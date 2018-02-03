WHATIS Going To Happen To WHOIS? (vice.com) 32
dmoberhaus writes: A European data privacy law goes into effect in May, but it's already having far reaching consequences, especially when it comes to publicly available WHOIS data. Motherboard spoke to a domain registrar, ICANN and some security researchers about how anticipation of the EU privacy laws implementation has already gutted WHOIS data, why this is dangerous and what the future of WHOIS looks like.
ICANN requires registars to make data on their customers publicly available -- but registrars would be more than happy to stop, according to Tim Chen, the CEO of a WHOIS data analytics firm. Besides hiding their customer lists, it would also address complaints about spammers harvesting email addresses. So registars like GoDaddy "are taking this opportunity to see how far they can push things."
But the article has some sympathy for ICANN. "On the one hand, the organization is under pressure from law enforcement officials and security researchers who depend on WHOIS data to investigate possible crimes or mitigate devastating malware attacks. On the other hand, the organization must also accomodate laws like the GDPR that are the only bulwark against the wholesale of individuals' data by internet giants like Google and Facebook." In 2014 ICANN suggested a "gated" registry that would only authorize access to people who identified themselves and their purpose for accessing the data. But progress has been slow, according to the article, which adds "It's uncertain when ICANN will have a finalized protocol for a next generation version of WHOIS, but an overhaul of this nearly 30-year-old protocol is long overdue.
"The notion that individual data should require a requester to also provide their own data is both equitable and intuitive -- the only remaining question is how to make it work."
I use it sometimes. Mostly to keep track of expiration dates for my own and client's domains, but it's not all obfuscated. Even just the creation date can be useful when looking into something.
Why doesn't ICANN tell them to take a fucking hike...and if they don't want WHOIS available in their country, then they can block it into their country with their own firewalls or whatever.
Not irrelevant but CIRA (Canada's registry) did the same sort of thing a long time ago and it works just fine. Just saves people from having to pay stupid fees for privacy protection.
I do. - we also count bad dns requests to our dns servers - hit a limit and well thats not my problem
This is total nonsense. GDRP is about disclosing how you handle data and giving people handles when they want to be removed from your system. In no way does it stop you from creating a phone book for domains holders.
Ironic that you call it nonsense and then give a nonsense summary yourself. Data access and portability are two of the many areas you ignored. I could certainly see hosting companies making decisions to change how they present WHOIS based on GDPR, for example keeping logs of what is displayed and to whom given their responsibility to record processing of relevant data.
You misunderstand data access if you think I didn't cover it. As far as portability is concerned, that's the whole point of WHOIS, they have that covered.
Nothing here contradicts what I said. Which part would ban WHOIS?
Anyone who has a registered domain or ssl certificate is familiar with the perennial scam of getting a fraudulent letter or emailing informing them that their domain is about to expire please send money now.
What's wrong with having WHOIS point to a middleman who must forward to the owner?
There's no privacy issue that way.
This - or some variant of this - is how Dreamhost has handled WHOIS for years. Currently if you look up my hobby site, the admin contact is {domain name}@proxy.dreamhost.com .
Most domains are owned by proxy anyway, so if you do a whois you're just going to get the name of the proxy.
The days of using whois to hold domain owners responsible for anything have been long over for a long time; anyone doing anything shady (or just wanting basic privacy) is using a proxy.
People tend to focus on domains when it comes to WHOIS usage; however I've found myself using it more to see who administrates/SWIPP'd a given block of IPs rather than looking up often inaccurate or obfuscated info on domain ownership.
I agree - any whois that says do not block me, or "I AM NOT SPAMMING YOU" is worthy of a mallet
My registrar offered to make my personal information private something like 18 months ago, an offer which I immediately accepted. As a result I've had no more scam letters from assholes telling me I owe them money to renew my domain.
Typing a domain name into a computer without proper authority should never ever reveal the name, address and phone number of the owner for the very same reasons that in the UK you can't type the registration number of a car into a computer to obtain the name address and phone nu
My domain registrar (Hover.com, based in Canada) offers WHOIS obfuscation for free. I'd be an idiot not to take advantage of it.
The notion that individual data should require a requester to also provide their own data is both equitable and intuitive -- the only remaining question is how to make it work.
I am going to create a piece of legislation that states "all citizens have a right to be able to time travel". I guess since it's the law we have to invent the time machine. Apparently the best approach to decision making is to shoot first and aim later.
