Most memorably, I reached someone who imported erectile dysfunction supplements from China, only to have them destroyed by order of the FDA because they were actually made with prescription drugs. He said he felt the manufacturer defrauded him and was happy to talk.
But that hasn't worked for me in at least three years, as far as I can remember. The robocall problem has just gotten ridiculous, so everyone's paying to be anonymous. I briefly had a domain registered without privacy protection a couple of years ago, sort of out of principle, and immediately started getting spammy calls about SEO services.
If you don't want your personal information to be visible thats very different to the full range of what whois can do. You can always use a proxy so there are options for privacy available. I've never got a single spam email/call from my whois data.
It's a pretty common thing with European providers, I think.
I get a ton of spam because of this. However, I'd rather have this system than one in which all the owners are secret. I've had to look up owner information before to contact owners of various properties, and having that hidden would have made that task impossible.
You can hide the ownership information of a house, if you pay extra money, by hiring a lawyer to create an entity and put the entity on the property, but then the lawyer has to put their address, and forward any requests on to you, just like the whois privacy folks.
I think it is a good thing that every domain has valid contact info.
The only way to get access to someone's address or phone number is to show up at the local community office and provide sufficient information (which means name + any previous address or known phone number registered with the office)
I think the same should go for domains. Unless you have a good reason (which IMO means spam complain, journalism or legal contact) you shouldn't be able to get any way to contact me. And for the above I have an imprint too which is protected against scrapers and spammers as best as I can unlike the WHOIS.
I don't mean to be cynical, but isn't this system also the one in which some people simply register their houses under a shell company?
Does your "valid" include domain registrars that provide WHOIS protection that includes forwarding messages to the protected owner?
And, honest question, why do you think that domains should have contact info?
Uh, really? Where?
The publication of personal information on whois cannot stop soon enough.
https://registrars.nominet.uk/namespace/uk/management/data-q...
running a hobby project should not require you to share your private contact details with the world
I think ICANN is going to quickly realize that they will need to take an active role in brokering communication with domain holders; this way they will have to act as gatekeepers against spam.
I run a few small web sites, and in the past few years have gotten zero calls from devops types calling about a problem, and dozens, if not hundreds, of telemarketing calls, to a number that is only listed on my whois data.
They then handle all communications people want to send to you. More registration authorities should take stances like this.
Now if only they could get DNSSEC support...
Me: Are people who are not Canadian citizens able to purchase/register .ca domains? I've read that a Canadian phone number is needed for registration. Additionally, can a non-Canadian citizen get CIRA's WHOIS privacy for their domain?
Their Response: Thanks for getting in touch with CIRA, [redacted]. CIRA has 18 Canadian Presence categories, we require full contact information when an individual or a business is registering a .CA domain name. That doesn't mean you have to be in Canada to hold a .CA domain, many Canadian live all over the world and registered .CA domain names. A non Canadian could hold a .CA domain name but that would require them to either register a Canadian Trade Mark, Canadian Corporation, or hold a Permanent Resident card. The WHOIS information is "masked" or "privacy protected" when the .CA category of "Canadian Citizen - Individual" is selected.
So it looks like WHOIS privacy is not easily available if one isn't a Canadian citizen. I still like the model, however.
I use Google Domains and it supports DNSSEC on my .ca domains.
Long term ICANN intends to create a privileged group (other registrars, law enforcement, etc) Who will be able to get to the full whois data. So a sort of tiered system. Expect this to take a minimum of a year. The ICANN multi stake holder model means nothing happens fast.
To a substantial degree it's privacy for the powerful and transparency for the weak. It should be the reverse: The powerful and government institutions should be transparent, and citizens should have their privacy.
Hear, hear! The most frustrating part of the Clinton email fiasco to me was the contrast between the rule bending going on at the highest levels in the name of privacy, and the pervasive monitoring that the rest of us are subjected to.
And trademark owners, of course. So that the Three Letter Corporation (TLC) can continue sending lawyers to wrestle away control over the domain of Theodore L. Clark's personal homepage initially set up in 1995 (and enthusiastically maintained since).
Because chaos and mayhem would result if there's even a single ccTLD where the "tlc" label is not assigned to the same one entity that just redirects it to their .com anyway.
GDPR was announced over 2 years ago, why are they only just starting now?
I understand it is a lot of annoying work, but adtech and data brokers (etc etc) have been gutting privacy and the internet for long enough. We've let it come this far, now we get regulated.
(disclaimer: I only started working on compliance this year, do as I say, not as I do ;))
But ICANN are delusional idiots, maybe because they get so much money from US intellectual property interests. They did nothing, and then seemed to think that they could get a moratorium on enforcement. But even their own Non-Commercial Stakeholders Group basically told them to get lost [1].
It's a fascinating story of just how terrible ICANN is. As always, the Register has a great write-up [2].
One thing it clear, they deserve it. I do feel bad for registrars though, and hope they had more sense than ICANN and developed a plan B.
[0] http://ec.europa.eu/justice/article-29/documentation/opinion...
[1] https://www.icann.org/en/system/files/files/gdpr-comments-nc...
[2] https://www.theregister.co.uk/2018/04/25/icann_whois_gdpr/
Have we really? The first it cropped up on my radar was late 2017 and I'm in a business that adheres very strictly to EU DP best practices (so was already mostly GDPR compliant).
I'm not sure whose job it was to promote awareness of this but Britain's data protection agency certainly didn't do a good job of it given they've had my email address for years(!)
Administrative Contact:
Not displayed due to GDPRARIN, RIPE, APNIC and AFRINIC run whois databases for IP space. Network operators use them to find who controls chunks of v4 space (ranging from the globally-minimum-announceable /24 to /12). ISPs can use tools like SWIP to point the whois for a block of space in use by a customer to that customer's whois info.
I sincerely hope that this doesn't become more difficult to use, because it will make basic network diagnostics at a WAN scale much more annoying.
The good news is that the typical ISP-level info in IP space whois databases doesn't fall under the GPDR, since most are role accounts (abuse@ispname.com , noc@ispname.com, etc). Also generic phone numbers for NOC and network engineering groups. However, a lot of ISPs do currently have individual persons listed as points of contact in their whois entries.
I used to put fake info there anyway, I don't want my domain linked to my home address, or provide an easy way for spammers to get my email.
But don't remove it, it's a useful thing I use a lot, most of the times for security purpose, you see a suspicious IP address or domain while observing a packet capture, WHOIS tells you who owns it, you find in a log an IP address that tries to bruteforce into your server, WHOIS tells you who it is and gives you an address to contact and ask explanations, you need to find a person to contact if you have a problem with a website, contact the email address in the WHOIS record of the domain, you are sure that you are contacting the right person, even if the site gets hacked in the worst way the WHOIS record can't change.
I received a torrent of marketing mails for months even though I immediately changed it to a noreply mail address. We receive numerous complaints from customers who ignored our warnings.
-grumpycat
And if that isn't enough, ICANN can fix this without compromise. One mass email. "Respond expressly allowing us to publish your PII, or lose your domain."
Contract doesn't trump law, and ICANN isn't a supernation that excludes actual sovereigns from governing behavior relating to it.
> And if that isn't enough, ICANN can fix this without compromise. One mass email. "Respond expressly allowing us to publish your PII, or lose your domain."
No, it can't, IIRC, because GDPR specifically excludes this kind of “agree or no service” from qualifying as effective consent.
It would also set the rather terrible precedent that ICANN can add terms after the fact.
Everyone has a right to privacy, and that's what the GDPR is about ensuring for EU subjects. Your thinking is extinct and I strongly suggest changing it, or fading away like everyone else who feels the same way.
This is far from an absolute. Each country more or less dictates the rights of their people, and many countries do not directly provide this right. As an example, the Indian supreme court only declared it a right last year, and most articles talking about it only list a very select few other countries as ones that provide this right.
What happens next - do patents and copyrights have owner’s right to be forgotten?
If so, then who do you sue for stealing your copyright?
The intent is good - let me be clear about that. But the implementation is having second order affects that are going to f* with things in a big way because it wasn’t thought through as thoroughly as it should have been. *
* Key thought here is that it might be extremely difficult to think through all the second order effects, which suggests to me that a better phase in process should have been implemented.
EDIT - Not sure why this is being voted down. If i’m Not clear here, then please see my follow-on comment for (hopefully) a more clear view of my position. I’m not saying Whois is stupid - I’m saying GDPR is (due to the lack of thinking around second-order effects).
In fact, IBM and Microsoft run this one, which is a global database. Article: https://www.zdnet.com/article/microsoft-ibm-arm-back-open-pa... Site: http://oropo.net/
So my question, is if Whois had to take their site offline due to GDPR, then will things like this go offline?
My concern is that GDPR will have a chilling effect not just on free speech, but on open information of many kinds.
PS - for reference, here is a good overview of the issues that an open patent database helps solve: http://oropo.net/oropo_report_20150615.pdf
I don't even understand the question. Why would anyone "stealing" your copyright or patent register themselves in those databases? The purpose of those databases is to let the legitimate inventor/author inform everyone else that they "own" the thing, not to catch infringers.
So somebody’s random claim would look just as real as mine.
Sure, lawyers will have access to this, but now you have to talk with a lawyer to see if that job candidate really does own the patent.
It’s things like this that are stupid.
Anyone who uses the data of EU citizens should have known about it. They certainly had plenty of time to consider the effects of it on their own operations.
However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.
So regardless of how long ago it came out (and trust me, 2 years is nothing for dealing with something like this), it still wasn’t well thought thru.
For what it’s worth, this law affects my company, as we have clients that are EU citizens. But only those that live in the US with a social security number. (I work in finance). My company has one office with just a few people. I never heard about GDPR until earlier this year. So my question is what happens if someone files a GDPR issue with my company? My clients information is available all over the world via login to our staff. We travel to various places. So what happens now? Some law in a place I’ve not been in a decade (exempting EU-controlled islands in the Caribbean) has just put my company in a strange legal position. Am I going to spend tens of thousands of dollars with lawyers and consultants to figure it out? No. Why? Because it would put me out of business. Plus, as a financial company, I have a requirement for saving information for 7 years. All data? Hard to say, as the IS law leaves that discretion to my company (as it should be).
So this law was horribly thought thru. I’ll probably get downvotes for this, but wait a couple years and see how crazy fines affect companies large and small for innocent issues, and I’ll be proven right.