Will GDPR Kill WHOIS? (theregister.co.uk) 215
Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN:
Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."
Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."
Probably not kill (Score:2)
But it may make it change into the need to access the registrar to get further information whenever needed.
Re: (Score:2)
Re:Probably not kill (Score:5, Insightful)
Let's hope so.
At the moment the whois database is:
a) A free mailing list for spammers
b) An excuse for ISPs to charge extra for "private listings".
If this law can change the situation then it gets my vote.
Re: (Score:2)
This.
Be sure to register your domains with European registrars.
Re: (Score:2)
An excuse for ISPs to charge extra for "private listings"
Try AWS Route 53. $11 domains including privacy.
It's best if you use your own DNS service though (or the one from Office365 or Linode) because otherwise AWS charges you $0.50/zone per month.
Re: (Score:2)
"Try AWS Route 53. $11 domains including privacy."
And when that domain is found to be conducting illegal activities? I guess Amazon would then need to be held responsible for aiding and abetting.
Re: (Score:2)
Actually no. When that domain is found to be conducting illegal activities, the police will show a court order to Amazon asking to identify the registrant.
It is the same procedure that is used now to identify people based on their IP addresses. There is no public directory of IP address vs subscriber, however, if you post a bomb threat as a comment on some site, you may get a visit from the police anyway.
Re:Probably not kill (Score:5, Interesting)
Please allow me to disagree. The "free mailing list for spammers" is for data that is typically already accessible by many other means, all of which are already in use by spammers.
Also note that most domains are not legitimate. Most are owned by domain squatters. In particular, they are owned by Network Solutions, which pre-registers all unused domains that are looked up from their servers, including their "whois" services and held hostage to prevent the people who sought the domain from registering it anywhere but through Network Solutions. The practice is sometimes known as "domain frontrunning", but I would certainly qualify it as cyber squatting. Network Solutions, and the domain registrars for the more than 1000 current top level domains, can do this without paying any fees for the 4-day holding period.
Other sources of fraudulent domains, eased by current policies, are fomain squatting for fraud. It's been useful to be forced to provide valid contact information, since a business owner can be contacted and served with a court order to cease operations, and a fraud can be reported for fraudulent contact information and get their domain canceled. It's also been useful to contact domain owners to notify them of network or service difficulties that are otherwise difficult to report: "send me email" or "go to the website" does not work when the site's DNS service has failed for any reason, or web servers are down. I've certainly used it that way and it's been invaluable to reach business partners in the middle of the night, when even their own alert system is disabled by a network issue.
registrars' license to print money has expired. (Score:4, Interesting)
i wonder if icann was getting kickbacks from godaddy and the like from 'private' registration fees.. and that was the reason for them dragging their feet here.. eu's new requirements all but kills that 'little' side business and profit center.
Do as Sweden do (Score:4, Informative)
Re: (Score:3)
What does matter is who owns it --who is responsible for content served-- and who to contact in case of technical trouble.
Why? Why is there a need any of that to be public information?
If the content is illegal, tell the police. If the website is down then it's their problem, not yours.
Re: (Score:2)
It's not just about illegal content. It's also about misleading content. It is about knowing where to send the subpoena if you need to sue. It is about preventing foreign meddling in American elections. And so on.
The Internet was not designed around domain owner anonymity, and forcing anonymity upon it breaks things in fairly fundamental ways.
Re: (Score:2)
Whois privacy is a thing. Most registrars just charge extra for it. I see no problem with making that free and the default option.
What things break in fundamental ways if whois privacy is enabled for everyone for free by default?
Re: (Score:2)
Whois privacy is a thing. Most registrars just charge extra for it. I see no problem with making that free and the default option.
When you use the "whois privacy" option: the legal owner of the domain according to the registry will be a proxy service. That means technically you no longer own the domain, except according to the proxy service you've hired --- if they go bankrupt or something, there's a chance "your" domain gets sold to satisfy their debts.
Re: (Score:2)
The Internet was not designed around domain owner anonymity
The internet was not designed around identifying content owners. It was only ever designed around identifying individual computers. WHOIS is a useless bolt-on, completely irrelevant in that it hasn't contained useful information since the turn of the century and the rules about publishing identifying information have been either completely ignored at worst or gone unverified at best.
If you get something useful out of a WHOIS query, you should probably play the phone number in the lottery tonight.
Re: (Score:2)
It's also about domain squatting, for which a working contact address is very useful.
Re: (Score:2)
"If the content is illegal, tell the police."
Are you too fucking stupid to know the difference between criminal and civil liabilities?
"Why is there a need any of that to be public information?"
I refer you to my first question asked in this post.
Re: (Score:2)
No requirement for civil proceedings requires personal information to be posted publicly. The registra has this personal information and can be compelled by a court to provide it. Nothing more should be needed.
Re: (Score:2)
"No requirement for civil proceedings requires personal information to be posted publicly."
Oh boy I can tell you've never done SHIT in court, because once the proceedings are done, ALL OF THAT INFO IS MADE PUBLIC FUCKING RECORD.
Care to try again, oh ye of obviously lacking civic duty?
The Internet needs WHOIS records today (Score:3)
Re:The Internet needs WHOIS records today (Score:5, Insightful)
Re:The Internet needs WHOIS records today (Score:5, Insightful)
I suspect the Internet will continue to function perfectly without my fake name, fake address and fake telephone number.
Re: (Score:2)
Nothing in WHOIS is needed by networks. Everything the networks need is in the DNS database.
Re: (Score:2)
Really? Which whois records are needed for the internet to function? I mean whois privacy is a thing for a long time now, it just costs extra. With the new law people won't have to pay extra.
GDPR allows for the storage of personal data - as long as there is a valid reason to do so. For example, you run a repair shop and a client has brought his appliance for you to fix. You need the serial number of the appliance for warranty (not personal data) and you need the name and phone number of the client so you ca
Re: The Internet needs WHOIS records today (Score:2)
Re: (Score:3)
The example was for warranty service. Under warranty, the money changes hands between the service center and the manufacturer, the customer is not involved in that transaction, only their appliance is. You only need the customer's telephone number so you can contact them when the repairs are one. You only need the customer's address if you plan on delivering the repaired appliance to them. You no longer need the information after the customer takes his appliance from you.
But yes, if you do out-of-warranty s
Re: (Score:2)
The group in charge of GDPR doesn't have the slightest idea how modern technology, software, cybersecurity, or the Internet in general works to begin with. If they did, then the GDPR would have been more sane.
Re: The Internet needs WHOIS records today (Score:2)
The GDPR is put into place because way too many companies are abusing the privacy of people.
It still has provisions to allow data to be used if it is properly anonymized. But the goal is to make it harder to have privacy-invading calls to individuals and abuse personal data.
Re: (Score:2)
ICANN have already had a 2 year "temporary provision" AKA 2 years to bother reading the GPDR law.
They had 10 years advance notice it was coming and endless opportunity to educate themselves or lobby for change.
They pissed away all opportunities given them, it ends now. No amount of threats or begging from the commercial parasites feeding on ICANNs unnecessarily open WHOIS can help them, they chose to be part of the problem and it's going to bite them.
Sounds like they thought they could throw (Score:2)
Please, I'm Special! (Score:5, Insightful)
Well, this is one in a long line of people applying for exemptions to laws because they are special. The usual answer is, no, you are not special. It isn't for the administrative apparatus to get rid of the law it administers, it is for the political body responsible for the measure to pass a corrective measure.
Presumably one would have to contact domain name holders through their registrars without knowing who the registrant is. The system is not transparent, but it is private.
WHOIS is a joke... (Score:2, Insightful)
I don't see major privacy implications. You can easily put a throwaway email address and a fake mailing address in your contact info, especially if you pay for the domain with a prepaid debit card. No one really cares.
WHOIS is mainly good for the domain owner because:
(1) Someone can contact them if they get hacked and the domain is being used for unsavory purposes like spam or phishing.
(2) People offering to buy the domain can contact them. If you don't want the offer, don't reply.
What's the big deal?
Re: (Score:2)
I don't see major privacy implications. You can easily put a throwaway email address and a fake mailing address in your contact info, especially if you pay for the domain with a prepaid debit card. No one really cares.
Technically, it's illegal to do so.
Re: (Score:2)
I don't see major privacy implications. You can easily put a throwaway email address and a fake mailing address in your contact info, especially if you pay for the domain with a prepaid debit card. No one really cares.
If you do this you can lose your domain. Some people don't want their information in whois records for multiple reasons including to protect themselves from physical violence.
Paying extra to keep your information out of whois is the same as paying extra to keep your name out of the white pages. This is extortion. It also actively encourages people to use bogus information to avoid having their information out there.
If everyone had a choice with no monetary repercussions whether or not to make their info
Re: (Score:2)
A lot of people use whois privacy service, even though most registrars charge extra for it.
So, the registrars can just make whois provacy the default and no extra charge. They would probably be compliant with the law.
LOL (Score:5, Interesting)
We have been working on getting our software GDPR compliant for past 6 months, with a huge effort in both analysis and development. And these guys think they will just shrug it of by waiting until the deadline and then writing a letter to the point of "we can just ignore this, right?" I literally LOLed.
That said, GDPR is complete nonsense, nobody will be fully compliant, and EU will not be able to punish everyone who is not compliant and will either have to ignore its own rules or amend them very soon.
Re:LOL (Score:5, Insightful)
That said, GDPR is complete nonsense, nobody will be fully compliant, and EU will not be able to punish everyone who is not compliant and will either have to ignore its own rules or amend them very soon.
The classic "respecting your privacy is too hard" argument. Sure, it will take some time for everyone to come into compliance, but that's only because things got so bad already.
Re: (Score:2)
The classic "respecting your privacy is too hard" argument. Sure, it will take some time for everyone to come into compliance, but that's only because things got so bad already.
Exactly. I mean it's a huge pain in the arse in that you can't be lax with user data, just as it's a huge pain in the rse to pay taxes, file proper accounts and not pullute the local waterways.
Re: (Score:2)
I'm all for privacy, but GDPR will impossible to follow in practice. One of the big issues is the right to be forgotten. We are a company with 50000 employees worldwide, with tons of information systems that are not completely integrated. If you call and tell me you want the whole company to forget that you exist, I am somehow supposed to access an excel file on a shared folder in Thailand that somebody created 10 years ago and delete your address from it even though your name was misspelled or you changed
Re: (Score:2)
Does the excel file also have the credit card numbers of your customers?
Under the new law you will only be able to handle my personal data for explicitly defined purposes, so, there will probably be a list of employees who can access my data and that list won't include "everyone in the company".
Re: (Score:2)
And that is also not required by the GDPR, you have to make a reasonable effort in order to remove the details, not a herculean effort. This is e.g why backups are not covered by the GDPR.
Re: (Score:2)
In your scenario it sounds like 10 years ago the company was already in violation of the Data Protection Directive. The big changes are how serious the fines can be, not how you can store and use data.
Re: (Score:2)
With 50k employees you must have someone who understands the GDPR who can explain why this isn't a real issue. In fact you should have been told by now anyway if it is at all relevant to your job.
Re: (Score:2)
That's not realistic and will not happen
Prosecution for the example you posted is not realistic and will not happen either. The amazing thing about this example is that if you can't reasonably find the data it's unlikely that someone else will either.
The law is pretty black and white and doesn't give participation awards for trying. But the reality is the application of the law will be directly tried to that effort.
Re: (Score:2)
So basically you're telling me your company doesn't control, track or understand the data it holds.
That also means you can't properly protect the data subjects. Sounds like a big fine would be entirely fucking appropriate.
Re: (Score:2)
Anyone who posts a comment like yours either
(a) Knows nothing about how software and computers work in general
(b) Knows nothing about GDPR
(c) Has enough of an intersection of (a) and (b) that they are still very misinformed.
GDPR is a total farce and complete nonsense. If you don't realize that, then you don't know enough about it.
Re: (Score:2)
Explain it to me then. Give me an example of an unsolvable problem.
Anonymised listings (Score:2)
Death of DNS too? (Score:2)
US shouldn't have handed over DNS to ICANN (Score:2)
So the EU can ban whois in the EU if they like (Score:2)
Why should ICANN care?
Not every entity in the world has to be complaint with EU law. Or US law. Or Chinese or Iranian law.
Re: (Score:3)
Another good example is the UK registry of limited companies. Here are the names of the directors of Tesco (a large supermarket) [companieshouse.gov.uk] for all to see. How does that differ from whois ?
Re: (Score:2)
"Limited companies" are businesses, owned by those individuals. An individual can register a personal domain for their own personal communications or communications. In US Constitutional terms, it becomes a free speech issue. Can one speak as an individual on the Internet hosting a website or email service or even an FTP document server, without giving up the personal information of the domain owner?
Re: (Score:2)
In the UK a domain that is non commercial can opt to keep the name of the registrant private. I like that distinction of what should be publicly known and what can reasonably be kept private.
Re: (Score:2)
GDPR is a euro thing. The US constitution (and US free speech laws) are not really relevant. The EU and the UK have different standards for free speech and privacy than the US.
Re: (Score:2)
He was using an analogy to help people with limited education.
Re: (Score:3, Interesting)
You already have a right to not be listed in the phone book.
What probably will change is that phone companies no longer can charge extra for this, and other 3rd party phone book providers (most of which are scammers) will have a much harder time operating.
Re: (Score:2)
You already have a right to not be listed in the phone book.
What probably will change is that phone companies no longer can charge extra for this
Here in Germany, the option of not being listed in the phone book is free. And (and least for some phone companies) the default.
Re: (Score:2)
I haven't seen a phone book in a while (though they are still printed, probably). However, for a long time people were able to ask that their numbers be excluded from the phone book.
Re:and GDPR is? (Score:5, Informative)
The General Data Protection Regulation is a new set of rules governing the use of personal data in the EU. Among other things, it doesn't allow personal data to be shared without good reason, and ICANN makes names, addresses and other contact details available in the WhoIs database.
These rules have been on the horizon for years. It's not like they were suddenly announced yesterday. ICANN has had a long, long time to find a solution.
In any case, the system has been broken for decades anyway, because a lot of domains are registered behind privacy shield services, where a company registers the domain on behalf of their customer without revealing that person's information.
Re: (Score:2)
They've been on the horizon, but exactly what form they would take has been unclear. So it's reasonable that ICANN can't.
OTOH, the general tenor of the forthcoming regulation has been clear for a long time, and they should have been aware of the *kind* of change that was being requested. That they didn't stop promiscuously sharing personal information is clear sign that they didn't *want* to comply.
My general feeling is that if ICANN only needed to make detail corrections to a policy that was attempting t
Re: (Score:3)
It was finalized two years ago.
Re: (Score:3)
They've been on the horizon, but exactly what form they would take has been unclear. So it's reasonable that ICANN can't.\
If you'll bother to read the summary you'll see that ICANN has had its hands over its ears and been going "I'm not listening, I'm not listening" for the last couple of years.
The law isn't hard to understand: It simply says "no!" to anybody who thinks personal data is something to be used to make money.
Publishing a database like "whois"? Not allowed.
Re: (Score:2)
Those are third parties to ICANN. Private parties provide a technical contact, and that party contacts the actual technical contact.
The system requires the names for technical contacts to be published at the very least.
Re: (Score:2)
OK. Lots of people are saying, in one way or another, that I should have used harsher terms in criticizing ICANN. I don't like doing that, but I'll admit in this case it seems justified.
What I'm not sure of is to what extent the implementing regulations were detailed by the law that got passed. If, as some have indicated (and I still doubt) the detailed measures were a part of the bill, then I was extremely much too lenient in my criticisms. I've been assuming that the implementing rules were created ba
Re:and GDPR is? (Score:5, Informative)
It seems obivous that ICANN was willfully ignoring reality. Various passages from The Register's coverage of the years' long unfolding:
ICANN has done its best to ignore [GDPR] for a number of years, relying on the fact it is a US corporation and that the American government is strongly supportive of the Whois system.
But then the companies that fund the organization started explaining that it was a real problem. Many have their headquarters or subsidiaries in Europe and GDPR imposes fines of up to €20 million or 4 per cent of turnover, whichever is larger, if companies are not in compliance.
So in response ICANN decided to commission a third-party to put everyone's minds at rest. But that expert came back and told ICANN the same thing: you have to sort this out now.
The problem really hit home when registries under contract with ICANN started rejecting the organization's authority. ICANN's legal department sent threatening letters to two internet registries based in Europe that said they won't run a Whois service. ICANN informed them it was in their contract.
They got back: that part of the contract is "null and void" because it conflicts with European law. It's safe to say that woke the Californian organization up.
Several months later, ICANN came up with a quick fudge: it would not impose its contractual obligations if companies sent it a letter explaining what they intended to do to fulfill the new European regulations. The idea was that ICANN would then use these models to devise its own system, which it would then ask everyone to apply.
When ICANN's staff and board realized it was going to be impossible to hit the May 25 deadline, it decided – by itself – that the best solution was simply to ask the DPAs for a delay.
And somehow – despite those authorities giving no indication that such an approach was even possible – the idea of a moratorium became the central component of ICANN's efforts to become compliant with the law.
In its summary of the subsequent meeting with WP29 earlier this week, US-based ICANN makes no mention of its core request for a moratorium and when we asked the organization whether it had made the request and what response it had received, it responded that it was "provided feedback from the DPAs and agreed there remain open questions."
What we now know is that the DPAs were much more blunt in their response: "The GDPR does not allow national supervisory authorities to create an 'enforcement moratorium' for individual data controllers."
Amazingly, it isn't just this concept of a moratorium where ICANN has deluded itself into believing a different version of reality.
Despite the clear guidance of the DPAs and even of its own external legal counsel that it specifically hired to advise it on how to become GDPR compliant, ICANN has also persuaded itself that it was going to be able to publish people's email addresses.
Re: (Score:3, Insightful)
There's a quick solution to all of this. ICANN and IANA jointly run the root servers. Announce that any TLD registrar that doesn't provide WHOIS service will no longer be listed, and see how many days it takes the EU to fix their law.
If there is a conflict between the GDPR and WHOIS, then contrary to popular belief here on Slashdot, this is a flaw in the GDPR. As far as I know, even in the EU, people are not allowed to do business as a fictitious entity without registering their identity in a way that so
Re: (Score:2)
A lot of registrars are already non-compliant with ICANN's wishes to have my name, home address, telephone number and email address listed publicly for anyone to find and send "offers" to. Those evil registrars offer a service, where they remove my data from the public record, for a fee.
The only difference for GDPR is that the "WHOIS privacy" service will have to be free and on by default (as I understand it, there could be further limits as to what data the registrar can keep in its private database). If I
Re: (Score:2)
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
Re: (Score:2)
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
There is no court subpoena if you can't identify a defendant.
Re: (Score:2)
Then how do defendants get identified by their IP addresses? There is no public IP - subscriber database. You have to ask the ISP to provide the information.
What is the difference here?
Re: (Score:2)
GDPR doesn't prohibit courts from issuing subpoenas ordering registrars to identify domain owners.
There is no court subpoena if you can't identify a defendant.
IANAL, but I believe there is a way to do this.
You can write a subpoena for an unknown person (e.g, a John Doe [wikipedia.org] with partial information (like a domain name) and submit it to the court.
If approved by the court, you can take the subpoena to the registrar for that domain name and as part of the discovery process attempt to compel the registrar to release the name.
If the registrar doesn't turn over the information associated with the domain name, they are in violation of a court order. I believe the court can
Re: (Score:2)
I don't know about in Europe, but in the US there are "John Doe" subpoenas, where you don't know the name of the entity being subpoenaed, but you have other identifying information. Admittedly, those have been misused at times, but they also often serve a valid purpose.
So I suppose that a court could issue such a subpoena to "the entity using this IP address at this time". (Whether that information would be available is another question, of course.)
Re: (Score:2)
ICANN and IANA jointly run the root servers. Announce that any TLD registrar that doesn't provide WHOIS service will no longer be listed, and see how many days it takes the EU to fix their law.
Yes because we've all seen how quickly the EU bends over to the whim of Americans. /sarcasm
If there is a conflict between the GDPR and WHOIS, then contrary to popular belief here on Slashdot, this is a flaw in the GDPR.
Why? New time, new law. Something acceptable in the past, not acceptable now and incompatible with some service no one uses anymore doesn't make it "flawed". Specifically take note of the last part. WHOIS is a worthless database full of garbage entries. Hell my own domain's WHOIS entry isn't complaint with ICANN's rules and hasn't been for the past 15 years.
Re: and GDPR is? (Score:2)
Whois does more than just return registration information. It is the database of domain names. Without it you cannot ascertain whether what your DNS return values are true or whether or not a domain is unique.
Re: (Score:2)
And WHOIS as a database system isn't at all a problem, only the rules for implementation as currently written by ICANN are.
e.g. the WHOIS system for Sweden is fully in compliance with the GDPR because it doesn't contain any personal names or details of people, but rather points to the registra, and still happily serves all the purposes you list.
Re: (Score:3)
GDPR doesn't affect things like company registration and ownership records. There is a clear legal, necessary requirement for them to exist and permission is required in order to set up a limited liability company.
If ICANN tried to kick EU domains off then the EU would just fork DNS. The EU is much larger than the US (511 million to 325 million people) and any such move would hurt the US far more anyway, because the US would be the one with an incomplete set of DNS records.
In practical terms the US would be
Re: (Score:2)
I pay more to hide that information than I pay for the domains, so this sounds like a feature for Europeans to me.
If a person actually wants to post information about a domain online, they can use an "about" or "contact" page. This isn't the 1990s, where a website might be down and the company didn't notice for a week until somebody called the ICANN contact. ;)
ICANN can't "find a solution," there is no solution. They're not supposed to be a decision-making body, they're supposed to be a management body that
Re: (Score:2)
What is the purpose of whois though? To allow the registrars to charge extra for the privacy option?
For example - whois includes the full name of a "contact person", even if the domain belongs to a company. There is absolutely no need for it - you can have email and an office telephone number, but there is no need to publish a name.
Re:and GDPR is? (Score:5, Interesting)
Whois is a relic of the early days of the internet, when things were small and simple, and most conflicts were resolved engineer-to-engineer with a phone call or an email. The contact information was there to allow this sort of communication - often in the form of 'logging hack attempts from your server, someone probably compromised it' or 'Fix your bloody BGP announcements!' There was no point involving anyone else - the rest of the company barely understood what a computer did.
That was before there were millions of dollars at stake and lawsuits were commonplace. These days any large company is going to want all inter-company communications to go through customer services coming in and legal going out. They certainly won't want their engineers trying to directly contact the engineers of another company. Engineers tend to be distressingly honest at times, and what they see as a harmless explanation, a lawyer might see as an admission of error that can be used in a lawsuit.
Re:and GDPR is? (Score:5, Insightful)
No explanation of what the law is, or what provision that ICANN is in violation of... WTF kind of summary is this?
If you don't know how to use google then you probably shouldn't be reading this story.
https://www.cennydd.com/writin... [cennydd.com]
Re:and GDPR is? (Score:5, Insightful)
You can also google these news stories without ever having to visit Slashdot. The reason for coming here is for curated information which fosters discussion. The summary provides the minimum information to understand the nature of the discussion and links to resources containing the fuller details. I would have to agree that this summary has failed to do that. The fact it's possible to work around the summary's deficiencies with a little extra labor does not make those deficiencies non-existent.
What makes more sense -- a million readers having to look up what GDPR is, or one person defining it?
Re: (Score:2)
Re:and GDPR is? (Score:5, Informative)
As the "submitter" I have to agree. The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains. So I guess they editorialized it extensively, which is fine. But it still bears my name, which is weird.
Re:and GDPR is? (Score:5, Informative)
Importantly, Slashdot's editors failed, IMO, to maintain a key point in this submission, that ICANN has been basically negligent and delusional in ignoring this pending law and failing to take any action in the TWO YEARS since the law was passed. And then at the last minute they asked for a moratorium and said otherwise they won't be able to adhere to the law. If you read the many months worth of coverage that The Register has published on this, it is a mindblowing story of incompetence and irresponsibility by ICANN. (Read the Register link in the OP, and the related articles will guide you.)
Submitted:
In a letter sent to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.
ICANN has already acknowledged it has no chance of doing so. The company warns that without being granted a special temporary exemption from the law, the system will fracture, perhaps even resulting in the Whois service being turned off completely while a replacement was developed.
Critics point out that ICANN has largely brought these problems on itself, having ignored official warnings from the Article 29 Working Party for nearly a decade, and only taking the GDPR requirements seriously six months ago when there has been a clear two-year lead time.
European agencies responded and tore ICANN's plan to shreds, pointing out that it needs to be much more precise and to include both compliance and auditing functions. Critically, however, it did not address ICANN's request for a moratorium.
Even the idea of a moratorium appears to have been invented by ICANN. This is no evidence of a similar request from any other industry, and the GDPR is, after all, a globally applicable law that affects everyone.
---
ICANN gives domain souks permission to tell it the answer to Whois privacy law debacle
https://www.theregister.co.uk/... [theregister.co.uk]
As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains
https://www.theregister.co.uk/... [theregister.co.uk]
Whois is dead as Europe hands DNS overlord ICANN its arse
https://www.theregister.co.uk/... [theregister.co.uk]
US government weighs in on GDPR-Whois debacle, orders ICANN to go probe GoDaddy
https://www.theregister.co.uk/... [theregister.co.uk]
ICANN takes Whois begging bowl to Europe, comes back empty
https://www.theregister.co.uk/... [theregister.co.uk]
Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year
https://www.theregister.co.uk/... [theregister.co.uk]
https://www.icann.org/en/syste... [icann.org]
https://www.icann.org/news/ann... [icann.org]
Re:and GDPR is? (Score:5, Interesting)
"The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains."
I think it's about time a lawyer got involved because the editorialization has gone beyond anything reasonable. This literally amounts to them using your idea, your story, but literally everything stated is put into your mouth as if you had actually said it when you did not, ever.
Especially when the comments and such are supposed to be owned by the poster, which means they could've said some actionable and libelous shit, and been "That's how he submitted it." Now your ass is on the hook for their editorialization, which contains none of your original content.
No, this runs too close to being akin to identity theft in my book, and really msmash and anyone else on /. staff should probably consult with their lawyers on the legalities of what I just discussed, because this is serious. And they should probably make a full-out pinned story/apology for such bullshit.
Re: and GDPR is? (Score:2)
GDPR is a big issue for anyone collecting statistics like ad networks. Just look it up on wikipedia.
The impact on whois is really a marginal thing.
Re: (Score:2)
No explanation of who or what ICANN are either, but I notice you didn't bother to complain about that.
If you're working in IT and haven't encountered GDPR then you should investigate it fully - it has impacts globally.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
There's nothing wrong with whois,
the data that is in there, is there with a good reason,
No it isn't.
It might have been back when the only people who ran web sites were big corporations but that was 30 years ago.
Re: (Score:2)
Re: (Score:3)
Maybe it's an individual person who'd prefer not to have their full name, home address and telephone number published for the world to see.
Re: (Score:2)
And they haven't figured out Private Registration?
And found how much extra that costs
Re: (Score:2)
And they haven't figured out Private Registration?
Maybe they just don't enjoy being extorted to pay extra for what should be the default setting.
This law redresses that, it's a good thing.
Re: (Score:2)
Re: (Score:2)
The summary does not mention that ICANN has had years to prepare and has done nothing.
Ummm... "private" listings have been a thing for many years.
Re: (Score:2)
Re: ICANN had years to prepare (Score:2)
The law is good, it's painful for ad networks though since with it you have the right to ask every ad network about what they know about you.
Re: (Score:2)
You can have a phone directory under the new law, under two conditions:
1. The person has to explicitly give consent for their number to be published (default is "no").
2. You cannot refuse the phone service if the person chooses to not get listed in the phone directory.