ICANN Cracks Down on Invalid WHOIS Data
DotNM writes "Internet News reports that ICANN, the Internet Corporation for Assigned Names and Numbers, is beginning a crackdown on invalid data in the WHOIS database. In ICANN's annual report, they found that nearly 5000 of the 24148 complaints were due to inaccurate WHOIS information. Some of the domain names in question had the address information of known spammers in the database. Registrars, the companies you register your domains with, are under contractual obligations to ensure this information is correct and accurate. Do you believe this is a step in the right direction? Why?"
Just because a rule has gone unenforced for years doesn't make it an invalid rule. I think the Internet would become a much better place if everybody with bad WHOIS information lost their domains until they corrected it.
I looked at using the whois db for my IP to city project, but rejected it because (a) it's forbidden [which was the most important reason, honest
So I just depend on good folks like yourselves to fill in the data. I think that gets around the various patents that Quova etc. have got on populating a city/ip database as well
Frankly I'd give it about 50% accuracy, and I'm approaching that without using it at all...
Simon
Physicists get Hadrons!
I don't know about the rest of you, but I have mostly correct information, only because I don't want to lose my domain over something like this. What I really hate about having all this information public is I get a lot of spam (both email and snail mail). Email isn't a problem with good filters, but there isn't much you can do to "filter" out the snail mail, you at least still have to throw it away. Spammers must love the whois database, and they'll love it even more when all the data is valid.
I strongly think that there should be a correct address avaible for each and every domain name out there. But! I don't think letting it out to the public is a very good idea. I can think of numerous incidents where evil people obtained the addresses of targets from their domain names. It would not be good to hide this information from the police as they can surely obtain some valuable information from a registry like this :)
So, change the rules to only let the magic people that operate the internet and the law see it.
On the people abusing the WHOIS data for spamming. If I didn't get so much damn spam (not just email, but regular mail!), I wouldn't be so included to falsify my data just enough to avoid it. If they call me on it, whoops, typo! Sorry!
I remember I got this email from NetworkSolutions promising to hide your contact information so I looked it up in my email archive. It costs an extra 5 bucks and promises to protect you from spammers and telemarketers.
:)
Something about this is ironic.
Someone needs to speak to NetSol about the ICANN report.
-----
Protect Your Privacy
from Spammers and Telemarketers
When you register a domain name, your address, e-mail, and phone number are published in the public WHOIS database. ICANN requires this personal information to be available for anybody to view on the web. With
Private Registration you can deter spammers, telemarketers, identity thieves, harassers, stalkers and others who access this database.
Private Registration provides you with alternate contact information for your domain name registrations. The contact information you want to keep private is kept out of the public WHOIS database.
For a limited time you can add Private Registration to each of your existing domain name registrations for the introductory price of just $5 a year. Terms and conditions are included in our Service Agreement.
To add Private Registration
1) Log into your Network Solutions Account
2) From the Account Details page, click on one of your domain names
3) In Domain Details, click "Make this a private registration"
4) Check the domain name registration(s) you want to make private and
click continue
Introductory Offer Only $5 a year
Sunny
Be my Friend
Spammers are a problem, but this is a terrible way to deal with it.
What if I want to be able to host a website realtively anonymously, so that people don't know that I am running the website?
For example, what if I were gay, and wanted to host a website about gays, but I didn't want my employers to be able to do a search and find out that I am gay so they can discriminate against me?
Also, spammers and other marketers harvest the info from the registration datatbase. Back when the Internet was all educational facilitities, requiring people to register who they are made sense. Now it does not.
Hopefully this policy will not affect services that act as proxies to register names under their name rather than the name of te acual server owner.
You know that huge, 5+ paragraph bit of text you get with any WHOIS query that's really damn annoying?
An employer who shall remain nameless used the WHOIS database to get sales leads. When they got blocked for too many queries per day, they simply set up more systems- they were blocked by specific IP, not range.
The most amusing part was the nonchalant reaction when said employer called Verisign and asked if they could pay for more access, the answer was no, but when Verisign was told "we'll be accessing the data anyway", the answer was "okay". You'd think it would be more along the lines of "you do that, and you'll be violating our terms of use and we'll sue the crap out of you".
Do you really think Verisign gives a crap about the privacy of info in the whois database?
But if you really want to make sure you don't get snail mail use your address line 2 with a phrase that will make the mail get destroyed such as: "THIS MAIL MAY CONTAIN A BIOLOGICAL VIRUS"
Not sure what the legal ramifications/consequences of doing so might be, so do it at your own risk.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Some whois databases already put the e-mail address in an image so that spiders cant harvest them, most do not. This means that a first timer will quickly find his/her e-mail address useless becuase of the sheer amount of spam the address gets.
Then there is the question of privacy and personal safety. Let's say I believe that some cult exists only for the sole purpous of ripping people off, and I put up a web site warning other people and telling them of my personal experiences. The cult memebers that feel outraged by my blasphemy might look up who I am by the database, and I would be risking life and limb by putting opinions on the web.
Now someone is bound to ask "Hey, what about kiddy pr0n". Well, that's why I think the autorities should have access to that information, just as they have some other rights not bestowed upon us regular joes.
The next argument will then prolly be
Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free.
- Benjamin Franklin
I think this is hypocrisy and not even quite realistic. It's easy to quote famous people from behind a keyboard, but I just wonder how many of the slashdot crowd would actually put the money where their mouth is. After all, living together is but a series of compromises. No one can live their lives as they whish. Chance and other people will prevent this.
And as someone said
No man is an island,
Entire of itself.
Each is a piece of the continent,
A part of the main.
But I digress...
For those who fear stalkers, etc., there are services like Domains by Proxy (related to the registrar Go Daddy). These services will register the domain on your behalf; they require valid contact info from you, and they put their own contact info in the WHOIS database. This is technically in line with the ICANN rules because the proxy registrant is the real registrant of the domain. (Although they have a contractual obligation of doing it on your behalf.)
If you break the terms of service -- for example, if you use the domain for spam support or to commit illegal activities -- the proxy registrant will expose your real identity. Otherwise, your privacy is pretty well protected with these services.
I've used those types of services (including Domains by Proxy) to register domains on behalf of minor children who shouldn't have their contact info exposed online, and for other purposes requiring some level of privacy. For my own domains, I'm not afraid to use my valid PO box address and phone number.
(Note: I am not affiliated with these services in any way, except as a customer.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
I've had my domain since about 1997. At some point during the 'Net boom, some idiot company harvested a BUNCH of WHOIS info. At the time I had the correct information in there (INCLUDING phone number).
Well...I got on every telemarketing phone call list imaginable...AS A BUSINESS. You think it's hard stopping residential telemarketing? Wait until you start getting phone calls at your house asking you to buy Pitney Bowes postage equipment, insurance for your employees, etc, etc.
It was a NIGHTMARE. All I could do was ask the individuals to a) place me on their do not call list, and b) ask where they bought my information from (information that, not a SINGLE COMPANY was able to provide).
So, since then, I've used a P.O. Box for mail, and I FLAT REFUSE to give a phone number.
I'll start providing valid information when I know that it isn't going to be harvested by any slimy company out there.
You don't just turn off the domain instantly. Attempt to contact the domain holder (they have to have *some* kind of valid contact known to the registrar). If calls/emails/letters are not answered, lock the domain. Tell the holder that if data isn't updated within a certain period of time, the domain registration is forfeit.
In the case of spammers' domains, take a few extra steps. First, lock the domain right away. Second, instead of attempting to inform the spammer that their domain is locked until the WHOIS data is updated, send an assasin to where they live to have them killed.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
How many personal domains are out there? And how many freaks are there online who'd wet themselves over the chance to stalk people whose website the dislike or whose website turns them on or whatever the hell it is that they get off on?
My websites all point to my former address. I moved because some freak was harassing me and I was worried he was going to show up on my doorstep some day. I didn't update the listing and won't for at least another year, unless I get a PO box, and I'm sure as hell not going to spend the money on that when I'm getting zero benefit on it.
My registrar has my real contact info. That's all that matters. If someone has a complaint about one of my sites that can't be resolved by emailing me, they can write to my hosting provider or my registrar.
1. The internet was not designed to be a telephone system or a post office. Anonymity and openness are what made it what it is today. Want a secure communications system? Build one. IP was not designed for businesses and their needs. Closed systems existed before busineses stampeded on to the internet. If they want registered users and trusted boxes, then they should build an alternative network that does not connect to the internet itself. Leave what is, alone.
2. Spoofing whois is essential for people who wish to use the internet to get messages across that powerful people want suppressed. Or at the very least, powerful people will retaliate.
For instance:
mediawhoresonline.com -- the people behind the Horse (out to pasture at the moment) were afraid of retaliation in their personal and private lives. They have some justification for this, for Bush and his people have grown famous for their ruthless vengeance against anyone who crosses them - Valerie Plame, Wilson, Richard Clark, the owners of that restaurant in Texas tht called the cops on the Bush Girls (business shut down for "code violations"), the Funeralgate affair (nailed the whistleblower AND her department). And innumerable others whom we don't hear about because, well, reporters don't want to cross the Bush family either.
Buzzflash.com also hides their identies for the same reason, I think.
Now, on to the cultbusters. During the late '90's, a lot of ex-Scientologists went online, mainly on the Usenet on alt.religion.scientology, but also branched out into the web as well. They had to hide their identities: the utter certainty of the destruction of their lives if they ever were outed was paramount. The viciousness of the attacking Sea Org (secret agents oh my) is legendary, and you can check it out at xenu.net, as well as any number of other sites.
Just don't use the WayBack machine: they purged the history of the internet of all the critical sites with any teeth at the behest of the Hubbardites.
Now there are others: the Moonies, the nutballs in Japan, any number of small, evil little cults all over the U.S. If you want to expose them, anonymity is key. And anonymity was long held constitutional in the U.S. under the 1st amendment as necessary to demand redress of wrongs without fear of retaliation.
I fake my whois info, and always will.
3. Registering users will not stop the spam. Oh please. People who send billions of messages and make millions of dollars aren't scared of fines or jail time. They're rich; they won't see real jail. This registration crackdown is happening because the control freaks in law enforcement can't stand seeing anonymous communications. It's like nails on chalkboard to them. I think Pratchett said it best when he wrote that cops, if they had their way, would make everyone sit at home, at their tables, with their hands on top of the table where the cops can see them.
It's not like we haven't seen this coming. The jail doors are clanging shut, and they won't let us bang on any pipes in Morse code without the ability to listen in any time they'd like.
Three years ago some jackass from /. thought it would be funny to call up my home phone and leave a nasty drunken message because I disagree with him about the current SUV craze. The reason he was able to do this was because (stupid me) I kept accurate whois information for my domain names. Had I pissed him off enough, there was nothing keeping him from coming to my home.
Requiring public, accurate whois information is idiotic. I think a requirement for accurate information held in confidence by ICAN is a good idea (to be available to the police with a warrant). Before you run out there cheering for accurate public information, think about how you would feel if every email and every web posting you made had your home phone & address on it. If everyone were sane and reasonable, it would be good. Since everyone's not, and someone can anonymously e.g. burn your house down, it's bad.
Spammers are just going to get phones with junk info and PO boxes. This can only hurt, not help.
I'm surprised to see the responses I'm seeing on a site where most people ostensibly argue for free speech and anonymity.
The proposal to force all domains to use valid WHOIS data would be a boon to law-enforcement efforts. But that leads to another potential concern.
In the US, it's not a problem to express yourself. You can say whatever you like about the government and get away with it. OK, not quite anything. In other countries, however, including western countries like Germany and France, freedom of expression is non-existant -- you may only say what the government allows you to say. In the two countries I've mentioned, it's not much of a problem, because they've basically only banned racist expressions. But there are more than enough other countries (China, anyone?) that actively work to suppress their citizens from expressing themselves freely. For dissidents in such countries, false WHOIS data may be necessary for freedom of expression. Is ICANN trying to help such governments crack down on their citizens?
If ICANN wishes to enforce this rule, I agree with the procedure outlined in the parent post, but disagree that spammer's domains should be treated separately.
The problem is, how do you recognize a spammer's domain? If you simply look at the "to" address, it will result in a lot of legitimate sites getting spammed, because a real spammer will fake the from address. If you look at the originating sender, I've had enough (virus) spam that apparently originated at my mail server. The header information was modified -- the IP did not belong to my mail server. But you can't backtrace to find the domain if the IP is in a dynamically allocated range. Once again, 1:0 for the spammers.
The few honest souls who are dumb enough to use valid information will get caught anyway. Now if we are talking about domains that are linked in spam, that's a little easier to deal with, but there is still a large potential for abuse. So a spammer doesn't like a site. Voila, take them down. In fact, anyone could effectively disrupt any website they like.
Of course, spammers should be prosecuted, provided they are within the jurisdiction of a state that cares (e.g., the US). But intellegent spammers work offshore anyway, which puts them beyond the reach of any western regulatory body except ICANN. We can go after their domains, but there's no easy solution to determine which domains are pure spam.
I own my domains, not some company. My I am not going to publish my phone number, and get more junk calls like the postal spam I get due to the fact I used my legitimate address (at the time) for registering my domain(s) years ago.
.inc TLD, with data linked to corporate registration number and state and country of inc.? and leave the rest of us alone!
What's next, publishing my SSN and birthday in whois data?
I know some other countries (france, for example) are very strict and will only issue domains to a company with a tax ID and right to the name. Well, go right ahead france, but I think the generic domains (com/net/org) should remain open to all without prying eyes.
If we wanted such open access to domain owner data, how how about a
I had a stable email address with an ISP for about ten years, but the ISP discontinued my service plan and said I'd have to change addresses if I wanted to stay with them, so that's why I registered a domain, so I have a permanent net address that I can give out to friends and acquaintances. That doesn't mean I want it advertised to the public. It's like an unlisted phone number. I'm ok with the registrar having my contact info in case law enforcement needs to find me, but I see absolutely no reason they have to publish it in WHOIS.