US and EU Clash Over Whois Data 67
itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually — moves that are applauded by David Vladeck, director of the FTC's Bureau of Consumer Protection. The E.U.'s Article 29 Working Group is markedly less enthusiastic, saying ICANN's plans trample on citizens' right to privacy."
Solution (Score:5, Insightful)
Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now
Re: (Score:2)
Re: (Score:3)
Credit card seems to be the identification certificate in the US.
Re: (Score:2)
Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now
What do they need a credit card for anyways?
what do you need it for? to buy stuff, doh. budgets are being cut etc.
Re: (Score:2)
Re: (Score:2)
Gandi [gandi.net] includes private whois with all registrations. There are a number of other registrars who will do it for a fee.
(Solely in my opinion) you should stay away from GoDaddy though. They charge $20 every time they discover that your whois information is fake, probably to get you to buy their private registration service. Instead, I transferred all my domains to Gandi. Everybody wins, right?
Why would this get rid of spam? (Score:5, Insightful)
That makes no sense, because many people can and routinely do send e-mail from the same domain.
This move is fairly directly contrary to the basic rules of privacy in the EU, and after the negative press that European governments have had over things like airline passenger and banking information recently, I don't see this getting very far. There's no compelling "fear the terrorists" or "catch the tax evaders" kind of argument with popular appeal here. The US authorities have no need to know my credit card number, and certainly no need to keep it for years, assuming it's even still valid by that time.
Re:Want to get rid of spam or not? (Score:5, Insightful)
How could this possibly stop spam? Most spam comes from botnets anyway, which are going through their companies and/or ISPs mail server. The last thing a spammer would do is use a proper domain.
Re:Want to get rid of spam or not? (Score:4, Informative)
It's nothing to do with spam. It's so the intellectual property crowd can sue the right person.
Think! Who else in the domain ecosystem needs to know exactly who you are?
Re: (Score:3)
Not the senders, the receivers. Many people regard the whois database as a big list of email addresses to spam.
Re: (Score:3)
You don't need a DNS entry to spam or even host a website (it probably helps though...)
Re: (Score:2)
Actually, neither the right to privacy (unless you count 'secure in your person' in the 4th amendment) nor the right to not get spam are defined.. given a choice, I'd rather get spam than lose my privacy..and if marketing was opt in in the first place, spam would hardly be a problem in the first place.
Time for the anti UN comments... (Score:5, Insightful)
Time for the anti UN comments, as usual around here. But how can you defend the USA on this case?
(My .uk domain's public whois looks like this:
Registrant:
[My real name]
Registrant type:
UK Individual
Registrant's address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
And that's the way I like it!)
Re: (Score:1)
Mine is something to the effect of -
Registrant: WHOIS PRIVACY DEFENDER
Registrant Type: WHOIS PRIVACY DEFENDER
Registrants...
Why show anything when you don't have to?
Re: (Score:1)
"Why show anything when you don't have to?"
Because lots of blacklists of various types frown on domains that use those services, as they're often used by spammers and fraudsters. Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble.
Re: (Score:1)
"Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble."
Not my experience. I own a (Whois Privacy Protection Service, Inc.) domain and host my own mail server since around 2000; not a single problem that I know of yet.
Re: (Score:2)
Re: (Score:3)
Care to explain how does the UN come into this? This is between the USA and the EU.
Re: (Score:3)
Care to explain how does the UN come into this? This is between the USA and the EU.
My apologies, I read the article but had already assumed it was another item from the ITU meeting.
There were two articles earlier today mentioning the ITU:
http://politics.slashdot.org/story/12/10/10/1855223/is-mobile-broadband-a-luxury-or-a-human-right [slashdot.org]
http://tech.slashdot.org/story/12/10/10/1330218/following-huawei-report-us-rejects-un-telecom-proposals [slashdot.org]
Re: (Score:1)
Because Slashdot is forever banging on about how ICANN is great and the UN is threatening to take over the internet and should be stopped at all costs. About the fourteenth hilariously inaccurate article along these lines was posted earlier today.
Re: (Score:3)
But unless the UN indicates that it will respect whois privacy there is no reason to believe they would be better.
Re: (Score:1)
Won't "private registrations" still continue? (Score:3)
What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details? If the "owner" of the domain has to have their real contact info on file with the domain, then for customers that want to remain private GoDaddy and other registrars can "own" the domain with a contract giving exclusive use of the domain to whoever paid for the domain.
Re:Won't "private registrations" still continue? (Score:4, Informative)
What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details?
Are you aware of the requirements that apply to domain registrars, including ones that implement that function?
Every domain registrar is Required to retain the WHOIS data, and all the pertinent details for all their customers, and make all that information available to organizations designated by ICANN.
Buying a private registration gets you a public WHOIS listing, but all your information is still available.
Unless you have a 3rd party registrar-unaffiliated proxy service, register the domain, own the domain in place of you, and provide their information to the registrar, instead of yours.
Then there's a risk, however, if the proxy service goes bankrupt: ownership of the domain could get included in the proxy services' assets and liquidated to pay creditors of the proxy service.
Re: (Score:2, Informative)
GANDI.NET doesn't charge. They provide a tick box to remove your details from public WHOIS and even encourage you to tick it. To hell with the nickel and dimers gouging you for basic functionality.
Re: (Score:2)
often for a significant fee
Actually these days it is often provided free with the domain registration. See namecheap.com and internetbs.net for example.
Make It Private (Score:3, Insightful)
I personally don't mind having legitimate data associated to domains I own, but I don't like that my name, address, phone number, and email address is visible to everyone. I don't really think ICANN needs my credit card number, but it seems like just making only, say, the name, available publicly would be a better first step.
Re: (Score:3)
Credit Card Information? (Score:5, Informative)
Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year). If the credit card information was in there as well, what would stop shady organizations from using that information for other scams? WHOIS certainly doesn't keep my physical address safe from scammers.
Re: (Score:2)
There is no need at all to have a credit card associated with a domain. For example, I don't pay for my .org domain by credit card. In fact, here in the Netherlands a lot of people don't even have a credit card, since we have other payment systems that are cheaper and buying stuff on credit is not as common as in the US or UK.
Re:Credit Card Information? (Score:5, Informative)
Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year).
This is just another intentionally misleading headline. Card data is not going into whois.
The issue is requiring registrars to hang on to CC data so that governments would be able to "lawfully" request from the registrar if that registrar is operating within jurisdiction of said goverment.
Rather than addressing data retention standards with legislation as decided by each countries government...such as thru a billing passed by congress and signed by the president they are essentially attempting an end run around democractic process to get a desired outcome.
None if it is defensible...both ICANN and FTC are in the wrong regardless of what you feel about the issue of data retention.
Visa rules (Score:5, Informative)
Read the truth about ICANN and the DNS (Score:1)
The rotten and corrupt Domain Name System [kimmoa.se].
It's a ruse (Score:4, Informative)
From my own experience I would say at least 80% of the records I have looked up in the past several months for extant domain names have had obfuscated information, protected by registrars who don't give a damn that their customers are conducting illegal activities (fraud, selling drugs, selling pirated software, sending spam, etc) through the domains that they sold them. ICANN doesn't give a shit about "protected" obfuscated domain names, and doesn't care about ones with blatantly false data, either.
ICANN just wants to make money. They'll either find a way to make more money with this, or - more likely - they will give it up once the pressure is off.
Re: (Score:2)
Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.
No, this would be for those who want that information but cannot obtain it like that - think the **AAs for that. Find a d
Re: (Score:2)
Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.
I disagree with you on this one. Registrars don't fear warrants from law enforcement in most cases, because in most cases the registrars who sell domains to people who are out to do things that violate (for example) US laws will be set up in countries where such laws do not exist. If the registrar is located in, say, China, and the warrant comes from the US, it goes right into the trash. Interpol doesn't give a damn either, they have bigger fish to fry.
A great example is the "Canadian Pharmacy" scam
Stupid Question (Score:2)
But isn't it technically possible for people to set up a free DNS or functionally equivalent service of their own, without any government or private regulations, and without necessarily charging [exorbitant] fees to use it? Everything else related to the web is open source...
Re: (Score:3)
Yup it's trivially easy to do on the technical side getting people to use it is another matter.
ICANN going batshit just in time for halloween (Score:2)
I love ICANN.. They require real contact information be stored in a public database or else your domain can be taken and resold and oh by the way registrars get to charge extra just to keep your identity in the public database safe.
All they are doing to address the sespool of automated domain capture, phishing and extortion activities upon expiration is truely amazing and inspiring.
I'm having trouble finding the words to express my appreciation for their infinite TLD program which has opened up new and exci
Re: (Score:2)
This answers why EU wants less control of USA over the internet. EU cares (more) about privacy that USA.
Privacy on the internet? You can't be serious.... If you expect privacy on the internet you are fooling yourself. Data passes though too many hands and too many servers and too many countries to remain private every time you expect it. You can encrypt the payloads and use proxies to make it hard to track you, but the information is still bouncing around out there and somebody could, if they wanted too bad enough, find you or decrypt your data.
Privacy online is an illusion, even if a law claims privac
Insecure (Score:2)
Credit cards are fundamentally insecure (the fact you can get money off one by merely knowing the number on the front and the expiry date and a couple of other trivially easy to find bits of information - all of which will be in the whois database). ICANN should think hard - do they really want to be held responsible when the inevitable breach occurs? Do they really want to have to implement PCI-DSS for the networks and systems holding whois data? The decision to hold credit card data in whois is likely to
Real Solution? (Score:2)
If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that.
If you really *must* have a domain and you are worried about privacy, prepaid credit cards, prepaid phones, a P.O. box and throw away E-mail account are pretty easy to obtain these days, but that is only necessary if you don't trust who you buy the domain from and they refuse to be the whois contacts for you.
If anybody really is still worried about their privacy, I'll be happy to proxy th
Re: (Score:2)
If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that
Or alternatively, use a registrar in Europe. Not proof against a warrant. That is fine. Just a little less of my info where the spammers MAFIAA and other criminal organisations can easily see it. No doubt, there is still plenty out there but "every little helps".
Re: (Score:2)
Re: (Score:2)
WhoCares (Score:2)
All the domains are owned (on behalf of their customers) by GoDaddy anyway.
Re: (Score:2)
isn't holding credit card number after transaction a violation of ifc? or something?
isn't that what cause sony to apologize to milions?
what is this uselss idea?
yeah. but why do you think ftc is aware of such?
Well screw them.... (Score:2)
... for I can think... Therefor I AM! And that is who is I.
The most hacked database on earth (Score:2)