Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Network The Internet

ICANN Working Group Seeks To Kill WHOIS 155

angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."
This discussion has been archived. No new comments can be posted.

ICANN Working Group Seeks To Kill WHOIS

Comments Filter:
  • not having read TFA (Score:5, Informative)

    by Tastecicles ( 1153671 ) on Tuesday June 25, 2013 @11:12PM (#44108937)

    Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?

    BTW, I think the headline is a: alarmist and b: misleading. It would be better written as "ICANN Working Group seeks to replace WHOIS."

    • by Samantha Wright ( 1324923 ) on Tuesday June 25, 2013 @11:20PM (#44108979) Homepage Journal

      Here's your answer:

      "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.

      Basically, they'd be extracting a licensing fee from the current people you go to for WHOIS lookups. Arguably this could be called "killing" WHOIS since it means taking away its... free spirit.

      • by icebike ( 68054 ) on Wednesday June 26, 2013 @12:04AM (#44109187)

        I'm fine with whois, even though it has been steadily degraded by private registrations recently.

        I'm not convinced there is any realistic reason this information needs to be private, although I might feel differently if i lived somewhere else in the world where angry armed mods drag you from your home for expressing a view point. On the flip side of that, simply knowing that your information is available tends to induce better behavior on the Web.

        But by and large, I think people should be able to know who owns a site, or who is fronting for the owner. It helps a great deal when trying to track down and report abuse.

        I rather suspect mine is not a popular view.

        • by Frobnicator ( 565869 ) on Wednesday June 26, 2013 @12:58AM (#44109389) Journal

          They are not talking about blocking all access to the data.

          They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.

          They are also proposing adding additional contact fields that have been frequently requested for WHOIS data.

          They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals. In particular it does not talk about refusing access, simply limiting the requests to authenticated users to prevent thinks like bulk-searches that scammers frequently use. The report recommends only limited fields require authenticated access, not those used commonly by individuals or by website administrators for abuse mitigation.

          Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) that are not currently available, but will be very useful for domain abusers spanning many TLDs.

          • by Anonymous Coward on Wednesday June 26, 2013 @02:38AM (#44109681)

            I for one prefer to have my domain details stored in my own country. We have reasonably decent privacy protection laws here, and I think the current system is adequate but am concerned about having a larger offshore database with more detail stored overseas if that country does not have sufficient privacy protection (likely).

          • by Forever Wondering ( 2506940 ) on Wednesday June 26, 2013 @05:42AM (#44110387)

            What constitutes an authorized user?

            I have a honeypot on my home server to collect phony/random/orchestrated login/breakin attempts. A log entry has time, IP, username, pw. Eventually, I'd like to do further automated scripting. Namely, take the IP address, do a whois on it, look for the abuse contact email at the ISP, and email them the relevant log entries, with a polite request to investigate.

            If they're legit, they may want to take action against one of their users who is doing massive attempts at system breakins. That is, such attempted login/breakin activity is against the law in certain countries. It's also [probably] a violation of the ISP's TOS. I've read that many ISPs don't even know that their customers are doing such things and welcome being told because the customer activity can expose the ISP to a degree of legal liability [safe harbor notwithstanding].

            Currently, in whois data, there is no [universally used] standard for the abuse mailbox. It can be:
                abuse-mailbox: ...
                Remarks: Send abuse email to ...
                % Remarks ...
                # Send abuse reports to ...
            So, standardization would be nice.

            However, an interesting wrinkle. Although I get attempts from all over the world, most of the breakin attempts I get come from .cn hosts [just sayin ...]. The whois data from these is _always_ 100% complete and well organized. I guess they're compelled to do this by the gov't there. If, as proposed, the information goes to a central repository in [presumably] another country, there would be no way to compel an ISP to provide accurate/complete information cross-border.

            So, how does this shape up under the new proposal? Which country's laws would govern this? Per-country top level domains like .cn and .uk present fewer problems. But, what about the more generic .com, .org, etc.?

            • by chihowa ( 366380 ) on Wednesday June 26, 2013 @08:41AM (#44111569)

              Eventually, I'd like to do further automated scripting. Namely, take the IP address, do a whois on it, look for the abuse contact email at the ISP, and email them the relevant log entries, with a polite request to investigate.

              I'm sure you will be careful with this, but I just want to post a friendly reminder. Depending on how you organize your script and how often the same person hits your network, there's a chance you'll end up flooding the abuse contact with email. Not only will they not appreciate that, but there is a chance of amplification and bogging down their abuse handling process.

              In addition to the abuse-mailbox field you mention, it would be nice to standardize on an abuse report format, too. That way we could be confident that abuse reports can be properly fed into a system without depending on a human reading them directly.

              • I'm sure you will be careful with this but I just want to post a friendly reminder.

                Yes, one of the reasons that I haven't done it until now. My system has a dynamic IP and no DNS entry, so it's hardly a high profile target. Since 12/22/11 I have some 32,000 entries.

                Depending on how you organize your script and how often the same person hits your network, there's a chance you'll end up flooding the abuse contact with email. Not only will they not appreciate that, but there is a chance of amplification and bogging down their abuse handling process.

                I was considering a builtin delay. Delay until the volume reaches a certain number of attempts or enough time has elapsed that it indicates a one off attempt. One instance originated from Bangkhok and would do an attempt every 20 minutes. This went on for weeks.

                Yes, you're correct. Clearly a balance between excessive volu

            • by Medievalist ( 16032 ) on Wednesday June 26, 2013 @09:24AM (#44112111)

              This doesn't answer all your questions. Sorry.

              There are standardized addresses. Unfortunately, people who don't understand basic systems engineering (or who do, but are extremely greedy and amoral) refuse to use them.

              Anyone providing Internet mail services is required by the SMTP protocol definition to have a human being receiving mail at the postmaster@domain.tld address. This has been true in every single revision of the protocol starting with RFC822 and continuing to the present day in RFC2821.

              If you aren't manning the postmaster address, what you're doing is simply not SMTP, so it isn't Internet email. It is something else - metaphorically a bicycle wobbling down the center of the freeway, perhaps, or in the case of the big government-owning vendors like Verizon a steamroller in a pedestrian tunnel, crewed by laughing psychopaths.

              The abuse@domain.tld address is slightly different - it is required by RFC2142, just like the hostmaster@domain.tld address is, but that RFC is not a protocol definition or a requirement for Internet connection.

              However, the following statement is objectively true: If a domain does not staff the abuse, hostmaster and postmaster accounts, they will fall in at least one of two categories: technically incompetent or ethically corrupt.

              The technically incompetent cannot handle the mail filtering required to deal with the spamload on these addresses. AOL claims that they are part of this group.

              The ethically corrupt understand that the Internet is fundamentally a system of agreements - that wires and computers cannot function as a whole unless they use agreed-upon, mutually respected protocols, just as people cannot communicate efficiently unless they share some kind of common language. However, they also know the Internet's protocols are robust enough that only the majority of users must scrupulously comply with them, and extremely wealthy and powerful players can gain commerical advantage by breaking the rules they insist everyone else respect. Verizon and Microsoft fall in this category.

              Because people continue to buy services from the technically incompetent and the ethically corrupt, they continue to prosper. This is something the free market is supposed to magically correct, but amazingly enough the same people trumpeting the power and the glory of free markets seem to be working very hard to support regional monopolies and strengthen barriers to entry in communications markets.

          • They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.

            What 2 step process? I type "whois example.com" at a command line and I have the results. Granted the command itself first looks up the root registrar and then queries that registrar. But I can see all kinds of problems in this because diffe

        • by AJH16 ( 940784 )

          While I'm not sure it is relevant to the article, I do agree with you that private registrations are bothersome though I know I personally don't ever completely trust a site with a private registration. I intentionally leave WHOIS open for the world to see on my sites, but then again, you can actually find my details on the About pages of most of them without even having to go to WHOIS. Anonymity on the web is more or less a myth anyway. A determined attacker can figure out who you are unless you take lo

        • Personally I'd like WHOIS to be semi-private; public enough that law enforcement can find out who's who easily enough (just as the ownership of cars, houses, etc. is not private), but with some privacy so that I can express controversial views without it affecting my academic career. Parts of academia are very, very political, and people sometimes scour the Internet looking for dirt on their enemies.
        • Knowing my information is available doesn't make me act better online because 1) my WHOIS contact information points to a PO Box that isn't even in the same town I live in and 2) the only people who seem to use my WHOIS information are those "domain renewal" firms that send me such helpful letters as "your domain is going to expire so 'renew' with us... [fine print]by renew, we mean switch your domain to us and pay much more than you currently pay[/fine print]".

          I wouldn't mind if there was some sort of chec

        • by Krojack ( 575051 )

          Honestly I could care less.. As long as I can lookup and see 1. When domain was register & expires, 2. What company the domain is with (Godaddy, NetSol, ...), and 3. What name servers the domain is pointing to. The admin email address is a bonus so I can tell my client what email address transfer request are going to.

        • I'm not convinced there is any realistic reason this information needs to be private, although I might feel differently if i lived somewhere else in the world where angry armed mods drag you from your home for expressing a view point.

          I keep my domain registrations private due to the spam. It's shocking how much email and snail mail spam I used to get before making my registrations private.

        • On the flip side of that, simply knowing that your information is available tends to induce better behavior on the Web.

          If you're correct in that theory, we're in for a whole lotta good behaviour online and offline in the years to come. Let's hope so.

      • Here's your answer:

        "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.

        Basically, they'd be extracting a licensing fee from the current people you go to for WHOIS lookups. Arguably this could be called "killing" WHOIS since it means taking away its... free spirit.

        But how does my CLI pay the fee?

    • by black3d ( 1648913 ) on Tuesday June 25, 2013 @11:24PM (#44109009)
      No specific word from the article on charges per se, however I don't think "seeks to kill WHOIS" is alarmist. The plan is to basically remove the WHOIS system, and instead have all the data managed by a "third party", to whom you have to apply to if you want any information on a particular domains ownership, rather than they automated system we have now.

      FTA:
      Access to the 'live' domain records maintained by gTLD registries would also be possible via the ARDS "upon request and subject to controls to deter overuse or abuse of this option". "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?

      This is going to make it difficult for visitors to a site, to let the site owners know, personally, that they've been hacked. Ive stopped two websites so far, from spreading viruses after they've got hacked due to using old joomla 1.2. Blackhole exploit redirects, i beleive the term is.

    • by Anonymous Coward on Wednesday June 26, 2013 @03:06AM (#44109795)

      It would be better written as "ICANN Working Group seeks to replace WHOIS."

      "ICANN Working Group seeks to monetize WHOIS..." is probably more accurate.

    • by braoult ( 449504 )

      And... Simple question, as non-USA citizen.

      Do you want to bet where the country managing it would be?

      I guess it will not be France, not China, nor... anything but US (why not PRISM directly? it would be clearer).

      Take the bet!

    • One three word phrase applies here, "screw you ICANN" .

      Whois is the common users way of being able to throw an all encompassing blanket over the internet bad guys. But it sounds as if you want to lock that info up and hold it for ransom, available ONLY to the elites will to grease your palms for that info.

      In fact, screw you is considerably too polite, there are better ways to address such, but I won't further insult the non-profane here.

      So, Go to hell ICANN will have to do. But unfortunately I am not Bobb

  • by Anonymous Coward on Tuesday June 25, 2013 @11:15PM (#44108945)

    A corporation is a single point of failure. As ICANN repeatedly demonstrates.

  • Did i just read... (Score:3, Insightful)

    by Anonymous Coward on Tuesday June 25, 2013 @11:15PM (#44108949)

    "centralized data store maintained by a third party"

    Also the US government would certainly love to manage such entity.

    So that's a huge no.

    • by gandhi_2 ( 1108023 ) on Tuesday June 25, 2013 @11:35PM (#44109061) Homepage

      Once upon a time the US Government was THE Consortion for assigned names and numbers. They were THE registrar.

      They gave it up.

      • by Opportunist ( 166417 ) on Tuesday June 25, 2013 @11:56PM (#44109151)

        Good ol' times. Back when we were the free world. Remember those times? Life was good. The older ones might even remember it.

        Be honest. Do you think this would happen now?

        • by icebike ( 68054 )

          Insightful.

          The Internet was built so fast that governments had no idea what was happening or what it would become.

          Of course back then, governments didn't seem to care what people did, and didn't need to control everything.
          Not likely the internet would be allowed to be built at all today, certainly not one that crossed borders.

        • Good ol' times. Back when we were the free world. Remember those times? Life was good.

          I do, however, remember when more people bought into that fabrication than they do today.

          Mind you, I still think there's a lot of freedom available in the "free world" and - both then and now - more opportunities for the common citizenry than one might find in a more totalitarian regime. That I can write this diatribe without any fear of retribution is only one example.

          But that "freedom" came at a price, usually paid by c

          • In short, we had our freedom because we didn't really use it. Much like the telcos could easily offer unlimited local calls as long as people didn't really stay online 24/7.

        • Good ol' times. Back when we were the free world.

          When was that, exactly? Because the US (who I'm assuming you're referring to when you say "we") has been oppressing various portions of its population regularly and frequently since before it was a country. Sometimes this oppression was over race, sometimes religion, sometimes political beliefs, sometimes economic choices and association, sometimes gender, sometimes (and to a degree still) age, but it's always been there.

      • by Anonymous Coward on Wednesday June 26, 2013 @02:22AM (#44109633)

        Nope--it wasn't the Gummint that kept that data, it was Jon Postel. He may have been supported indirectly by the Feds, but he sure kept his honesty and integrity. Things have sure gone downhill since he died.

        It's a bit ironic, though, that his name wasn't on any of the RFC's relating to whois.

  • by Anonymous Coward

    whois icann?

  • by Anonymous Coward on Tuesday June 25, 2013 @11:16PM (#44108955)

    Great, so we are going to privatize the WHOIS service and make it much more difficult (pay per query?) to get information out of it.

    Guessing one of the usual corrupt telcos or domain name registration companies will bid to be the 'third party' and find a way to fuck this up good.

  • by marciot ( 598356 ) on Tuesday June 25, 2013 @11:25PM (#44109013)

    As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.

    • Re: (Score:3, Funny)

      by gandhi_2 ( 1108023 )

      I know, right?

      Imagine having to PAY to find out you are being attacked by.... "DOMAINS BY PROXY, LLC"

      • by icebike ( 68054 ) on Wednesday June 26, 2013 @12:32AM (#44109309)

        If i was getting paid each time you wanted to find out who was attacking you, I might be tempted to make sure you were attacked more often... Just sayin...

        • From TFA and the report, those fields are recommended to remain public and anonymous. The biggest difference is that they recommend having a single step process instead of the current two-step process of first looking up the registrar and then using that registrar's WHOIS system.

          Network abuse mitigation is specifically listed as a use case that should not require an account.

          • The biggest difference is that they recommend having a single step process instead of the current two-step process of first looking up the registrar and then using that registrar's WHOIS system.

            What two-step process are you talking about? There is only one step for me to get information from current whois database:

            $ whois slashdot.org

            that is all, no second step is necessary.

            The ICANN proposal sounds very bad for me for several reasons:
            - current system is fine, no reason to change it
            - centralisation is bad. What if the U.S. controled central authority started to filter entries it doesn't like from the database? What if the central authority refuses to accept certain new entries into the database?
            -

            • The biggest difference is that they recommend having a single step process instead of the current two-step process of first looking up the registrar and then using that registrar's WHOIS system.

              What two-step process are you talking about? There is only one step for me to get information from current whois database:

              $ whois slashdot.org

              that is all, no second step is necessary.

              You don't see it because the *nix whois app does the both steps for you.

              It requires two queries. The first query is to find the registrar that is associated with the name, the second query is to get the data from that registrar.

              The ICANN proposal sounds very bad for me for several reasons: - current system is fine, no reason to change it - centralisation is bad. What if the U.S. controled central authority started to filter entries it doesn't like from the database? What if the central authority refuses to accept certain new entries into the database? - users would need to register and pay fee to access (certain info in) whois database

              The current system actually has several problems.

              If you have your own domain name, you know how every year you get about 50 emails and postal mailings telling you it is time to renew; they send something that looks like a bill for services but is actually an overpriced DNS transfer

    • by Opportunist ( 166417 ) on Tuesday June 25, 2013 @11:57PM (#44109159)

      The tinfoil-hat enthusiast in me would say that this may be one of the intentions behind it.

    • As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.

      Number lookups are driven by a completely separate system and governance structure from domain record lookup.

  • by Macdude ( 23507 ) on Tuesday June 25, 2013 @11:26PM (#44109021)

    This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.

    • by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Wednesday June 26, 2013 @12:11AM (#44109221) Homepage Journal

      This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.

      Have you tried searching for a WHOIS record lately? Well over 90% of the records I have searched for in the past 2-3 years have been intentionally obfuscated by various systems as it is. This only accelerates their profits. This is, of course, the only thing the guys at ICANN have been interested in for some time (remember the auctions for gTLDs?).

      • Have you tried searching for a WHOIS record lately? Well over 90% of the records I have searched for in the past 2-3 years have been intentionally obfuscated by various systems as it is. This only accelerates their profits. This is, of course, the only thing the guys at ICANN have been interested in for some time (remember the auctions for gTLDs?).

        Actually, yes. And for finding out who owns an IP block it is still surprisingly complete. I will sure miss being able to find complete netblocks to blackhole in the firewall.

      • Have you tried searching for a WHOIS record lately? Well over 90% of the records I have searched for in the past 2-3 years have been intentionally obfuscated by various systems as it is.

        This is IMO fail of various national registrars. For example our .cz domain registrar NIC.CZ forbids anonymized domains and would take such domain out of the registry if it finds out about it. As a result, whois database for .cz domain is pleasure to use.

  • by Anonymous Coward

    However can we tell if someone is spoofing their WHOIS data? Quick, we have to make a completely unnecessary power grab before it's too late!

    Thanks but no thanks, ICANN.

  • by Sean ( 422 ) on Tuesday June 25, 2013 @11:27PM (#44109029)

    What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

    • by Phroggy ( 441 )

      What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

      Yes. This. Just trying to figure out "is this domain registered, or is it available?" is a complete pain in the ass, for any sort of automated system.

      • by Sean ( 422 ) on Tuesday June 25, 2013 @11:54PM (#44109145)

        dig @a.gtld-servers.net example.com in soa

        If you don't get NXDOMAIN then it's registered.

        • by Phroggy ( 441 )

          dig @a.gtld-servers.net example.com in soa

          If you don't get NXDOMAIN then it's registered.

          What about detecting domains that have just expired, but haven't been removed yet? And not just for .com but for other TLDs (and second-level domains as appropriate, see http://publicsuffix.org/ [publicsuffix.org]) as well.

          • by Sean ( 422 )

            Yeah, registration expiry info is only available in WHOIS, not in the zone itself.

            Dealing with other TLDs that allow second-level requires knowledge of their structures. Some of them have wildcards too, and that is detectable. Anyone doing this kind of automation can figure it out. It's not hard, it just sucks.

            • by Phroggy ( 441 )

              It's not hard, it just sucks.

              Precisely my point. There is clearly room for improvement.

          • by markhb ( 11721 )

            What about detecting domains that have just expired, but haven't been removed yet?

            Oh, you mean like the domain squatters do?

        • dig @a.gtld-servers.net example.com in soa

          If you don't get NXDOMAIN then it's registered.

          Until they start serving search adds instead...

        • Fascinating. I wondered who registered sean-is-mistaken.co.uk.
    • by Sean ( 422 ) on Tuesday June 25, 2013 @11:52PM (#44109133)

      Everyone go here and let them know we don't want this.

      https://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm [icann.org]

    • Re: (Score:3, Informative)

      by SAH ( 191023 )

      What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

      There's IETF work under way to develop standard formats for whois-like queries and responses: http://datatracker.ietf.org/wg/weirds/charter/

  • Stupid Idea (Score:5, Insightful)

    by Etherwalk ( 681268 ) on Tuesday June 25, 2013 @11:28PM (#44109039)

    There should be a way for any person to contact any domain owner or domain-owning company. Putting a service in to vet requests will make it harder.

    This is bad. And less transparent. And less distributed. And more expensive.

    • by tlhIngan ( 30335 )

      There should be a way for any person to contact any domain owner or domain-owning company.

      Which is the current problem with WHOIS - because it's easily accessible by everyone, everyone abuses it. So the end result is that all information is now hidden by proxies. The fact alone pretty much makes WHOIS useless if you need to contact someone.

      A more restricted service that prevents abuse and requires all information be accurate (i.e., no proxies) and pointing to real people would be much more useful.

      Either tha

      • The fact alone pretty much makes WHOIS useless if you need to contact someone.

        I use one of those proxy services to register domains. They require a valid email address and test periodically to make sure it works. They publish an auto-generated random-looking email address for each domain, and reliably forward mail to the address I've provided. People who need to contact me are able to do so instantly.

    • This is bad. And less transparent. And less distributed. And more expensive.

      But as long as we save one child... I mean, as long as at least one person makes a boat load of money, it will be worth it.

  • Seems like a solution in search of a problem.

    Though it would be nice to see some of the WHOIS spam cleaned up.

    Even some of Google's WHOIS information has been jihacked by pr0n advertisers.

  • data store maintained by a third party

    What domain privacy [wikipedia.org] rules would be [wired.com] applicable?

  • Find someone with private registration services. Record all fields. Put those fields into your website. Then some BS data request or subpoena or whatever would result in the private registration company claiming there is no associated record and some huge argument, none of which results in them getting your data. It's ridiculously insecure and a horrible idea to attach your name to a website. That's just asking for nonstop trouble, spam, scam calls, scam e-mails, domain scams, threats, etc.
    • by Animats ( 122034 )

      It's ridiculously insecure and a horrible idea to attach your name to a website. That's just asking for nonstop trouble, spam, scam calls, scam e-mails, domain scams, threats, etc.

      What trouble? My real name and phone have been on all my WHOIS records for two decades. There's some spam, but the filters stop that. Maybe two phone calls a year. One threat in the last decade, from a scammer. He's no longer in business.

      If you're running a business, you're supposed to disclose the actual name and address from which the business is conducted, at least in California and in the European Union. "Private registration" is a slimeball indicator for a site with any commercial purpose.

  • They just fired the guy responsible for this form [icann.org] and want to outsource it.
  • Easy to explain what it is, and the same explanation also say why it is wrong. Anyway, this goes with the current agenda of taking control of internet [businessinsider.com].
  • This action is not with your best interests in heart. This proposal comes with the intent of ICANN maximizing their own profits. They will blow smoke about privacy and other such utter bullshit to try to get people to support this but make no mistake, this will make the internet a less pleasant experience for users and a better hiding place for spammers.

    How so, you might ask? Right now the current WHOIS gives vague lipservice to requiring domain registrations (and only under a very specific list of TLDs at that) to be registered with valid information. As it is, a not-insignificant portion of all new registrations at any given time are completed with missing or completely bogus information. And yet when this happens ICANN - who is tasked with making WHOIS data legible - almost always does nothing.

    Now, they are just looking to openly embrace obfuscated, missing, and utterly bogus data in WHOIS records. The only people who benefit form this are the registrars that sell domains that benefit from that kind of lax registration requirement - spammers, scammers, and the like. If you don't think this matters to you, just wait until someone you know has their identity stolen after they mistype the web page for their bank, click on a fake ebay email, or do anything of that nature. The scum that will make money off of this will get to someone close to you, and this action will make it even less likely that those types will ever see any kind of punishment for their actions.

    In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.
    • "In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks."

      odd, I was thinking exactly the same thing

    • ...fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.

      Mmm, smells like teen spirit...

    • Someone really hates sex...

  • Is it to milk money from me whenever I want to know who keeps trying to hack me or is it to keep me from finding out who it is because such "sensitive information" will only be available to governments and the content industry?

    • by gl4ss ( 559668 )

      the goal is to give a right for a company to do this, for the company to charge and the company to kickback some cash to ICANN.

      ICANNOT.

  • Comment removed based on user account deletion
  • Like AS numbers, network blocks etc?

    Oh wait, they don't make money out of that will be thrown out?

  • time to replace icann with.... fuck, just about anything would be better... even microsoft, and that's saying a lot

  • The proposal is aimed at charging the domain squatters for the thousands or millions of daily hits they make, which do burden the whois system profoundly. I'm aware of entire companies that were founded to do this during the "dotcom" bubble, most of which thankfully died out during the "dotbomb" burst. But the business remains intact, and is even more populated by fraudsters than it was then. And this proposal is clearly aimed at limiting the large scale data mining to a much more select clientele.

    It might

  • Stupid question bonus round.. wouldn't this cut into domain privacy surcharges all yer registrar friends try and rake in? I mean if records can no longer be accessed by joe spammer such privacy services become useless...don't it?

    I for one would fully support abolishing ICANN and replacing it with an institution that at least tries to care about what is actually best for the Internet. We see failure after failure in policy from ICANN consistantly doing what is good for business regardless of its effect on

  • If you read the questions posted at ICANNs share your thoughts page : http://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm, it's clear they've already made their decision to move forward this this ridiculous plan.

    Whois is an invaluable tool for web hosters and managed service providers. To say we'll need to request access to this information in the future is absurd. I see no security "risks" with the whois information being available. If i'm able to legally look up ownership an

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...