Exposing Personal Information in the Whois Database 323
rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."
Spammer source (Score:4, Interesting)
PO Box (Score:3, Interesting)
A long time coming. (Score:5, Interesting)
I just hope they don't dumb it down so much where one can't get email addresses for those controlling the domain for reporting purposes.
RFC-ignorant (Score:1, Interesting)
Reporting WHOIS abuse? (Score:5, Interesting)
Re:knock knock? (Score:2, Interesting)
Obviously a good solution will weigh the need for contact with the likelihood and degree of abuse of said contact information by others.
Fake information (Score:3, Interesting)
T.
Exposing Data on the Whois database (Score:5, Interesting)
Even exposing contact information for a business is questionable. If you're working on penetrating a company, then this is a stop on the highway. But, without that information, then (as one poster stated) the FBI would have to get us the information we need to prosecute spammers or etc.
I don't know what the answer is either; I don't think it's simple either. This may be one (of many) invasions of our privacy we have to deal with. Banks, Mortgage Companies, Credit Cards--these all sell our information to other companies. It's sad, but this is big business, and it makes money. Utilities provide information to Local, State, and Federal Agencies all of the time; and are required to by law.
Our information is not private anymore, and hasn't been for a long time. Everyone has their hand out for it.
Call me big brother... (Score:3, Interesting)
How else can we hold scammers and spammers accountable if they make it super hard to track them down. The majority of those "online pharmacies" have bogus WHOIS info and probably take good peoples money.
Bogus WHOIS info sucks, plain and simple
Obstacle to distributing a shareware application (Score:5, Interesting)
From reading previous Slashdot articles, being able to seen the domain name/IP address of owners and customers has been extremely useful in detecting all sorts of shenanigans with hyping up new products.
However, for someone trying to augment their basic salary through shareware software, this is a disadvantage.
With broadband internet via cable/satellite/telco, I have a permanent Internet connection, but the companies respect my right for privacy. Surely the same could be done for domains registered by home residences?
More of an economic problem than privacy problem (Score:5, Interesting)
Having registered a few domain names, I receive a lot of spam telling me how to register new domains, renew when the old are about to expire and so on. I'm sure the registars make a lot of money on this, which surely makes them want to continue.
My personal information is also included in the IP whois database. This database contains info on what ISP uses which IP numbers, etc. - see www.arin.net for more info.
The interesting thing is that I have not received a single spam to the specific email address I supplied. So right now, I see it more like an econimic problem than a privacy problem.
---
If you're not living on the edge, you're taking up space in the middle
Re:If there were strong checking (Score:5, Interesting)
Or they do and realize an enemy could use that to his advantage to snatch away your domain. Providing false information is reason to lose your domain... or at least used to be in the carefree days when .edu domains were actually educational institutions, .com were businesses, .org were non-profit orgs and individuals, and .net were ISPs. *sigh* The good old days 10 years ago.
More privacy is necessary (Score:3, Interesting)
Caught a scammer with the help of whois (Score:3, Interesting)
(And don't tell me that his bank information would have been enough to get his contact information. The Sparkasse would never have given it to me. And no I don't buy things through e-bay any more.)
A Few Solutions (Score:5, Interesting)
One is using Dotster [dotster.com]. They obfuscate your email address, so you won't be spammed so easily, but they can still contact you. A friend of mine nearly lost his domain because he used a fake email address with Network Solutions and he never got the "your domain is expiring" email.
The other is a finding a trustworthy ISP/hosting provider who will manage your domain for you. I've been using HostSector [hostsector.com] and it's worked well, plus it's less expensive than buying the domain outright. I'd have to jump through some hoops to purchase the domain from them, but I can do it, and I believe their contract specifies that I can purchase it at any time.
A few general comments to your privacy freaks (Score:3, Interesting)
Go check out ARIN. If you have a static IP address+competent (read not RFC-ignorant) ISP, your SWIP record contain your personal information too. That's how it's supposed to work.
That's right, the whole Internet is out to identify you.
Remembering @home (Score:4, Interesting)
It really is a double edged sword, on the one hand a good reason to have this contact information there in the first place is in the event something needs to be reported like virus/worm infection, system down, open proxy, that sorta thing. On the other hand, there are those who don't respect the fact that info is there for a good reason and it's not for trivial issues or spam.
Re:Spammer source (Score:3, Interesting)
Thankfully she asked me first before paying it and was quite relieved to know it was a scam.
Re:If there were strong checking (Score:3, Interesting)
Two years ago after the whole WTC thing some idiot had a pro terrorist website he was spamming on ICQ from his university's computer lab.. imagine my supprise when I discovered it was his real name and address in his info...
He was supprised too when he got busted and the University called the police. When be brought the website back up a year later all of his info was set to garbage. Guess he didn't know we could all read that.
UK Solution (Score:5, Interesting)
Individuals can opt-out of having their whois information displayed in a whois query by asking their registrar to opt them out (a couple of minute administrative task).
This appears to me to be a simple and logical answer to the entire problem.
Bullshit. (Score:5, Interesting)
Right now, there are thousands of spamming scum who post bogus information in their domain registration in order to foil the wrath of spamfighters.
Re:How else... (Score:4, Interesting)
Re:As it should be (Score:4, Interesting)
I don't use it for business purposes, which would be a different story. It's my own personal site on my server on my T1. I have every right to hide my private information!
I've had fake information (invalid address, phone, name, etc) and a yahoo account as my email for the past 3 years.
"How can someone contact you then," you ask? Well, that's the point. No one needs to contact me. They can do so via my yahoo account.
Maybe I'm missing something, but I don't see a single thing wrong w/ that.