Proposal To Limit ISP Contact Data Draws Fire 100
An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"
Businesses... (Score:5, Funny)
Only for businesses, of course, since they have the money and don't mind paying extra to be untraceable. In fact, why not just go ahead and pass a law that bans popup blockers and mandates every citizen to an hour of forced ad viewing per day?
Re: (Score:2)
Re:Businesses... (Score:5, Informative)
Almost correct... ARIN does not need IP addresses or contact data to be published for residential dial-in users, provided they are not assigned a /29 (or shorter prefix)
Currently a /29 is the magic number.
If you get a netblock that is larger, such as a netblock with 16, 32, 64, 256, or more contiguous IP address numbers, then the upstream provider has to publish re-assignment information and a contact.
Re: (Score:2)
What are they gonna do when IPv6 gives out /64 blocks for EVERYONE?
Re: (Score:1)
In IPv6, a /64 is just one subnet, so re-assignment information is probably not going to be required.
Policy on that has yet to be hammered out on that through the PDP on the arin-ppml mailing list and at ARIN meetings.
My best guess would be the magic number is going to be something like a /62 for V6
Santa Clara County v. Southern Pacific RR (Score:2)
There are companies that are hundreds of years old - how's a human supposed to compete with that? After all, you might be able to punch your next door neighbor in the face, but you'll never punch Coca-Cola in the face...
Re: (Score:2)
I have money. I am not a business. I would pay to not be automatically trackable just because I use higher bandwidth (business class) services. Where is this a problem. Are you saying I must be fully trackable at all times just on the grounds that I might do something criminal? Are you sure you want to take (and live by in all ways yourself) that position?
Re: (Score:2)
Set up a front business in a suitable jurisdiction with one person employed who spends an hour a month answering the phone. You could probably make the whole setup tax-deductable by hiring a mentally-handicapped person to act as your "receptionist".
This should be simple... (Score:4, Interesting)
Person A says to cops: "I received spam. Here is copy."
Cop identifies IP.
Cop says to provider "Give me billing info on this IP b/c of spam."
Provider gives billing info. If not, does so after quick court order. If still not, gets shut down.
Cop contacts business. If hijacked computer, refers to techies. If not hijacked, quick court case by DA. IF spam, gets shut down and pays large statutory damages and prohibited from using net again for X years.
Or something like that.
The problem is having a quick, efficient, and intelligent police response in place, and having people know where they can go to get it. We will never stop spam unless we decide to commit sufficient resources to doing so.
We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)
Re:This should be simple... (Score:4, Insightful)
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards. Besides, not everyone is in the US.
Privacy is less important here than the potential for menace and the ability of people to kvetch directly at troublemakers.
Re: (Score:3, Insightful)
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards.
Isn't that the RIAA thought as well?
Re: (Score:1)
It occurs that the privacy of IP information should make sending DMCA letters to an accurate contact based on IP address almost impossible (eventually)
Re: (Score:2)
If it is, so what? In your scenario, the RIAA would go to the police using their lawyers instead.
While legal recourse is possibly necessary at some point, having contact information for IPs accessible without a lawyer helps keep the net running smoothly. It's not worth giving that up in the name of privacy.
Re:This should be simple... (Score:4, Insightful)
I know that for my company, I'd get a lot less spam if they couldn't trawl my email address out of the registry. Fortunately, a quick filter set up gets rid of most of it.
Re: (Score:3, Insightful)
Unfortunately, there are several problems with this:
1) "We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)"
result: Cop says "Not breaking the law, not my problem, go away."
So you have to make spamming truly against the law.
Result: Cop says "Yea, I'll get right on that, after I go after a bunch of more interesting (read: higher fines) crimes." Considering how little the cops enforce crimes that are threats to life and lim
Re: (Score:1, Insightful)
1. How do you identify the source of the spam? Email headers can be forged, you know; you're going to have to analyze the log files at each node along the way. Good luck with that.
2. Nobody is going to shutdown a provider unless the violation is extremely egregious; people use bot nets to spread the damage around rather than isolating it at a single point of failure.
3. Spam is really annoying and costs people real money, but not so much that actually going after people is worth the extra expense; maybe a
In the real world... (Score:2)
Person A says to cops: "I received spam. Here is copy."
Cop requests complete copy of spam, waits three days for response, works through forged headers, determines IP is in another country.
Cop answers impatient email from Person A.
Cop requests assistance from local authorities, six months pass. Cop answers several impatient emails from Person A.
Local authorities provide name and street address registered to IP.
Cop researches data and determines the address is a vacant lot in another country. Cop reports th
Re: (Score:2, Interesting)
... after quick court order. If still not, gets shut down. Cop contacts business. If hijacked computer, refers to techies. If not hijacked, quick court case by DA. IF spam, gets shut down and pays large statutory damages and prohibited from using net again for X years.
The trouble is, that stuff costs money. And ignoring/filtering spam doesn't. I'd rather keep my money (and have to deal with spam) than pay higher taxes to fight it.
Re: (Score:2, Interesting)
Cop identifies IP.
And since the upstream has kept the ISP's information private, to prevent other providers from seeking their contact details, the Cop is going to have a very fun time.
Suppose the user was not a subscriber to a Tier 1 ISP.
Then there could be 3 or 4 levels of re-assignment involved, all private.
For example, the user subscribes to Mom and Pop ISP who buys data service from Xyz Co, who is a local exchange or local provider of data services in a very small region.
Said local provi
Re: (Score:1, Insightful)
Person A says to cops: "I received spam. Here is copy."
Cop says "GTFO! Hahaha."
FTFY.
Seriously, who calls the cops for spam and expects them to not laugh at you?
Re: (Score:2)
> Seriously, who calls the cops for spam and expects them to not laugh at you?
It doesn't have to be the same cops who deal with murders and stabbings. In fact, it probably shouldn't be; it takes different skills to hunt down spammers.
Re: (Score:2)
Having dealt with identity theft and the police, I think it'd go more like this:
Person A says to cops: "I received spam. Here is copy."
Cop says it might not be their jurisdiction and there might not be much they can do about it, but they'll look into it.
A month passes and Person A calls the cops to see what progress has been made.
Cops reply that they've assigned an officer to the case, but he's got a lot of other cases and he'll get back to Person A.
Repeat the last 2 steps until Person A gives up and drops
Get rid of "private" domain registrations first! (Score:2)
Want to fix the spam problem? Get rid of "private" domain registrations. If the domain isn't registered to a real human being, pull the plug.
This will help stop sites that offer crap like "bullet-proof email services" - spam-on-demand.
Re:Get rid of "private" domain registrations first (Score:5, Insightful)
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
You want to host something on the net? Fine - be prepared to post valid contact info. Otherwise, make arrangements for someone else to host it, or host it off the net.
Re: (Score:3, Insightful)
Ever think that it's the way you treat them online that convinces them to let out their inner demons?
Re: (Score:2)
And those individuals still have a public IP address, so you can contact their ISP - it's a one-line whois query away (at least if you're running a terminal under linux).
Or did you really believe all those "Your computer is broadcasting its IP address!!!!" fake warnings :-)
Re: (Score:2)
Re:Get rid of "private" domain registrations first (Score:4, Insightful)
In these cases, access is limited (by line-of-sight), or the information does not provide back-tracability. That no longer happens when posted online.
Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?
Re:Get rid of "private" domain registrations first (Score:4, Insightful)
STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.
Re: (Score:3, Informative)
Follow the link to today's spammer tracking report [slushdot.com], and see how handy the information can be to track down spam. Also, feel free to do a whois. My contact info is on-line. It's been on-line, under va
Re: (Score:1)
Should the contact info of a corporation that has 16 or more public IPv4 IP addresses really be considered private?
What is the value in protecting "privacy" of a corporation's identity, and allowing them to use a public shared resource for profit privately without revealing their identity?
Typically there is no more info about a company in a WHOIS listing than can be found through other public records, such as corporate charters, Yellow pages, advertisements.
Re: (Score:2)
Hmm, gee, that's a tough one. Maybe it's because they believe in privacy in some areas, and not others? Maybe they don't see a dichotomy between complete privacy in every area and willingly sharing your most pragmatically necessary secrets with strangers on the internet?
Re: (Score:2)
No problem. But first, a demonstration of how useful whois info is for tracking down spammers [slushdot.com],
All my info has been on "TeH InnerT00bZ" since I registered my first domain back in 1994.
While I'm a big advocate of privacy rights, I also think that hosting a domain is a public action, and needs to be directly tied to someone who will be physically accountable for their actions.
Re: (Score:2)
Re: (Score:2)
Do you want to put money on that? Several states say otherwise (and that doesn't count munici
Re: (Score:2)
Bullshit. Let's see anyone enforce it, if it exists at all.
According to you, it is illegal to wear a veil or burqa in public. It's not.
This is still America, I am still an American, and if there really IS a municipal law like that on the books anywhere lets see how long it lasts against the ACLU. I would be honored to be arrested for such a 'crime' and provide the litigation vehicle to overturn it.
I sure as hell hope you are not promoting it, because it goes against everything we are supposedly fighting
Re: (Score:2)
Re: (Score:2)
You're the one who mentioned municipal ordinances, so that can also apply to cities. Your link is worthless. Hardly any data is available for the states, or so few states have enacted such laws it is similar to anal sex being outlawed in Rhode Island.
A law that everyone thinks is ridiculous and ignores.
I am willing to be a test case because I am not a coward and I am STRONGLY against the dilution and elimination of my rights to privacy and anonymity. So you betcha! I have no problem being an activist, ge
Re: (Score:2)
Bi
Re: (Score:2)
Sure I could 'say' it.
It's easy to say 'Big Talk' and no 'Action' too. The only thing I hear from you is Talk with no Action as well.
The difference is.... I am not promoting the eradication of privacy and anonymity, which comprise the first line of our defense against corrupt governments, YOU ARE.
You fought for our rights? Really? So what changed from then and now?
Re: (Score:2)
I am not fighting for "the eradication of privacy and anonymity" - there is no requirement that people HAVE to have a domain, same as there is no requirement that people HAVE to have a drivers license. You're free to use the web, and you're free to walk on the street. However, the use of certain aspects should NOT be completely unregulated - both for driving cars and hosting domains. Either one you should be able to track down the responsible party for when they fail to act responsibly.
Rights come with r
Re: (Score:2)
The drivers license is simple. It is a privilege to drive simply because of how dangerous of an endeavor it really is. The best interests of society are served to make sure that I have the ability to drive safely.
The drivers license should not be used as identification on demand by authorities. I always fight that tooth and nail. If I am not in car, you don't get to ask for my identification, UNLESS, you have just cause to do so. That just cause being a belief, that can be supported by evidence, that I
Re: (Score:2)
You obviously didn't read the link. Few states are listed as having anti-mask laws, fewer still support your general claim of "you don't have a right to wear a mask":
California - Illegal to wear a mask for the purposes of disguising yourself during the commission of a crime or evading capture by the police.
DC, Florida - Illegal to wear a mask for the purposes of intimidation/threats, depriving others of their legal rights
Re: (Score:2)
As for "unlikely to happen", tell that to the 8-year-old who was arrested for writing on her desk with an erasable marker, or the 5-year-old kid who was charged with sexual assault because he kissed a classmate.
Feel free to prove me wrong by going into your local bank wearing a mask. Better ye
Re: (Score:2)
No, you made the blanket statement: "You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it". You succeeded, at most, at "proving" this to be true in a narrow set of circumstances...in three states out of fifty. That's a success rate of less than 6%.
Re: (Score:2)
One of the posters claimed that there were no such laws. I proved otherwise. Now, if you want to show that those laws are not in effect, do so, and pics or it didn't happen.
There is on constitutional right to go around wearing a mask, and various states, as well as municipalities, prohibit it. It's also probable cause
Re: (Score:2)
Unfortunately for you, the ways in which I can prove you wrong are not limited to what you "provide". Even "prove you wrong" is more than I need to do; I need merely point out how you have not proven yourself right. I have shown how your cited evidence fails to support your claim, and you have not defended it. You, as the one making the assertive claim, are the one under the burden of proof. S
Re: (Score:2)
So admit that you're wrong. There ARE laws against it. And if you want to go by percentages, there's a country bigger than yours that has laws against it right on top of you. And there are other countries that also have similar laws. So eat crow, fatso.
Re: (Score:2)
Those posters were attacking your original claim, which was this:
That claim is not "there are laws against it in a small number of places". It was a generalized statement of fact which, in your ignorance, you assumed applied everywhere. Your claim was that laws against masks were the rul
Re: (Score:2)
It's like saying "It's illegal for elephants to be in the US" I don't have to show elephants in all 50 states to prove them wrong. Just 1 state.
Re: (Score:2)
And a blanket ban IS unconstitutional. The fact that it hasn't been overturned yet doesn't prove otherwise. To suggest that it does is to argue that any law on the books is automatically constitutional.
Quite true (Score:1)
The mask banning is quite true and enforced in a lot of places. Just the facts.
Re: (Score:2)
Ok. I do believe that it is unconstitutional and not consistent with our values as Americans. I would be happy and proud to to fight such laws as an activist. Something like getting a couple hundred people together with masks outside of a police precinct.
Basically, it boils down to a really simple fact. When you exchange Freedom for Safety, you get neither one.
I don't ever support expanding law enforcement's rights to gather information when it is not directly related to immediate crime in progress, or
Re: (Score:1)
Well, I know what you are saying and agree with the sentiment. If you look back when the masks were banned, it was to counter ku klux klanners and other sorts going out and doing nasty stuff in public and hiding behind that anonymity. I am guessing now that it has been taken to court already, but I haven't researched it yet.
Now what I don't like is COPS being able to hide behind masks, plus remove their insignia, at public demonstrations. The same laws should apply to them as well.
As to infrared devices, et
Re:Get rid of "private" domain registrations first (Score:5, Interesting)
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You're already there.
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You don't? Tell that to Anonymous.
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You can contest things that happen to your bank account. Nonetheless, I don't let just anyone have the information on my checks.
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
No, I don't. :^P Further, even if I did, people have to get close enough to view it. It's not in a publicly accessible database, like WHOIS data for domains.
I like the ability to anonymously post information to the internets. Part of that is the ability to be free from WHOIS spam as part of a domain registration.
Re: (Score:1)
A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).
At one point in time that might have been correct.
It is no longer true. There are plenty of back channels where a person not in a "position of authority" can very easily get the information indexed to the key, pretty reliably.
Re: (Score:1)
The day that all of that crap is in the WHOIS database will be the day when you have a point.
Re: (Score:2, Interesting)
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
A Medic...what??? Of course I do not.
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
I have only name, bank account number, and issuing bank. No need for an address on a cheque, that's a security risk.
Also, don't write checks.... paper checks are a security risk, because they are easily forged, and should be kept locked up at
Re: (Score:2)
Since net neutrality isn't an issue I expect the ISP can provide that page to everyone via connection running at about 2 baud. You'll have the names in about twenty years.
Re: (Score:2)
Re: (Score:2, Interesting)
Then use a subdomain on a responsible person's SLD registration.
Proper contact information really is a requirement for registering a domain name.
"Domain by proxy" services are sneaky, the practice should be banned, for among other reasons (due to the fact) that the proxy service is officially the legal owner of the domain name, as far as the internet domain registry is concerned.
Re: (Score:2)
Want to fix the spam problem? Get rid of "private" domain registrations. If the domain isn't registered to a real human being, pull the plug.
This will help stop sites that offer crap like "bullet-proof email services" - spam-on-demand.
Real question because I don't honestly know: how much spam is actually sent from people with registered domain names who own blocks of IP addresses? How does this number compare to the spam sent from compromised Windows machines that participate in various botnets? If the latter is a much larger source, then this looks more like another ineffective feel-good measure. Though to be honest, even if you shut down every last botnet I don't believe that would stop spam, because spam predates large botnets.
T
Re: (Score:3, Interesting)
Spammers need a legit server to receive those clicks. See how I tracked down one spammer half an hour ago [slushdot.com] to learn more.
Pay particular attention to the section around the "Directory Listing Denied" segment.
You might also want to help ...
I'm still waiting for the "year of the linux desktop", so I don't hold out much hope for end-user education :-)
Re: (Score:2)
That's wonderful, and probably made you feel better, only it misses my point. You can track down 500 more spammers if you want. Even if you manage to get every last one of those 501 taken offline, more will show up to take their place. That will continue so long as spam remains profitable. What you're doing there is more about a visceral feeling of nailing someone for
Re: (Score:2)
Here, let me fix that for you:
The root problem is that spammers are anonymous. Strip them of their anonymity, and watch how spam goes from 95% of all email to 5%.
Re: (Score:2, Interesting)
Real question because I don't honestly know: how much spam is actually sent from people with registered domain names who own blocks of IP addresses? How does this number compare to the spam sent from compromised Windows machines that participate in various botnets? If the latter is a much larger source, then this looks more like another ineffective feel-good measure.
You realize, these are not disjoint sets?
There are a lot of Windows machines on the networks of companies that hold IP addresses.
These
Spam is sent by BOTNETs, not private domains (Score:3, Insightful)
Getting rid of "private" domains won't do a damn thing except INCREASE the amount of spam that domain holders get. Spammers don't hide behind private domains, they hide behind huge botnets!
I used to not hide my whois information. In fact, I was proud to display my contact information in my whois entry when owning my own domain was a novel thing. Then the spam started on the contact accounts. Annoying, but I could handle it. Soon after, I started getting phone calls from people who barely spoke Engli
Re: (Score:2)
Your statement isn't true. As an example, yesterdays' spam [slushdot.com] - that wasn't sent by a botnet.
Second, for the spam that IS sent by a botnet, you'll see that it tries to send people to specific sites. Those sites are the ones you want the whois information for. Often, they're hiding (like yesterdays) behind bogus throw-away email addresses (such as, in yesterday's case, gmail accounts).
Sure, you'll get a few phone calls - that's what call display is for. And with
Re: (Score:2)
Sure, you'll get a few phone calls - that's what call display is for. And with the new Do Not Call list, such calls net the caller an $11,000 fine. Haven't gotten one since I put my number on the list, so even if they harvest the phone number, they can't use it.
So wait, guys trying to get illegitimate access to my machines and/or steal my identity and calling through "unavailable" VoIP lines from Russia and Nigeria are going to respect the US's Do Not Call list? Get real.
Also, even though my contact information is unavailable TO YOU, it is not unavailable. If there is an issue, my registrar does have my full and complete information (and they are required by ICANN to confirm it is correct periodically, which they do). Perhaps not all registrars follow the ICA
Why is it so hard? (Score:3, Insightful)
Re: (Score:3, Insightful)
... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...
What people like and what people don't like should not dictate the laws of the government. I would LIKE free money given to me every single day of my life and I would LIKE not to ever pay taxes again.
And, your reasoning is off. Piracy is getting such attention because interest groups (music industry, movie industry) are throwing money behind it to stop it from happening because they think (rightly or wrongly - not going into that here) that piracy is hurting their business. Most individuals don't think
Re: (Score:2)
What people like and what people don't like should not dictate the laws of the government.
Why?
I would LIKE free money given to me every single day of my life and I would LIKE not to ever pay taxes again
Invalid example, you are not "people", now if people wanted those things, I would not see a reason for the government to not comply, of course, this has obvious consequences that make it impractical and people know that, but you are not arguing against the consequences, your position is that the will of the people shouldn't dictate law.
Will you defend it or take it back?
Re: (Score:2)
Lobbyists *already* do nothing but spew lies in ad campaigns.
So you are against democracy? I won't deny that people are stupid but I rather try to educate because what is the alternative? A benevolent dictator? An illuminated ruling class?
Who's going to decide who will rule? you?
Re: (Score:2)
Spam is an annoyance. Piracy is actually damaging.
Re: (Score:2)
Wikipedia:
"the worldwide productivity cost of spam has been estimated to be $50 billion in 2005"
And that's back several years. Now include money scams/etc.
Piracy:
Many independent researches have shown the people who pirate the most are the same people who are most likely to buy the material.
eg. The guy who pirated Avatar was also the guy who went to the theater several times then went out and bought the blue-ray
Per person, people who pirate, spend more money. Yes, some people who pirate don't buy anything w
ISP (Score:2)
Re: (Score:1)
A "venomous message" is not network abuse in the traditional sense, although it still may result in account termination (especially if the ISP is a university or employer of the sender), most commercial ISPs will not or cannot do anything about a complaint of a venomous message. Although they may have an AUP that message content violates, support personnel cannot readily make a determination whether a single message constitutes legal harassment or not, and whether the claimed sender really sent that text
Why does it have to be public? (Score:1, Insightful)
Everybody should have a right to privacy up to the point they abuse it. That address and contact information, when reflexively made public, can and is happily abused by other unaccountable individuals and businesses.
Our problem is that we don't have an effective system for making abusers face consequences for their actions, and stomping on the privacy of responsible actors on the Internet only makes the problem worse by adding to the pool of people whose information can be used to harass them with spammy c
Re: (Score:1)
Personally, I think you should have to register to see entries in the WHOIS directory, pay a $5 fee, and obtain a login and password to authenticate. You yourself will be listed in the WHOIS directory as a whois user, with full details.
And any lookups you perform will become public knowledge for the next 7 days, together with the IP address(es) performing the lookup, and what records you looked up.
In other words... public information, but also public record of who is accessing that information.
More Privacy for Businesses, but less for people? (Score:1)
Contrast this with the provisions of ACTA, which require that the ISPs more strictly monitor citizens for imaginary property infringement.
Looks like you're much better off being a corporation than a person these days. Better privacy. Better health benefits. Better insulation from litigation. And if you get big enough you don't even have to be financially solvent in order to survive, the government will bail you out.
Corporations have no privacy protections (Score:1, Interesting)
Corporations are NOT people. Therefore, they have no "privacy" expectations or rights to such.
They are PUBLIC corporations. I see no reason to extend the rights that individual PEOPLE enjoy to corporations, which by their inherent creation, are PUBLIC entities.
If they have nothing to hide, well, then why are they asking to be hidden? (I know this is a fallacious argument, but when corporations and the government (and their cheerleaders) apply it to people, why can't it be applied similarly to corporations?)
Re: (Score:2)
Not all corporations are public.
But the Internet should not be an anonymizer for criminals, either.
We have actually endorsed this proposal. (Score:1, Interesting)
At least with this proposal providers could implement their whois servers and actually leave them up and running all the time, rather than only turning them on when working with ARIN to receive another IP allocation (common practice in the industry), which doesn't really help anybody when they are down.
Re: (Score:1)
Intentionally downing or failing to do either operate the RWHOIS server 24x7 or provide the re-assignments using SWIP is a NRPM violation, and therefore a breach of the RSA contract the provider signed with ARIN.
If they are found out, their IP resources subject to the RSA can be revoked immediately...
In reality, they might get off with a stern warning, but it seems like a really risky practice.
Businesses are not entitled to anonymity (Score:2)
Neither WHOIS information nor IP address block allocation (ARIN's remit) should be private. Neither businesses nor anonymous web sites are entitled to anonymity in most of the developed world. Europe, in fact, is tougher on this than the US. [sitetruth.com] Europe has the European Privacy Directive, but that's for individuals acting in their private capacity. Businesses come under the European Directive on Electronic Commerce. [europa.eu]
Businesses want anonymity? Which ones? (Score:2)
Seems to me that legitimate businesses with an internet presence spend a lot of time & money on trying to be known.
Why would a legit business want to be anon?
For people posting in fear of their lives, there's Wikileaks...
This is not the way to defeat spammers and others.