Privacy Advocates Bemoan the Problems With WHOIS 174
An anonymous reader writes "The Globe and Mail is reporting that net privacy advocates are spurring ICANN into scrapping WHOIS. The advocates complain that the system doesn't do enough to protect domain owner information from spammers and fraudsters, and compare the problems to those being experienced on a broader scale by email users. 'WHOIS, much like e-mail, is an age-old Internet relic that comes from a time when the Internet was almost considered a network of trustworthy users. E-mail has, quite clearly, some massive problems coping in the modern age, but it's still here. It stands to reason, then, that WHOIS won't be going anywhere any time soon. Just like e-mail, it's prone to abuse. But again, just like e-mail, it's too useful to axe.'"
Whois is useful? (Score:5, Insightful)
Even "Heroes" agrees (Score:5, Insightful)
(The unspoken moral: use a PO Box, or some guy from halfway around the world will drop in on you unexpectedly.)
Re:Whois is useful? (Score:4, Insightful)
WHOIS isn't needed today for domain names (Score:1, Insightful)
What ICANN wants to provide is an easy method for the Lawyers of corporations to go harassing people that hold domain names their companies want to use.
for plenty of us (Score:4, Insightful)
Re:I'd Rather it Be Accurate than Abolished (Score:1, Insightful)
For seven years, I administrated a support site for people with mental illnesses. A small minority of these people were very difficult to deal with and were not averse to making threats, accusations, and generally transferring all their difficult feelings onto the most convenient 'authority' figure available. Needless to say, I would not want such people having my telephone number or address.
I'm reachable through email. I've paid to be reachable through a (snail) mail forwarder. That should be enough for anyone.
Re:stalker "found" me thanks to WHOIS (Score:5, Insightful)
Afterall you just said she came to your house to check out the computer.
Re:stalker "found" me thanks to WHOIS (Score:3, Insightful)
Don't confuse privacy (or safety) with anonymity.
Just because you don't give out your address doesn't mean you're safe. A false sense of security is often worse than a real sense of caution or even fear.
What's the goofy slogan bantered around Slashdot so often? Security through obscurity and all...
Matt
I own several domains, and agree completely. (Score:3, Insightful)
On top of it, if I own a
I get a ton of spam to the email address I use for my domains, so this address has it's anti-spam set WAY up. I even get occasional phone calls about my domains- usually scams, but recently it was a good thing because I sold one of my domains for $5K (though why the person couldn't just use the contact info on the actual website is beyond me).
But, basically I think you should be able to opt for privacy at no cost. Seems like a no-brainer to have a privacy flag as part of the database. Or maybe provide a url of a contact page where you can determine what to show or just provide a contact form box.
Fix it or flush it (Score:3, Insightful)
In practice, you can rest assured that not a single domain used for things like ID theft has ever been registered to a real name. Earlier, they registered with registrars who didn't check information (so you had funny entries like some guy whose information was already grabbed in an earlier phish registering a domain for a server in Malaysia), and when registrars felt the pressure, they simply use registrars now that allow you to put their name in instead. Complaining with those registrars results in a "we're looking into it" until the domain is no longer used by the ID thief, so the problem solves itself.
So either require people to put in truthful information and remove registrars that don't comply, or get rid of it altogether. In its current state it serves no useful purpose. The current system only aids criminals, on both ends.
What could be used for business accountability ? (Score:4, Insightful)
To those private owners, I could care less if their home information is available through WHOIS, as long as they aren't selling illegal merchandise through said domain and pumping spam for it all over the world.
However, when international criminals register domains to sell pirated software / bogus pills / etc
And further investigation into WHOIS data can lead someone to even more critical information, as well. Being as the WHOIS record contains information on the DNS servers that are resolving the domain, a person who wants to really dig deep can find where those were sold as well. A little hint: the spammers often use only a short list of DNS servers for a large number of their domains.
So in summary, before people rally around ICANN with pitchforks and torches to demand the demise of WHOIS, I ask you please consider a solution for the applications where WHOIS is still useful before insisting that it goes away completely.
Re:for plenty of us (Score:4, Insightful)
Really? Can someone elaborate on its usefulness? I gave up on it years ago. (also, I simply don't need to know this info anymore)
When I was a SPAM vigalante, I would do whois lookups, and usually the information was clearly bogus. Often, if the info was not bogus, it was outdated. And I've heard from many people that are legitimate people doing legitimate things with their hostnames that would never give real information for whois lookups because they simply don't want to be the target of SPAMers or whatever else could come from having any personal information laying around for some random person to have fun with.
I would never put accurate or relavant info into a whois lookup, and I don't expect anyone else to do so either. Nothing good can come from it, unless maybe you hold the killer domain and you hope someone will try to buy it from you.
I also lie about any personal info to protect my privacy, unless there is something explicity beneficial for me for someone else to have relevant info. I also tell all of the door to door sales people trying to sell me some crap for my house that I rent. They immediately say "Oh", and walk away. I also pay extra to have my phone number unlisted.
I'm still on some lists, but not that many. And the fewer the better.
Whois is very important, don't scrap it (Score:3, Insightful)
It's an invaluable network tool and just like DNS, you can't just scrap it. That there is abuse is always going to be a problem and that can be done with any list you put your data on. Ever wondered why you get so much credit card offers in your mailbox? Yes, it's because your name and address is somewhere on a list and most likely you have put yourself on it by using your address with either a banking institute or a vendor. You can't stop abuse by taking away services just like you can't say that you are going to solve those credit card offers in your mailbox by removing the postal services. If you do, the abuse is just going to shift from whois to your webhosters' site or DNS just like the credit card offers will be carried out by FedEx or UPS.