Exposing Personal Information in the Whois Database

rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."

Here in Denmark ...

[zonix]

Here in Denmark, DK Hostmaster A/S is the administrator for the Danish top level domain. You can have your personal contact details hidden from the public WHOIS database - in accordance with Danish Law on protection of personal data, blah blah blah.

I would recommend it!

z

UK WhoIS

[ledow]

The UK WHOIS database (run by Nominet UK) has recently considered this too. Now, private individuals who opt-out can have their personal details removed (obviously Nominet still has access to them). I'm not sure that companies are allowed to do this, it's private individuals only.

Britain and the EU have always had stronger data protection laws than the rest of the world. This is part of the reason the EU are looking at Microsoft's .NET services as they don't follow EU data laws. To be honest, it's about time the US caught up.

Re:excessive exposition

[Future+Man+3000]

This site has the most enlightened approach, I think. You give them your information, they register the domain for you filling the contact information with their info, and only turn over your information if the law requires it. They'll also forward stuff sent to your contact information to you.

I imagine for most people who just want to run a regular website without the hassle of spam/telemarketers, this is the way to go.

don't for get about arin...

[Peartree]

There's a lot of info here too:
Arin
Ripe Ncc
Apnic
Lacnic

Anonymized registrations

[berkeleyjunk]

If you are concerned about privacy, use a registrar who will anonymize your info in the whois database.
Is $9 worth it? It's your call. Check this out.

https://registrar.godaddy.com/dbp.asp?isc=&se=%2 B& from%5Fapp=&authGuid=&mscssid=2435121

Domains by Proxy -solves the problem

[Chuck+Bucket]

I use Domains by Proxy so my info isn't displayed in a WHOIS; theirs is in it's place. They keep all my info private and serve as a 'proxy' between me and anyone needed to contact me. They'll email if they need me to do something in regards to my domains, it's so nice not having all of my personal details out there. I buy my domains from GoDaddy, and they've partnered with Domains by Proxy and offer it as an option when you're buying domains, that's how I found out about it, but everyone should check it out.

CB

Re:PO Box

[blibbleblobble]

If anyone's interested, I wrote to the Information Commissioner (formerly the data protection office) in the UK about this, since our data protection laws forbid sharing information with countries with incompatible data protection laws

Their response summarised:
(a) We don't care
(b) We don't care
(c) Domain registration is done in america anyway, where they don't have data-protection law
(d) It's not up to Nominet to inform its customers of their lack of data protection

I could probably find the actual letter somewhere...

(Nominet should have got into trouble because (a) they unilaterally changed their terms and conditions, leaving people with a choice of publishing their home address, or losing their domain name, (b) they have monopoly on UK domain names, (c) anybody who's running a business is obliged by business law to publish their address anyway, and (d) any accusation of illegal activity associated with the domain should wait upon a court-order to disclose a person's home address.

Information commissioner doesn't seem to think so. Some might wonder what he does do.

In the mean time, in Germany...

[yourruinreverse]

... it is required by law that anyone who publishes even a single web page on the Web (in Germany) enclose an "Impressum", an imprint that notifies visitors whom to contact or hold accountable for the content. I wish this would also be implemented for Whois as a security measure or a basis for trust.

Anyone who still wants to publish anonymously could still do it abroad, of course, as there will always be registrars who and nations that don't care about trust.

I mention trust here, because I can trust a company's products (i.e. a shop selling goods) if I know where I can go, or what number I can call: currently too many (some) web shops (at least locally) do not even mention a telephone number I can call to have an order confirmed or more product information detailed. The same holds for web sites that provide information: if the e-mail address is left out, how can I get any confirmation, more detailed information, conversation or feedback going?

As it should be

[HighOrbit]

I'm sorry, but you have *NO* right to an anonymous domain, nor should you because the opportunity for fraud on the internet is too high. Having everything out front at least keeps a modicum of openness and honesty (although admittadly not a lot).Besides, if I remember properly, you can update the e-mail address to be admin@your-new-domain if you don't want spam going to your personal email.

If you want relative anonymity, get a hotmail or yahoo account.