Slashdot Mirror
ICANN Cracks Down on Invalid WHOIS Data
DotNM writes "Internet News reports that ICANN, the Internet Corporation for Assigned Names and Numbers, is beginning a crackdown on invalid data in the WHOIS database. In ICANN's annual report, they found that nearly 5000 of the 24148 complaints were due to inaccurate WHOIS information. Some of the domain names in question had the address information of known spammers in the database. Registrars, the companies you register your domains with, are under contractual obligations to ensure this information is correct and accurate. Do you believe this is a step in the right direction? Why?"
Just because a rule has gone unenforced for years doesn't make it an invalid rule. I think the Internet would become a much better place if everybody with bad WHOIS information lost their domains until they corrected it.
Absolutely, this is a step in the right direction. A contractual agreement is a contractual agreement, and there is no "right to a domain name", last time I checked. Forcing content providers (i.e. spammers) to remain personally identifiable can only help.
It's already being done - under the control of treaties signed to by nation states.
Why can't we run the internet in the same way?
The owls are not what they seem
I looked at using the whois db for my IP to city project, but rejected it because (a) it's forbidden [which was the most important reason, honest
So I just depend on good folks like yourselves to fill in the data. I think that gets around the various patents that Quova etc. have got on populating a city/ip database as well
Frankly I'd give it about 50% accuracy, and I'm approaching that without using it at all...
Simon
Physicists get Hadrons!
I don't know about the rest of you, but I have mostly correct information, only because I don't want to lose my domain over something like this. What I really hate about having all this information public is I get a lot of spam (both email and snail mail). Email isn't a problem with good filters, but there isn't much you can do to "filter" out the snail mail, you at least still have to throw it away. Spammers must love the whois database, and they'll love it even more when all the data is valid.
I strongly think that there should be a correct address avaible for each and every domain name out there. But! I don't think letting it out to the public is a very good idea. I can think of numerous incidents where evil people obtained the addresses of targets from their domain names. It would not be good to hide this information from the police as they can surely obtain some valuable information from a registry like this :)
So, change the rules to only let the magic people that operate the internet and the law see it.
On the people abusing the WHOIS data for spamming. If I didn't get so much damn spam (not just email, but regular mail!), I wouldn't be so included to falsify my data just enough to avoid it. If they call me on it, whoops, typo! Sorry!
I remember I got this email from NetworkSolutions promising to hide your contact information so I looked it up in my email archive. It costs an extra 5 bucks and promises to protect you from spammers and telemarketers.
:)
Something about this is ironic.
Someone needs to speak to NetSol about the ICANN report.
-----
Protect Your Privacy
from Spammers and Telemarketers
When you register a domain name, your address, e-mail, and phone number are published in the public WHOIS database. ICANN requires this personal information to be available for anybody to view on the web. With
Private Registration you can deter spammers, telemarketers, identity thieves, harassers, stalkers and others who access this database.
Private Registration provides you with alternate contact information for your domain name registrations. The contact information you want to keep private is kept out of the public WHOIS database.
For a limited time you can add Private Registration to each of your existing domain name registrations for the introductory price of just $5 a year. Terms and conditions are included in our Service Agreement.
To add Private Registration
1) Log into your Network Solutions Account
2) From the Account Details page, click on one of your domain names
3) In Domain Details, click "Make this a private registration"
4) Check the domain name registration(s) you want to make private and
click continue
Introductory Offer Only $5 a year
Sunny
Be my Friend
They should remove the details from public view completly. Why must the owners address and telephone number be published to the world anyway?
The US Postal Service, along with most of its counterpart postal authorties around the world, sells a master database of all "deliverable" addresses to vendors so that they can create services that will easily detect incorrect addresses such as streets that don't exist in the given town, or a number that doesn't exist on a real street. In short, if you have this software, you can reliably predict if the postal serivce would bounce a piece of mail as an invalid address and know why.
It'd be interesting to see what would result if WHOIS is washed against such a list...
The spam kings don't mind having to leave valid contact info,
but obviously draw the line on accurate email addresses that
would leave them open to receiving UCE.
As someone who filled in his WHOIS information correctly (and has suffered the ills of having this information public) I think people should be accurate.
Why? I don't know. Seems to me if you are a big enough boy to purchase a domain name registration, you are a big enough boy not to forge your details. No other industry allows you to do that.
If you are planning on infuriating people and don't want to be stalked, just use the privacy feature. It's like 10 bucks. (I'm assuming this is an ICANN authorized system)
Clif
clifgriffin > blog
Don't fake your info, just get a private registration:
& from%5Fapp=&prog%5Fid=GoDaddy&authGuid=
https://registrar.godaddy.com/dbp.asp?isc=&se=%2B
It only costs 2-3$ a year more than a normal domain, and the domain is registered in the registrar's name so your info isn't public.
guess I better change my information to something other than j03 c00l l33t
bash: rtfm: command not found
It would not be too hard for domain registrars to be required to send a postcard to a physical address with a passphrase that would need to be supplied back in order to verify the physical address just as much as verification e-mails are being sent to confirm e-mail addresses.
This would be what most domain registrars are doing for e-mail addresses, which explain why e-mail is so accurate yet physical addresses are wrong. However, domain registrars would drag their feet on this because 1. It costs money, and 2. It'd block most sales to fraudsters.
So what, they have a "valid address" in their WHOIS info. Doesn't mean that it is their current address, or their main address, or the one that they care about.
How about MY privacy as a domain owner? Do I really need s-mail spam, e-mail spam, etc just because spammers lie about their address?
Perhaps you missed "along with most of its counterpart postal authorties around the world"?
Yes I believe this is a step in the right direction. As a matter of fact, I believe it's about fscking time they cleaned up their act. I don't know what percentage of those with fake info are spammers, but I do know, that 99% of the spammers has fake whois information. This makes it pretty hard to track them down, and hit them where it hurts - on their pouch. Spammers couldn't care less about losing an account or two - there's only one thing that can hurt them - that's going after them and their money. Fake whois information was an effective shield against that.
Spammers are a problem, but this is a terrible way to deal with it.
What if I want to be able to host a website realtively anonymously, so that people don't know that I am running the website?
For example, what if I were gay, and wanted to host a website about gays, but I didn't want my employers to be able to do a search and find out that I am gay so they can discriminate against me?
Also, spammers and other marketers harvest the info from the registration datatbase. Back when the Internet was all educational facilitities, requiring people to register who they are made sense. Now it does not.
Hopefully this policy will not affect services that act as proxies to register names under their name rather than the name of te acual server owner.
The guys I bought hosting from also registerred the domain for me, and put in their info for the whois. This way I don't get any lamers using it to spam me.
The Yasashii Syndicate ||
You know that huge, 5+ paragraph bit of text you get with any WHOIS query that's really damn annoying?
An employer who shall remain nameless used the WHOIS database to get sales leads. When they got blocked for too many queries per day, they simply set up more systems- they were blocked by specific IP, not range.
The most amusing part was the nonchalant reaction when said employer called Verisign and asked if they could pay for more access, the answer was no, but when Verisign was told "we'll be accessing the data anyway", the answer was "okay". You'd think it would be more along the lines of "you do that, and you'll be violating our terms of use and we'll sue the crap out of you".
Do you really think Verisign gives a crap about the privacy of info in the whois database?
But if you really want to make sure you don't get snail mail use your address line 2 with a phrase that will make the mail get destroyed such as: "THIS MAIL MAY CONTAIN A BIOLOGICAL VIRUS"
Not sure what the legal ramifications/consequences of doing so might be, so do it at your own risk.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Some whois databases already put the e-mail address in an image so that spiders cant harvest them, most do not. This means that a first timer will quickly find his/her e-mail address useless becuase of the sheer amount of spam the address gets.
Then there is the question of privacy and personal safety. Let's say I believe that some cult exists only for the sole purpous of ripping people off, and I put up a web site warning other people and telling them of my personal experiences. The cult memebers that feel outraged by my blasphemy might look up who I am by the database, and I would be risking life and limb by putting opinions on the web.
Now someone is bound to ask "Hey, what about kiddy pr0n". Well, that's why I think the autorities should have access to that information, just as they have some other rights not bestowed upon us regular joes.
The next argument will then prolly be
Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free.
- Benjamin Franklin
I think this is hypocrisy and not even quite realistic. It's easy to quote famous people from behind a keyboard, but I just wonder how many of the slashdot crowd would actually put the money where their mouth is. After all, living together is but a series of compromises. No one can live their lives as they whish. Chance and other people will prevent this.
And as someone said
No man is an island,
Entire of itself.
Each is a piece of the continent,
A part of the main.
But I digress...
I recently received a letter indicating that the email address I had listed in the whois for my domain was invalid and that if I didn't update it I could lose my domain. I promptly did so. I both did not want to lose my domain, and was glad to see they are keeping that information accurate.
For intents and purposes, we're dealing with addressing, and just like each physical address the post office deals with needs to be as accurate as possible for mail to be delivered effeciently, so do the cyber addresses that exist need to be in order for things to work correctly and effeciently.
I work at a corporation where a former engineer setup several hundred remote domains with all servers having the exact same host name. This meant for years we could only utilize the network on an IP level (e.g., all scripts and so forth not being able to use hosts names, but instead using the differing IP addresses of each server). Now, I know there are ways around this, but logistically, we had to wait to "fix it right" and have now done so, but the point is, fore-thought into proper addressing, accurate information, etc., when dealing with networking -- or the postal system -- is essential. Keeping things up-to-date is also essential.
We bitch about mail being slow, but how many of us haved moved and then taken the time to inform each addressy of that move especially when the postal system lets us know to do so by still delivering the mail to us with the little yellow "inform sender of address change" sticker?
I'm glad to see the enforcement of accurate information take place....
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
I signed up for the private registration service on a existing domain but shortly after realized that the data is readily available from historic data certain whois websites have.
The registrar should be required to verify, not only at purchase time, but on a regular basis, the billing address for the domain registrant. The whois information should not be required to be public - since it contains addresess, phone numbers and email addresses. Yes, you could get this information somehow if you looked - but this information should not be made public in the context of a simple directory listing.
Above all it's stupid. Anyone putting correct information in there is not breaking the law anyway.
I think this is an excellent move. As an anti-spam activist, I frequently report blatantly invalid WHOIS contact info to both the registrar and to ICANN -- and never hear back from anyone. It's amazing when you see spammers' domains with fake cities (in the wrong country), blatantly invalid email addresses, etc.
I can understand that some people have reservations about posting their private information in public databases, but options such as PO Boxes are available (I use a PO Box myself). Also think of it in context: if someone knows your name and wants to find your address, they can easily do so anyway. You can also give a cell phone number instead of a home phone, of course.
Semi-anonymity is still available for those who want to use dynamic DNS services.
I wonder if ICANN cares about this at all, or if their problem is with false WHOIS information, rather than people avoiding having any WHOIS information whatsoever.
...
believe their gonna force me post my personal information on a global public database. I have very good reasons for NOT posting it.
1) I don't have a correct email address listed, so I don't get spam.
2) I don't have a correct snail mail address listed, so I don't get junk mail
3) I don't have a correct phone number listed, so I don't get telemarketers.
Seems to me like this will be a huge benefit to any company who's ever solicited me in a way I hate. Score: Businesses, 1; Users, 0
I called the Dipshit Registry of America after they sent mail to my WHOIS address. They told me that they don't do that (even though the name, "Network Administrator" matched exactly) and that it must have been one of their "marketing partners." They advised me to write to president@droa.com. So I did, copied to ICANN, and received no response.
I wonder how many complaints ICANN gets about registries abusing this data? I'm not budging until they do something about it.
I have phone numbers in my whois that don't go to my home phone - they go to The Telemarketer's Nightmare because I sas sick of credit card and health insurance salesmen calling me trying to sell me stuff because they scraped my home number from my whois info. While not *my* number, they ARE valid phone numbers. Everything else in my whois info is legit, so I can be contacted by email or snail mail.
Come to the University of Mars! Classes starting soon!
My domains use my old po box address.. i cancelled the box but never changed the info with my registrar.. i have a good reason though, i live with my mother and she has a stalker and i am NOT putting my home address.
For those who fear stalkers, etc., there are services like Domains by Proxy (related to the registrar Go Daddy). These services will register the domain on your behalf; they require valid contact info from you, and they put their own contact info in the WHOIS database. This is technically in line with the ICANN rules because the proxy registrant is the real registrant of the domain. (Although they have a contractual obligation of doing it on your behalf.)
If you break the terms of service -- for example, if you use the domain for spam support or to commit illegal activities -- the proxy registrant will expose your real identity. Otherwise, your privacy is pretty well protected with these services.
I've used those types of services (including Domains by Proxy) to register domains on behalf of minor children who shouldn't have their contact info exposed online, and for other purposes requiring some level of privacy. For my own domains, I'm not afraid to use my valid PO box address and phone number.
(Note: I am not affiliated with these services in any way, except as a customer.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
You've never had a right to privacy as a domain owner. If that bothers you, don't use DNS and just publish your web server's IP number.
And then that begs the question is it legal/ethical to require that information to be public?
I know of no law that requires that information to be correct and I can see several ethical issues that would preclude this not being a privacy right issue.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
There was an unused domain I wanted to purchase a year or so ago. They guy paid in 10 years in advance for the domain. All of the WHOIS information was bogus. The address pointed to a a chip manufacturer, I forget which though. The domain have no DNS records. It was just a dead domain. Basically there was no way to track down the owner of this unused domain to make an offer to buy the domain. The registrar wouldn't help. They wouldn't even contact their own customer to ask that they fix their WHOIS information. Maybe I should have made a complaint to ICANN and gotten the domain revoked. To this day the domain still hasn't been used and still has no valid WHOIS or DNS records. What a waste.
Seriously, there are plenty of free website services where you don't have to register a public domain name. If you are just using URL-forwarding, most of the contact info will point to your ISP anyway--because they are the ones running the servers. The primary point of Whois is to identify the people running the physical servers. Yeah, the internet has gotten more complex and the Whois database doesn't make as much sense as it did even ten years ago, but that's hardly a reason to say "screw it, let's just let everything go all to hell."
With that in mind, if you're running ANY kind of commercial site, your information SHOULD be public and accurate just like a business license (which generates more snail-mail-spam and telemarketers than Whois), articles of incorporation or trademark registration. There's a rather substantial public interest in maintaining a public record of such proven identities.
Anybody who collects domains -- in particular, who trolls the expired/deleted domain lists looking for little gems -- would be delighted.
As someone who enjoys collecting cool domains, I am drooling at the thought. I'm sure a lot of domain squatters and people who run those pseudo "search engines" where there once were websites are, too.
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Do you suppose they'll let you take the domain if you want to switch hosting services? They registered it, it has their info on it, and (I'm guessing) they paid for it (out of money you gave them of course).
I've had my domain since about 1997. At some point during the 'Net boom, some idiot company harvested a BUNCH of WHOIS info. At the time I had the correct information in there (INCLUDING phone number).
Well...I got on every telemarketing phone call list imaginable...AS A BUSINESS. You think it's hard stopping residential telemarketing? Wait until you start getting phone calls at your house asking you to buy Pitney Bowes postage equipment, insurance for your employees, etc, etc.
It was a NIGHTMARE. All I could do was ask the individuals to a) place me on their do not call list, and b) ask where they bought my information from (information that, not a SINGLE COMPANY was able to provide).
So, since then, I've used a P.O. Box for mail, and I FLAT REFUSE to give a phone number.
I'll start providing valid information when I know that it isn't going to be harvested by any slimy company out there.
I own a few domains and I never put the right phone number in. I also have an email address strictly set aside for domains only - which catches TONS of spam, and I tend to catch a little bit of snail mail spam as well - usually from the same company that tries to trick people into switching to them and paying $25+ a year. I hate the way that whois info is public though, and you have to pay (usually more than the price of the domain where I register domains) to make it private. It should be automatically private, at no cost. Someone above mentioned something about the reason that is there is for complaints and such - well I just happen to have an idea that could fix that problem easily. Make any complaints or inquiries go through the registrar. Kind of like a registrar private messaging system. It might seem like a lot, but I think it is little to ask to help stop the whois info harvesting and millions of spam emails that get sent as a result of it. ICANN already has a ton of requirements that registrars have to meet, why not one more.
This sounds like a question from some 5th grade social studies book... Brings back nightmares from those days. Please don't write like this again.
I use eFax's free service for my domain phone number. Although their support blows it works well when I need a legitimate number.
I agree that it should contain correct information when registered.
I however think that any other information than a valid email, should be optional if people want that in public.
Here's a suggestion. I've only been doing this for about a week but it's been effective so far. In WHOIS, list your email address as dns-admin@yourdomain.blah. Configure your mail server to accept email to this address but then send a bounce with "5.1.1 User has moved; please try dnsadmin@yourdomain.blah" message (note the lack of hyphen). Configure dnsadmin@yourdomain.blah to go to your real mailbox.
This works because no spammer ever uses their real email address, so they'll think their message was accepted and they'll never see the bounce. Meanwhile, a real human being who actually needs to communicate with you will get the bounce with your real address.
As for physical contact information, the best I've come up with so far is a PO box. But that costs money.
irb(main):001:0>
My registrar is GoDaddy. Every time they "improve" their stupid web interface, it gets harder and harder to enter correct information into their system.
Needless to say, attempts to get them to remove the boneheaded logic errors is an exercise in frustration, but that's probably just an extension of their horrific customer service.
Yes, I'm looking for a new registrar... how'd you guess?
Second question. Why not have some small fee in order to access the WHOIS database. Make it a dollar charge, that has to be charged to a credit card with correct contact information (for example, they fax you the data). If someone abuses the database, then they get cut off.
Third question, and the most important. How the hell can we make a better system where the 98% of us who do not abuse resources do not get screwed by a few bad apples who will do anything for a buck. Do we make it a charge, so there can not be an easy profit? Do we have a system where a few trusted people are allowed to forward requests, and block those they know are from the bad apples? How do we identify the bad apples?
This all pisses me off. I hate it how one person can force the rest of us to NEED locks for doors. It would be better if they did not exsist.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
There is no reason why this information needs to be publicly available. The correct information could be stored privately with ICANN and available through the proper channels (For example: a warrant).
:P).
:)
The one time I used all of my correct information I ended up getting a) prank phone calls, b) calls from people who disagreed with some of the sites messages (think free choice vs. life, not PORN
The people who are lazy to call end up mailing you. Sure you can setup an account that just collects all of the email and then dumps it, but what about that 1 legitimate email every year or so?
I was constantly emailed by other domain firm to con me out of more money through false renewal claims (Your domain is about to expire: NetSol).
If ICANN were really serious about your information being correct it would have done something years ago. These half ass attemtps to enforce a questionable policy don't convince me that they really care.
I've tried being nice and having all of my information public. Now I'm happy to live on 123 Freedom Lane, Chimichanga New Mexico.
You don't just turn off the domain instantly. Attempt to contact the domain holder (they have to have *some* kind of valid contact known to the registrar). If calls/emails/letters are not answered, lock the domain. Tell the holder that if data isn't updated within a certain period of time, the domain registration is forfeit.
In the case of spammers' domains, take a few extra steps. First, lock the domain right away. Second, instead of attempting to inform the spammer that their domain is locked until the WHOIS data is updated, send an assasin to where they live to have them killed.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
How many personal domains are out there? And how many freaks are there online who'd wet themselves over the chance to stalk people whose website the dislike or whose website turns them on or whatever the hell it is that they get off on?
My websites all point to my former address. I moved because some freak was harassing me and I was worried he was going to show up on my doorstep some day. I didn't update the listing and won't for at least another year, unless I get a PO box, and I'm sure as hell not going to spend the money on that when I'm getting zero benefit on it.
My registrar has my real contact info. That's all that matters. If someone has a complaint about one of my sites that can't be resolved by emailing me, they can write to my hosting provider or my registrar.
Yes, it would require the expense of maintaining a PO box, but you won't be able to track someone down any further than the city in which they live (unless they choose to host their PO box in another city).
STOP MISUSING APOSTROPHES, YOU MORONS!!!
For my own domains, I'm not afraid to use my valid PO box address and phone number.
Some people simply do not have voice telphone numbers. It's unbelievably arrogant for those stinking turds at ICAAN to demand that one have a voice telephone number to be graciously allowed to have a domain at all. May the strutting filth at ICAAN eat shit and die horribly.
> Registrars, the companies you register your domains with,
> are under contractual obligations to ensure this information
> is correct and accurate.
>
> Do you believe this is a step in the right direction? Why?
Yes. So that abuses of the system are dealt with.
This is a very old game, punishing end users for something certain ISPs are screwing up. I definitely would like to see problems like spam fixed, but this is just punishing good users for something spammers and the like are doing, and the spammers are going to find a way around this anyway. OK, requiring a valid e-mail address that responds to ICANN e-mails or whatever I *might* accept, but I find a jackbooted attempt to get real names and addresses (of course, ONLY in the United States) by pseudo-governmental authority quite weak. I'm sure there are plenty of boot-licking, groveling, authority-worshiping little computer dorks on Slashdot who love the idea of lawyers and the ogrish, incompetent government now that much more successful in exerting their authority.
1. The internet was not designed to be a telephone system or a post office. Anonymity and openness are what made it what it is today. Want a secure communications system? Build one. IP was not designed for businesses and their needs. Closed systems existed before busineses stampeded on to the internet. If they want registered users and trusted boxes, then they should build an alternative network that does not connect to the internet itself. Leave what is, alone.
2. Spoofing whois is essential for people who wish to use the internet to get messages across that powerful people want suppressed. Or at the very least, powerful people will retaliate.
For instance:
mediawhoresonline.com -- the people behind the Horse (out to pasture at the moment) were afraid of retaliation in their personal and private lives. They have some justification for this, for Bush and his people have grown famous for their ruthless vengeance against anyone who crosses them - Valerie Plame, Wilson, Richard Clark, the owners of that restaurant in Texas tht called the cops on the Bush Girls (business shut down for "code violations"), the Funeralgate affair (nailed the whistleblower AND her department). And innumerable others whom we don't hear about because, well, reporters don't want to cross the Bush family either.
Buzzflash.com also hides their identies for the same reason, I think.
Now, on to the cultbusters. During the late '90's, a lot of ex-Scientologists went online, mainly on the Usenet on alt.religion.scientology, but also branched out into the web as well. They had to hide their identities: the utter certainty of the destruction of their lives if they ever were outed was paramount. The viciousness of the attacking Sea Org (secret agents oh my) is legendary, and you can check it out at xenu.net, as well as any number of other sites.
Just don't use the WayBack machine: they purged the history of the internet of all the critical sites with any teeth at the behest of the Hubbardites.
Now there are others: the Moonies, the nutballs in Japan, any number of small, evil little cults all over the U.S. If you want to expose them, anonymity is key. And anonymity was long held constitutional in the U.S. under the 1st amendment as necessary to demand redress of wrongs without fear of retaliation.
I fake my whois info, and always will.
3. Registering users will not stop the spam. Oh please. People who send billions of messages and make millions of dollars aren't scared of fines or jail time. They're rich; they won't see real jail. This registration crackdown is happening because the control freaks in law enforcement can't stand seeing anonymous communications. It's like nails on chalkboard to them. I think Pratchett said it best when he wrote that cops, if they had their way, would make everyone sit at home, at their tables, with their hands on top of the table where the cops can see them.
It's not like we haven't seen this coming. The jail doors are clanging shut, and they won't let us bang on any pipes in Morse code without the ability to listen in any time they'd like.
I've owned my domain since the late 90's, and for the first couple years I had legit info in the .whois dbase.
I used to write a lot about moronic white supremicist groups around the country.
One day I saw my home phone and address being passed around on skinhead message boards, and the real-life threats began.
I'll never provide legit info again, ever. I'd rather lose my domain than have someone come to my door and threaten to kill my "nigger loving" family, again.
Or:
And I'm sure there are other ways to go about using the DNS without putting your data in an ICANN-controlled database.
Microsoft Windows is, fittingly, the official Desktop OS of Olig
I will never, ever register any of my personal domains with valid registration information. There's absolutely no way.
I will not have all the people who don't like what I publish on my websites harrass me at my home address, which is the only "valid" address I currently have to use in my whois records. I will not give that information out in public for any reason. There are way too many net.kooks out there for me to volunteer my home address.
I will also not pay to get a p.o. box to avoid being harrassed. Why should I pay to be left alone?
For businesses, however, I do agree, the whois records should be valid and uptodate. This includes the spamming parasites, who've made it an art form to forge every single record of theirs they possibly can.
In Soviet Russia, I ruled you
I, for one, refuse to let my personal information become public.
What if I were the operator of a website that contained opinions that were very contraversial? One example I can think of is the abortion debate. There are extremists on both sides who will spend every waking moment trying to ruin the lives of people on the other side of the debate.
Do I want to invite people to my house to vanalize my property or burglarize me if I can help it? Certianly not.
I have always used fake information, except for my phone and email contact (I figure that its pretty immune to what I'm worried about, I can filter spam, etc) which I leave in case my registrar accidentialy forgets who my domain belongs to.
How do they know I do not live at this address? Are they going to send someone out? What if its just a drop box for mail?
Search Google for various queries involving the term "voicemail". Depending on your needs, you can get a voicemail drop box for very cheap. (Including one that's at an extension if you want to get really cheap.) Voila, valid WHOIS contact info.
After all, you're going to have to spend some money if you want a domain name. I just consider it part of a cost to be amortized across the domains I own.
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Do you believe this is a step in the right direction? Why?
Just firing from the hip here, but corporations and real estate have to have accurate contact information too. I'm guessing this has to do with preventing squatting, and with resolving legal issues which involve the owner of the property in question. Both of these issues have correlaries in domain name space.
Stop-Prism.org: Opt Out of Surveillance
One case is when private individuals get harassed personally due to their WHOIS postal address...
I know of a couple of cases where this happened.
Letting you put in your ISP's address for contact information, then let the ISP contact you in case of a problem would make more sense. You are still accountable, but have a layer of privacy.
---- Booth was a patriot ----
For all of those people who think being anonymous and giving fake info is the way to go...
I feel everyone should be accountable for what they say and do. So if you want to spout off about some hate group (just like in real life) you might have to pay the consequences. Nothing in life is free so stand up for what you believe in and live with what comes from saying it. If you aren't willing to pay the price then you should not be saying those things in the first place.
It seems like common sense to me.
-= Why can't I add 'Anonymous Coward' to my list of Foes? =-
So a registrar that allows you to use a proxy for the publicly-posted contact info isn't doing anything wrong. By putting that name in the WHOIS, you're effectively appointing that entity as your agent.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
In other words, shut up if you don't want to get hurt.
webmaster@ is a magnet for spammers. I bounce it at all of my domains. Plus, it's WWW-centric; there's more to the Internet than just the Web. Should a Net site that doesn't run a WWW server be forced to keep a webmaster@ role account open to collect spam?
I do keep postmaster@ and abuse@ open on all my domains. In the latter case, it's just a convention, but a useful one. (And I don't see spammers sending to abuse@ every domain they can find, for obvious reasons.)
As for the rest, why should I keep noc@ (for example) for domains that are virtual hosts?
Microsoft Windows is, fittingly, the official Desktop OS of Olig
All registrats who don't care should lose their ability to register names! So many times i've complained about faulty information to some registra, and their reply was "there is nothing we can do about" - well if not you who the fuck else! Idiots.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
The American Revolution was full of dissent. Lots of it was done anonymously (pamphlets, newspapers, etc) because they knew of the reprisals that could occur if the wrong people (who could do much more to them than the people speaking out could do back) heard.
Don't believe me? I will give some real examples.
1. My school district tried to discipline me for publishing a website very critical of them. (Nothing ever ended up happening because the people in the right part of the chain of command had some sense)
2. Many countries, (China for instance), publishing information critical of the government can land you in jail (or with tanks rolling over you if you think a mass protest will somehow help)
3. Extremists hate people who talk bad about them. They would love to egg your house, threaten you day and night, and send you explosive packages in the mail.
Three years ago some jackass from /. thought it would be funny to call up my home phone and leave a nasty drunken message because I disagree with him about the current SUV craze. The reason he was able to do this was because (stupid me) I kept accurate whois information for my domain names. Had I pissed him off enough, there was nothing keeping him from coming to my home.
Requiring public, accurate whois information is idiotic. I think a requirement for accurate information held in confidence by ICAN is a good idea (to be available to the police with a warrant). Before you run out there cheering for accurate public information, think about how you would feel if every email and every web posting you made had your home phone & address on it. If everyone were sane and reasonable, it would be good. Since everyone's not, and someone can anonymously e.g. burn your house down, it's bad.
Spammers are just going to get phones with junk info and PO boxes. This can only hurt, not help.
I'm surprised to see the responses I'm seeing on a site where most people ostensibly argue for free speech and anonymity.
A few years ago California set up a website regarding a gun confiscation program (taking registered guns from lawful owners). I discovered that the WHOIS information revealed the website was owned/operated by someone in Bejing, China and hosted in Australia - facts severely inappropriate for the purpose of the website & gov't program. When this information was made public, the WHOIS data quickly changed several times, apparently to cover up a political problem. Would have been nice to demand the coverup info be restored to the correct original & politically revealing WHOIS data.
Just send a FOIA (Freedom of Information Act) request to them.
My registrar (Network Solutions) recently sent out an offer to me for private registration, i.e. I can keep my real whois information private.
This is so bogus I don't know where to begin. It is just like the telephone companies. They charge you to *not* have your phone number listed in the phone book. Their justification for the charge? They get paid ad money per name listed.
The purpose of whois is that the information should have to be public.
The only reason ICANN is enforcing this is to line the pockets of private registrars who want to regulate dollars into their new "private registration" bullshit.
It is very important that this be updated! I created a company about a year ago, and then promptly went to register my domain and webhosting, conviently through the same company. About 3 months later, I realized this hosting company did not offer some of the services I needed, so I changed companies. Well, 9 months later, when my 1 year domain contract expired, I go to re-register it. I can't. The hosting company that I had previously used had registered the domain in thier name through a third party, and the third party wouldn't deal with me unless my name was on the WHOIS report. I was forced to pay 60 USD to re-register my site through me original hosting company. Bastards.
I did track down a couple of the hosting companies and the legitimate ones shut off the web sites. The web sites hosted in China just kept on running for several more weeks.
I just went through getting my domain renewed and had to provide a driver's license and signed statments in order to renew. This should also be the rule for getting a site hosted as well, not just who ever has a check book.
Too lazy to create a sig...
I hope they hit NIC-SE (who runs the .se tld) hard for providing a useless whois database.. :]
= se &submitted=997702788&table=whois
http://rfc-ignorant.org/tools/detail.php?domain
I think that the best way to deal with it is to edit the hosts file. He could use rsync to update the information on the other computers. That's what I would do. It's cheaper & might even be easier.
testing out my trending skills
The proposal to force all domains to use valid WHOIS data would be a boon to law-enforcement efforts. But that leads to another potential concern.
In the US, it's not a problem to express yourself. You can say whatever you like about the government and get away with it. OK, not quite anything. In other countries, however, including western countries like Germany and France, freedom of expression is non-existant -- you may only say what the government allows you to say. In the two countries I've mentioned, it's not much of a problem, because they've basically only banned racist expressions. But there are more than enough other countries (China, anyone?) that actively work to suppress their citizens from expressing themselves freely. For dissidents in such countries, false WHOIS data may be necessary for freedom of expression. Is ICANN trying to help such governments crack down on their citizens?
If ICANN wishes to enforce this rule, I agree with the procedure outlined in the parent post, but disagree that spammer's domains should be treated separately.
The problem is, how do you recognize a spammer's domain? If you simply look at the "to" address, it will result in a lot of legitimate sites getting spammed, because a real spammer will fake the from address. If you look at the originating sender, I've had enough (virus) spam that apparently originated at my mail server. The header information was modified -- the IP did not belong to my mail server. But you can't backtrace to find the domain if the IP is in a dynamically allocated range. Once again, 1:0 for the spammers.
The few honest souls who are dumb enough to use valid information will get caught anyway. Now if we are talking about domains that are linked in spam, that's a little easier to deal with, but there is still a large potential for abuse. So a spammer doesn't like a site. Voila, take them down. In fact, anyone could effectively disrupt any website they like.
Of course, spammers should be prosecuted, provided they are within the jurisdiction of a state that cares (e.g., the US). But intellegent spammers work offshore anyway, which puts them beyond the reach of any western regulatory body except ICANN. We can go after their domains, but there's no easy solution to determine which domains are pure spam.
Even BT allow you to ex-directory for your telephone here in UK.
Those in charge of DNS should have allowed domains to be ex-directory right from the start.
If your privacy is that critical, hire a lawyer to act as your agent.
Mea navis aericumbens anguillis abundat
WHOIS data should be useable for one purpose only: Getting into contact with the person or organization that owns the domain.
Any amount of redirection, clearinghouses, care-of addresses and so on SHOULD be permitted - *as long as legitimate communication to the address listed gets to the domain name owner*.
I've said this many times over the last 10 years, because it seems so blaringly obvious to me - but people *still* say things like "the WHOIS data must list correct address information for the owner" and think it means that it must list the street and number of the house I live in.
That's JUST PLAIN WRONG.
Forgive me that I shout.....
I own my domains, not some company. My I am not going to publish my phone number, and get more junk calls like the postal spam I get due to the fact I used my legitimate address (at the time) for registering my domain(s) years ago.
.inc TLD, with data linked to corporate registration number and state and country of inc.? and leave the rest of us alone!
What's next, publishing my SSN and birthday in whois data?
I know some other countries (france, for example) are very strict and will only issue domains to a company with a tax ID and right to the name. Well, go right ahead france, but I think the generic domains (com/net/org) should remain open to all without prying eyes.
If we wanted such open access to domain owner data, how how about a
Maybe you can learn grammar and how to spell first.
I run a bunch fo websites so I have my share of domains. The information for most of these domains is up to date. One domain has inaccurate snail mail address information and I want to keep it that way. Why? Well, I agree that the Internet is a cooperative network but the problem is rogue capitalists, especially the ones who send me cease and desist letters for silly reasons. As an activist and free speech advocate, it's in my interest to make life difficult for these retards. I'll gladly update the contact information for my domains, as soon as we can get these legal zealots to start understanding that intellectual property is dead and that the Internet benefits everybody if we learn how to share.
- tracking down spammers is a 'maze of twisty little passages, all alike'... - i think domain registrars should be held responsible for sponsoring, enabling, and hiding spammers...
The information is inaccurate... what do I do in a case like this?
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
I've been using gandi.net as my registrar for a handful of domains for about 3 years. When I updated my handle contact info recently, I found they've added a couple privacy features. First they provide a gandi.net email addy to mask your true email. Second, you can select the option to have your personal contact information excluded from the bulk whois info that they are required to make available for sale (it'll still be visible through normal whois inquiries). No extra charge for that and their 12 euros/year includes dns (configurable thru web interface, though a bit less flexible than hand-carved zone files). You can use your own dns elsewhere if you need the flexibility of editable zone files (ie. anything more than adding and deleting A, CNAME and MX records). Their web interface is in English and French.
I was real interested in this discussion, and thought it a nice niche business performing a service that this whois obfuscators were doing. It kinda blows it if you can still get the accurate info. Why aren't they sued for fraud? Being able to at least remove your personal info away from casual goombahs intent on spamming or stalking is a good idea.
Is this true of these other services referenced in the thread? Anyone?
I have a few choice packages I wish to send you.
Oh, you dont want to give me this information?
Then you're a hypocrite.
What if I don't want people to know it's my site. I may post something that could bring me and/or my family harm. ICANN can kiss my ass.
Most scam websites, child pornography websites will use bogus whois info.
If we ensure it's all accurate, we are holding webmasters, ISP's accountable for the crap on the web.
It's a great step towards removing the garbage that scares so many from the internet.
If every webmaster's address was listed in WHOIS accurately. How many scam websites would be set up? How many would setup child pornography websites and list their own address as the contact?
If they are that stupid, at least it becomes that much easier to catch.
I see no reason why they shouldn't go about it. It's good for the Internet as a whole.
I think it's a bad idea. The right solution is to replace ICANN with some decentralized approach.
... sorry, forgot the terminology, but when I look up I see http://yro.slashdot.org/... the part I mean is the .slashdog.org.
://yro.slashdot.org/comments.pl?sid=... now being common, there's no need to let people monopolize anything that sounds like the name they want. Perhaps there are legitimate reasons to assure that people aren't being fooled, but that's a separate matter (fraud).
Also, the IP allocation should be totally redone...no organization should be allowed more than one IP number, let them use NAT internally to make up the difference. If they need to go to IPv6, then that's fine.
And similarly no organization should be allowed more than one web
I realize that in this context "organization" is a bit difficult to define, but with names like
I think we've pushed this "anyone can grow up to be president" thing too far.
Of course, I too would hesitate to put my name in front of an organization that advocates having sex with kids not even 10 years old...
I am going to put some po box or something for mine. there is no reason to have to put that crap.
Yes I beleive this is a nessisary step. Last year I found out that there were 3 domains registered to me that were being used as spamming domains. By registered to me I am saying they used my name and address in the WHIOS database. When I brought this to the attention of Network Solutions, they put me though a huge ordeal of faxing. Yes faxing, what kind of tech company uses faxes anymore. Well I digress. I think this is important because I don't want my name on anything that sends out spam.
The system has been abused for year. So, I'm sure there are those who feel entitled to the privacy and anonynimity they've been able to get for free so far.
I liken them to homeowners and small businesses who are dumping their pollution directly into the river, and then complaining when told that the same new environmental laws which apply to mega-toxic-corp upsteam also apply to them. However, just like the river, which may supply drinking water to people living downstream, DNS is a public service hosted on other peoples servers, not your own. If you want to use a public service (as opposed to running your own private DNS server for your buddies, etc.) you may have to abide by public rules.
The beginnings of a clean-up mechnism are simple. Notify people to clean up their DNS records and then randomly snail mail letters to a percentage of domain owners. Lock domains for owners who do not respond.
If you want your privacy and anonynimity, which was not implicit in the original rules for DNS service, pay for a proxy service (electronic equivalent of a PO box, answering service, subsidiary in the Bahama's, etc.). But don't depend on being entitled to a mechanism which makes you look exactly like joe toxic spammer at zero cost, and which leads to a Tragedy of the Commons.
I just went to the lsited site and registered a complaint against a site that has:
1. Invalid Whosis data
2. Use of copyrighted images without permission
3. Use of copyrighted text without permission
4. Slander or libel (whichever one is written)
5. Sends spam but claims not to
6. Works with others to support them harming the environment
7. Works with others who threaten people via e-mail (I was one so threatened).
With this new ruling, maybe we can finally get them shutdown and/or sued out of existance.
I had a stable email address with an ISP for about ten years, but the ISP discontinued my service plan and said I'd have to change addresses if I wanted to stay with them, so that's why I registered a domain, so I have a permanent net address that I can give out to friends and acquaintances. That doesn't mean I want it advertised to the public. It's like an unlisted phone number. I'm ok with the registrar having my contact info in case law enforcement needs to find me, but I see absolutely no reason they have to publish it in WHOIS.
The problems of making everyone post their real info greatly outweigh the benefits. Beyond just spam and stalking, it is a matter of freedom of expression. What if the person was in China and did not want their true ID being made public? Or if they were a single young female who ran a blog? For sites that have a commercial nature, yes, they should be encouraged to post their real info. If I run a site with a controversial topic, I really would not want to be threatened by religious nuts who more often than not, get really excited over the stupidest issue.
Some registrars provide some extra privacy for a small fee (Netsol charges $5). Other registrars have similar offerings. Check it out.
I'll put accurate, current physical contact information in my whois data when I finally get a P.O. Box or some such obscure, vague association to my whereabouts.
I think the only people really complaining about this sort of thing are lawyers and companies looking to screw over the individual.
RIAA: "He has a domain name!? Quick, I know a 31337 trick! 'WHO IZ' his domain name to get l337 infoz! Then we can get him!"
Later.
RIAA: "What the hell is this? A run down shack in the middle of the desert? Obviously, the terrorist mp3 file sharer has tricked us and our super-hacker 'WHO IZ' trick! What else can we do?"
RIAA Lawyer: "Let's see into making it more difficult to use contact data for domain registration. That way, you can easily find all your terrorists with your elite 'WHO IZ' uber-hacker skillz!"
How hard is it to just have the ISP act as a 'relay' in case of trouble. E-mail or letters are directed to them, and they are responsible for relaying the information if pertinent. Maybe this could be optional for a small fee. That would preserve privacy, yet still allow for people to be contacted, hunted down and shot, etc. in case it ever was required.
They have 'no call lists.' So it wouldn't be stepping on anyone's toes to say that commercial solicitations through this medium would be forbidden.
Or am I missing somthing.
___
It's the end of my comment as I know it and I feel fine.
Besides bad information in the WHOIS placed by the Registrant, there are also cases where the Registrar has placed bad information on purpose because of some bad blood between them.
This has the effect that the Registrant has very little chance to make modifications to the record (specially when they are technically illiterate and didn't get the ID/PW) and little recourse to complain to the uplink.
About the only chance they have is to go to a Backorder service, hope that the Registrar will forget to renew before expiration and try to regain control of the domain name that way.
Cheers!
--
Han Tacoma
~ Artificial Intelligence is better than none! ~
I already get spam containing my [incorrect] home address located in my WHOIS info. It's asinine that they can start enforcing correct information when the WHOIS databases obviously aren't protected well enough.
I just finished my first book. Maybe tomorrow I'll read another.
No, seriously. Think about it. If you have phone service, your name, address, and phone number ends up in the phone book. Now, you can customize it a little (omit your first name, omit the street number), but it's there. If you want it not to be there, you pay the phone company for an unlisted number, and they take it out. If you want your whois info not to be there, you pay your registrar a fee (most offer "unlisted" or "proxy" registration in which the domain is registered under their name) and they take it out. This process is perfectly fine as far as ICANN is concerned.
Sure, you could argue you can't reverse-lookup a phone number using the phone book, but there are other directories that provide that service for free (go to any large public library and ask for Cole's City Directory - provides address-to-name/number mapping). So really, if you consider that (domain=address; phonebook=whois; telemarketers=spammers) these two scenarios are really the same. And yet no one goes apeshit when the phone company requires you to provide a valid address.
If you want anonymity online, that's all well and good. But if you want a domain name, you need to pay a little more to remain anonymous. There are tradeoffs in life. There are plenty of ways to hide your whois contact info and still remain in compliance with ICANN rules. Listing your address as "123 Fake St" is not one of them.
There is no sig, there is only Zuul.
Personally I am so glad to hear this. About 100 or so of those complaints came from our company. The biggest tool spammers use to cover their tracks is bad whois info. How can you serve papers on someone if you don't have an address? Even the wimpy CanSpam law can't be enforced without an address. Without one its not worth the disk space it takes up.
This information is also needed for admin work between networks. This information is used by Systems Admins to contact each other when things get weird between networks not just for catching spammers. It a great time saver when a sick server on a network is hitting ours to be able to type "whois" and find an email address and a phone number for the person you need to talk with to fix the problem. These are helpful calls between networks to keep it all working. Its not so much contacting the owner as much as contacting the SysAdmin.
I do see the problem with personal sites and whois info that contains personal information. What we do for the sites we host that aren't corporate sites is we carry the Techinal Zone Contact Address and phone number as the address and phone numder for the site. This way the site can be contacted and the owners can be indirectly contacted without their home addresses or phone numbers exposed to the strange. This way if some weirdo calls they get to talk to us. Most hosting companies will do this. If they don't move your site to one that does.
You can't complain about having to have updated information on your whois. You agreed to it when you bought your domain. It was in the EULA.
Besides how can you enjoy the smell of burning mail servers if you don't know where to build the fire?
Not that I would ever do anything like thatI used to have a domain regged with NSI, mainly thru intertia - I had registered it back before the competitive registration stuff.. (In fact, before you had to pay - GASP!)
Originally I had a phone in my name, and I had it listed. Eventually, I moved, and I did not obtain a phone. I currently have no phone number to provide. I eventually changed the old obsolete phone number, and put 000-0000 in its place.
Then one day (back when the whole 'valid whois thing started') NSI sent me an email telling me I better get my correct info listed or they were gonna turn me off.
The cycle went more or less as follows:
"You must list your phone number"
"I dont *HAVE* a phone number"
"You must provide correct contact info"
"Ok, the correct info is 'I dont *have* a phone number', how do I list that, correctly?"
"Im sorry, you must list your phone number"
(ad naseum)
After about half a dozen rounds of that, I moved the registration elsewhere and havent had a problem since. It still has 000-0000 listed. My name, email address, and mailing address are all properly and correctly listed.
(The mail address is a PO box I maintain anyway so as to keep my mail seperate from where I physically live, mainly becuase its a rural area and the local punks like to play mailbox baseball $20/yr for a small box is a cheap price to pay to know my mail is safe and secure behind a little locked door, in a building thats kept *very* secure)
I'm curious what anyone else might have to say about that. Is having a phone number a prerequisite for registering a domain name? If not, then how should someone who does not have a phone indicate that, so that the record *is* in fact accurate? I feel that making up a real-appearing, but false, phone number would be more inaccurate and wrong than listing something which makes it obvious it isnt a valid number.
And I don't feel like giving my full address, telephone, and other data, so I use "Upon Request". Giving the e-mail is bad too, since lots of spammers use it.
And frankly, fuck the ICANN. According to my registrar, they allow any to include your e-mail in bulk lists. I choosed no...
I have the godaddy's private registration service. Will that affect me?
Activists United
Who the bloody hell modded this off topic and what were they smoking?
Or am I missing somthing here?
Yes. So that abuses of the system are dealt with.
Will the brick that gets thrown through my window have contact details attached?
Will the brick that gets thrown through my window have contact details attached?
Why? Haven't they found you? Get the law to protect you.
Valid reasons include:
"We cannot easily sue fraudsters if we cannot find them"
-- Federal Trade Commissioner J. Howard Beales III, director of the Bureau Of Consumer Protection.
Having the authority of being a full peer on the Internet, also has responsibilities attached.
When it's necessary to send information anonymously - signup on a blog site, or get a court order suppressing your contact details, or register your domain through a lawyer, or write a letter.
Likely to help a little.
But don't throw out your cuisinart
--robin
...Boycott Disney
My domain is a personal domain.
If the public goes to the front page, they see a blank page. I use it primarily for web-development testing as well as a place to host any files that I might like to share out to friends. I also have email accounts based on that domain name.
There's absolutely no reason for *my* information to be made public. I have invalid whois data, and I won't be changing it simply because there's no reason to. I don't run a business online, I don't make profit, therefore, it's of no use to anyone to know where I live or what my phone # is.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Can anyone really become invisible to stalkers just because they have a bogus WHOIS record? Any stalker worth his salt can track people from any one of hundreds of publicly accessible databases and grab all kinds of information. How much data can you really keep private? Registering a domain is a quasi-public act that results in loss of privacy, similar to what happens when you buy a car. Nobody makes you buy a car. But if you choose to do it, alot of people can easily find who you are and what you bought.
You mentioned pointing your domains at your old address. In some databases, that would be enough to help a stalker. I can think of at least one easily accessible place where knowing a person's name and previous residence would reveal their age and possibly their current town and state.
If online anonymity is the goal, I would opt for a dynamic IP address, such as my dyndns.org, with throwaway e-mail accounts (Hotmail, ICQ, etc.) for those times when you must publish an e-mail address.
Actually, I'm more concerned with the spam. Some if it is obviously the result of WHOIS harvesting.
But what if your mail server starts spewing spam or something to my servers? How would I track you down to let you know about the problem. I guess I just call your ISP/WebHost and tell them and have them disconnect your account and charge you a very hefty fee to get reconnected.