Exposing Personal Information in the Whois Database 323
rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."
Its rare to get junk mail from Whois (Score:3, Informative)
Here in Denmark ... (Score:5, Informative)
Here in Denmark, DK Hostmaster A/S is the administrator for the Danish top level domain. You can have your personal contact details hidden from the public WHOIS database - in accordance with Danish Law on protection of personal data, blah blah blah.
I would recommend it!
zSame applies to Patent Databases as well... (Score:3, Informative)
Re:amen (Score:2, Informative)
UK WhoIS (Score:5, Informative)
Britain and the EU have always had stronger data protection laws than the rest of the world. This is part of the reason the EU are looking at Microsoft's
Go ahead and start a business. (Score:2, Informative)
Re:excessive exposition (Score:3, Informative)
I imagine for most people who just want to run a regular website without the hassle of spam/telemarketers, this is the way to go.
Re:Here in Denmark ... (Score:2, Informative)
don't for get about arin... (Score:3, Informative)
Arin [arin.net]
Ripe Ncc [ripe.net]
Apnic [apnic.net]
Lacnic [lacnic.net]
Anonymized registrations (Score:3, Informative)
Is $9 worth it? It's your call. Check this out.
https://registrar.godaddy.com/dbp.asp?isc=&se=%
Domains by Proxy -solves the problem (Score:5, Informative)
CB
Re:Spammer source (Score:2, Informative)
Re:PO Box (Score:4, Informative)
Their response summarised:
(a) We don't care
(b) We don't care
(c) Domain registration is done in america anyway, where they don't have data-protection law
(d) It's not up to Nominet to inform its customers of their lack of data protection
I could probably find the actual letter somewhere...
(Nominet should have got into trouble because (a) they unilaterally changed their terms and conditions, leaving people with a choice of publishing their home address, or losing their domain name, (b) they have monopoly on UK domain names, (c) anybody who's running a business is obliged by business law to publish their address anyway, and (d) any accusation of illegal activity associated with the domain should wait upon a court-order to disclose a person's home address.
Information commissioner doesn't seem to think so. Some might wonder what he does do.
Re:Junk Mail (Score:2, Informative)
In the mean time, in Germany... (Score:5, Informative)
Anyone who still wants to publish anonymously could still do it abroad, of course, as there will always be registrars who and nations that don't care about trust.
I mention trust here, because I can trust a company's products (i.e. a shop selling goods) if I know where I can go, or what number I can call: currently too many (some) web shops (at least locally) do not even mention a telephone number I can call to have an order confirmed or more product information detailed. The same holds for web sites that provide information: if the e-mail address is left out, how can I get any confirmation, more detailed information, conversation or feedback going?
As it should be (Score:5, Informative)
If you want relative anonymity, get a hotmail or yahoo account.
Use GoDaddy (Score:3, Informative)
Re:PO Box (Score:2, Informative)
UK2 have a pretty clear policy on disclosing personal data: from the page listing their generic response to domain name disputes, I found the following:
"UNDER THE DATA PROTECTION ACT 1984 WE CANNOT DISCLOSE INFORMATION ABOUT OUR CLIENTS WITHOUT BEING LEGALLY OBLIGED TO DO SO. UK DOMAIN NAMES HAVE NO REGISTRANT ADDRESS LISTED IN THE NOMINET DATABASE AND UK2 LTD APPEARS AS THE ADMIN/TECH/BILLING CONTACT. WE WILL DISCLOSE THE REGISTRANT DETAILS IF A WRIT IS FILED WITH THE HIGH COURT AGAINST THE REGISTRANT ON OUR ADDRESS"
Re:If there were strong checking (Score:2, Informative)
Sorry, that "ideal" never existed (fortunately). You obviously don't understand the original intentions behind each of the original gTLDS.
Read the RFC [sunsite.dk].
Where did the myth of the non-profit
Re:Here in Denmark ... (Score:3, Informative)
click here [dk.] (it should work without the dot at the end as well, but I don't get that to work often on my windows box).
AI is the only other TLD I've discovered so far which scores coolpoints for this as well.
Phone books are on Google (Score:3, Informative)
Re:How else... (Score:3, Informative)
Yeah.. I get spam on my contact info.. but I get a lot more from people finding my domains and emailing all possible addresse.
Do I disconnect abuse and postmaster too? Or do I go install spamassassin to catch most of it.
Spamassasin works btw... it filters over a hundered junk mails a day leaving only 4 or 5 for me to deal with.
Works for me correctly and I have both mine and the emails of several customers all set to my email address.
Re:Perhaps we should take this even farther (Score:3, Informative)
From RFC 2050: