Forgot your password?
typodupeerror
Privacy EU Network United States Your Rights Online

US and EU Clash Over Whois Data 67

Posted by Soulskill
from the not-going-to-spark-world-war-3 dept.
itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually — moves that are applauded by David Vladeck, director of the FTC's Bureau of Consumer Protection. The E.U.'s Article 29 Working Group is markedly less enthusiastic, saying ICANN's plans trample on citizens' right to privacy."
This discussion has been archived. No new comments can be posted.

US and EU Clash Over Whois Data

Comments Filter:
  • Solution (Score:5, Insightful)

    by Anonymous Coward on Wednesday October 10, 2012 @05:06PM (#41612639)

    Well, I guess I'll have to get a temporary phone number, address AND anonymous "gift card" credit card now for my domain now

    • What the many folks who use Paypal? I have a feeling registrars are going to push back big on this one.
    • by TheSpoom (715771)

      Gandi [gandi.net] includes private whois with all registrations. There are a number of other registrars who will do it for a fee.

      (Solely in my opinion) you should stay away from GoDaddy though. They charge $20 every time they discover that your whois information is fake, probably to get you to buy their private registration service. Instead, I transferred all my domains to Gandi. Everybody wins, right?

  • by xaxa (988988) on Wednesday October 10, 2012 @05:13PM (#41612743)

    Time for the anti UN comments, as usual around here. But how can you defend the USA on this case?

    (My .uk domain's public whois looks like this:

            Registrant:
                    [My real name]

            Registrant type:
                    UK Individual

            Registrant's address:
                    The registrant is a non-trading individual who has opted to have their
                    address omitted from the WHOIS service.

    And that's the way I like it!)

    • by Anonymous Coward

      Mine is something to the effect of -
      Registrant: WHOIS PRIVACY DEFENDER
      Registrant Type: WHOIS PRIVACY DEFENDER
      Registrants...

      Why show anything when you don't have to?

      • by AdamWill (604569)

        "Why show anything when you don't have to?"

        Because lots of blacklists of various types frown on domains that use those services, as they're often used by spammers and fraudsters. Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble.

        • by Anonymous Coward

          "Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble."

          Not my experience. I own a (Whois Privacy Protection Service, Inc.) domain and host my own mail server since around 2000; not a single problem that I know of yet.

        • by Stalks (802193) *
          That's FUD. I've also hosted a mail server with domains using the WHOIS privacy feature for 10+ years and not had a single problem in sending or receiving mail.
    • by Hentes (2461350)

      Care to explain how does the UN come into this? This is between the USA and the EU.

    • Not good enough. I want the UN completely dismantled and eliminated! The idea of a "UN" sounds nice, but now it's just a "StarWars Bar Scene" full of corrupt bureaucrats. It's like a form of democracy that votes in favor of tyranny. Freedom at the lowest common denominator.

  • by hawguy (1600213) on Wednesday October 10, 2012 @05:15PM (#41612761)

    What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details? If the "owner" of the domain has to have their real contact info on file with the domain, then for customers that want to remain private GoDaddy and other registrars can "own" the domain with a contract giving exclusive use of the domain to whoever paid for the domain.

    • by mysidia (191772) on Wednesday October 10, 2012 @08:12PM (#41614325)

      What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details?

      Are you aware of the requirements that apply to domain registrars, including ones that implement that function?

      Every domain registrar is Required to retain the WHOIS data, and all the pertinent details for all their customers, and make all that information available to organizations designated by ICANN.

      Buying a private registration gets you a public WHOIS listing, but all your information is still available.

      Unless you have a 3rd party registrar-unaffiliated proxy service, register the domain, own the domain in place of you, and provide their information to the registrar, instead of yours.

      Then there's a risk, however, if the proxy service goes bankrupt: ownership of the domain could get included in the proxy services' assets and liquidated to pay creditors of the proxy service.

      • Re: (Score:2, Informative)

        by mrbester (200927)

        GANDI.NET doesn't charge. They provide a tick box to remove your details from public WHOIS and even encourage you to tick it. To hell with the nickel and dimers gouging you for basic functionality.

    • by slashmojo (818930)

      often for a significant fee

      Actually these days it is often provided free with the domain registration. See namecheap.com and internetbs.net for example.

  • Make It Private (Score:3, Insightful)

    by Anonymous Coward on Wednesday October 10, 2012 @05:20PM (#41612811)

    I personally don't mind having legitimate data associated to domains I own, but I don't like that my name, address, phone number, and email address is visible to everyone. I don't really think ICANN needs my credit card number, but it seems like just making only, say, the name, available publicly would be a better first step.

    • Mod parent up I wonder who has lent on ICANN to ask for this ? Time for ICANN to be truly independent of any government.
  • by Jason Levine (196982) on Wednesday October 10, 2012 @05:26PM (#41612859)

    Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year). If the credit card information was in there as well, what would stop shady organizations from using that information for other scams? WHOIS certainly doesn't keep my physical address safe from scammers.

    • by MtHuurne (602934)

      There is no need at all to have a credit card associated with a domain. For example, I don't pay for my .org domain by credit card. In fact, here in the Netherlands a lot of people don't even have a credit card, since we have other payment systems that are cheaper and buying stuff on credit is not as common as in the US or UK.

    • by WaffleMonster (969671) on Wednesday October 10, 2012 @06:06PM (#41613295)

      Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year).

      This is just another intentionally misleading headline. Card data is not going into whois.

      The issue is requiring registrars to hang on to CC data so that governments would be able to "lawfully" request from the registrar if that registrar is operating within jurisdiction of said goverment.

      Rather than addressing data retention standards with legislation as decided by each countries government...such as thru a billing passed by congress and signed by the president they are essentially attempting an end run around democractic process to get a desired outcome.

      None if it is defensible...both ICANN and FTC are in the wrong regardless of what you feel about the issue of data retention.

  • Visa rules (Score:5, Informative)

    by OldGunner (2576825) on Wednesday October 10, 2012 @05:28PM (#41612881)
    I believe storing consumer credit/debit card data over 90 days is a direct violation of Visa International rules. I've been away for that stuff for a couple of years now, so I could be wrong.
  • It's a ruse (Score:4, Informative)

    by damn_registrars (1103043) <damn.registrars@gmail.com> on Wednesday October 10, 2012 @05:29PM (#41612897) Homepage Journal
    ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show. It will blow over soon enough and we'll be back to business as usual, with ever-increasingly-more-meaningless WHOIS data.

    From my own experience I would say at least 80% of the records I have looked up in the past several months for extant domain names have had obfuscated information, protected by registrars who don't give a damn that their customers are conducting illegal activities (fraud, selling drugs, selling pirated software, sending spam, etc) through the domains that they sold them. ICANN doesn't give a shit about "protected" obfuscated domain names, and doesn't care about ones with blatantly false data, either.

    ICANN just wants to make money. They'll either find a way to make more money with this, or - more likely - they will give it up once the pressure is off.
    • by tlhIngan (30335)

      ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show.

      Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.

      No, this would be for those who want that information but cannot obtain it like that - think the **AAs for that. Find a d

      • Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.

        I disagree with you on this one. Registrars don't fear warrants from law enforcement in most cases, because in most cases the registrars who sell domains to people who are out to do things that violate (for example) US laws will be set up in countries where such laws do not exist. If the registrar is located in, say, China, and the warrant comes from the US, it goes right into the trash. Interpol doesn't give a damn either, they have bigger fish to fry.

        A great example is the "Canadian Pharmacy" scam

  • But isn't it technically possible for people to set up a free DNS or functionally equivalent service of their own, without any government or private regulations, and without necessarily charging [exorbitant] fees to use it? Everything else related to the web is open source...

  • I love ICANN.. They require real contact information be stored in a public database or else your domain can be taken and resold and oh by the way registrars get to charge extra just to keep your identity in the public database safe.

    All they are doing to address the sespool of automated domain capture, phishing and extortion activities upon expiration is truely amazing and inspiring.

    I'm having trouble finding the words to express my appreciation for their infinite TLD program which has opened up new and exci

  • Credit cards are fundamentally insecure (the fact you can get money off one by merely knowing the number on the front and the expiry date and a couple of other trivially easy to find bits of information - all of which will be in the whois database). ICANN should think hard - do they really want to be held responsible when the inevitable breach occurs? Do they really want to have to implement PCI-DSS for the networks and systems holding whois data? The decision to hold credit card data in whois is likely to

  • If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that.

    If you really *must* have a domain and you are worried about privacy, prepaid credit cards, prepaid phones, a P.O. box and throw away E-mail account are pretty easy to obtain these days, but that is only necessary if you don't trust who you buy the domain from and they refuse to be the whois contacts for you.

    If anybody really is still worried about their privacy, I'll be happy to proxy th

    • by Gonoff (88518)

      If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that

      Or alternatively, use a registrar in Europe. Not proof against a warrant. That is fine. Just a little less of my info where the spammers MAFIAA and other criminal organisations can easily see it. No doubt, there is still plenty out there but "every little helps".

  • by PPH (736903)

    All the domains are owned (on behalf of their customers) by GoDaddy anyway.

  • ... for I can think... Therefor I AM! And that is who is I.

  • Do we really want it holding CC details when best practices are not to store them unless you are the bank involved in the transaction!!

Byte your tongue.

Working...