Slashdot Mirror
Many Domains Registered With False Data
bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."
I work at an ISP. We've had customers in the past whose domain names expired because they didn't update their address and phone number with their registrar, the person whose email address was on the record left the company, and they didn't get the renewal notice.
It doesn't happen as often now as it used to. Either businesses are getting better at remembering that their domain names need to be updated along with everything else, or the registrars are better at finding other ways to notify them of renewals.
But I ran into one case (with Network Solutions, IIRC -- it was a few years ago) where I personally updated the contact information associated with a role account and discovered, a year or two later, that the registrar had somehow resurrected the old, deleted contact info.
really?
You think?
Including the spammer who was trying to forge email from my domain a few years ago. Registered his domain with a non-existent yahoomail account, amongst other false data. Backed off when I lit up the yahoo account and seized control of his domain.
This is just a side effect of when registrations were opened in the mid90s. everyone and their brother wanted a domain.
God forbid that anyone would do that to simply protect their private information.
It has been found that a/s/l data is not always truthful.
It does not allways have to be with criminal intent.. can also be simply not wanting the assocaiated spam.
You could land yourself in jail if your domain info is not accurate or up to date. A recently passed US law made this happen.
Hmmm, maybe because they know anyone on the internet can look them up??
Why would anyone who wasn't running a business put real information up? I don't want anyone to know who I am in the real world.
Maybe some people just want to be Anonymous Cowards.
Or that a great many domain owners see no reason to post their personal data up on the web where it is available to spammers, phishers or other net criminals. Not to mention random psychos who have some beef with the site's contents.
I have a domain, and I use false information. What to know why? Because when I had my email and real address on my domain name, I got junk mail to my house, and spam to my email address! Until they can hide the contact info from the general public, I will keep falsifying my public information.
Perhaps these domain owners are just concerned with their privacy. One of my domains is an absolute ghost town, with zero visitors besides me, and absolutely no chance of someone linking to it. However, I receive regular spam, simply because I provided an accurate email address that can be fetched by any number of WHOIS lookups on the Web. Next time, I'm putting up fake data.
body massage!
When you KNOW spammers "harvest" mailing addresses, telephone numbers and email addresses from WHOIS databases, would you give your information out if the registrar says they will share this information with anyone?
I will never use registrars who do not implement some form of anti-spam measures..
Just my $0.02...
Karma: Bad (but who really cares anyway?)
What about us regular folk who have a domain? I don't want the world knowing where I live, especially if I'm somebody who runs a blog with unpopular political views.
Check out my podcast: DreamStation.cc Video Game Show
the oscars are political and the winter olympics are rigged
I happen to be at the home of (999)999-9999 on asdasdasd street in XXXXX area code and I get so much junk mail/telemarketing calls you would not believe it.
Or perhaps just those hiding from the lawyers, do-gooders and other nannies sucking the life out of our internet, or those that didn't wish to have to give personal info to reserve a frigging web address. Not all attempts to avoid over-regulation are nefarious.
I use a PO Box on my domains with a company name. I am suppose to use my street address and personal name. It's no one else's business what my personal name and address is, especially the whole freaking world.
Maybe if they would make it easier to allow registrar's to view the information without having to show the whole world, I would not be so reluctant to keep the information correct.
300 sites times 5.14 % = 15.42 sites.
How is 0.42 of a domain clearly fake?
Maybe, just maybe, domain owners are sick of being spammed at their listed contact info. I know I am. It comes in all forms, too - email, snail-mail, telemarketers.
Pardon my English, but that sucks rocks.
Fortunately, some registrars offer privacy proxy services allowing you to list the registrar as the contact in the whois info. Unfortunately, not all registrars offer this service.
It may also be the case that people using obviously fake whois info do so for the legitimate purpose of free speech to avoid repressive governments or private institutions. The implication that all anonymous speech is fraudulent is unwarranted.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
If I were a smart spammer I would register it in someone elses name. Someone hillbilly who lives in the middle of nowhere. Maybe in the mountains. Odds fo getting caught, low. Looks real good to registrar, sure. Those won't show up in this search.
Evolution or ID?
Read the writings of Ben Franklin under the "false ids" he had when he wrote much of his early material.
You'd realize this country would be nowhere without anonymous speech.
"The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals."
or they could mean that many people - who dont run comercial businesses - do not want all of their personal contact information available to anyone on the internet. Just because you have a domain does not mean that you want everyone around the world to have your personal address and phone number.
You'd be a fool to put that much info in the public domain.
I'll just use my special getting high powers one more time...
If noone is enforcing these domain registration rules, then apparently you are allowed to put in anything you like. I guess that will be changing soon.
Also, why does everyone need to know that information? Is there a privacy concern here?
He who knows best knows how little he knows. - Thomas Jefferson
http://reports.internic.net/cgi/whois?whois_nic=om nibot.info&type=domain
\
and hey- it's accurate information!
every day http://en.wikipedia.org/wiki/Special:Random
I use a WHOIS guard service for all my domains, for a fee the company I registered my domains at lists their email/phone/address instead of mine, and forwards whatever they receive to me.
This way my domains have valid info but at the same time not everyone out there can get my address or phone number.
The IT section color scheme sucks.
Well, another way to look at it is that if their fields are blank, perhaps one could do some social engineering of their own and get their own info into the register and be the new owner of the domain. It works both ways you know. It's a chance you have to take when registering "anonymously" with false info.
Content Management System: A pretentious way of saying "text editor."
I have been threatened and harassed from people who do a "whois" on my web site address and then come find me. When you've got a family and children you become a little touchy about that kind of stuff. Not that finding me is really that difficult but I see no reason to make it any easier. So my domain registration info is garbage.
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
No, really. What do they expect? Unless there will be a normal (unabused) policy about keeping such information only to contact domain owners by their registrants or in case if any law is broken, people will keep suplying false data.
I certainly DON'T feel comfortable to publish my home address, name, phone, e-mail in a public way that closely relates me to my domain names or online identity on a public poster or a front page of my site. Even if I'm not doing any mischief. I JUST DON'T LIKE IT.
Start taking them down one by one until real information and accurate contact information is provided. This should have been done from the very start. Anyone who doesn't have proper information loses their URL until they comply and anyone who fails to comply loses it permanently. If you don't notice that your website is gone then you weren't using it anyway.
Appended to the end of comments you post. 120 chars.
Personally I would rather let the terrorists (cyber or otherwise) win than give up my privacy. Domain owners are justified in wanting anonymity.
Who they callin' fake? I happen to live on Asdasdasd Avenue! Look up the facts before making blatent assumputions.
I kill harmless processes for sport
"many domain owners are hiding their true identity [and could be] fronts for spammers, phishing gangs and other net criminals."
I hide my mailing address and use a rarely-checked email address to reduce the SPAM and physical junk mail I have to deal with. The scammers/SPAMmers don't want me to know who they are...I want to limit the information they have about me. Go figure.
Why is this news? Burglars don't leave a card with their name and address printed on it after cleaning out your house. Why expect online criminals to do the same by registering their throwaway web addresses with details that can be traced back to anywhere near them? We should be asking why registrar companies appear not to make even the most basic checks on the details of an application. It couldn't be that hard to check in real time for names like Mickey Mouse and phone numbers that are all 9s.
Las qué passoun
tournoun pas maï
Why is the GAO - Government Accountability Office, scanning the Internet for invalid phone numbers on domain names? Did they get too much money one year? We'll need a GAO Accountability Office to find out...
I frequently use fake contact information for domains that are for personal use. If I don't wish my name, address, and phone number to be publicly available why should I have to? The registrar knows who I am (I had to pay with a valid credit card), so it's not like Uncle Sam couldn't get the info on me if they need it, I just don't see the reason to put it out in the world and encourage unwanted solicitors and/or spam.
"The crows seemed to be calling his name, thought Caw."
Comment removed based on user account deletion
In our case, we own several domains that are registered falsely and via proxy because the domains that we own that are not done in this way have resulted in a preposterous amount of spam, stupid phone calls, faxes, etc. The contacts, both technical and administrative for these domains continue to be badgered, in some cases years after they no longer work for us. Move your domain to us! We have cheap domains! We want to host your mail server! We have free pr0n! The list is unbelievable, not to mention the fact that we get spammed by phone, mail, fax, and email by many registrars (including a couple of, well, supposedly "official" ones), even though we obfuscated all of the information for those domains years ago, too.
For the domains that we have always had obscured, we get absolutely no hassle from anyone, ever. In this day and age, I can't think of a good reason to be truthful on a domain registration. The law? Please. Good luck going to a jury with "They have an obligation under the law to open themselves to all of the harrassment that comes with following the law."
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
I'm glad the US government is clearing up for us that any anonymously owned domains MUST be involved in illegal activity.
Maybe I just want to post inflamatory political rhetoric (or whatever) on my website/journal without having any tom, dick, or agent-smith who doesnt like what I have to say be able to whois me and come slash my tires....
Entering false information is a clear violation of the terms of service agreed to with the registrar (and illegal, if I'm not mistaken). If the registrar finds obviously false information (555 area codes, etc), they should drop the registration. It might be nice to send a 30 day notice to whatever bogus-sounding contact info they entered, just in case, but after that, they can promote their server by IP address alone if they can't play by the rules.
This is why the GAO is doing what it's doing. This has no (0) benefits for consumers.
sulli
RTFJ.
I think most individuals would be crazy to put their phone number or specific mailing address in their records (I would advise only the street name without the number). I personally don't want to receive strange calls from marketeers and other idiots who scooped up my number and want to place a crank call.
However, anyone who doesn't use a real email address is also crazy, as the owner needs to have some way of being contacted.
With the U.S. cantankerously and arrogantly imposing its control over the Internet, perhaps they should use some of that power to help domain owners maintain their privacy.
Yes, I know that domain registrars provide privacy services, but I'm sorry, I shouldn't have to *pay* for privacy!!!
Steve Magruder, Metro Foodist
You will, 80% of the time be redirected to a spam/ad site that does nothing. Nothing except give you pop-ups and spyware. Of course they are hiding their information. The only people who know it are the people writing a check to them for the ads they propagate. And even then, they probably have a shell LLC or at least a DBA. But you're the government right? You can get anybody. Just ask Arlo Guthrie.
Where all think alike, no one thinks very much.
People want to remain anonymous on the net. I don't see why registering a domain should force them to give up that right. I have Semi-accurate contact information for my domains, but I don't want to give out my phone number and address to anyone who requests it.
Several services exist which will register the domain for you and put in their contact information to protect your anoniymity.
Yeah, if you're trying to track down the owner of a domain for some reason and their whois info is bogus, it sucks. But I definitely do not think it should be a requirement for people to put real personal information in the record.
Need Free Juniper/NetScreen Support? JuniperForum
Instead of using your name, they put their company info in the whois of your domain. Some registrars provide the service for free, while others charge (mine charges 2.99$ per year).
Dvorak on Doomtech
I seriously wonder how much this research set the country back? I mean any two bit comp sci minor could given you a smilar answer over a beer and pizza. But it is a two way street if the domain providers require legitimate ID in order to sell domains then you slow the rate at which the net can grow significantly. Then that will open up another can of worms as people will then complain that even the IDs aren't legitimate. I don't think there is a simple solution to this especially with publically queryable whois systems.
Apparently these people have never googled for anything =/
Arguing with an engineer is like wrestling a pig in mud. Soon, you realize the pig is dirty, and he likes it.
Admittedly, I'm one of these people that owns domains with false info. When I registerred my first domain, I wrote down 'Supreme Commander of the Universe' as my name. Before long, I started recieving mail addressed to 'Mr. Supreme Commander of th'. Not sure I wanna put my real address down.
"Derp de derp."
I agree completely with not having the information publicly available.
My site has photos of lots of quite expensive art that I own. I am not particularly happy that anyone who sees it can simply look up my name and address and find out where I live.
There needs to be something better.
Biggus Dickus?
If brevity is the soul of wit, then how does one explain Twitter?
The GAO took 300 random domain names
No wonder they got this result then... All the spam I get link to totally random domains, such as adgsaskf.com or whatever... I am sure their result would have been different if they didn't use random adresses but instead well thought out and composed crossection of todays internet.
Of course, I'm pretty sure the guy who registered c14lis.com has been sending way to many funky emails to have his real info in the whois.
What's to stop me from using someone else's info (especially if I'm a phisher and I *have* this stuff lying around) and framing them? Domain contact info is kinda like the Slashdot polls: it's interesting and nice to have on hand, but if you really trust it as a source of accurate information, you're nuts. (Also, if I were a phisher, wouldn't I just copy the registration information from the website that I was imitating so I'd look even *more* legit?)
I think the government is really over-reacting to this one. Domain registration info won't help identify/prosecute phishers, and the vast majority of people who put fake info in these listings just don't want to get spam, telemarketers, and people harassing them or their family.
I produce electronic music and write little games. Have a look.
the person that owns fake@adress.com...
I once registered a domain with true addresses and names. About a week later I'm getting 10+ letters in the mail for one service or another.
Water is wet.
We all know what to do, but we don't know how to get re-elected once we have done it
... so that they are not victims of bots that harvest Whois information and use it to mass-mail. My whois information is correct (i.e. not intentionally falsified), and I get all kinds of junk mail for my domain(s) that is, I'm sure, a result of this practice.
So, I can't say as I blame these people, at least, those of them that are in the right. Sure, it opens the door for phishish, scamming and all kinds of maliciousness, but there are also those people that are simply attempting to hide from the exploiters of a known broken system.
Green's Law of Debate: Anything is possible if you don't know what you're talking about.
Perhaps a lot of those names with bogus contact info are being used in the domain parking business - that's where people register thousands of names and monitor the traffic for a couple of days to deside which ones are getting hits and which are not. The good ones might then be paid-for and updated with better contact info while the poor ones are released without payment.
But there is a bigger issue: Why should those of use who buy domain names be forced to reveal our contact information to the world?
The reason is that the intellectual property industry, which dominates ICANN, forced this down our throats.
It is an ICANN rule that is in violation of the privacy laws of many countries.
Some lazy law enforcement types claim that they need an open "whois" to enforce the law. That is not true. Law enforcement types have tools (subpoenas) to open closed databases, and, moreover, allowing access to law enforcment does not require that the public be granted the same access 24x7x365.
There is a claim that "whois" data for DNS has operational value, yes it has some, but it is of much lower value operationally than the value of the whois data for IP addresses, a separate and disinct database.
The other week I met an attorney for a large company (very large) who routinly registers domain names anonymously - so as to avoid giving notice of the company's actions. Yet at the same time he watches new registrations and has a tool that automatically sends out cease and desist letters to names that offend his regular expression. Fair? Not really. An exercise in economic bullying? Yes.
I have a number of domain names registered. I have received a total of 3 pieces of junk mail in the 5 years I've held the domains. Oddly one for for a corprate credit card. I have a separate email acount for the domains and it gets almost no spam.
I feel the benifits of having someone contact me due to forgoten registration/ problems and other reasons outweigh the anonymous aproach.
I fail to see a strong valid argument why domains themselves should have publicly accessable contact information.
Sure the companies who register them should know who actually paid for the service, but that's all stored in their local databases anyhow (which can be kept private to the company). The only information I can see being useful in a WHOIS report is possibly when it was registered, when it will expire, and what company registered it.
There are a lot of nonprofit, blogging, community, personal, random project websites out there where contacting the author is simply not necessary. Companies who provide services such as Ebay or Google, or provide goods such as Microsoft or Newegg, can list their information on their website. The average user would look there, not at a WHOIS report anyhow. It's also less prone to spamming.
To reiterate: personal WHOIS information is pointless.
The first domain name I bouht, I used all my real information.
I had to give up an email address because of spam. I started getting tons of (physical) junk mail.
THis was years ago before good spam filtering, and I just couldn't keep up.
I'd be much more tempted to use real info if it was harder for the spambots to find.
When do we start the death penalty for spammers?
Note that complete and accurate whois information is a prerequisite for maintaining a domain registration.
If you're in the U.S., register the domain(s) with a P.O. box for the address and a cellular phone number. I've been doing that for years, and have had exactly zero problems with people harassing me in any way. Of course, it means that you have to periodically go to the P.O. box to pick up any domain-related mail, but I already was having a fair bit of mail delivered to the box anyway.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Yup.
ONe DNS entry give out your name, address, phone number and othen enough informaiton abotu you to discover other things such as ssn (for americans) educational background, etc...
ask AKAIMBATMAN.
I stated with an email and within 1 day had his addreess, resume, kids names, pictues of said kids and wife, phone number, and lots of other info that I ultimately posted to gay news groups soliciting sex.
(sorry about that by the way)
I agree with this completely.
I get an amount of spam from my domain, and it worries me that as a private domain owner, I'm required to have what is effectively all of my personal contact info -- name, address, phone number, e-mail.
I don't object to the people who legitimately need this information being able to access it -- I don't think it should be held 'in the clear' for just anyone to see.
Lost at C:>. Found at C.
Some registars/and hosting companies do this as a service.
For example, godaddy.com offers placing their information instead for a fee. I know this isnt as bad as say 9999999 xxxxxxxx but the fact remains, it hides the real identity.
If people are placing false information due to privacy concerns, I wonder, should access to this information be restricted to certain officials?
How Now Brown Cow
Ever heard of private registration? Some companies provide it and instead of showing your information they show the information of the company which who you bought the domain from and if they need to contact you it's through a simple interface on there site.
I actually had someone use the data from my domain registration to stalk me and my wife...
thank God i set the address to an old address where i used to live. How do i know that he used that data?
in his emails to us, he talked about how he was watching our apartment and described the old apartment i used to work at perfectly.
so - get fscked if you think i'll ever use my real personal data for my domains.
guns kill people like spoons make Rosie O'Donnell fat.
... a new study finds that 99% of anonymous FTP users give out 'foo@bar.org' as their email address.
I didn't put in a correct phone number (I usually use 555-9696), and I have received numerous (email and snail mail) spam from various registrars and hosting facilities, so the lists are being used for marketing services which is something that I don't want to be a part of.
Slowly I'm converting all my domains over to GoDaddy and their semi-anonymous registration. I like that, I don't like the ability of someone to pull up my street address with impunity.
When you sympathize with stupidity, you start thinking like an idiot.
But then you're paying for a PO box rather than an anonymizing service. Why not just point the address to your unsuspecting neighbor for free?
1. Submit article to Slashdot about fake info for domain registrations
2. Find replies about people saying they only want to protect their privacy. Check their sig/profile for links to a personal website.
3. Report all bogus information to registrar. Snatch up domain when it returns to market
4. Disable question mark key to end another Slashdot cliche on the second to last step
5. Sell domain back to poor bugger you reported to begin with and profit!
The report doesn't investigate how many of the "syntactically valid" addresses are correct. If 9% of the information is obviously false, I'd bet at least 50% of the rest uses fake addresses and phone numbers that look correct. Nobody wants to receive spam just for owning a domain name, so there is no motivation to put in correct information, nor is there a deterrent in place to stop people.
"According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity.
The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals."
According to research carried out by the Office for the Parts of the American Government That Are Arguably Accountable, many individuals in the geek citizenry are, unaccountably, choosing unaccountability.
The findings could mean that many websites are fronts for the Illuminati, the Corleone family, or other random reasons for you to be afraid of stupid shit instead of thinking about Scooter or Duke or Tom DeLay or the people who will be celebrating Christmas this year by dying in Operation Windfall Oil Company Profits.
yup.. but I *think* that also means that they open any mail sent addressed to you to their address and decide whether or not pass it on to you.
Under ICANN rules the domain with intentionally false whois information should be terminated immediately. Not after 2 weeks notice. In addition, if someone uses false whois information, the billing information should be made public.
If a registrant uses a domain name protection service and then spams, then that information should me made public!
Fight Spammers!
That's a lot better than GoDaddy's $9-something extra a year. Who do you use as a registrar?
I spam everyone, god damn it!
It has nothing to do with the fact that I forgot my damned password and can't change my e-mail address to a current one instead of one that doesn't exist.
Nor does it have anything to do with the fact that I kept receiving snail-mail that looked precisely like some sort of god-damned bill, but in really, really, really, really freakin' tiny print on the bottom of the back page, had a sentence which didn't clearly state that it was nothing more than an advertisement.
Fuck WHOIS. You can e-mail hostmaster@ if you have a freakin' problem or question.
Thanks. Now that 'asdasdasd' is in the open, I'm going to have to change my passwords. Probably to the one on my luggage...
-Rob
Biblical fiscal responsibility
I register domains for my customers and keep my company information on every field and simply pass along any non-spam messages to the customers. Most customers prefer this, a few get worried about ownership of the domain with my information on the registrant. In that case I offer to either put their information on the registrant or give them something in writing stating that they are the domain owner regardless of my information on the registrar.
If the GAO's inquiry here results in some sort of crackdown, it's not like spammers aren't going to just provide more plausible false information. They probably already are, by way of covering their tracks, today.
The problem lies in gathering this info in an accessible spot that's obviously open to abuses. They want to fix something, fix that; don't twist my arm and claim you're intimidating the bad guys by doing it.
"Fundamentalism" isn't about divine morality. It's about human authority.
You have got to be kidding me. You mean to tell me that Amanda Hugnkiss, Ivana Tinkle, IP Freely and Jack Mehoff are not real people? M. Mouse
> The findings could mean that many websites are fronts for spammers,
> phishing gangs and other net criminals.
The findings could mean any of a number of things, but choosing this one option and saying, "It could mean X" is extremely misleading.
At least in my case, my info is often blurred to avoid getting 100 letters from companies wanting to (a) list my domain on their stupid search engine, (b) transfer me to another registrar, (c) "renew" my domain with them (even though they aren't my registrar, they write their letter as if they are), (d) use the whois info to provide me with snail spam of any kind.
My email address is correct, and I can login to my dotster account any time, so I'm not worried about domain transfers, but I sure hate that mail.
-Dan
A) why does my private information need to become public just because I register a domain? I most certainly should not be required to provide a home address and telephone number let alone my real name just because I like to have a domain.
B) why should the registrar or ISP get to make additional money on top of the already outrageous costs associated with registering a domain name just to protect my information that shouldn't be required anyway?
C) My domain information is fake. Fuck em.
... Snow is white!!!!
must be a slow news day.
Why do you think you shouldn't have to pay for privacy? I'm in favor of privacy, but it's not free in the real world. Why would online be any different? Contact information is bought and sold for marketing and other purposes all the time. Ever fill out a warrantee registration card, enter a contest, or otherwise provide your name and address to anyone? All of that goes into marketing databases.
My domains point to a private mailbox and a phone number I never answer. Anyone who has some legitimate need to contact me can send a letter, leave a voice message, or see if they make it past my spam filters.
That said, there should be strict laws against knowingly sending unsolicited commercial email of any sort using a private domain, and the first violation should result not only in jail time, but also in a ten year ban on the individual and/or company being allowed to register ANY domain name. If you are doing business over the Internet, you should be required to have a physical address associated with the domain. Period. Even if it's just a Mailboxes, Etc. box.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Put your money where your mouth is:
http://www.domainsbyproxy.com/
I'm pretty sure that it is illegal to provide false contact information for a WHOIS record. Not to mention owning a domain name is a priviledge, not a right. If you wish to own a domain name you have to play by the rules, just like registering your car and having insurance. If privacy is really that important to you, don't buy a domain name!
Bah, bad excuse.
I have several domains. all the contact info goes to a email account that is a freebie and the other info all goes to a business address that I do now own nor recieve mail at. some businesses will allow you to recieve mail at their address (mailboxes express) for a very small fee.
Just becuase many of the domain registerers are not smart enough to think of that themselves does not mean that we need to do something special for them.
BTW, if you have a godaddy account they cant do the hijack even with bad data. godaddy will notify you at your godaddy account info way before they let a scumbag company like Network Solutions snag the domain back.
In my case, I take advantage of the registrar's confidentiality for my personal domain because I had started getting snail mail, email, and phone calls that resulted from the info presented in the domain registration record. I get enough of that crap without handing my info to those scum on a silver platter.
I'd like to be the first to welcome the .gov to the year 1994. Enjoy your stay.
This is way too small of a sample to lend any credibility to the study.
I was getting ready to rant and say well, of course individuals use fake information because, as the article already points out -- Any user can look up this data via one of the many whois sites on the net - and most users don't actually want to be looked-up.
I was getting ready to talk about the difference between 'personal use' domains, where the ability to contact the owner is almost immaterial to the correct operation of the personal use, and how the reverse is true for corporate domain users where you'd bloody well have valid dns, technical, and ABUSE contact information clearly laid out.
And then I did something I almost never do - I RTFA and whoaaaa, isn't this a bit outside of the GAO jurisdiction? To wit, from their own website (URL:http://www.gao.gov/about/what.html) Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars. GAO advises Congress and the heads of executive agencies (such as Environmental Protection Agency, EPA, Department of Defense, DOD, and Health and Human Services, HHS) about ways to make government more effective and responsive. GAO evaluates federal programs, audits federal expenditures, and issues legal opinions. When GAO reports its findings to Congress, it recommends actions. Its work leads to laws and acts that improve government operations, and save billions of dollars.
So, where is the direct federal impact, ability to make government more efficient (oh, unless you meant the Patriot Act enforcement agencies...), and study of taxpayer dollars related to GAO's research?
And what the heck is the GAO doing colluding with ICANN, other than to more tightly couple its operations with that of the US government?
PS: Why not look at .gov names? Oh wait, perhaps you cannot because (http://slashdot.org/article.pl?sid=02/09/21/12592 11&tid=95) "Verisign stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
Any user can look up this data via one of the many whois sites on the net. That explains the false data doesn't it? Perhaps all these people aren't using false information because the ARE spammers, but rather are using false information to avoid giving their real contact info TO spammers! I sure as hell wouldn't publish my actual home phone number, home address, or email address in a database that any spammer could easily search!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
... that there's actually something called the "US Government Accountability Office".
Methinks they could put their resources to better use...
Their slogan "Accountability Integrity Relibility" is an oxmoron.
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
check out my domain WHOIS here
As you can see all the potential spammer gets is my name, and a notice that I have chosen to hide my details.
But stuff that does make it--by direct e-mail to the domain--they just make up. accounting@, help@, support@, admin@, webmaster@, root@, postmaster@, and so on. And usually they mail to my backup MX, instead of the primary MX, so I can't use a DNSBL to block them, either. (My backup MX is provided by dyndns.org, so I don't have control over it.)
It was fun to allow any address through, so I could make up addresses for whatever I wanted and Postfix would drop them all in one inbox. But 10 "Click to Advertise Your Site" spams a week made that not fun anymore.
Though appropriate body_checks help.
I have gotten hundreds of letters from companies offering corporate credit cards and other services that are clearly the result of the information available through whois. This has been going on ever since 1997 or 1998 when I first had my name associated with domain registrations.
Although, they all still use an old address that was updated several years ago. So, maybe some of the anti data mining measures that whois has put in place are now working.
Please define, in advance and universally, who the "people who legitimately need this information" are. If I get a phishing expedition message that uses a compromised website as a hiding place, how does a registrar differentiate between my wanting to contact that person to inform them of the compromise, and Bob The Spammer's desire to send that person spam? And, as a domain owner, which would weigh heaviest in your mind - preventing spam from Bob, or not finding out for days or weeks that your server has been used for criminal activities, and a prosecuter in Chicago now wants to speak with your attorney about negotiatiating your plea?
This is why the default is to publish the information. Using proxy registrations must have provisions for passing such notifications through to the responsible parties, or it violates the spirit and letter of the regulations that require responsible party contact information in the first place. I don't know many people who are going to provide such as service for free.
Perhaps a compromise would be that you could chose one public contact method... Some way that you can be reached for domain- or server-related notifications. And, of course, there is no requirement that what you publish be your "personal contact info", because it is simple to set up an email address for a specific purpose.
Interesting, because I've been spammed ruthlessly on my PO Box by domain registrars who want me to re-register through them over the years.
I've been threatened enough times by people for merely speaking my mind and I do not enjoy being spammed, thru the phone, mail, and email, because of my public whois information.
Plus, I do not see a legitimate reason why anyone needs my information for having a domain name.
GAO can put it where the sun don't shine.
Up until recently, I put correct looking false information that could not be proven false without LOTS of research. Now, I use 1&1 as a registrar. They are cheap and offer FREE proxy registration. They will not bark up my information to ANYONE without a court order or other legal instrument (I imagine there is a clause in there about spam). What is next, having to fill out special forms and have a special disclosure if I want to publish a newsletter or newspaper in print? Ridiculous.
Lets see the Secretary of the GAO give up his personal informaiton to the public. I'm willing to bet he has an unlisted number and has done a good job staying out of most easily accessed public records. Hypocrites.
We realize that Galactic Statutes prevent you from blasting this small country, "Nigeria" into oblivion, but we are hoping you can hellp us liberate this money. If you could send us a few hundred American dollars, we can free this stash along with hundreds of millions of Galactic Credits. Not only will we repay you all the American dollars, but we will reward you with Galactic Credits as well.
For confirmation, please contact us using Galactic Communications Channel ++ Ango Dargnon Ango (GCC++ADA).
Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
When will Americans learn that the world is bigger than just America and it they want the rest of the world to do business with them they have to stop designing web forms that force the user to enter a State and ZIP code. I can understand it for companies that only ship to the U.S. but for companies taking international orders it is inexcusable.
I've gotten tons of junkmail. From registrar of america alone I probably get 1 piece of mail per domain per month trying to con me into switching.
I did find a solution I used temporarily that put a stop to all the junkmail.
In your Address Line 2 use: "THIS MAIL PROBABLY CONTAINS ANTHRAX"
I stopped doing that after a while because I wasn't sure if that was legal but it was effective either way.
Don't kid yourself.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
I don't have a landline and my cell phone is a private number. I don't want every moron with a computer having access to my phone number. The admin e-mail is a perfectly valid way to verify a site. There is no reason for you to know the name, address and phone number of who registered a site, EVER, Unless you're suing the domain owner for copyright infringement or something similar. I do use network solutions privacy options for my sites but I'd still rather not have personal information linked to my sites even through their privacy options.
For an individual, it's a bad, bad idea to use real information. I still get bogus invoices asking me for checks for services I never used, thanks to a public WHOIS registration I made years ago.
Privacy should be built into the system -- perhaps there should be a $1 fee for accessing WHOIS records. I should not have to pay godaddy more money in order to register a domain name without opening myself up to fraud and identity theft. Until that happens, I'll be using false info.
I currently use dotster, but I think registerfly is one of those with free masking.
Dvorak on Doomtech
If you want a domain as an individual, there's ".name".
I own five domains, and every one has a valid street address and phone number. I get very few annoying calls, and little paper mail, as a result. Two threats in the last eight years - one from a company which didn't like what I said about them on Downside (their stock dropped 98% from its peak), and a guy running a patent-broker scam (he's now out of business). It's just not a big problem if you're legitimate.
I find it more likely that these are people trying to AVOID the spammers (both internet, and other) that strip e-mail address, phone numbers, addresses, etc from whois and send them all kinds of crap.
- AMW
That said, there should be strict laws against knowingly sending unsolicited commercial email of any sort using a private domain, and the first violation should result not only in jail time, but also in a ten year ban on the individual and/or company being allowed to register ANY domain name.
And which country would pass (and enforce) these laws?
The large majority of the spam I receive isn't from my country... and, I really don't give a rat's ass about another country's laws.
I suspect people in other countries feel the same about laws made by my country.
--Phillip
Can you say BIRTH TAX
...many sites are dedicated to or otherwise contain pornography! this article clearly eminates from the the "duh files"
... And I fear very greatly that someone would use my domain name to look up my address, and burn my house down.
I'm quite serious. It's dangerous to be a vocal minority.
Are all .com, .org and .net sites located in the US? Are those domains automatically US domains? I think not. But then, who is trying to govern whom and why? And why now?
As long as 'whois' information is available to anyone, anonymously, people will provide incorrect information. The privacy proxy should be required. The whois queries have to be replaced with an inquiry directly to me, through a mediated mechanism like my ISP's customer service, or a PGP-authenticated e-mail address. This will result in real-time blacklisting of bogus PGP-email addresses, etc. The Internet will develop a kind of 'immune system', eventually. Once that happens, I'm more likely to provide a mailbox that I actually check.
asdasd
Autonomous Retard -- Is your camp safe? UnsafeCamp.com
Domain owners making personal information!
News at 11!
5.14% of 3x300 sites = exactly 46.26 sites with false information. Wow... Shocking... how you can have .26 of a website completely misrepresent itself like that.
Gee, if we only had some sort of device that could scan these records and pick out such easy to spot bogus data and delete or deactivate the record so that it didn't work any more. Something like a clerk, but faster, so it could look through lots more records in a day. Oh well, I guess that's too much to expect. I'm sure the registration agencies would do it if they could, they certainly arn't just acceptng registration fees and then letting criminals do whateve they want.
I'm an American. I love this country and the freedoms that we used to have.
Actually, there's a story behind that. Didn't slashdot have a story on who gets to see emails sent to test@test.com, and other bogus-filled email addresses?
Is it really true someone can have your domain revoked because your WHIOS info is fake? Can you point me to where it says this. My info is fake, but it's for privacy. If what you say it true, I'll get an PO box. What if you have a real address, but fake phone number or no number? The only item in mine that is real is the email address, so I can still get expiration notices.
Anonymous Cowards suck.
Why? Because I see privacy as a right, not a privilege. I refuse to spend one red cent on it. But I will defend it with whatever free techniques are available to me.
Steve Magruder, Metro Foodist
My registrar, and law enforcement. Other requests can be forwarded blind by my register to me -- this includes your phishing example, or fighting spam. All others can go to hell and have no business contacting me.
At present, I'm also required to give my full-name, phone number, mailing address. Simply setting up a single e-mail would be easy if it weren't for the rest of it.
As you say, if I could choose to put forth exactly one public method, an e-mail just for domain contact into would suffice.
Lost at C:>. Found at C.
I do not engage in any sort of SPAM or advertising of any sort. In fact I tend to be more of an internet traditionalist and shun nearly all forms of internet advertisement.
With that in mind, the whois records for my domains is set with the purpose of protecting me from spam and other forms of what I consider harrassment. It goes without saying that there are bots that will find email addresses within various internet media to add to large mailing list databases. My only protection here from this sort of harrassment is an attempt to remain as obscure as possible.
I believe that the majority of domain owners agree with this sentiment at least in part.
Any user can look up this data via one of the many whois sites on the net.
There is your reason right there. I for one don't want any nutters being able to find my name and address and phone number.
There are a lot of marketing companies who spend a lot of money to get your information. They also support legislation that claims other goals, but has the end result of making information more readily available to them. I wouldn't be surprised to see them jump on the bandwagon to claim we need better domain registration information to prevent crime.
I agree that one shouldn't have to pay for privacy, but that's not how it works in the real world. Nothing is free unless your time is worthless.
Or you could use:
Homer Simpson
94 Evergreen Terrace
Springfield, OR 97477
BTW: The Simpsons live within a few hours of the water, don't live on the east coast ("Scorpio" said so), are surrounded by evergreens, but aren't hilly. So they must live in Oregon. Possibly Washington, but most likely Oregon. (plus, springfield oregon is right along I-5, a major freeway.)
"That's so plausible, I can't believe it!" - Leela
Why pay for the study? I could have told you this 5 years ago.
A phone number should not be visible nor required.
To cut down on spam, how about forcing every registrar to supply an email account for anyone who registers a domain thru them?
Make the registrars responsible for spam.
Address data should be only visible to a human being and not automated software, such as some whois sites.
Can I mod the headline "-1: No duh"?
Yo mama so fake, she failed the Turing Test.
Many times when I try to hunt down a subnet owner from log informatin, the email contacts on just the subnet owners are incorrect and get bounced back. Its no surprise the internet is becomming a slum.
"Your having a bad day when the voices in your head put you on hold"
Given the state of the authorities...
I'd love it if you could set things up without fear of reprisals but in catching members if the first (smoke and mirrors) class, we're going to sometimes prod the members of the second (only smoke, no flames please) class in the back needlessly while members of the third ('terre brulee' scorched earth) class are going to resort to using smoke signals to communicate.
The internet as we know it is dying. Soon it'll be secure end-to-end communications, because machines need it.
You as a human being are left to shivver naked in the cold, wet fog of data.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Why not take your cell phone off and get a 966 phone number instead? ;) It would probably pay for the PO Box.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Love how the article makes it sound like only the bad guys do that. Maybe the people setting up the domain just don't think its anyone's business and that's why they gave fake info.
The registration company has my info on file, I dont see why it is needed by anyone else. I dont feel a need to provide personal information to the world at large.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
To me that's just the way it should be. Why force website-owners to disclose lots of information? Why not just have a DNS registry where you register, and where they (the registrars) can contact you? When you don't want the domain anymore, you simply cancel the contract.
Why public disclosure of website owners at all? To me this looks just like more "anti-terrorist" measures created by rabid governments (only that all of it happened waaay before 9/11), i.e. none of it does actually serve a useful purpose.
Websites, like stores, that want verifiable identities can simply tell the registrar to make their information public, but there are reasons for other people not to do so.
Alright, well that would mean 15.42 of 300 domains have garbage information, and 10.95 of 300 domains have missing data. Is it me or is that not a lot?
I also have a domain, I think I have OLD data in there, just have not updated it in a long time, and I still get spammed.
Idiot or not, you're still an idiot.
Not all contries have zip codes.
So a bogus looking zip code means absolutely zip. (Pun intended)
--= Isn't it surprising how badly I spell ?
No kidding - goddam the GAO is slow. I knew this without looking...
- I voted for Nintendo and against Bush
I completely agree with you.
What I'd like to see is:
1. Make a domain private by default for individuals. Make it the responsiblity of the registrar to be the contact between the domain, complaints regarding it and facilitiation of disputes. If someone wants to buy my domain from me, let them contact the registrar and then the registrar can copy me about a possible sale to the interested individual.
2. Make all public companies, candidates for office and public service and religious organizations list their information in the Whois for all domains they register, because they're public.
3. Make all
"Love is like pi - natural, irrational, and very important." (Lisa Hoffman)
I agree that the ISP should have correct contact information on file. It makes good business sense as long as they don't abuse it. I just don't think it needs to be published in the whois directory. Buying a private domain listing is exactly like buying an unlisted landline from the phone company. People have been using the names of their pets for decades to avoid paying the fee to be unlisted.
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
Oy...
.comMMERCIAL and .orgANIZATION and .netWORK etc. etc. was that domain names were organizational entities, not individuals. If you are a business entity, your records are public in the brick-and-mortar world, why should the internet be any different? Positively NONE of the TLDs were intended to be for private, individual use, so the rules simply didn't address those issues. There are privacy services and proxy registrations that get around the problem and because of that the original rule should still stand.
The original intent of
And now its posted on the front page of slashdot, great now ill really get calls
For a while, I was using registrar that, while I had the right data according to the registrar, the "whois" data for my domain showed up as a squatter in California. The registrar claimed there was nothing they could do about. I switched registrars and didn't have the problem again.
to a s(p|c)ammer domains are essentially disposable. if you put the same domain in all your s(p|c)ams then you risk being detected by filters etc.
some don't even seem to bother with the domains they just host on ips but i guess having a name makes them appear slightly more legitimate.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
... like everything else. What global effort, or even national, is not?Are we surprised? Works good enough. Move along.
I just checked Go Daddy's website. It seems that they've lowered it to $7 a year. Not great, but better than $9.
I quote others only in order the better to express myself. -- Michel de Montaigne
When the users of my web application start calling me at home for support... yeah, it's time to get rid of that. I also got rid of my street address. Nor am I going to pay some other company to put their fake info there for me. If someone wants that information for some legitimate purpose, they can request it by email.
I have a few domains, most of them are registered with fake info, although I always make sure to include at least ONE piece of factual information, like at least a phone number. I do this to protect myself from spammers, not because I am one. I refuse to pay extra money to keep my information private, so I do it myself.
i would get laid this weekend but my cargo van is in the shop and im out of chloroform
AnonymousCoward.com has valid registration information, including email, phone, and address.
YOUR RUSE FOOLED NO ONE!
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
This means that about 5% of supposedly claimed domains are potentially hikackable. Most register services have certain TOS and those include you providing accurate info. If you have 999 999 9999 as a phone # and abcdef as an address that looks like a violation. If I wanted your site I think I could have that domain ownership invalidated and stake a claim. Another tactic would be to say that you registered the site with invalid info and now want to correct the informaion. After that is completed the domain is in your name. Who can argue that they own a domain when it was originally registered by Bugs Bunny?
A scammer could do this, then offer to sell the domain to the original owner for $100, $500, or whatever they felt they could get. That would be like...
Step 4 Profit
Ninjas don't carry tic tacs
If some government agency cares to spend several million dollars checking it out, they will find that I have falsified the info my phone company puts in the phone book too, not because I am some criminal, but because I don't want junk mail, and when anyone calls my house looking for a mister "Jubal Harshaw," I know the call is junk.
And the reason I do this instead of getting my number unlisted, is Verizon charges something like $3 a month for that privilege.
Logical Disconnect
judging by the fact that you can't spell 'controversial', you are probably a creationist nutcase right?
Followed by a signature that says:
"Anonymous Cowards Suck."
Irony!
This is where Nominet, the .UK domain name authority, triumphs IMHO. They send you a letter (yes a real letter via snailmail) containing a PIN number for login at their site, effectively bypassing your registrar, to keep your data upto date. As far as I can tell this information is completely seperate from the WHOIS records or the records that your registrar keep.
Go Nominet? o_O
It takes some digging, but you can find the terms and conditions for the bulk-access agreements that all registries must adhere to in order to remain accredited. In turn the registrars have terms that they must follow to remain accredited. http://www.icann.org/registrars/ra-agreement-17may 01.htm#3
Failure to adhere to these agreements can be harsh (http://www.icann.org/correspondence/touton-letter -to-beckwith-03sep02.htm)
In these agreements it states that:
3.3 Public Access to Data on Registered Names. During the Term of this Agreement:
3.3.1 At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited. The data accessible shall consist of elements that are designated from time to time according to an ICANN adopted specification or policy. Until ICANN otherwise specifies by means of an ICANN adopted specification or policy, this data shall consist of the following elements as contained in Registrar's database:
3.3.1.1 The name of the Registered Name;
3.3.1.2 The names of the primary nameserver and secondary nameserver(s) for the Registered Name;
3.3.1.3 The identity of Registrar (which may be provided through Registrar's website);
3.3.1.4 The original creation date of the registration;
3.3.1.5 The expiration date of the registration;
3.3.1.6 The name and postal address of the Registered Name Holder;
3.3.1.7 The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and
3.3.1.8 The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name
AND
3.7.8 Registrar shall abide by any specifications or policies established according to Section 4 requiring reasonable and commercially practicable (a) verification, at the time of registration, of contact information associated with a Registered Name sponsored by Registrar or (b) periodic re-verification of such information. Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.
AND the biggie
3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.
3.7.7.2 A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration.
Who has access to personal information regarding domain registration?
Is this info only used during prosecution (and personal records) or is it completely available to almost anyone?
"I'm a well-wisher, in that I don't wish you any specific harm."
"Instead of using your name, they put their company info in the whois of your domain."
And when the name is disputed, do you have any control? Or when someone calls up the administrative contact and makes a cash offer, are you notified of the sale?
-fb Everything not expressly forbidden is now mandatory.
Spam, harassment, or just plain paranoia. For awhile, I didn't get any of these things from my domains. Now I get letters from DROA shoved in my mail box, and calls from Habib in India wanting to buy my domain for a $1. I don't want to sell my domain. I'm more than happy with my current RSP. Yet, I still get all this shit, regardless if I tell them to fuck off or not.
So I use semi-fake data. If ICANN wants to fix the problems outlined above, I'll put some real info back.
omg I apologize for the formatting (lack of), I can't seem to edit it. Just skip down to the bottom for the actual requirement for true information. The 2nd link I provided is good reading too.
Network Solutions only allows WHOIS queries that do through their secure page, which cuts down on the automated scrapers. You can also pay a fee and they'll block everything but your name and where your information would be, they print:
o m
Registrant:
Doe, John
ATTN: JohnDoe.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
Domain Name: JOHNDOE.COM
Administrative Contact :
Doe, John
vr57b9az6ac@networksolutionsprivateregistration.c
ATTN: JOHNDOE.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
Phone: 570-708-8780
Technical Contact :
Network Solutions, LLC.
customerservice@networksolutions.com
13200 Woodland Park Drive
Herndon, VA 20171-3025
US
Phone: 1-888-642-9675
Fax: 571-434-4620
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Do you have a driver's license in the U.S.? If so, then your name and address is public. Do you own real estate? Ditto.
Is there a difference between, say, driver's license data and domain name data?
Are you equally outraged (or whatever emotion suits you) over the fakeable domain name data versus non-fakeable public data due to government records?
I'm not trying to be antagonistic. Is there something odd, perhaps, if you do not want your address in a public database for a domain name yet do not care about it being in other public databases?
What would it take for all of us to realize just how "private" information about ourselves is? And is there a difference once the cat is out of the bag?
In practice with my domains, I find that the registrars only check the email address when they do their whois checkups.
Therefore, I recommend registering with a random name, make up a company name)... & get a PMB if privacy is at all important to you.
Use an alternate email address just for your domains, & check once a month.
>>The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals.
This is a totally wrong. Real address is totally normal for a business domain. However, there are people who get a domain only for personal use where privacy is important.
- free emails had very low couta, and get spams even if you doesn't publish your email
- it's definately a bad idea to use ISP's email. You may lose your email at any time if you do not agree with your ISP
Also, many domain seller also offer php, web space and ftp so it is actually quite fun to have one domain. So you don't need to turn on the PC 42/7.
If people know you are the domain owner. Then your real name, phone, address are exposed! And people can find LOTS of things about you.
Thank God I have an understanding wife. When I first started my business, I registered a domain name. My ISP, which is run by a husband and wife team, whom I'll call John and Jane Doe, helped me set it up. I would periodically get junk (snail) mail related to ISP type stuff after this. Then one day I received a credit card offer addressed to My Name and Jane Doe at my home address. I remember when I got home, my wife, with a smile, asking, "So, who's this Jane Doe woman, and should I be worried?" I remember thinking, "What the heck are you talking about? Jane Doe?" The name didn't click until I saw it in print and realized, oh that's the wife of the husband and wife team who run my ISP! For some reason, some credit card company had determined that me and Mrs. Doe were apparently a couple living at my home address. It's stuff like this that makes me worry about what information is in some random commercial database somewhere, when I hear about the government wanting to scour said databases to look for potential terrorist activity. I've never met this woman, nor have I even talked to her on the phone or emailed her. She just happened to handle the billing for my ISP! Crazy!
It isn't so much fraud but privacy that drives false data.
For example, I and many I know have been solicited via information found on the registration for their web address. So every now and then, I'll throw false data at a registrar. They don't verify anything but email and even those are throw-away now.
But there probably are some out there using it shield themselves. That's where incorporating comes in handy.
Got any eggs for fats?
An average Internet user needs some point of contact to report illegal activities to.
Yes, I mean to emphasize "ME" because I'm one of the millions of domain owners that uses fake information to keep from being spammed to death (electronically or physically) on either my role email account or mailing address. Yes, I'm well briefed in the ways of various registrars privacy options. I even utilize GoDaddy's on a couple of my domains. Why would I want to pay another $10/yr for privacy options? It's just not worth it. I'd rather let people contact me through my websites where I can prevent the use of spiders than freely hand out my details via WHOIS.
Why? Though all my post can be attributed to me, do you really think my real name is "drxenos"? "Anonymous Cowards" are not affected by what they post. No one know who wrote it. They are not affected by how the post is moderated. By having a handle, we can still have privacy, but be somewhat responsible for what we post. All my post are tied to the same entity, and so a history of what kinds of posts I typically generate. My post history and my karma show what kind of poster I am, and still allow my anonymity. Posting anonymously allows one to post nasty, untrue, or unfair diatribe without any responsiblity whatsoever.
Anonymous Cowards suck.
In all my life, I have never received a piece of postal mail or a telephone call related to any of the dozen or so domains I own
You mean you never got letters from these guys?
Lucky you.....
That should be "domain owners are hiding their true identities".
Thanks. This obviously took you a lot of time. I could have sworn when I initially registered my domains, that I read somewhere that you were only required to put true info in your WHOIS info if the domain was used for business. I guess I misread it.
Anonymous Cowards suck.
I think you are right. Bogus information is not the solution, a new standard is what is needed.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Are you equally outraged (or whatever emotion suits you) over the fakeable domain name data versus non-fakeable public data due to government records?
Uh, a drivers' license is not even in the same league as a domain. Let's not try to compare unrelated things, it's pointless.
I'm outraged at the fact that people who own domains legitimately are getting fucked over by those same people that have the power and ability to abuse this "law".
This is news? HAH!! Hardly. Besides the report says 5%... really? I did my own survey and found it more closer to 60% being bogus. Spammers have been doing this for years. They would sign up for a domain using their OWN valid contact info (they have to initially), then sit on the domain for a while. Then before they start promoting the site, they go back and change their contact info to a bogus one. Registrars don't check "name changes" like they do during an initial registration. This is because most registrars initially issue their domain owners passwords they use to change their information, instead of insisting on sending them confirmation messages.
Shame on ICANN and registrars for having such an insecure system and being so friendly to spammers and phishers. But YOU (thats right - you self respecting slashdotters) can do something about it.
Once you find the registrar, be sure to also CC your complaint to ICANN.org (I think they still have a special Email setup for this).
Although, due to work pressures, I've been out of the spam fighting theator for a while, but when I was reporting more then 150,000 spams a month, I would also investigate the spammers web sites, and try to track them down, and run into about 60% of them bogus. But if the registrar is in China, they usually ignore your request or complaints (most in chinese anyway). Then start hammering ICANN.org and report it to them. Eventually, if enough complaints, they can do something about it.
It takes about a month for this process to take place. After the initial complaint, the registrar gives them (bogus whois owners), 10 days to respond. The registrars would use their initial contact info, and failing a reply, they have to wait another 2 weeks, then after that, the domain is cut off. But by that time, the spammer or web site operator don't care because they would have already been shut down anyway, and very few domain owners are going to cough up their real contact info, they would rather loose their domains... they are "throw away" ones anyway.
I'm proud to announce I shut down about 250 spammer domains during my WAR in spammers. Also shut down about 150,000 infected hosts with a very aggressive spam reporting system.
My system is automatic, and it even follows up on the Bogus Domain complaints every few weeks, it sends an Email to the registrar when they haven't "acted" on it. Each complaint is time stamped and comes to my attention only if I don't get the registrar to send me back their action report. I check it again, and if I find any info bogus, I fire off the complaint again (using the assigned tracking number). Very few registrars escape my attention. All mail sent to registrars also go the ICANN.org site....
Eventually, they started to pay attention to this issue, and more and more registrars are setting up "bogus whois" complaint links. And those that dont will be sent reminder messages (Always CC'ing them to ICANN of course). Then ICANN contacts me, saying they have NO authority to revoke a registrars "license", but they say they send out notices to the registrars if the complaint level is too high.
Some registrars will leave their contact whois "blank" upon request (and possibly a hefty bribe), and claim it's to "protect their privacy" - but as always "money talks - and bull pucky walks"... so what can you really do, other then to get the attention of lawmakers, which is even a worse idea, we have enough regulation already..
Just my thoughts...
j
My site has photos of where in my back yard I hid the gold. Maybe if I didn't want to be a target I shouldn't have told the world that I had a pot of gold.
Maybe you shouldn't have registered "wow.lookatmyexpensiveart.thatikeepathome.arentyou jealous.com"
Support SETI@home
Take the below registration for respam.org. The address is where the server is but it doesn't list which of the 34 floors in that telco hotel it's on. The email address will get to me, eventually. The phone number is bogus (super extra credit points to they that can tell me where that phone number came from.) The important line is GODA-011238625 which links to my godaddy account and godaddy will be able to tell who I am. They took the credit card info and they can also link it to my 30 other domain which mostly have the right info (i.e.: nethead.com) which you can see I don't hide at all. So, the what's the problem? Registrant ID:GODA-011238625 Registrant Name:Post Master Registrant Organization:Real Estate Spam Fighters Registrant Street1:2001 Sixth Avenue Registrant Street2: Registrant Street3: Registrant City:Seattle Registrant State/Province:Washington Registrant Postal Code:98021 Registrant Country:US Registrant Phone:+1.3115552368 Registrant Phone Ext.: Registrant FAX:+1.549 Registrant FAX Ext.: Registrant Email:reg@respam.org
-- I have a private email server in my basement.
Take the below registration for respam.org. The address is where the server is but it doesn't list which of the 34 floors in that telco hotel it's on. The email address will get to me, eventually. The phone number is bogus (super extra credit points to they that can tell me where that phone number came from.) The important line is GODA-011238625 which links to my godaddy account and godaddy will be able to tell who I am. They took the credit card info and they can also link it to my 30 other domain which mostly have the right info (i.e.: nethead.com) which you can see I don't hide at all. So, the what's the problem?
Registrant ID:GODA-011238625
Registrant Name:Post Master
Registrant Organization:Real Estate Spam Fighters
Registrant Street1:2001 Sixth Avenue
Registrant Street2:
Registrant Street3:
Registrant City:Seattle
Registrant State/Province:Washington
Registrant Postal Code:98021
Registrant Country:US
Registrant Phone:+1.3115552368
Registrant Phone Ext.:
Registrant FAX:+1.549
Registrant FAX Ext.:
Registrant Email:reg@respam.org
-- I have a private email server in my basement.
I totally disagree with you. I'm definitely a privacy advocate, but fail to see ANY reason why anyone would want to keep their contact private. I mean - the whole reason for the web site is to promote your wares, services, or other things you are selling. Any self respecting business owner would not have a need to hide this information (unless they have ulterior motives). So, if you want or need a "Public" presence through a web site, then in all respects, allowing the public to contact you is not only good business sense, but improves your customer relationship if they know they can contact you through your web site.
Other important reasons include if your site is hacked or defaced, and your public content is "erased" by the defacement, then security professionals have no way to contact the site owner.
And also your claim it vets out "Internet wierdos", it's certainly possible to avoid those by proper screening of your Email you might get in your contact mailbox.
j
US Government Accountability Office? This has got to be a joke- how can such an office exist? Isn't that a contradiction in terms?
Ah, but there's the rub. Some registrars offer exactly what you want... except that they charge for it. They put forth the effort to make sure you get information regarding your domain, so they want compensated for it. Internet rules require that there be some way to contact a responsible party. They don't say who you have to be to be allowed to know who that party is...
My only experience with a "proxied" registration involved a compromised machine doing a flood attack against my email servers. Of course, calling the proxy service got me no where... Finally, I called their ISP. The only thing they could do was pull the plug on the offender, which they did. The attack stopped.
The ISP got an angry call from the customer. I got the next angry call from them. I explained that I was unable to contact them to stop the attack, because of their proxy registration. The only recourse was to deal with the next level responsible party. If that meant their website went down until they fixed the compromised workstation, that wasn't my fault; I was protecting my servers. And, by the way, who should I contact about compensation for the loss of business caused by their attack?
Last time I checked, they no longer hid their technical contact information behind a proxy.
Which brings up the question, why would anyone hide their technical contact information? Personal, I have no problem with... I rarely have to deal with the domain owner. But fake tech info?
(and I rarely, if ever, receive spam to my registrar email address through GoDaddy. the one that we used with Nitwit Solutions way back when still gets spammed regularly. and employees at our old ISP from the NS days are still getting postal mail addressed to our domain... Guess you just have to have the right registrar!)
I have a domain that I have owned since October, 1999. I registered purposefully with false information simply because it was allowed. It is really no one's business who I am or what I own. Though, yes, I was once a hacker and publisher of a questionable electronic magazine [Digital Murder], my aim was never of a criminal intent. I feel that it is my right to be able to say whatever I want and be allowed to at least ~attempt~ to safeguard my privacy. I am an American and I registered it with an American Registrar. However, the rules are changing daily. The government is just scared because they know ... well.. like Jim Morrison said, "They got the guns but we got the numbers.. We're gonna win, yeah, if we try. COME ON!"
The government can kiss my ass for all I care. Wasting money on such a stupid study. I could have told them that and saved them who knows how much taxpayer dollars! The US Government has turned into a money laundering joke.
Just wait until someone sends a letter to Intercosmos stating 'lazylightning.org' has false registration information.
Well, that's you're call, but I've seen registrars (in the $10/year range) charge as little as $1/year for this protection. My current registrar charges $8.88/year/domain plus $2.88/year/domain for WHOIS protection. I don't think that's a bad deal.
I agree with much of what you said in your post. However, I don't entirely agree that it's mostly just people tryin to maintain privacy. Yes, I think that is a significant chunk of them. However, I see many other categories:
- squatters
- spammers
- porn relays/redirectors (often also spammers)
- companies (this one I will ellaborate on)
Many companies have questionable practices. Legal perhaps, but questionable in the court of public perception. For example, one company (I'll leave the name out, as much as I'd love to bash them) gave away reptiles as part of a big promotion. When the "winners" got the pet reptiles, most of them were sick with all sorts of disease and malnutrition issues. For many of those who received these animals, their other pets got the diseases (parasites usually). The company is one of the largest for pet supplies, particularly reptiles. Well, when reports came in about these sick and neglected animals two and two were put together and it became clear that this company was the source of them all. Most of the larger reptile-oriented community websites have boycotted the ads for this company. What we found was that the same owner was registering many domains, with different address info, phone numbers, etc. Sometimes it was obvious, because all reg info would be different EXCEPT the phone number, or some other subtle bit of info.
He was trying to market his company and get through the boycott to drive revenue.
So, in this case... companies that want to conceil who they really are by providing slightly different fronts are among those that register domains with fraudulent/false info.
It might sound crazy, but to me posting my actual phone number and address on a publicly searchable directory linking me to a website I own might not be the most safe practice in the world. Imagine the owner of a site getting phone calls at his or her home number because they didn't realize it would be posted for every oddball out there in cyberspace to see.
... now I have to pay an extra bit of money just to not have my home address and personal phone number listed, above the already outrageous prices they required for a simple domain name?
... I'd more simply enter a fake address and phone number than have to shell out extra money just to have my personal information out of the reach of the oddballs out there, and not to mention the crawlers who no doubt see WHOIS as a gold mine for spamming activities.
It happened to me a few years ago, and ever since then I've always entered fake information for domains I register. A few years back Network Solutions offered a new 'service' which allowed you to make the information private and non-searchable. Thanks, NS
Not gonna happen
I'm probably just missing the sarcasm here, right? "I mean - the whole reason for the web site is to promote your wares, services, or other things you are selling." I realize that almost all you get when you "google" something these days is a list of vendors trying to sell you something related to what you searched for, but that is certainly not all there is on the Internet.
I own a couple of domains, so I can have a constant email address, can post random stuff on a web site that I can show to someone, so that I can VPN into my home network without having to remeber the IP address, etc. I'm not selling anything to anybody, and I don't care if anyone can find anything about my domain, even that it exists, just as long as I can. So why would I want to give anybody my contact info?
Man I get junk from them all the time I own less then 10 domains. I can only imagine what it is like for poeple who run more.
"It's better to be a pirate then join the Navy"
Simple, when it's a personal domain, the tech contact and domain owner are, oddly enough, the same person.
At present, I have the choice, fill in bogus information, or provide my personal information (which I do).
Small/personal site owners don't necessarily want their private info out. And the amount of crap spam I get which is clearly trolled from my whois record is annoying.
Lost at C:>. Found at C.
When I buy a domain name it is mine. If I choose not to tell people about where I live and what my work number is, then it is damn well my right. The right to privacy is not criminal and it's not negotiable. I am not going to contribute to the DHS's database of names and numbers to prove that I'm not a criminal. I am not a criminal.
Government is overstepping it's bounds once again. If you don't believe privacy is a right, then how about you take your names and numbers and post them on the largest database on the internet. Assholes.
"Did you really think we want those laws observed?" said Dr. Ferris.
"We want them to be broken. You'd better get it straight that it's not a bunch of boy scouts
you're up against.... We're after power and we mean it....
There's no way to rule innocent men.
The only power any government has is the power to crack down on criminals.
Well, when there aren't enough criminals one makes them.
One declares so many things to be a crime that it becomes impossible for men to live
without breaking laws.
Who wants a nation of law-abiding citizens? What's there in that for anyone?
But just pass the kind of laws that can neither be observed nor enforced or objectively interpreted-
and you create a nation of law-breakers-
and then you cash in on guilt.
Now that's the system, Mr. Reardon, that's the game,
and once you understand it, you'll be much easier to deal with."
-Ayn Rand, Atlas Shrugged
Which brings up the question, why would anyone hide their technical contact information? Personal, I have no problem with... I rarely have to deal with the domain owner. But fake tech info?
Because for millions of small sites (like mine), the tech contact is the domain owner. My site isn't the sort to attract loons and thieves, so I don't worry that much about having my personal info made public. But I do get tired of having to shred two or three credit card offers a month for my "business", when it is obvious from the site content (which plainly no automated WHOIS harvester has ever bothered to check) that not a dime of revenue is generated by it.
I figure by 2030 or so my 6-digit UID will be something to brag about.
I don't discount what you're saying above but you do have people like this guy:
[andymcd@localhost ~]$ whois protectonline-paypal.com
DOMAIN
Domain Name : protectonline-paypal.com (PPC178-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com/
Registrant / Admin Contact :
PERSON
Bill SCHMIDT (SCHMID12-BMN-PE)
1123 Mason St Apt C
54476 Schofield
UNITED STATES
phone : +3 44546677
fax :
e-mail : aptbill6662@yahoo.com
Billing Contact :
PERSON
Bill SCHMIDT (SCHMID12-BMN-PE)
1123 Mason St Apt C
54476 Schofield
UNITED STATES
phone : +3 44546677
fax :
e-mail : aptbill6662@yahoo.com
Technical Contact :
PERSON
Bill SCHMIDT (SCHMID12-BMN-PE)
1123 Mason St Apt C
54476 Schofield
UNITED STATES
phone : +3 44546677
fax :
e-mail : aptbill6662@yahoo.com
Domain servers :
ns1.miss-nska.net (NMNN2-BMN-HST)
ns2.miss-nska.net (NMNN3-BMN-HST)
Created on 12/05/2005 21:40:04
Updated on 12/05/2005 22:42:02
Expires on 12/05/2006 16:40:04
Doesn't this ring alarm bells in anyone's head? I found this one because I received a phishing email and checked the (fairly pathetically disguised but would trick a layperson) link.
Cheers
Stor
"Yeah well there's a lot of stuff that should be, but isn't"
You mean people are registering for domains with false info? What a dirty despicable world...
"So, Lone Starr, now you see that evil will always triumph, because good is dumb." - Dark Helmet
Unity in Diversity
Maybe website owners don't want to get inundated with a flood of spam just because their e-mail address is on record for their domain registration? Or more than that, maybe people with personal sites don't want random unknown people showing up at their doorsteps because their home address has been made publicly available via whois?
I'll always put enough info in to contact me, but I refuse to submit myself to such an invasive disclosure of personal information just because they want it.
I register my domains with the name "Host Master", and the email is a unique alias I use only for that so I can filter stuff.
:)
I do occasionally get snail mail addressed to Mr Host Master.
Let's make that whole "encouraging other countries to pass laws similar to our own" thing work for the people instead of against it for once.
Check out my sci-fi/humor trilogy at PatriotsBooks.
300 random domains from the entire zone of 90 million .com's doesnt give a real good idea of what the problem here is.
if instead they would take a sample of newly registered domains, that percent would jump significatly. we use whois lookups as part of the heuristics at http://www.uribl.com/ to identify new spammer uris that show up in the query stream en masse.
domain age proves to be a big indicator of spamminess when it comes to uris in emails.
for the last 7 days, the top 10 creation dates for domain names that we have blacked
rank / created / black uris
My vote for the most ironic use of Network Solutions Private Registration is
Clarke American, well known for printing checks (web site says "more than
50 million check orders every year"). There's a private reg for their
CLARKEAMERICAN.COM domain. Also, if you go to order checks online, you're
redirected to an https://checkreorderexpress.com/ that also has a private reg.
The whole basis of the business is customers' willingness to give their bank
routing number and checking account number -- yet for some reason the company
doesn't publish direct contact information for their domain names.
I think this method of using only a false name is probably OK. As people can still reach me, but do not know my real name.
Meh.
From TFS:
...and that's only the idiots who used obviously false information.
The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."
Seriously, back when I had a website I used fake information. Why would I want my personal information available to anyone who sees the site? Why would anyone, other than a business? I shouldn't have to worry about harrassing phone calls or visits just because I choose to put something controversial on my site. Or conversely, I shouldn't have to worry about someone searching a whois database for my name to find out what sites I have.
https://www.eff.org/https-everywhere
I had one spammer write about a domain that was just registared for 2 more years. They claimed the hosting (in our office) was going to expire and the domain name also. Thye suggested regestering it as soon as possible with them to avoid any service outage.
Of course the CFO updated it and sent the money in. Then after i came back from a different client, she was yelling at me like i stole the money used to originaly renew it. We decided to find out what was going on. Turns out i did renew it. WE(that company) do host it. She just gave the rights to it to some foreign company as well as around $300. Luckily, the original registar let us change the passwords and stuff before the other company could do anyhting with it. I think technicaly it belongs to them now but we still control the setting for it. Thise domain spams can be a bitch.
I faked my domain registration. Atleast the part viewable with WHOIS. The reason? Why in the world would I want to post my name, address, phone number and e-mail address in an easily harvestable way??? I'm not hiding from anyone in particular, but I see no point in giving away information that could be used by spammers or worse. My hosting company had no problem with it, they assured me that they already know who I am from my billing account and what not, and put their own info in the tech contact info, for free.
There are a lot of ways to abuse the WHOIS information, and I'm amazed that only a slight bit over 5% of all owners actually fake their data. There are crooks out there, for sure, but to say someone that uses phoney data on domain registrations is a bit absurd.
This isn't a problem with public information, this is a problem with the ISP being lazy and automatically granting domains without bothering to pick up a phone or do any other verification. On the other hand, it's a lot more work to do it Right, and work equals $$.
I think that the best answer is to require the registrar to have the right contact information, but don't make it publicly available.
This would be great, if registrars were actually responsive to complaints about spam, phishing, etc. Maybe you are, but I know plenty that aren't. Keeping the owner's information public is a great equalizer.
I would guess it's more just people trying to maintain some modicum of privacy.
The Internet is not private. When will people learn this? If you want privacy, send 3-by-5 pix in an envelope. If you want I'm-too-lazy-to-move-my-ass-from-the-couch, post your pix online. If people want Privacy, they know where to get it. Unfortunately, no ISP can tell them the truth, because that loses business.
This post expresses my opinion, not that of my employer. And yes, IAAL.
You mean you never got letters from these guys?
Exactly the people I had in mind. Those guys are begining to get more annoying than AOL on their floppy sending days.
Come to think of it, I haven't gotten anything from AOL recently. Did they stop sending disks thru the mail?
No sig
That is a great idea. Have registrars require the correct information for the account with the registrar, but don't list it in the whois information. However, I do wonder how much it would cost the registars to do something like that themselves.
I contacted his webhost, who are a bunch of Russian guys living in London... draw your own conclusions :-)
... these are people who I'd maybe like to marry?
OK, I'm drawing conclusions
I'm married to a Russian lady, living in Britain, and I find your attitude to be fucking racist. I get enough of that shit from my government, particularly the Department of Racism and Bigotry (otherwise known as the Immigration And Naturalisation Department).
I hope you meet and fall in love with a foreigner, so that you too can have the years of stress it entails.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
How much it would cost? Fewer SQL queries when a WHOIS is conducted I would have thought - the info would just be in the database but not shown to the public.
Any domains registered there, will be investigated and if found to have invalid contact information the owner will be given a chance to correct it, or the domain will be taken away from them.
Pretty cool idea.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
Yep. Russians (not all of them, as you seem to believe we think) are involved in scamming, as are many other nationalities. I too have a webserver, and most of the crap that comes to it is from .ru based systems. Draw your own conclusions.
Oh, and Muslims (not all of them) hit NYC on 9/11. Just because a name is given to a group doesn't mean everyone who shares that name is a member of that same group.
For instance, I could say "you're a knee-jerk moron" but that doesn't mean all morons have knee-jerk reactions.
I put 999 999-9999 as my fax number to my domain registration info. Why ? Because I don't have fax and Verisign forces me to fill in some number there instead of giving me option to say that I don't have fax.
Any idiot can see that 999 999-9999 is not real number so it really cannot be used to make fraud. Using such number by Phisher would be quite stupid. If Phisher was runing the domain then he would put number like (212) 435-6596 to make it look more credible instead of (999) 999-9999. Anybody putting (999) 999-9999 as fax or phone number is simply saying that he either don't have fax/telephone or he does not wish to be contacted by fax/telephone.
It will be called the "Microsoft Vaccuum Cleaner" to avoid confusion with these humdrum devices called "vacuum cleaners", which of course do suck. Keen way of avoiding legal difficulties for misleading product naming.
How many beans make five, anyhow ?
AOL is sending out a lot less disks these days. I actually collect AOL CDs, so I signed up on their web site to make sure I get every mailing of AOL disks, even though I was already getting some anyway. They have really tapered off in the last year or so. I might have gotten one disk all year.
I think they realized that carpet bombing people with AOL disks is stupid, especially in light of them trying to sell it to people already with broadband, who can download it themselves.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Curious.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
1) use an alias for the name, remember that alias if anybody should try to call you that, you'll know they got it from "whois"
2) rent a PO Box and use that address, or specify additional information on your real address, like "Unit C", which will help identify possible junk snail mail
3) look up the phone number for your registrar, specify that instead of your own number. if somebody REALLY needs to call you, they can get the number from your registrar, as they know all your real info
I disagree that we should have to pay to use a proxy service to disguise our whois identities and I won't pay it. (for those that will undoubtedly say "just use a proxy service")
Remember, if some person doesn't like your website and hunts you down using your whois info, when they come to the door asking if you are so-and-so, just say "no, he's in Unit C". Close the door quickly and call the police.
Meh.