn't help. Fortunately, the e-mail address had a domain adwelt.de. Whois, gave me the info I needed to call this guy (Norman Potzsch) and threaten him verbally with reporting him to the police. After that I got the money back. Probably he wasn't a real scanner, just criminally disorganized.

        (And don't tell me that his bank information would have been enough to get his contact information. The Sparkass

  • A long time coming. (Score:5, Interesting)

    by Tinfoil (109794) on Friday September 12, 2003 @08:15AM (#6941208) Homepage Journal
    While I normally don't like Berman whatsoever, this is a good thing. I have long disliked the practice of putting personally identifiable info in the WHOIS database.

    I just hope they don't dumb it down so much where one can't get email addresses for those controlling the domain for reporting purposes.
  • by Anonymous Coward on Friday September 12, 2003 @08:17AM (#6941226)
    I get numerous spam from people(?) who have obviously trawled the whois database. Even though there is a strong warning in the whois database against abusing it, how does one report it, or is it just an empty threat?
    • by Future Man 3000 (706329) on Friday September 12, 2003 @08:25AM (#6941282) Homepage
      Proving that a spammer took source addresses from WHOIS would be problematic. Taking a spammer to court over it wouldn't be cost-effective for the maintainers of any WHOIS server. Spammers have already shown themselves as a group to not be overly concerned about warnings, standards, or laws.

      It's an empty threat.

      • It's an empty threat.

        And even if it weren't, by the time the spammer who harvested your email got a slap on the wrists, your email would be on so many other spam lists you'd never get it off.

  • by acomj (20611) on Friday September 12, 2003 @08:17AM (#6941228) Homepage
    I've had a domain for 3 years.. Ive gotten 3 pieces of junk mail from it. I was surprised to get it, and thought it more funny than an annoyance.
  • Here in Denmark ... (Score:5, Informative)

    by zonix (592337) on Friday September 12, 2003 @08:18AM (#6941236) Homepage Journal

    Here in Denmark, DK Hostmaster A/S is the administrator for the Danish top level domain. You can have your personal contact details hidden from the public WHOIS database - in accordance with Danish Law on protection of personal data, blah blah blah.

    I would recommend it!

    z
  • by N Monkey (313423) on Friday September 12, 2003 @08:19AM (#6941249)
    The inventors' home addresses are generally listed which, IMHO, is not something that should be broadcast to the entire world.

  • if you run a WHOIS query on the domain of Jeff Parson (the guy who modified the BLASTER virus here in Hopkins, MN) - you'll get his home address...

    that info is wide open, man...

    RB
  • UK WhoIS (Score:5, Informative)

    by ledow (319597) * on Friday September 12, 2003 @08:23AM (#6941274) Homepage
    The UK WHOIS database (run by Nominet UK) has recently considered this too. Now, private individuals who opt-out can have their personal details removed (obviously Nominet still has access to them). I'm not sure that companies are allowed to do this, it's private individuals only.

    Britain and the EU have always had stronger data protection laws than the rest of the world. This is part of the reason the EU are looking at Microsoft's .NET services as they don't follow EU data laws. To be honest, it's about time the US caught up.
    • Re:UK WhoIS (Score:4, Insightful)

      by farnz (625056) <slashdot@far[ ]org.uk ['nz.' in gap]> on Friday September 12, 2003 @09:53AM (#6941878) Homepage Journal
      I know that American bashing is fun for us Europeans, but it's not so much about catching up, as about taking a different view.

      We have always taken the view that private individuals have a right to secrecy, and that those individuals should make an effort if they want some data published. The USA has taken the opposite stance; people have a right to reveal information, while keeping it secret should take effort.

      In an age where data processing is always manual, the USA had it right; stopping gossip is hard, and there's lots of work involved in revealing information. Further, the more you wish to reveal about someone, the more work you have to perform. Automated data processing has pushed the cost of this work down to the point where it is easy to reveal lots of potentially harmful information in one go.

      Basically, it's wrong to look at the Americans as catching up on this one; they took a fundamentally opposed view to us, and it's still not clear who's got the better system (although I prefer the European one).

  • Fake information (Score:3, Interesting)

    by Anonymous Coward on Friday September 12, 2003 @08:26AM (#6941288)
    I carefully misspelled all the information, plausible deniability baby. Two years and no one the wiser.

    T.
  • by knghtrider (685985) on Friday September 12, 2003 @08:27AM (#6941293) Homepage

    Even exposing contact information for a business is questionable. If you're working on penetrating a company, then this is a stop on the highway. But, without that information, then (as one poster stated) the FBI would have to get us the information we need to prosecute spammers or etc.

    I don't know what the answer is either; I don't think it's simple either. This may be one (of many) invasions of our privacy we have to deal with. Banks, Mortgage Companies, Credit Cards--these all sell our information to other companies. It's sad, but this is big business, and it makes money. Utilities provide information to Local, State, and Federal Agencies all of the time; and are required to by law.

    Our information is not private anymore, and hasn't been for a long time. Everyone has their hand out for it.

  • by SmackCrackandPot (641205) on Friday September 12, 2003 @08:27AM (#6941298)
    This a major concern to me. I've spent some time at home writing an application that I'd consider distributing as freeware/shareware. Setting up the paypal/P.O Box number payment system is no problem, but as every application nearly always has a website, registering a domain name introduces some hassle, not least of all, distributing my name/home phone number/address.

    From reading previous Slashdot articles, being able to seen the domain name/IP address of owners and customers has been extremely useful in detecting all sorts of shenanigans with hyping up new products.

    However, for someone trying to augment their basic salary through shareware software, this is a disadvantage.

    With broadband internet via cable/satellite/telco, I have a permanent Internet connection, but the companies respect my right for privacy. Surely the same could be done for domains registered by home residences?
  • by snowtigger (204757) on Friday September 12, 2003 @08:27AM (#6941300) Homepage
    I don't really worry about having my personal information in the whois database. As most other individuals, I'm in the phonebook too, which can be accessed from the web nowadays.

    Having registered a few domain names, I receive a lot of spam telling me how to register new domains, renew when the old are about to expire and so on. I'm sure the registars make a lot of money on this, which surely makes them want to continue.

    My personal information is also included in the IP whois database. This database contains info on what ISP uses which IP numbers, etc. - see www.arin.net for more info.

    The interesting thing is that I have not received a single spam to the specific email address I supplied. So right now, I see it more like an econimic problem than a privacy problem.
    ---
    If you're not living on the edge, you're taking up space in the middle
  • You can incorporate for under $500, get a p.o. box and a cheesy voicemail account somewhere. You'll then be prepared to moonlight, which you should be anyway, and you can give out the business info.
  • And in other news, (Score:5, Insightful)

    by JUSTONEMORELATTE (584508) on Friday September 12, 2003 @08:30AM (#6941317) Homepage
    Late yesterday, privacy activists raised the National Privacy Threat level to Purple, citing the public availability of a "Phone Book" which disclosed personal information for hundreds of thousands of individuals, including full name, home address and home phone number.

    (end sarcastic rant)
    YAWN! Call me when WHOIS data includes SSN. As it is, this info is already widely available for the vast majority of the population.

    --
  • by Peartree (199737) <idl3mind@gTEAmail.com minus caffeine> on Friday September 12, 2003 @08:33AM (#6941334) Homepage
    There's a lot of info here too:
    Arin [arin.net]
    Ripe Ncc [ripe.net]
    Apnic [apnic.net]
    Lacnic [lacnic.net]
  • by berkeleyjunk (250251) on Friday September 12, 2003 @08:34AM (#6941339)
    If you are concerned about privacy, use a registrar who will anonymize your info in the whois database.
    Is $9 worth it? It's your call. Check this out.

    https://registrar.godaddy.com/dbp.asp?isc=&se=%2 B& from%5Fapp=&authGuid=&mscssid=2435121
  • by Chuck Bucket (142633) on Friday September 12, 2003 @08:34AM (#6941340) Homepage Journal
    I use Domains by Proxy [domainsbyproxy.com] so my info isn't displayed in a WHOIS; theirs is in it's place. They keep all my info private and serve as a 'proxy' between me and anyone needed to contact me. They'll email if they need me to do something in regards to my domains, it's so nice not having all of my personal details out there. I buy my domains from GoDaddy, and they've partnered with Domains by Proxy and offer it as an option when you're buying domains, that's how I found out about it, but everyone should check it out.

    CB
  • Privacy (Score:3, Insightful)

    by wulfhound (614369) on Friday September 12, 2003 @08:36AM (#6941358)
    Sorry, I don't buy it.

    A domain name is a publicly accessible object, and a responsibility. As a society, we expect that for certain activities, people be publicly registered (running a company is an obvious example) - reasonable privacy is a right, but anonymity - which is what we are really talking about here - is not.

    I can only think of a very small minority of legitimate Internet activities that both require a domain name and for which privacy is likely to be a concern; in those cases there are plenty of registration agents who will act as a proxy for registration and take on the responsibilities associated with being the owner of a domain.
  • by billtom (126004) on Friday September 12, 2003 @08:39AM (#6941381)
    This is also a practical problem, in terms of making it hard to contact domain owners.

    I have several domains and I use a separate email address for my whois records (separate from my home and business addresses). But I don't monitor emails to that address because it has become completely filled with spam. I just delete all mail to that address.

    But that, of course, means that any legitimate attempts to contact the domain owner are lost as well. I could try and filter it (either manually or with software) but the ratio of legitimate email to spam on domain registry emails is thousands to one, so it's really not worth my time.

    So, aside from any privacy concerns, the public availability of email addresses on whois records in effect renders them useless as contact information.
  • by sa3 (628661) on Friday September 12, 2003 @08:40AM (#6941384)
    How can you prove that you own the domain (if needed) if the contact information is invalid?

    What would you do if your registrar goes bust?

    All of this information doesn't need to be exposed in the WHOIS database though.
  • Two things: (Score:3, Insightful)

    by Snaller (147050) on Friday September 12, 2003 @08:40AM (#6941391) Journal
    1. If its such a problem, how come spammers always manged to hide?

    2. In Denmark for instance, you can specify you wanted an "unlisted" address, and the whois server doesn't release your information.
  • by Pelakh (579592) on Friday September 12, 2003 @08:43AM (#6941406)
    I built a site for a city commission candidate a couple of years ago, and the info on the domain registration was mine - I built the site for free, as a form of campaign contribution. An unwanted side effect of this was late night phone calls to my home number from the supporters of the opposition questioning items posted on the site. I guess next time 'Sudy Nim' will be registering for a domain ...
    • That's your own damn fault for registering/hosting a political site on a domain registerd to you. Are you responsible for the content? Doubtful. So the candidate and their HQ details should be in whois.

      Your lack of forethought and/or lack of understanding of how politics work are your own problem, not that of the registries.

      Just because you can operate a computer does not make you, nor should it make you an expert on publishing and every vertical market you may touch. If you don't learn about what y
  • by yourruinreverse (564043) on Friday September 12, 2003 @08:45AM (#6941419)
    ... it is required by law that anyone who publishes even a single web page on the Web (in Germany) enclose an "Impressum", an imprint that notifies visitors whom to contact or hold accountable for the content. I wish this would also be implemented for Whois as a security measure or a basis for trust.

    Anyone who still wants to publish anonymously could still do it abroad, of course, as there will always be registrars who and nations that don't care about trust.

    I mention trust here, because I can trust a company's products (i.e. a shop selling goods) if I know where I can go, or what number I can call: currently too many (some) web shops (at least locally) do not even mention a telephone number I can call to have an order confirmed or more product information detailed. The same holds for web sites that provide information: if the e-mail address is left out, how can I get any confirmation, more detailed information, conversation or feedback going?
  • As it should be (Score:5, Informative)

    by HighOrbit (631451) on Friday September 12, 2003 @08:46AM (#6941423)
    I'm sorry, but you have *NO* right to an anonymous domain, nor should you because the opportunity for fraud on the internet is too high. Having everything out front at least keeps a modicum of openness and honesty (although admittadly not a lot).Besides, if I remember properly, you can update the e-mail address to be admin@your-new-domain if you don't want spam going to your personal email.

    If you want relative anonymity, get a hotmail or yahoo account.
    • Re:As it should be (Score:4, Interesting)

      by DroopyStonx (683090) on Friday September 12, 2003 @10:28AM (#6942213)
      Not sure what you're talking about. *I* have the right to a private domain as does anyone else.

      I don't use it for business purposes, which would be a different story. It's my own personal site on my server on my T1. I have every right to hide my private information!

      I've had fake information (invalid address, phone, name, etc) and a yahoo account as my email for the past 3 years.

      "How can someone contact you then," you ask? Well, that's the point. No one needs to contact me. They can do so via my yahoo account.

      Maybe I'm missing something, but I don't see a single thing wrong w/ that.
      • Re:As it should be (Score:3, Insightful)

        by HighOrbit (631451)
        And so if your server is compromised and becomes a spam-spewer, DDOS zombie, cracker relay, or other public menace, its going to be hard contacting you because of the bogus information and a potentially dormant yahoo account.

        The internet is part of the public sphere. Courts in the USA (and everywhere else AFAIK) have held that when you leave your house and enter the public sphere (or in this case operate a sever connected to the internet), you volunatarily give up some of your privacy.
  • Use GoDaddy (Score:3, Informative)

    by Gudlyf (544445) <(gudlyf) (at) (realistek.com)> on Friday September 12, 2003 @08:46AM (#6941426) Homepage Journal
    You could always use GoDaddy [godaddy.com] for domain registrations, which gives you the option of keeping registration info private. Not to mention their prices are a hell of a lot better than going through Verisign.
  • A Few Solutions (Score:5, Interesting)

    by bmj (230572) on Friday September 12, 2003 @08:46AM (#6941428) Homepage

    One is using Dotster [dotster.com]. They obfuscate your email address, so you won't be spammed so easily, but they can still contact you. A friend of mine nearly lost his domain because he used a fake email address with Network Solutions and he never got the "your domain is expiring" email.

    The other is a finding a trustworthy ISP/hosting provider who will manage your domain for you. I've been using HostSector [hostsector.com] and it's worked well, plus it's less expensive than buying the domain outright. I'd have to jump through some hoops to purchase the domain from them, but I can do it, and I believe their contract specifies that I can purchase it at any time.

  • The attempt to hide domain registration information is clearly an attempt by spammers to hide in their caves while continuing to launch massive strikes against the rest of the world.
  • by flakac (307921) on Friday September 12, 2003 @08:50AM (#6941443)
    I don't agree with the author's conclusions. Any person registering a domain name in .com is explicitly saying that they are a commercial organization, hence there should be no expectation of personal privacy. The solution is to set up another TLD explicity for individuals, since .org, .net and so on are not really appropriate either. It is necessary for all .com registrations to have valid and public registration info available, without this the level of fraud would be even worse than it is today. I have no sympathy for anyone who registers a .com domain name, and is not actually representing a business.
  • by lucifuge31337 (529072) * <daryl@@@introspect...net> on Friday September 12, 2003 @09:07AM (#6941550) Homepage
    While they have some valid points, often its taken way too far. So I'll add more fuel to this:
    Go check out ARIN. If you have a static IP address+competent (read not RFC-ignorant) ISP, your SWIP record contain your personal information too. That's how it's supposed to work.

    That's right, the whole Internet is out to identify you.
  • Remembering @home (Score:4, Interesting)

    by zakezuke (229119) on Friday September 12, 2003 @09:10AM (#6941580)
    I had a friend who worked in network operations for @home, back when it actually was making money. In their whois record they had the direct line to network operations which made a fair amount of sence as domain related issues should be directed to network operations. Problem is the fact that he always got calls from jarheads of report every ping detected as a hacker attack sort, but not nessicarly even from their domain.

    It really is a double edged sword, on the one hand a good reason to have this contact information there in the first place is in the event something needs to be reported like virus/worm infection, system down, open proxy, that sorta thing. On the other hand, there are those who don't respect the fact that info is there for a good reason and it's not for trivial issues or spam.

  • just get a mail boxes etc. po box

    only the cops can come in and say "who the hell owns this box?"
  • Can be useful... (Score:5, Insightful)

    by muffen (321442) on Friday September 12, 2003 @09:13AM (#6941604)
    I see many posts with support for removing the personal information. I have seven or so domain names registered under my name with my real email address and information, even though it's my second email account to which I expect SPAM. Trust me, I do get spam to that email inbox due to the whois database.

    However, I work for a company where it is sometimes necessary to track down owners of domains and report them to the appropriate authorities. Even though a lot of people fake the information, the whois database has come in handy more often than not.

    Another good thing, for myself atleast, is that I have gotten offers on some domain names I used to own. I am guessing they got the email address from the whois database, as I hadn't used the domain in question at all. I managed to sell it for quite a bit more than I bought it (it was a four digit sum, but still way more than I paid for it).

    I am slightly split on this issue. I don't want my personal information in there (and faking is not an option for me, I want to stick to the rules), but I want to see other peoples information. Guess there is a tradeoff somewhere along the line.

    Anyways, just wanted to point out that the WHOIS database can be extremly useful and/or helpful sometimes.
  • UK Solution (Score:5, Interesting)

    by hattig (47930) on Friday September 12, 2003 @09:31AM (#6941736) Journal
    Basically Nominet has types of registrations, one of which is IND (for INDIVIDUAL).

    Individuals can opt-out of having their whois information displayed in a whois query by asking their registrar to opt them out (a couple of minute administrative task).

    This appears to me to be a simple and logical answer to the entire problem.
  • Bullshit. (Score:5, Interesting)

    by Pig Hogger (10379) <pig.hoggerNO@SPAMgmail.com> on Friday September 12, 2003 @09:34AM (#6941752) Journal
    Whenever you have an internet presence through a domain, you have a public presence. And there is no reason why there should be no traceability towards your domain.

    Right now, there are thousands of spamming scum who post bogus information in their domain registration in order to foil the wrath of spamfighters.

  • by Fastolfe (1470) on Friday September 12, 2003 @10:44AM (#6942345)
    If we used DNS domains like they were designed to be used, this could be an easy-to-correct problem.

    Any entity registering in .com must clearly be a commercial entity with no problem in giving out their business address, contact number, etc.

    Any entity registering in .net is a service provider, and should have all sufficient information to contact that provider for connectivity or abuse issues.

    Any entity registering in .org is a non-profit organization, and should post any contact information that they'd otherwise be required to post as part of their charter.

    We have a '.name' now (which personally I think should have been '.nom'), for personal users. I think it's perfectly reasonable to expect that individuals will not want to put any contact information there. I also think it's perfectly reasonable for an ISP's contact information to be exposed in its place, though.

    Basically, just apply privacy requirements to the intent of the domain name. If regular Joes want to register a .com, they need to expect to be treated like a commercial entity.

    Subdomains under a country code would need to be addressed by the countries in question.
  • by waxdaddy (584478) on Friday September 12, 2003 @11:00AM (#6942547)

    Need the WHOIS info, and here's why...

    A few months ago, I purchased quite a bit of money in CD's from an Internet site. It's a business, but it's a proprietorship run by one person. I never received the CD's and the guy stopped returning my emails. I had paid him via PayPal, and the ridiculously short PayPal complaint/insurance period had run out, so I couldn't get my funds back.

    The guy has no contact information other than an email on his site. (And don't play me for idiot...This is a big music site and I've successfully purchased there before.)

    So...I wanted to send him to a collection agency. Several warnings to him went unheeded, so I went about trying to track down his personal information.

    And I ended up on netsol. It referred me to GKG.net, another registration company. I went on the WHOIS and the guy had NO information whatsoever. Every field said nothing.

    So I emailed GKG.net and told them that when collection proceedings began, we would be asking them for this guy's info. They emailed me back that it's their policy to have updated and correct information in the WHOIS database. They emailed the guy and gave him 48 hours to provide it, with the threat that his site would be shut down.

    A day later, all of his information was up. I had a name/phone/address. I sent him to a collection agency based on the only place I was somewhat easily able to obtain information.

    Damn good reason to keep WHOIS info open. If people don't want to give out their home addresses, then they should rent a P.O. box for $20/year. If they don't want their names public, then I can only imagine either a) unwarranted paranoia or b) that the person shouldn't have on the web whatever it is that they have on there.

    WHOIS helped, and the guy went to a collection agency.

    -SD

  • It's my phonebook (Score:3, Insightful)

    by Nethead (1563) <joe@nethead.com> on Friday September 12, 2003 @12:52PM (#6943777) Homepage Journal
    I've used whois as a phonebook often as most of the people I know have a domian. Even way back when slashdot was just starting an CmdrTaco was asking around for a free place to host the images I was able to call him becasue his number was on whois. We were able to get slashdot.wolfenet.com up and running and slashdot was able to continue existance and grow to the point where they were giving out 5 digit user numbers.

    I'm strongly in the camp that domain contact information, at least the technical contact, should be public. I've dealt with abuse issues for ISPs too long the think any other way could work. If there is a technical or abuse issue with a domain a network admin needs to be able to contact the person responsible. At least contacts for DNS servers need to be required.

What the large print giveth, the small print taketh away.

Working...