Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exposing Personal Information in the Whois Database

Posted by CowboyNeal on from the a-better-way dept.

rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."

11 of 323 comments (clear)

  1. Spammer source by alecbrown · · Score: 4, Interesting

    I certainly getted spamed on the email address I registerd for it.

  2. A long time coming. by Tinfoil · · Score: 4, Interesting

    While I normally don't like Berman whatsoever, this is a good thing. I have long disliked the practice of putting personally identifiable info in the WHOIS database.

    I just hope they don't dumb it down so much where one can't get email addresses for those controlling the domain for reporting purposes.

    --

    tinfoilmedia
  3. Reporting WHOIS abuse? by Anonymous Coward · · Score: 5, Interesting

    I get numerous spam from people(?) who have obviously trawled the whois database. Even though there is a strong warning in the whois database against abusing it, how does one report it, or is it just an empty threat?

  4. Exposing Data on the Whois database by knghtrider · · Score: 5, Interesting

    Even exposing contact information for a business is questionable. If you're working on penetrating a company, then this is a stop on the highway. But, without that information, then (as one poster stated) the FBI would have to get us the information we need to prosecute spammers or etc.

    I don't know what the answer is either; I don't think it's simple either. This may be one (of many) invasions of our privacy we have to deal with. Banks, Mortgage Companies, Credit Cards--these all sell our information to other companies. It's sad, but this is big business, and it makes money. Utilities provide information to Local, State, and Federal Agencies all of the time; and are required to by law.

    Our information is not private anymore, and hasn't been for a long time. Everyone has their hand out for it.

    --
    In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
  5. Obstacle to distributing a shareware application by SmackCrackandPot · · Score: 4, Interesting

    This a major concern to me. I've spent some time at home writing an application that I'd consider distributing as freeware/shareware. Setting up the paypal/P.O Box number payment system is no problem, but as every application nearly always has a website, registering a domain name introduces some hassle, not least of all, distributing my name/home phone number/address.

    From reading previous Slashdot articles, being able to seen the domain name/IP address of owners and customers has been extremely useful in detecting all sorts of shenanigans with hyping up new products.

    However, for someone trying to augment their basic salary through shareware software, this is a disadvantage.

    With broadband internet via cable/satellite/telco, I have a permanent Internet connection, but the companies respect my right for privacy. Surely the same could be done for domains registered by home residences?

  6. More of an economic problem than privacy problem by snowtigger · · Score: 4, Interesting

    I don't really worry about having my personal information in the whois database. As most other individuals, I'm in the phonebook too, which can be accessed from the web nowadays.

    Having registered a few domain names, I receive a lot of spam telling me how to register new domains, renew when the old are about to expire and so on. I'm sure the registars make a lot of money on this, which surely makes them want to continue.

    My personal information is also included in the IP whois database. This database contains info on what ISP uses which IP numbers, etc. - see www.arin.net for more info.

    The interesting thing is that I have not received a single spam to the specific email address I supplied. So right now, I see it more like an econimic problem than a privacy problem.
    ---
    If you're not living on the edge, you're taking up space in the middle

  7. Re:If there were strong checking by AKnightCowboy · · Score: 5, Interesting
    Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that

    Or they do and realize an enemy could use that to his advantage to snatch away your domain. Providing false information is reason to lose your domain... or at least used to be in the carefree days when .edu domains were actually educational institutions, .com were businesses, .org were non-profit orgs and individuals, and .net were ISPs. *sigh* The good old days 10 years ago.

  8. A Few Solutions by bmj · · Score: 4, Interesting

    One is using Dotster. They obfuscate your email address, so you won't be spammed so easily, but they can still contact you. A friend of mine nearly lost his domain because he used a fake email address with Network Solutions and he never got the "your domain is expiring" email.

    The other is a finding a trustworthy ISP/hosting provider who will manage your domain for you. I've been using HostSector and it's worked well, plus it's less expensive than buying the domain outright. I'd have to jump through some hoops to purchase the domain from them, but I can do it, and I believe their contract specifies that I can purchase it at any time.

    --
    Whereof we cannot speak, thereof we must be silent. --Ludwig Wittgenstein
  9. UK Solution by hattig · · Score: 4, Interesting

    Basically Nominet has types of registrations, one of which is IND (for INDIVIDUAL).

    Individuals can opt-out of having their whois information displayed in a whois query by asking their registrar to opt them out (a couple of minute administrative task).

    This appears to me to be a simple and logical answer to the entire problem.

  10. Bullshit. by Pig+Hogger · · Score: 4, Interesting
    Whenever you have an internet presence through a domain, you have a public presence. And there is no reason why there should be no traceability towards your domain.

    Right now, there are thousands of spamming scum who post bogus information in their domain registration in order to foil the wrath of spamfighters.

  11. Re:As it should be by DroopyStonx · · Score: 4, Interesting

    Not sure what you're talking about. *I* have the right to a private domain as does anyone else.

    I don't use it for business purposes, which would be a different story. It's my own personal site on my server on my T1. I have every right to hide my private information!

    I've had fake information (invalid address, phone, name, etc) and a yahoo account as my email for the past 3 years.

    "How can someone contact you then," you ask? Well, that's the point. No one needs to contact me. They can do so via my yahoo account.

    Maybe I'm missing something, but I don't see a single thing wrong w/ that.

    --
    We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!