Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exposing Personal Information in the Whois Database

Posted by CowboyNeal on from the a-better-way dept.

rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."

12 of 323 comments (clear)

  1. amen by Neophytus · · Score: 5, Insightful

    Registrars under their status of registrars are required to HAVE FULL AND PUBLIC CONTACT INFORMATION for anyone who registers. For big biz this ok but for individuals (such as me) it is a big worry.

    1. Re:amen by orangesquid · · Score: 5, Insightful

      And when the owner of a domain is running an open relay, or has a glaringly obvious security problem, or has a problem with their site (and webmaster@ bounces), the courteous thing to do, e-mailing them to inform them of the problem, can no longer be done if there is no e-mail address available.

      Or, sometimes you get people who register domains through some co-hosting service and then launch attacks against your box/network through the service. Usually, the e-mail for the domain registration will be someone in charge who can give the asshole due justice.

      It is not a frequent thing when I must resort to WHOIS to contact a site owner, but sometimes it happens and it's fairly important.

      --
      --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  2. Re:How else... by march · · Score: 5, Funny

    If you are looking for chicks in the whois database, it's no wonder you haven't had a date in a while....

  3. Reporting WHOIS abuse? by Anonymous Coward · · Score: 5, Interesting

    I get numerous spam from people(?) who have obviously trawled the whois database. Even though there is a strong warning in the whois database against abusing it, how does one report it, or is it just an empty threat?

    1. Re:Reporting WHOIS abuse? by Future+Man+3000 · · Score: 5, Insightful
      Proving that a spammer took source addresses from WHOIS would be problematic. Taking a spammer to court over it wouldn't be cost-effective for the maintainers of any WHOIS server. Spammers have already shown themselves as a group to not be overly concerned about warnings, standards, or laws.

      It's an empty threat.

      --

      I never vote for anyone. I always vote against.
      -- W.C. Fields

  4. Re:let's not forget... by mblase · · Score: 5, Insightful

    Yes, but Google also gives you the option to remove your information from their searchable database -- there's a link right next to your results if you do a search for your own information. So do most other reverse-phone-lookup sites.

    Whois gives you no such option, and would probably actively resist if you even asked.

  5. UK WhoIS by ledow · · Score: 5, Informative

    The UK WHOIS database (run by Nominet UK) has recently considered this too. Now, private individuals who opt-out can have their personal details removed (obviously Nominet still has access to them). I'm not sure that companies are allowed to do this, it's private individuals only.

    Britain and the EU have always had stronger data protection laws than the rest of the world. This is part of the reason the EU are looking at Microsoft's .NET services as they don't follow EU data laws. To be honest, it's about time the US caught up.

  6. Exposing Data on the Whois database by knghtrider · · Score: 5, Interesting

    Even exposing contact information for a business is questionable. If you're working on penetrating a company, then this is a stop on the highway. But, without that information, then (as one poster stated) the FBI would have to get us the information we need to prosecute spammers or etc.

    I don't know what the answer is either; I don't think it's simple either. This may be one (of many) invasions of our privacy we have to deal with. Banks, Mortgage Companies, Credit Cards--these all sell our information to other companies. It's sad, but this is big business, and it makes money. Utilities provide information to Local, State, and Federal Agencies all of the time; and are required to by law.

    Our information is not private anymore, and hasn't been for a long time. Everyone has their hand out for it.

    --
    In America today you can murder land for private profit. You can leave the corpse for all to see, and nobody calls the c
  7. Re:If there were strong checking by AKnightCowboy · · Score: 5, Interesting
    Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that

    Or they do and realize an enemy could use that to his advantage to snatch away your domain. Providing false information is reason to lose your domain... or at least used to be in the carefree days when .edu domains were actually educational institutions, .com were businesses, .org were non-profit orgs and individuals, and .net were ISPs. *sigh* The good old days 10 years ago.

  8. In the mean time, in Germany... by yourruinreverse · · Score: 5, Informative

    ... it is required by law that anyone who publishes even a single web page on the Web (in Germany) enclose an "Impressum", an imprint that notifies visitors whom to contact or hold accountable for the content. I wish this would also be implemented for Whois as a security measure or a basis for trust.

    Anyone who still wants to publish anonymously could still do it abroad, of course, as there will always be registrars who and nations that don't care about trust.

    I mention trust here, because I can trust a company's products (i.e. a shop selling goods) if I know where I can go, or what number I can call: currently too many (some) web shops (at least locally) do not even mention a telephone number I can call to have an order confirmed or more product information detailed. The same holds for web sites that provide information: if the e-mail address is left out, how can I get any confirmation, more detailed information, conversation or feedback going?

    --
    JeR
  9. As it should be by HighOrbit · · Score: 5, Informative

    I'm sorry, but you have *NO* right to an anonymous domain, nor should you because the opportunity for fraud on the internet is too high. Having everything out front at least keeps a modicum of openness and honesty (although admittadly not a lot).Besides, if I remember properly, you can update the e-mail address to be admin@your-new-domain if you don't want spam going to your personal email.

    If you want relative anonymity, get a hotmail or yahoo account.

  10. Set up TLD for individuals by flakac · · Score: 5, Insightful

    I don't agree with the author's conclusions. Any person registering a domain name in .com is explicitly saying that they are a commercial organization, hence there should be no expectation of personal privacy. The solution is to set up another TLD explicity for individuals, since .org, .net and so on are not really appropriate either. It is necessary for all .com registrations to have valid and public registration info available, without this the level of fraud would be even worse than it is today. I have no sympathy for anyone who registers a .com domain name, and is not actually representing a business.