Slashdot Mirror
Congressional Hearings on WHOIS
-
'It seems eminently clear to me that websites conducting e-commerce have little "right to privacy". . .[however] isn't political speech worth protecting by redacting the personally identifiable contact information for the website owner?' -- Rep. Howard Berman (D-CA)
-
'Given that the compilers of marketing lists have for years used Whois registration information as a source of personal information (in some cases scavenged free, in others bought from registrars), concerns over the data privacy are well justified. Most people avoid putting their home address on their web sites, and they should be able to register a domain name without effectively giving up this precaution. The public policy objective of privacy law is to preserve the individual's right to privacy, while still permitting societal participation.' -- Dr. Jason Catlett, President and CEO, Junkbusters Corp
-
'As it stands today an accredited domain name registrar is not required to allow domain name registrants to opt-out of having their personal information provided to third parties for marketing purposes. This type of an opt-out should be provided to all registrants.' -- Lori Fena, Chairman of the Board, TrustE
-
'In 2000, the IDSA used authority provided in the Digital Millennium Copyright Act (DMCA) to achieve approximately 3000 "takedowns" of infringing material on the Internet. Over the last year we also filed 10 civil lawsuits against Internet pirates as enforcement actions on behalf of our members, assisted in additional actions brought by member companies, and made a number of criminal referrals to law enforcement. This is in addition to thousands more takedowns and numerous lawsuits initiated individually by our member companies. These accomplishments are reflective of similar successes reported by the other copyright-based industries. DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective without the unrestricted access we currently have to WHOIS data, including contact information regarding domain name registrants.' -- Stevan D. Mitchell Vice President, Intellectual Property Policy Interactive Digital Software Association
-
'In fact, if anything, the I[nternational]A[nti]C[ounterfeiting] C[oalition] believes that registrants should be required to improve their performance in insuring that domain name registrants provide correct and updated information. Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)
-
'The breadth of these issues indicates that Congress should not act too quickly. We are dealing simultaneously with intellectual property rights, privacy rights, and free speech rights and cannot simply play a legislative game of [rock, scissors, paper] to figure which one should win in the end.' -- Rep. John Conyers, Jr. (D-MI)
Additional information:
http://www.house.gov/judiciary_democrats/internetp rivacyhrgstmt71201.pdf"
Congressional webpages should be subject to a WhatSayYou? database check.
Sure. So long as whois gives SOME indication where to START looking for someone (their ISP), and a working address or phone number that the owner can be reached at (whether they want to answer or not), I don't see what the problem with making things less specific would be.
All house purchases are public, so when you buy a house, everyone knows who bought the house, how much you paid, and (by definition) your address. Thus, after you buy a house you are spammed with zillions of offers for everything you can imagine that is even trivially related to having bought a house.
Annoying, but that's just life. If house purchases weren't public, it would be impossible to have credible estimates for fair values for houses. And without being able to establish fair market value, buying and selling houses would turn int a game of chicken. That's bad.
Registering a domain is a lot like that -- you start getting spammed by people selling anything related to domains.
In either case, I think that the benefits of having contact info for domains (or house values in your neighborhood) outweighs the loss of privacy.
"When you pirate MP3s,
you're downloading
COMMUNISM!"
As seen in the poster.
I just wish I could still find some good Communisms of movie soundtracks nowadays...
Sincerely,
The Quote Nazi
One thing that would alleviate privacy concerns would be an anti-spam law with teeth in it. I'm certain that it least some of those who don't want their E-mail address to be published are not concerned about one-on-one messages but rather XXX teen age slut golf-ball toner will make you a millionaire in 30 days advertisements.
I can appreciate arguments based on the importance of anonymity, though I don't feel that WHOIS is any great threat to anonymity of speach -- you can't anonymously own land, either, and it doesn't harm dissidents considerably.
But arguments based on the inconvenience of hitting delete do not impress me.
If you think your privacy is so important, you need to get over yourself. No one gives a damn about you, personally; unless they know you, in which case what does the privacy serve?
Maybe other people just attract more attention than I do, or seem more enjoyable to victimize, or something of that sort. Or maybe people just watch too many news specials on the TV, and haven't learned that most of the world isn't out to get you. And if you have a problem with a specific person, deal with that person -- hiding from the entire world is not really justified unless you went state's evidence or are hiding from the law.
And this isn't a big privacy concern -- it's not like WHOIS has records of sexual activity or brain scans. It's just a freaking address.
So that other admins have no way to determine who's in charge of the machine/domain in question, and if they're having a problem with it/them, they have no way to contact the admins. Lovely.
I'm sure we have some problem with electronic stalking, but hiding the information from everybody, even those with valid reasons for accessing it, just because of a few idiots, isn't going to help.
_____
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
Sam: "That was needlessly cryptic."
Max: "I'd be peeing my pants if I wore any!"
The whois database IS a big deal, registries require a real real address, a real email address. Do you have any domains registered? I get at least one email a month telling me to move my domain or my hosting else where (no thinks on both counts). I also know I got some snail junk mail based off whois, because at one point I was listed as a Person contact with the name Bob Registrar, and guess what the name on the label was. Like one of the quotes said, you don't put your address on your web site, and it shouldn't be available via whois either.
OT: BTW, with the recent phone bill increases (in Calgary, Canada) and paying to have my number unlisted, my cell phone now officially costs me less than my land line. That's just dandy. Another advantage cell phones have over land lines, telemarketers aren't allowed to call them, and there isn't a public directory.
--
"Hot lesbian witches! It's fucking genius!"
No!
We cannot. Given accountibility or privacy, as a dichotomy, I pick accountablility. Privacy is managed by not giving out your fucking personal info.
"We have the right to believe at our own risk any hypothesis that is live enough to tempt our will."
http://gabrielcain.com/
When I read your post, the post you referred to was scored at 5 - by the time someone else reads this post, the original post might be back to 1 for all I know - the whole point of the moderation system is that the scores change (hopefully eventually settling down to an average perception of them but in theory they could wander round for ages before that happens).
If you'd bothered to re-load the page before posting your pointless comment, then the original post might have already found its way to a score of 3 or 4 considering the speed slashdot moves at.
And yes, this is a pointless reply to a pointless reply to a useful post... but it was that or do some work :)
Regards,
Denny
--
Police State UK - news and
Extraordinary Vacations. Exceptional Prices
And, using the same logic, taking everyone's guns away reduces crime... but that's an entirely different flamew... uh, I mean, discussion! :o)
Replying to different posts in this discussion, here're my thoughts:
--
--
Me spell chucker work grate. Need grandma chicken.
Um, that's what they're thinking about changing...
'In fact, if anything, the I[nternational]A[nti]C[ounterfeiting] C[oalition] believes that registrants should be required to improve their performance in insuring that domain name registrants provide correct and updated information. Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)
--
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
Apple Pie isn't an American dish.
--
Computers are useless: they can only give you answers. -- Pablo Picasso
This will be on the test.
Mea navis aericumbens anguillis abundat
Last time I checked, you could choose to be UNLISTED and have LOTS of privacy protection.
I wonder what he would think if we published his personal information for all to see? How much you want to bet he isn't listed?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
well the trick is that in order to license something in a legally binding way, you need to prove that the licensee accepted the terms of the license before accepting the licensed material. So you've got a big fight ahead of you trying to prove that somebody who has your personal information obtained it either from a infringing source, or obtained it from you and also accepted your licensing terms. good luck.
I don't see the problem with the current ARIN database. You need at least a /22 (or something like that...can't remember offhand) to even apply PI-space... so it's a rather good assumption that only ISPs and other businesses and educational institutions will be listed in it.
This needs to be kept public. An email address is not sufficient. Good luck trying to email a person telling them that their mailserver is down, or that their mailserver has gone nuts and is inadvertantly DOS'ing your mailserver. Maybe their BGP is farked up and you can't even get to their network... a lot of good an email address is going to do.
For 99% of the slashdot people that are whining about their privacy on here, it's about the domain registry. Everyone who has their own domain name is in this one... not just big corporations. Being able to 'opt-out' of this one is a fantastic idea, let's just not confuse the two registries.
But at the same time, your local Joe isn't going to have a /29, so we're still looking at businesses, just a lot smaller than i've orginally said.
If you're a home customer (ie @home comes to mind, but i would be terrribly surprised if others don't do it as well), it's more than likely that if you have multiple IPs they're assigned as seperate /32's, rather than a larger aggregate block, just because of subnetting assignment issues (ie they'd be wasting 7/8 or 15/16 or whatever of their ips by saving it for people for subnets.)
> for this block is availible at:
> *rwhois.exodus.net 4321
I know what point you're trying to get across. however it's wrong. Look at the bottom, it has information for the exodus rwhoisd server. Just because exodus has chosen to use rwhoisd instead of SWIP'ing (the normal method for IP registration for IP suballocations).
Take the time to do a whois query on the exodus rwhois server. It gives you exactly the same information that you would get if exodus had used SWIP instead. This is not because exodus does this out of the kindness of their hearts (well maybe it partially is), but it is a requirement of ARIN that you run an rwhois server if you do not want to use SWIP.
> to have responsibility. Having the ability to,
> with one command, get a email addres, phone
> number, and snail mail address of someone
> responsible for every IP and domain on the
> internet is invaluable.
I was initially thinking the exact same thing you did... then i changed my mind. We don't need the contact info for every domain.. just every IP. Remember (for us machines at least), there's two different whois registries, the ARIN registries (important), and the general one for domain names (not important for anyone other than domain squatters).
For hack attempts/openrelays/general troublemakers, we don't need the contact info from the general domain database... we get it from ARIN database.
Imho, being able to be 'unlisted' from the domain registry database is just fine... because it doesn't really serve any particular purpose, hell half the time it's not even correct info. With ARIN's database, the information *has* to be correct, because ARIN *has* to be sending them a hugeass (multi thousands of dollars) bill every year.
ARIN is responsible for allocating IPs for people/businesses on a large scale (in north america). If you're a big corporation, or even a medium sized ISP, you apply to ARIN to get IP blocks. (The smallers just use the ipblocks of their upstream provider.)
ARIN provides a database of every routeable IP that it has given out, so at any given time, i can, from a person's IP, look up his provider and instantly get their (as in their ISP's, necessarily the user's themselves) name/address/phone number. This is incredibly useful for spamcontrol and/or scriptkiddiecontrol.
Contrast this with the domainname registry, which holds the registration information for like who owns 'foo.com'. As long as i'm not planning to buy foo.com (and my pocketbook says i'm not), i have no reason to need this information. If there is a problem originating in the foo.com domain, that's great, but i'm getting the contact info from the ARIN registry, because 1) it's probably more correct, and 2) reverse dns isn't necessarily authoritative, ie i could make my machine reverse lookup to foo.com, even though i don't own the foo.com itself. Granted my forward/reverse wouldn't match, but when was the last time you've seen an apache setup that required them to.
--
That 's bullshit. Recently there have been many intimidation schemes. How about that Lyons Group hardon for the parody Barney sites? Or the IDG "For Dummies" campaign? I got one from the MPAA, they just neglected to mention that the injunciton only dealt with the 2600 site, and not specifically mine. Or how about where the SDMI sharks jumped all over Felton and the others, only to back down when it looked like it would have an adverse effect on the DMCA?
In the US, there is still a thing called the Bill of Rights, the Consititution and Due Process. It might not work everytime, but it works often enough to keep most of the tyrants at bay.
When you drag youir sorry ass out of college, and into the real world, you might recognize it......It's pretty naive to think that those in postiions of power won't abuse it. Particularly when they don't understand the technology involved.
Dave
"Privacy is managed by not giving out your fucking personal info."
Which, due to the fact that registrars are not required to provide an opt-out, may not be possible. The analogy to a home or business is flawed (like most internet analogies) - if I have a home, I can locate it in a remote, obscure place, and put a big tall fence around it. That protects my privacy. There is no such thing on the net. Once you information is known, that is *all* one needs. Driving through every city in the world trying to match up names in a phonebook with addresses is a LOT more difficult than performing, or buying, a WHOIS query.
It's 10 PM. Do you know if you're un-American?
I don't see why congress can't just play rock, paper, scissors to win, our presidential ellection was ended in a rousing game of resign, recount, appeal.
I'd love to play a nice game of Roshambo with Bill Clinton but I think Monnica beat me to it.
Disadvantages:
Joe Mega-corp contacts IPSTAG holder. "Hey, make the www.joe-mega-corp-sucks.com website go away."
IPSTAG holder: "No problem."
IPSTAG holder kills DNS service for www.joe-mega-corp-sucks.com. Does not bother to make contact with webmaster for two reasons. 1) Does not know why Joe Mega-corp wants the site killed. 2) Too much effort to go to all that trouble of actually contacting them. It is easier to simply stop the DNS service and eventually the webmaster will figure out that no one can see them anymore.
Think this does not happen? Sure it does. Interactive Digital Software Association brags of 3000 "takedowns". This is one organization. There are quite a few self-appointed-types doing "takedowns" for many different reasons. Got a political view? There is someone who disagrees with it. Maybe enough to get your website on a "takedown" list.
...the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.
First of all, are identity and contact information entitled to anything? I don't know about you, but my telephone number doesn't have any rights. I have the right to disclose or not to disclose information, but information itself has no rights. Second, assuming that Timothy P. Trainer was actually referring to the rights of registrants, and the responsibility of REGISTRARS to ENSURE that registrants provide accurate and current information, I now must ask whether he thinks that registrants somehow exist in the incorporeal world, and regular folks exist in the physical world? That's what his words imply.
As a registrant, I want to assure him that I am just a normal guy who is distinguished only by having information in the WHOIS database. I assume that the same applies to most registrants.
However, back to the question of privacy: I happen to largely agree with Timothy P. Trainer. Can the editor of the Washington Post keep his identity and contact information private? Did we allow Bill to keep his blowjob private? Do paparazzi allow celebrities to escape from their candid photos? Doesn't the public almost always relentlessly claim the right to know, regardless of how empty that knowledge frequently is?
Neopets - the best free game on the Int
Prove it. Post your real name, address, phone number, social security number, and mother's maiden name. After all, all information should be free.
-- Will program for bandwidth
46% of all statistics are made up on the spot.
Well, I find that almost all hacking attempts come from compromised boxes. I like to report these compromised boxes to their admins. Sometimes, these attacks come from IPs with no reverse lookup record. The whois database helps me to find email addresses that I can send mail to. I think that policy should depend on the tld. .com, .net, and .edu, should all require telephone, email, mailing and fax address information... but .org, and .arpa should only require maybe email contact info... country TLDs can set their own policies.
.com et al were supposed to be for US companies. Hardly their fault people around the world started using them.
.com's, but I have no trouble with the US setting the rules. If they want to fuck with .ca (like ICANN trying to impose their domain conflict rules on all the ccTLD's), that's a different matter.
I'm Canadian, and have several
No legal action was brought forth, but within two days the site was taken down because of public outcry. This was a few years back, and I can't find any links to any stories about it.
SupremeOverlord
---- "A programmer is a person who solves a problem you didn't know you had in a way you don't understand."
For those of you who took the time to read the tech law journal artical, you probably also saw the introduction of the location privacy bill from Sen. John Edwards. I find this equally interesting news for nerds given the typical slashdotter paranoia.
Under the bill, "any company that monitors consumers' physical location will be prohibited from using or disclosing that information without express permission from the consumer. And third parties that gain access to the information cannot use or disclose it without the individual's permission first."
One database for domain names, and one for IP addresses.
;-), I think it's essential that the IP adress database has full accurate contact information (including phone numbers and email addresses). IP addresses are normally registered by providers, so there are fewer privacy issues involved (read: hardly any, basically it belongs to their job of providing a network connection for their clients).
While I can understand privacy concerns associated with the domain name database (and concerns of comapanies that they reveal some pieces of their business plans because they have registered some domain name
It would be a real pitty if both databases were treated the same way by some well-meaning politicians. The IP address WHOIS database is a valuable tool in tracking down net abuse, of course. Abolishing it or reducing the provided contact information could have a negative impact on the net as whole.
Disadvantages:
You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.
Put it another way. I can go to City Hall and find out who owns every piece of property in the city. With the current system, I can find out who owns every piece of cyberspace. It seems eminently reasonable. It also lets you know which of your neighbors are respnsible citizens, and which ones spam, and which ones run porno sites. Ownership bears SOME responsibility. Making domain ownership anonymous reduces this responsibility, and I can see good and bad things that would result.
Did the editors decide to replace the term "Rohambo" with the more commonly recognized term?
Lets see, yes. First I kick the house majority leader in the nuts as hard as I can....
---
/bin/fortune | slashdotsig.sh
> I use the WHOIS database to find out who's responsible when I get spammed or when I detect a hacking attempt.
:-)
Kind of ironic; spammers use the WHOIS database to find out who to spam!
Send the SWAT team over to that evil pinger right now!
Someone set us up the bomb, so shine we are!
There's a difference between "can take" and "usually takes". I'm willing to bet that the majority of crystal meth users that the HPD feel the need to fire upon don't require more than a single buller to take down (although they may have more than a single bullet fired on them).
-no broken link
Hint: the HPD are lying. This used to be said about PCP as well. It's just the same old drug propganda on the toxin du jour.
-no broken link
i wonder when they have scheduled the congressional herrings on the phone book...
I mean, I have no say in the matter, I didn't elect them. And yet they will decide on which of my personal details will be made available?
jalalski,
.sig available on 'Need To Know' basis only!
It is not necessarily a good assumption that only ISPs, businesses, and educational institutions will be listed in the ARIN database.
Though it is true that minimum IP block size allocated by ARIN is a /20, an ISP must provide SWIP/RWHOIS information for any IP block that are at /29 or greater in size which it allocates to end users. This information is necessary as proof of utilization when applying for additional space from ARIN.
The ARIN guidelines for requesting IPv4 address space can be found here http://www.arin.net/regserv/addipspace.html
Just one question that has bothered me about the pro-gun lobby.
When the gun ownership argument is over and you've won, will you be as fervent in getting all those drink-driving laws repealed, as they impinge on your right to freely travel on the public highways?
Unfortunately I'm not from the US, and do not pretend to be an expert on the constitution, but I do recall reading that the right to travel freely on public highways is enshrined in the constitution, either explicity or implicitly. If I am wrong here, please point that out.
The point being that by not fighting these laws (no matter what their constitutional status) aren't you giving up liberty for safety? And are hence deserving of neither?
Or do you in fact concede that there are some laws that are required for public safety, where _other_ people's lives are endangered (I don't care what you do that endangers your own life, but you carrying a gun has the potential of endangering mine in the same way that you driving home after 10 pints of beer has the potential of endangering mine), and that the only reason you want to play with guns is, well, because you want to play with guns.
And even if the right to own a gun is one enshrined by the constitution (all that 'organised militia' banter doesn't really grab me that much as I'm not from the US, but I do notice a lot of debate on the subject) isn't one of the great things about the US Constitution the fact that it can be changed if it becomes out of date with the needs of the society it serves?
K.
Why doesn't the gene pool have a life guard?
Given that the primary purpose of WHOIS is to publish site operational points-of-contact, to aid in tracking down problems, I find interesting that none of the witnesses were representatives of Internet service providers. Apparently the committee doesn't care about whether WHOIS can serve its intended purpose (before or after any legislation which Congress might enact) - they only care about whether WHOIS can be used for unintended purposes.
American Registry for Internet Numbers. They fill the same role as RIPE does in Europe, etc.
I used up all my sick days, so I'm calling in dead.
I use the WHOIS database to find out who's responsible when I get spammed or when I detect a hacking attempt. Fact is, having a bunch of anonymous thirteen year old kids running around DoSing people, or having assholes kill your mail server with a million "FREE HOT XXX" messages is bad enough. If they're able to do it with impunity, nevery having to worry about their ISP getting a phone call, it'll be out of control.
We continue to discover that the trust based internet simply does not work. There are too many shitholes willing to take advantage of it. The only way we can have any sort of order is to have responsibility. Having the ability to, with one command, get a email addres, phone number, and snail mail address of someone responsible for every IP and domain on the internet is invaluable.
Jordan Bettis
``Wherever you go, there's another stupid sigfile quote.''Moreover, if you are found guilty of copyright infringement, deliberately false information in WHOIS will be considered as evidence of willful premeditation on your part. (Much like wearing a ski mask during a robbery indicates that you have planned to carry out the crime.)
Your 'solution' is to make every 'net copyright infringement involve at least one federal lawsuit + a private investigation, both of which are exceedingly expensive. And this is supposed to help individuals and small companies?Generally speaking, any 'solution' that involves making information expensive and difficult to obtain does not help the little guy.
(If you're worried about being 'harassed' for saying things on the Internet, either shut up or grow a spine. If you aren't willing to take flack over what you say, then by your own measure it wasn't worth saying.)
-- ;-)
Kuro5hin.org: where the good times never end.
In the European Union, you have that right under the Privacy Directive.
... so why must americans continue discussing these issues as internal matters? The Internet is widely used by ALL nations of the world. ANYONE around the world is capable of registering a domain name and domain registrars aren't limited to American companies.
Think about what countries like China and India will begin demanding as their net ussage rises. Between them, they account for nearly 40% of the world population. I highly doubt they'll allow this behavior to continue as is quietly
kill_9_1
Oh they still go to court. They just don't like the feeling of bringing a lawsuit against fifteen John Does.
icqqm [ICQ:11952102]
One of the great features and also annoyances with the Australian domain name allocation system is the requirement to have an Australian registered company/business/name etc before you can acquire the corresponding .com.au ... this is mainly to preserve IP rights etc, but is also rather relevant in an identification quest... almost all .com.aus are easily traceable back to their owners.
Obviously the .com sphere cannot possibly be brought under control... it would be impossible to impose these conditions on the millions who already own .coms
anyway...
There's nothing stopping people, including myself, including false information in their whois entries.
For those of you who took the time to read the tech law journal artical, you probably also saw the introduction of the location privacy bill from Sen. John Edwards. I find this equally interesting news for nerds given the typical slashdotter paranoia.
Under the bill, "any company that monitors consumers' physical location will be prohibited from using or disclosing that information without express permission from the consumer. And third parties that gain access to the information cannot use or disclose it without the individual's permission first."
- You don't know how to maintain a station wagon either!
Taxes are used by many of the nations of the world. Each nation decides for itself how to collect them.
Silly person. Who would want a one world government. Oh wait. Are you one of those people.
Well I can tell you this. In America, we like our apple pie hot and steamy and our government slow and lathargic.
I wonder if the privacy flap led Network Solutions to pull their DotComDirectory.com service. These days you only get a mirror of NetSol's main site. It used to be a search service where you could query for business web sites (and phone/address) by name and geographic location, with the data presumably coming from domain records. It was actually a useful service.
Is it really intimidation if a copyright holder wants to know why the hell you've been pirating their media?
On the other hand, WHOIS information can be an be an easy tool for hackers to gather info on a perspective target. It's also good for finding phone exchanges to war dial but any Jr. sysadmin should know that so I don't think its worth removing.
Slashdot's token middle-aged housewife
You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.
Except that you do have all these avenues still available to you, because that information is available via RIPE. If you have a problem, find the IP of the host that is causing the problem, look it up, see who owns the netblock, contact them instead, let them deal with it - it's their responsibility.
Now, should detailed contact info be available for the IP registries through WHOIS lookup? I think so, and this is why:
The way it's setup assumes that the owners of netblocks allocated by RIPE are significantly-sized Internet-savvy bodies with their own technical staff, who do not mind being easily-contactable. I think that's a reasonable assumption to make. How many of you own your own personal netblocks?
Now, how many of you own your own personal domain? How many of your non-technical friends own a personal domain?
See the difference? Domains have a very large public ownership. Netblocks do not.
It seems eminently sensible to me that only the contact information that is actually required for the Internet to function should be available via WHOIS, whilst maximizing personal privacy for those who have no day-to-day bearing on the running of the Internet.
I don't understand why the gTLD's have this ridiculous requirement to have your personal data in the whois entry. It's simply not necessary at all.
The .uk ccTLD, for example, works like this:
Every domain registered has only 4 things associated with it in the WHOIS entry (there can be more but these 4 are the only required fields):
And that's it. Now, what's the IPSTAG? Well, it's a tag for the entity (ISP/Domain Registrar usually) that controls the domain. Only fully checked and paid-up members of the NIC, Nominet, have an IPSTAG. When you register a domain, the company that you register through registers the domain with their IPSTAG. If you wish to transfer a domain to another host/ISP, you ask the existing IPSTAG holder to either transfer the IPSTAG for that domain to another IPSTAG holder, or simply change the nameservers. It is the task of the current IPSTAG holder to verify that you are who you say you are.
If there is a legal problem and someone wants to take your site/domain down, well - they contact the IPSTAG holder or the operators of the nameservers (usually these are the same people but they don't have to be). The IPSTAG holder or nameserver operators then get in touch with you, or take their own initiative in sorting the problem out - i.e. disable DNS for that domain if all other avenues fail. (under the UK Data Protection Act they cannot give your personal details out to a third party, there are severe penalties for them if they do). Of course, as with any site, an interested party could simply do a whois query on the hosted site's IP address, which will give them the owner of the netblock, who will surely be able to track down the host's owner.
The system is fully automated too - via the Automaton. The Automaton accepts email commands to change entries in the WHOIS database, but only from IPSTAG holders who have signed their email with their PGP key (every IPSTAG holder has one).
If you have a dispute about the way your IPSTAG holder has treated you, you may take your complaint to Nominet, where it will get dealt with by the Nominet committee, made up of representatives of the longest-serving IPSTAG holders (most of these are people like you and me - sysadmins and hostmasters). There are strict rules about what an IPSTAG holder may or may not do to customers and what they may or may not charge for certain services (for instance, IPSTAG holder transfer must be free), and breaking those rules is dealt with severely - usually by loss of the IPSTAG and sometimes disbarment from holding an IPSTAG in the future. Not pleasant.
Note that more information about you is stored by Nominet, but only for sending you crappy certificates. It never appears on the WHOIS entry, and under UK law cannot be given out to third parties without your permission. Billing is handled by the IPSTAG holder.
Advantages to this system:
Disadvantages:
I think limiting information provided by WHOIS services would be a bad bad thing. When I check my firewall logs, I routinely use WHOIS to find out exactly who pinged/attempted entry/etc. to check for security leaks. If anything, a WHOIS search should offer more information, including not simply the ISP "owner" but the actual connection of the "offender" for attempts at illegal access. In other words, a more improved WHOIS search could provide information about the time a hacking/cracking attempt occured and would provide information useful to the ISP, but useless to me. Any thoughts on this?
------------
--- There is a man in a smiling bag.
just wondering, could you technically claim that you hold your personal information as your Intellectual Property, and furthormore, when you issue it to anyone, you license the information to them. Any redistribution of your information would thus be considered a violation of hte DMCA and you could sue their asses
kinda off topic, and likely to be modded down, but still
The Internet is widely used by ALL nations of the world.
Not Afghanastan.
--
Entropy ain't just a good idea. It's the law.
When it comes to domain names and address space, those are publicly accessible resources, and _should_ be accessible to anyone that needs that contact information. I don't think it's fair to shroud the names of individuals that use finite Internet resources. This information, after all, is public record.
/* ---- */
// Agent Green (Ian / IU7)
The reason this is an issue at all is because of how easy the information is to get. Let's take another example of public record...
I'm sure more people would be up in arms if the RMV (or DMV in some states) decided to put its records search information online. As it is, I can run any license plate or license number if I have it...but waiting in line is a pain in the ass.
It's really sad that the low tactics of marketers has made this such a problem and brought this issue into the spotlight.
// Agent Green (Ian / IU7 / KB1JQO)
// IEEE 802.3: All 10base Are Belong To Us
Yes, but how many folks have that alias set to send to an account they actually read? Most (I'd imagine) go to some quiet account that is never checked. This would be especially true of a site that may see a lot of bounces (ie: Web site hosting facilities whose web sites accept email addresses as part of registration and then send email to those addresses... remember - users aren't always able to put the @aol.com after their email address, or just can't spell aol ;-) )
As far as DDOSing them into oblivion: Von Clausewitz once said (paraphrased) "War is a continuation of politics by other means." Use whois, contact them, THEN if you deem necessary (NOTE: THIS IS NOT ADVOCATING ACTUALLY DDOSING SOMEONE!!!), explore other means of... communication.
quis custodiet ipsos custodes - Juvenal
When I worked for a small commercial web design/hosting firm, I managed all the servers, including one Linux mail server running sendmail. Something hiccupped and my box started contacting someone else's mail server OVER AND OVER for hours, filling up his logs but never quite making it into mine. He used whois to contact me and inform me of the problem. Turns out, my box choked on some mail because the server got some invalid DNS information.
Someone out there is going to flame me about how I should have had my box setup to only retry every 30 minutes or so... Whoever you are - get over it. This post is about how whois is beneficial, not how improperly configured sendmail instances are Satan's own kin.
quis custodiet ipsos custodes - Juvenal
'...DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective with the burdensome restrictions of the Fourth Amendement, such as the restricted access we would have to pirate's homes, including their unauthorized CD-Rs and illegally photocopied magazine articles.' -- Stevan D. Mitchell, Vice President, Intellectual Property Policy Interactive Digital Software Association
errmm.. don't forget bank details! and while you're at it, why bother encrypting anything??
Try reading my comment again. I didn't say anything about falsified whois records. I was talking about having no public whois. Obviously, intentionally falsifying info (which is what people have to do now if they want to remain anonymous) would make it look like the person is doing something wrong/illegal.
Liberty in your lifetime
Translation: they like the fact that the DMCA and a public Whois allows them to take the law into their own hands and harass people without going through the courts. Restricting the Whois would force them to go through the courts, and they might not be able to intimidate people as easily.
Liberty in your lifetime
WHOIS is used by pseudo-stalkers, too. You'd better hope everyone loves your website -- unless you enjoy prank calls and threats, among other things...
I think the information should be accessible to NSI and law enforcement, but nobody else. This way, people won't be so afraid to give valid information anyway.
Do you like German cars?
I made an effort to get out and look for them. If you are too lazy that is your problem. If you don't have enough open mindedness to check it out on your own you surely won't let anything like the facts change your mind.
"If there is nothing you are willing to die for, then you are not really alive." Myself
/me watches as the sarcasm sails over everyone's head.
Is your company running tools written by ma
You need to learn the history of the First Amendment, which goes back to the complaints underlying the Declaration of Independence. One of the most influential pamphlets leading up to the DoI, "Common Sense", was published and distributed anonymously. Do you think that the Founders would have even considered a Constitution which would allow political speech to be suppressed merely because the author refused to be identified? Not a chance, and the courts have repeatedly ruled consistently with this.
--
Scientists restrict study to entire physical universe; creationist
Bless you (or considering your domain, perhaps you would prefer the opposite?)
Your post has reminded me that my registrar has my usa.net mail address that will be going away.(Fast, free and permanant, yeah. At least they used to get 2/3). The irony is, I got the domain partially because they started to charge for POP access.
/me wanders off to check if his alma mater offers alumni mail accounts
Email filters won't stop that stalker who has been tracking you for 6 months from breaking into your house and setting your TV on fire.
Not Meta-modding due to apathy.
Oh yeah? Well get over it.
While you're at it, answer this question for yourself: how many multi-government coalitions built the fundamental underpinnings of the Internet? You can count them on zero fingers. The reason there is an Internet is precisely because there weren't mammoth polito-bureaucracies "helping".
Though the Internet is a world-wide phenomenon, that doesn't mean that control of it (however you want to define that) should belong to the world bureaucracy. This isn't some sort of national arrogance by Americans; it's a reality of self-regulating projects that while there are many contributors, a few core people make the main decisions (sound like any projects you know?)
Here's a thought that should resonate: if other countries don't like the present state of the Internet, they ought to feel free to branch it -- in some ways, the Internet is really the world's biggest open source project. Then, if they ever want to merge with other Internet segments, they could do so easily (that's the point of TCP/IP). Doesn't that sounds just like how the present Internet evolved?
Think before you invite the bureaucrats (further) in. They're hard to get back out again.
Invisible Agent
Invisible Agent
This post is a mirror; when a monkey stares in, no hacker gazes out.
mailboxes etc... knuckleheads can't knock on your door at midnight, but conversely, if your site is a scamspam site, the feds can subpoena this info from mailboxes etc and catch up with you
hereiam@yahoo.com... duh! anonymous free endless email addresses
so what's the problem? responsibility, accountability, and enough anonymity for the site owners
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Oh, that's just peachy. For those of you who might not remember, the IDSA is a cartel similar in function to the RIAA and MPAA, but they act on the behalf on software companies. They have shut down web sites containing rom files of games from the 1980's because of "copyright". These are the idiots who seem to think Nintendo is losing money over copies of Mario 3 "illegally" downloaded over the internet.
Now, I'm not a fan of the RIAA, but at least they have a valid concern-most of their music is still sold! If the IDSA can use Whois to shut down emulation-related websites, I'm all for the option of being "unlisted".
"If not for WHOIS, we could not have sued as many people as we did!" -- Stevan D. Mitchell Vice President, Intellectual Property Policy Interactive Digital Software Association, paraphrased. This is a good thing for who?
"Your superior intellect is no match for our puny weapons!"
I read somewhere that "the right to bear arms was intended to mean "Coat of Arms" as opposed to arms and amunition. Again that could be the same as Madisonian school's intent of "the right OF property as opposed to the right TO propery.
They have also led a person at one time to think he was funny be publishing all my personal info in an online debate on a Star Trek Voyager newsgroup. (Which happened to be a nutty place!)
Personally, I'd like personal information OFF the Whois. Otherwise, get a separate PO BOX and other separate identity to publish on your domain records.
If whois won't find us, Google will
Remember, when you are downloading MP3's, you are downloading communism!!!
badness 10000
Well heres my comment
This smacks very very much of an attempt to make access to whois a paid or subscription service - the gist of some of these comments is not that the mailing lists have been made based on the whois but that they have been made for free.
What committess do these good gentlemen sit on ? what vested interests do they represent ?
The fact is the whois function can be usefull and should be freely available. If i am being attacked of flamed or spammed on my servers from a domain i should have the right to see who owns that domain and what contact details they have.(which 9 times out of 10 will mean nothing as they wil be false or the domain has been hijacked or they just dont give a fuck but i can dream can't i)
This is a natural extension from the INTERNIC bullshit and the selling of domain names for profit. One of the posters mentioned that here - and i have had a similar experience - i did a who is search on a domain name on NSI and then filled in the registration details. Upon sedning this of a day or so later i was told this name was registered to - surprise surprise NSI - and i could buy it for a sum from them - this to me smacks of extortion - 'sure you can have the domain name - seeing as how we own it its only gonna cost you $500 (figure not correct)'.
Then we have the DMCA and their lawyers (or NAZI's as they are otherwise known) these guys are about as subtle as a kick in the gonads and they love whois - they can get contact info to sue you from there - yet they use it to make money as well.
So heres what i predict. (rubs crystal ball)
access to whois information will be regulated by the government with legitimate associations (IDSA) and organisations (DOJ) having free or low cost access to it - corporates will no doubt be able to buy a subscription but the rest of us will likely have to pay by the use or get no access.
Whilst part of me likes the idea of spammers having to pay for this info i become concerned that this is another commodity and yet another way to prevent free access to information on the web - its already hard enough trying to track someone on the web without this being removed.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Congress is apparently neglecting to notice that countries selling ccTLD-based domains usually maintain their own whois databases.
Not entirely surprising, eh?
Eliminating or restricting access to whois is folly, really.
I work for a domain name registrar, which I like to think gives me a better perspective on this issue.
Removing the info already in the whois database would have some technical consequences most likely ignored by congress and friends. They are:
a) Registrar-to-registrar domain name transfers would be slowed to a standstill, because without the administrative contact email gleaned from whois, current ICANN transfer regulations would make it impossible to authorise a transfer. The way the current system works depends on the email listed for the admin contact on domain pending transfer -- an auth request email is sent there and, if the email is responded to, the domain is transferred.
b) Without whois, the only way to verify, pre-propagation, that nameserver changes were succesful would to dig the domain on the box acting as its SOA. Even if you could find out before propagation, how many web-based dig lookups have you seen, compared to web-based whois lookups? 90% or so of domain purchasers have never even seen a command prompt.
c) As previously mentioned, whois is instrumental in ferreting out spam hierarchies.
As it stands now, too much is dependant upon the existing whois database. Change it, and you change the way domains are registered and administered. Most domain purchasers are just barely competent enough (and tons still aren't) to handle their domains using the existing system. Changing it now would be counter-productive, at best.