ICANN Accepting Public Comments On Whois Privacy

Decius6i5 writes "ICANN is accepting public comments on its three whois privacy and accuracy working groups until July 5th. Some of the proposals from the third working group, on improving whois accuracy, have been described as hostile to internet users. The working group proposes that if DNS Whois registration data for a domain is inaccurate, the domain should be immediately placed on hold, and cancelled if the error is not corrected within 15 days. An article on Circle ID suggests that the DNS Whois system is not the best way to share contact information for networks, and that ICANN should focus its efforts on improving IP Address Whois instead. What do you think?"

Well...

[hookedup]

I use namecheap.com to buy all my domains, for an extra $4.95/year per domain, I get whois guard protection.

Do a whois on a domain of mine, and you get contact info to the registrar. Want my real info? Better have a subpoena ready..

Re:Well...

[CeramicNuts]

I paid Netword Solutions $9 year for private registration and immediately received an increase in spam.

Re:Well...

[Carbonite]

I paid Netword Solutions $9...

There's your problem. You got caught in a phishing scam. The actual registar is Network Solutions.

Re:Well...

[orangesquid]

As long as your ISP won't mind forwarding mail from me to you if I need to get in touch with you regarding your site (this would only be if webmaster@ bounced and no contact info was listed, which is pretty rare and kind of silly... *at least* webmaster@ ought to go somewhere, I say!), that's fine by me.

I've snatched people's personal info (or ISP info after tracerouting) from whois and ARIN:whois databases before a few times, when I've encountered defaced sites, been attacked by malicious traffic, or have

SOME point of contact is useful IMHO

[xmas2003]

I recently had some scumbags [komar.org] "steal" the entire contents of my web site (text and images) and host it on his own URL (after he changed the Adsense Publisher ID so he could profit from it!)

The contact information on the web site was my own (!) ... so all I could do was take a look at whois data and send 'em a "WTF" note - it did get resolved (whole summary coming shortly), but having at least SOMEONE to contact via whois was helpful.

Having said that, it does suck that the spammers harvest these Email addresses.

Re:SOME point of contact is useful IMHO

[xmas2003]

Just to followup on my own post, part 1 (with detailed log data and whois records) is now posted where I talk about how Graeme [komar.org] stole my web site and tried to profit from it.

whois weirdness

[vijaya_chandra]

This isn't funny or flamebait but when I do 'whois google.com' I get the following


[vijay@vijay vijay]$ whois google.com
[whois.crsnic.net]

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI. C OM
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGI NE .THAN.SECZY.COM
GOOGLE.COM

To single out one record, look it up with "xxx", where

Re:whois weirdness

[linuxkrn]

Wrong server, notice it goes to NSI first (whois.inetnic.net) then is redirected out to the SOA.

$ whois google.com
[Querying whois.internic.net]
[Redirected to whois.alldomains.com]
[Querying whois.alldomains.com]
[whois.alldomains.com]
Al l domains.com - The Leader in Corporate Domain Management
--
For Global Domain Consolidation, Research & Intelligence,
and Enterprise DNS, go to: www.alldomains.com/corp/
--

The Data in Alldomains.com's WHOIS database is provided by Alldomains.com
for information purposes, and

Re:whois weirdness

[Sheetrock]

What's happening is people are registering nameservers with goofy names that start with the same text as an existing host.

For example, the folks at gulli.com have made 'GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.C O M' and registered it as a nameserver so that it shows up when you do a whois search for GOOGLE.COM through whois.crsnic.net or other WHOIS servers that try to be helpful when you enter part of a domain name. Not all WHOIS servers seem to do this, but apparently FreeBSD (at least) defaults

Ok, I admit I didn't read the article,

[HotNeedleOfInquiry]

but one thing that seems important to me is that fraudulant contact information be handled differently than inaccurate information. No sense blackholing honest mistakes and no sense letting spammers and criminals run free

Re:Ok, I admit I didn't read the article,

[base3]

How do you tell what's an honest mistake? Is an "oopsie" transposition of an address or phone number and mispelling of your name, plus maybe a "spam-armored" email address an honest mistake, or a deliberate effort to be unreachable?

Double edged sword here

[dacarr]

On one hand, it would help kill domains run by spammers, assuming they haven't gone to get a post office box On the other hand, it would hinder somebody if they change their address - and forget to do so on their whois record. On the third hand...well, as irrelevant as this sounds, you now have to get a DBA or a business license in order to put a business name on a post office box with the USPS, as I recently found out. This is as of 01Jan2004. So it's entirely probable that they won't just get a PO Box.

Require digital IDs/PGP key ?

[scupper]

What about requiring the registrant of a domain name to provide a digital ID or PGP key, and require the same for inquiries?

i vote for improving whois

[Kn0w1]

something has to be done.. most/all of my spam is because of my email was in my domains' whois info (or from NNTP newsgroup from YEARS ago, which didn't get spammed 'til a year or two later) Maybe something that requires human interaction to get the info, so spammers can't run some script and just harvest emails from whois

New sites are the problem

[doodlelogic]

Why doesn't ICANN just take a few months off, stop any new sites coming out while it fixes the old ones.

There seems to be more and more internet every day. At this rate I'll never finish reading it.

valid whois is useful

[Dachannien]

I have found whois information to be useful in helping me determine the validity of several mom-and-pop Internet stores. It's also come in handy for providing leads (sometimes forged, yes, but many times even forged info provides a good lead) for tracking down spammers and their employers.

I'd consider it a loss if the validity requirements on whois degenerated any further than they already have.

Who wrote this, the spammers?

[UnrepentantHarlequin]

I've been reading through the working group papers. It looks to me like the whole thing was written by the goddamn spammers themselves. They want to make it virtually impossible for anyone outside of law enforcement agencies (and we know how good they are at stopping spam) from getting whois information.

We need better whois information, not less of it. We need it available to more people. We need more openness, not more secrecy. Openness cleans up problems -- secrecy nurtures them. Nor is it limited to spam and network abuse.

A random example ... I saw some very convincing looking information from what appeared to be a grassroots organization on an issue I was somewhat interested in. (arguing against a pollution cleanup) Just out of curiousity, I did a whois on the domain, and found out that it was owend by the company that did the polluting ... the "grass" was astroturf.

So people can spam me all they like, they can abuse the resources I depend on, they can attack my servers, they can do whatever they feel like, and with their domain registration information kept an ironclad secret by this new proposal, I can't do a damn thing about it. Oh, wonderful.

Or maybe it was written by the lawyers. One of the criticisms of the current policy by the working group is that it permits person-to-person contact without any lawyers involved. Yes, they actually said that. Gee, how terrible ... you can get in touch with the guy who's got unauthorized copies of your stuff and ask him to take it down, and settle things on friendly terms, without having to pay a lawyer a few hundred dollars to write a letter to say exactly the same thing. Maybe we should all be required to have lawyers walking around with us so that they can pass on anything we might want to say to someone we meet? And lawyers don't like being called "mouthpieces"? Feh!

Re:Who wrote this, the spammers?

[Decius6i5]

Openness cleans up problems -- secrecy nurtures them.

You say this, and then immediately thereafter you say:

Gee, how terrible ... you can get in touch with the guy who's got unauthorized copies of your stuff and ask him to take it down.

So, I should be forced to provide my personal contact information to the general public so that its open, but the threats [chillingeffects.org] that you send me, whether by lawyer or by crow bar, ought to be kept private?!

You have a choice, you can force everyones contact information to be p

Re:Who wrote this, the spammers?

[UnrepentantHarlequin]

So, I should be forced to provide my personal contact information to the general public so that its open, but the threats [chillingeffects.org] that you send me, whether by lawyer or by crow bar, ought to be kept private?!

You, sir, are delusional. Nowhere in anything I wrote, anywhere, did I say anything of the kind.

For one thing, requiring my lawyer to contact your lawyer to resolve a dispute is no more open or public than me emailing you and saying "hey, that's my stuff, wouldya please take it off y

Re:Who wrote this, the spammers?

[Decius6i5]

For one thing, requiring my lawyer to contact your lawyer to resolve a dispute is no more open or public than me emailing you and saying "hey, that's my stuff, wouldya please take it off your web page."

Good job dude, you caught me when I'm drunk at a hacker con in NYC. You are clearly confused. If my DNS information is private, and you have to file a subpoena with a court in order to get my ISP to offer up my billing information and email address to your lawyer, then you have a court (an independent thir