Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy The Internet

Russia to Halt Public Access to .RU Whois Data? 97

An anonymous reader writes "A Domain Tools blog post is reporting on a Russian newspaper article regarding a provision of Russian law that would prohibit public access or posting of Whois data for the .RU TLD without written permission. The Personal Data law, which the article states went into effect on January 30, 2007, will require compliance by RosNIIROSa (www.ripn.net) by 2010."
This discussion has been archived. No new comments can be posted.

Russia to Halt Public Access to .RU Whois Data?

Comments Filter:
  • In Canada... (Score:2, Informative)

    by Nos. ( 179609 )
    In Canada its not prohibited to look up information, but as an individual with a registered domain, I don't have to have my information in the whois record. Check out Privacy.ca [privacy.ca]
    • Re: (Score:1, Informative)

      by Anonymous Coward
      Nominet (.uk) also allow non-trading individuals to opt-out of whois, which opens the door for spamtards to abuse the system.

      I conclude anonymity should take a backseat when someone registers a domain - this from a privacy freak and eternal AC.
      • by jmorris42 ( 1458 ) *
        > I conclude anonymity should take a backseat when someone registers a domain - this from a privacy freak and eternal AC.

        Yup. The whole point of whois was to have a contact person of record for a domain. i.e. somebody to go to if that domain is causing problems for other sites. The whole idea behind the Internet, of a network of peers interconnecting for mutual benefit, breaks down if you can't contact the other systems.

        Personally I think the solution is to disconnect/firewall off any system without a
    • In conservative Canada, information protects you!
    • Re: (Score:2, Informative)

      by floorpirate ( 696768 )
      Privacy.ca is just a go-between service. As long as the contact info (and registrant name) on the WHOIS is valid, CIRA doesn't care. CIRA can still e-mail you if you're using Privacy.ca, but nobody else can. And it's only private until someone pays Privacy.ca for your contact info (it's part of their TOS), and then anyone can find out who you are and start to annoy you.
  • by Churla ( 936633 ) on Wednesday May 02, 2007 @12:35PM (#18959415)
    That this means the single largest collection of hacking and spamming sites will now have protection against people finding out who even owns the domains they run from?
    • It also means more privacy for everyone else too.
    • by Not The Real Me ( 538784 ) on Wednesday May 02, 2007 @12:46PM (#18959619)
      ...largest collection of hacking and spamming sites will now have protection against people finding out who even owns the domains...

      I do believe that is the goal. It's the Russian embrace of western capitalism. The Russians are looking to attract (and protect) the type of web site entrepreneurs who would be in violation of the stricter U.S. laws. Periodically you will see news items where U.S. authorities crack down on web site operators whose servers are hosted in Russia but the persons behind the operations reside in the United States.
      • In other news, the United States has outlawed access to any TLD that does not correctly publish the true owner of the domain name. Russia and China are no longer accessable from the US on the Internet.
        • In other news, the United States has outlawed access to any TLD that does not correctly publish the true owner of the domain name. Russia and China are no longer accessable from the US on the Internet.
          The .ar domain has no whois but it's because of the incompetence of the people managing it...
      • I do believe that is the goal. It's the Russian embrace of western capitalism. The Russians are looking to attract (and protect) the type of web site entrepreneurs who would be in violation of the stricter U.S. laws. Periodically you will see news items where U.S. authorities crack down on web site operators whose servers are hosted in Russia but the persons behind the operations reside in the United States.

        Are you sure you aren't reading way to much into what is probably no more than perfectly normal bout of good, old fashioned, Russian paranoia?

        • Are you sure you aren't reading way to much into what is probably no more than perfectly normal bout of good, old fashioned, Russian paranoia?

          Can't it be both? Actions have multiple consequences, so why can't they have multiple causes?

    • Passport needed to obtain .ru domain (phisically provide passport and sign the agreement) , so it's impossible to register .ru domain on a fake data, much easier to register domain in .com or any other zone that do not require identification (like .cc or .ws or .nu), so there is no real criminal sites in .ru zone.
      • Re: (Score:3, Informative)

        by superwiz ( 655733 )
        Well, in modern Russia bribery is the only way of doing business with the government. Period. On ANY (including the highest) level. This is not even a cynical view. It's just how it is. Given this and the fact that it takes less money to get a fake Russian passport (under $200) than to bribe an official to get a real one (about $500), this just increases the registration cost for any foreigner wishing to get a domain .ru
        • by ptitov ( 701269 )
          I get my Russian passport for something around 50 roubles ( 2$). What am I doing wrong?

          Any foreigner can register .ru domain using his "real" passport, you don't need to become a citizen to do it.
        • Given this and the fact that it takes less money to get a fake Russian passport (under $200) than to bribe an official to get a real one (about $500), this just increases the registration cost for any foreigner wishing to get a domain .ru

          !
          I take it that you shopped around when you were breaking a multitude of laws in both your home country and Russia. I wonder about that because my wife's new passport is going to cost between £93 and £140 (that's approximately USD 180 to 280 depending on

          • Oh dear, Slashdot's submissions system can't handle Cyrillic script. The first line of my comment read (in anglicised pig-Russian) "Kak Interesno!", which translates as "How interesting!"
          • Indeed my accounts are based on rumors. But the sources of the rumors are personal accoutns -- not something I read on the internet. The rest of your response seems rather hostile. I don'q quite get the source of hostility. I personally don't care to get a Russian passport or to even visit Russia. But I know people who do visit it and who have come across people with odd personal accounts. I seriosly doubt that the CIA is interested in anything that a slashdot user has to say. I also don't quite see h
            • I also don't quite see how faking a Russian passport is a terrorist activity.

              You're obviously attempting to establish a false identity with the fake passport that you and your associates are conspiring together to acquire. Abundant reports from America (and the UK, as I can attest, and other parts of Europe as some of my workmates tell me) are that the authorities take an extremely dim view of anyone making any attempt to establish a false identity. Getting a fake passport is a pretty high-end step towards

              • I see you are having fun with this. So I'll humor you half-way. Russian economic system is currently widely recognized as "cleptocracy". This is not an insult of any one individual (even less so of 150,000,000 people as you suggest) as much as characterization of an economic system for what it is. Where did get from the fact that I know approximate cost of faking a passport that either I or anyone I know has ever tried it, I don't know. BTW, I also know approximately what is involved in writting a comp
    • Re: (Score:3, Insightful)

      Korea also blocks whois lookups for Korean-owned domains. As a mail server administrator, this made my life easy: whenever I would do a whois lookup that would return a domain under kornet.net's sphere of influence (the registrar for Korea), I would blacklist it out of hand. If I don't know who you are or how to contact you, I don't accept e-mail from your netblocks. It's a rather ham-fisted policy, but it made a huge dent in the amount of spam my users received. And you know what? I didn't get very ma
      • by Threni ( 635302 )
        > And you know what? I didn't get very many complaints from my users

        That's not going to work with China, unless none of your users is involved with trade/imports from there. I suppose that's possible in some sectors, but don't be surprised if anyone involved in retail, for instance, applies their own `ham-fisted policy` to the idea of using your services!
      • I take it a few steps farther and blackhole ALL email from foreign (non-North American) IP blocks. Cuts spam by around 80 percent. Since my company does not have any legitimate overseas contacts, this solution works perfectly.

    • I've got .ru blocked at the router. Russia is a huge 404, same with a number of other tld's that produce more spam than interesting sites.
    • by smchris ( 464899 )
      The Russian equivalent of "save the children" is apparently "save the gangsters".
  • by garcia ( 6573 ) on Wednesday May 02, 2007 @12:35PM (#18959427)
    There's absolutely no reason that in the US we must have valid contact information in that database. I use my work address, phone number, and my website spam GMail account on there because I don't want to deal w/the bullshit spam, letters in the mail, etc.

    Whoever had the bright idea to mandate that for ending spam didn't think clearly. Perhaps Russia (while not their motivation for this move) is on the right track.
    • Re: (Score:2, Insightful)

      by cdrguru ( 88047 )
      Of course not. There is no legitimate reason why anyone would want to contact the domain owner about some issue with the site or its content.

      And your hosting company should just reject all requests and complaints. They are just a hosting company and have no need to get involved with anything else. You pay, they host, right?

      If you want to post software, movies, music and child porn that should be nobody's business but yours and the rest of the world can just get stuffed. If someone has a problem with tha
      • Re: (Score:3, Insightful)

        by garcia ( 6573 )
        Of course not. There is no legitimate reason why anyone would want to contact the domain owner about some issue with the site or its content.

        And your hosting company should just reject all requests and complaints. They are just a hosting company and have no need to get involved with anything else. You pay, they host, right?


        You mean like the additional fees that the registrars/hosts get for hiding your personal contact information if you so choose? So this rule should apply only to people who don't want to
        • by jez9999 ( 618189 )
          But I would expect that the host's information, which they replace your info with, would cause them to be notified by authorities when the authorities wanted to deal with the domain. They would either just close you down immediately or forward such notices on to you... so notices from authorities would still get through.
      • by jZnat ( 793348 ) *
        There's always webmaster@example.com, and abuse@theirisp.net. I still don't see why you should have to put your real life address and other information that is completely irrelevant to anyone outside the registrar.
        • by gmack ( 197796 )
          You don't have to put your home address and phone number there. A PO box and pager would be fine as long as it can be used to contact you.
      • by pla ( 258480 )
        There is no legitimate reason why anyone would want to contact the domain owner about some issue with the site or its content.

        Biiiiiiiig difference between people wanting to contact me and me wanting them to contact me.

        And anyone that would need to use registration info to find me - I don't want to hear from, period.



        You pay, they host, right?

        Sounds like you get it so far (sarcasm ignored)...



        If you want to post software, movies, music and child porn that should be nobody's business but yours
      • I've used Whois data several times. It's esp. handy when the site is down, but you need to contact the webmaster.
    • There's absolutely no reason that in the US we must have valid contact information in that database.

      Dude, do you not know about GoDaddy's private registration service? I think in the past 3 years I've had exactly 2 emails sent to me through my domains' private registration service. It keeps your personal information from showing up in a WhoIs query.
      • Re: (Score:2, Insightful)

        by gratemyl ( 1074573 )
        Dude, do you not know how much of a rip-off all the private registration services (also those not from GoDaddy) are, because they charge you for privacy?
      • GoDaddy is a horrible registrar. They fold like a cheap suit when asked to reveal your "protected" information by just about anyone.

        They also drop your name in a heartbeat if even a single piece of your registration data is incorrect.

        There are, however, a few good registrars (like gandi.net) who take domain ownership and privacy very, very seriously.

        Same goes for web hosts. There are a few who take a very aggressive stance against takedown requests, and many offshore who simply ignore them.
    • If everyone follows RFC 2142 we wouldn't have to look at the whois records or search for an imprint or a contact page on the website.
  • by ameyer17 ( 935373 ) on Wednesday May 02, 2007 @12:37PM (#18959447) Homepage

    Currently online RosNIIROSa (www.ripn.net) on the WhoIs contact name and contact telephone owner of a site in the cloud. For example, you can find out what famous site compromat.ru owns Sergei Gorshkov

    In Soviet Russia, compromat.ru own YOU!
  • oblig (Score:1, Funny)

    by oloron ( 1092167 )
    is soviet russia domains whois you!!!
  • by Bandman ( 86149 ) <bandman@nOsPAM.gmail.com> on Wednesday May 02, 2007 @12:38PM (#18959471) Homepage
    Does this mean that we can report security attacks to abuse@kremlin.ru?
  • WHOIS is broken (Score:3, Insightful)

    by nuzak ( 959558 ) on Wednesday May 02, 2007 @12:40PM (#18959515) Journal
    Not just broken by the spammers, though they're in large part responsible for making much info inaccessible, it's also broken by the lack of standards and registrar greed.

    Just try to write a tool to automatically parse WHOIS output to get the registration date of a domain (a good heuristic when determining whether a domain is spammy -- a 1-day old domain merits a little more investigation than a 1-year old one). Assuming the info is available at all and not hidden behind some captcha-enabled web page (not just to shield from spammer harvesting, but also to throw sales pitches at you), the date field could be anywhere, and in any format. Hell, I've even seen registrars use MM/DD/YY format, two-digit years no less. Some even use multiple formats. It's crazy insane.

    RIPE appears to actually have their shit together, and uses a pretty good uniform format. Bully for RIPE, but that's generally only good for IP WHOIS, and the rest is being eroded as the rest of the WHOIS system decays at the seams.
    • One time, I got an idea for a really neat "web mashup" (ugh, hate that name) / Google Maps "hack" - some sort of site where you could put in a WHOIS request and get a marker back on a map. Or maybe multiple sites. I figured you could do a few neat things with that. Maybe move beyond simple maps, set up some animated-time-line-thingy, oh, I don't know. You could do a variety of fun and interesting things with it, anyway.

      Then I looked into actually parsing whois results, and not too long after that, gave up.

    • Could be they don't want to have too much traffic either. I get the following message prior to the actual information:

      $ whois slashdot.org
      [Querying whois.publicinterestregistry.net]
      [whois.publicinterestregistry.net]
      NOTICE: Access to .ORG WHOIS information is provided to assist persons in
      determining the contents of a domain name registration record in the Public Interest Registry
      registry database. The data in this record is provided by Public Interest Registry
      for informational purposes only, and Public

      • There's also the matter of copyright to the data stored.
        You can't copyright a directory, just the layout and other distinguishing features. The actual information inside is uncopyrightable as it does not meet the originality standard. See Feist Publications v. Rural Telephone Service (499 US 340.)
  • WHOIS(1) BSD General Commands Manual WHOIS(1) NAME whois -- Internet domain name and network number directory service DESCRIPTION The whois utility looks up records in the databases maintained by several Network Information Centers (NICs).
  • You want to identify yourself by a public address, that is usually claims that you are a particular organization/individual, on the Internet. And yet... you don't want to identify yourself? I should have no way to check contact information for russianinvestmentbank.ru and call the authorities to see if the address really belongs to a bank? This defeats the whole purpose of having domains. Just use IRC, P2P or DynDNS if you want shadowy anonymity.
    • It's no different than wanting my phone number to be unlisted for my own privacy. I still want a phone number so I can make and receive phone calls, but I don't want to tell the entire world it belongs to me and what my billing address is.

      The same goes for my website. If I want the general public to be able to contact me by phone or mail, I'll put the phone number or address on my site. Otherwise, stay out of my business because I don't want to talk to you. I don't want your spam or marketing message
    • Simple counter-example: Say I live in a country where people may well be murdered for having views contrary to (or critical of) the ruling regime and want to set up a protest website. In such a case (which, it so happens, is not only a genuine thing to want to do in many countries, but commonplace) you specifically need privacy, and that's a good thing. You think I should be forced to put my details on there and have it easy to find out who is behind the site?
      • by iamacat ( 583406 )
        So you think this rule change really protects russian protesters from russian government rather than protecting russian scammers from american victims?
        • You think anyone would sensibly register a protest site IN their own country? That's madness, and an obvious straw-man.

          This isn't a hypothetical example, btw, this is a problem someone I know right now is facing.
  • No Big Loss (Score:4, Interesting)

    Spammers have already laid .ru low. I know of more than a few small to medium companies that flat out drop emails if there's a .ru _anywhere_ in the email. Not just the from or reply to fields. If there's a http link pointing to a .ru domain, they drop it.

    I try to tell them that just dropping "mail.ru" would be a better longterm strategy, but their minds are usually made up. I think this may be some kind of holdover from the cold war.("The Russian's have internets?! Blockade their commie propaganda!")

    Anyway, my point is that lack of whois information is the least of .ru's problems right now. Though it boggles me how a TLD trustee can get away with not publishing whois information while still under ICANN's rules.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Hmmm... seeing as Russia dumps out a lot of spam, I don't know any Russians, and now I can't do WHOIS lookups for Russia.

      header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/
      describe RELAYCOUNTRY_RU Relayed through Russian Federation
      score RELAYCOUNTRY_RU 6.0
      There, that should help.
    • That makes sense to me - how can they just declare this with ICANN in control?
    • though it's ironic that i use @mail.ru for some of my primary emails and get *no* spam at all. kinda sucky when i run into the few services that reject mail.ru stuff though :(
      • by MLease ( 652529 )
        I'm the volunteer assistant admin for a PHP board (Bookup/Chess Opening Software support forums), and invariably, whenever I see someone register with an email address ending in .ru, it's a spammer. Either they put up a pr0n/laptop batteries/credit card/v1agr@ website link, or when their account is activated, they start posting spam in the forums. We've changed our policy to require admin approval for activating all new accounts, and have adopted a "delete on sight" policy for *.ru -- I don't even bother
    • Spammers have already laid .ru low. I know of more than a few small to medium companies that flat out drop emails if there's a .ru _anywhere_ in the email. Not just the from or reply to fields. If there's a http link pointing to a .ru domain, they drop it.

      They cannot say "No Big Loss" because they don't know how much they lost, since any potential deals were rejected before being reviewed.

      Obviously this depends on the business, if you're a local company that has no sales on the worldwide market - no pro

  • Due to all the open speach spread by the internet.. governments around the world are having to crack down.. They don't like freedom.

    That crackdown is going on here in the US. Government wants the DNS keys and to track every message we send.

    The world is starting to becoming a very dark place as of late.
    • Re: (Score:1, Flamebait)

      by LordPhantom ( 763327 )
      The world is starting to becoming a very dark place as of late. Perhaps that would explain that rather horrendous misspelling of "speech"? Lack of light to use your dictionary?
  • by spottedkangaroo ( 451692 ) * on Wednesday May 02, 2007 @01:33PM (#18960415) Homepage

    See, for me, this is simply a matter of character. Or the appearance of it. If you don't want me to know who you are, why should I accept mail from your domain at all?

    I run the email for a pretty small ISP. When a mail server (or farm) starts going crazy and trying to kill my servers with hundreds of connections per second; the first thing I do is drop the packets from the network. I then check the whois listing to see if it's yahoo! or ebay or something like that and consider unblocking it after I know who I'm dealing with.

    When the whois says "NONAME NETOWRK ASSOcIATES" or there simply isn't anything listed, they stay on the drop list. So this is really a handy development. Essentially nothing from .ru will look legit anymore so I can just block all of it, right?

    • by ptitov ( 701269 )
      I guess, in a pretty small isp you can just try blocking whole RIPE and APNIC and most customers won't notice it. Althrough it isn't the way how Internet should work.
  • If the registrar or higher in the DNS food chain has something in the terms of service that mentions the data will be public, does agreeing to the TOS constitute permission? Possibly written permission?
  • Coincidence? (Score:3, Interesting)

    by UncleOwl ( 1016926 ) on Wednesday May 02, 2007 @01:45PM (#18960639) Homepage
    Estonian servers have been under constant barrage of DDOS attempts since April 26, much of which have been tracked to Russian servers. Now Russians try to obfuscate their whois. Is it just me, or are those two events linked...?
    • The Personal Data law, which the article states went into effect on January 30, 2007
      read the f*cking summary! and, btw, yes these events are linked, but not where you think they are
  • by discHead ( 3226 ) <3zcxrr602@sneakemail.com> on Wednesday May 02, 2007 @01:48PM (#18960687) Homepage

    Such a policy is not without precedent. Tonga's NIC [tonic.to] has kept registration information private for years.

    Then again, Tonga's NIC also has a healthy anti-spam policy [tonic.to], including a provision for revealing registration info for domain names canceled for violating that policy.

    But does keeping registration info private really help shield spammers? Who's to say that spammers are providing valid registration info in the first place? They abuse public registration records both ways: they falsify their own info to shield their identities, and they appropriate and abuse the info of honest people doing the right thing.

    I am all for private registration records. If Russia enacts their law, they will have the exact opposite policy of the United States. And, damn, will I envy those Russians for it.

  • The article says ATM any owner of .ru domain can be seen, while many owners of .com domains can 'hide' behind registrar's data. It is going to be an optional service in case site owners want to do it. That's all. Turn your paranoid mods off, please! Cheers!

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...