Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Studies Secretive Domain Owners

Posted by kdawson on from the all-swords-are-double-edged dept.

alphadogg quotes from a Network World piece reporting on ICANN's study of the prevalence of proxy services that shield registrants' personal information from WHOIS queries. "Approximately 15% to 25% of domain names have been registered in a manner that limits the amount of personal information available to the public... according to the preliminary results of a report from ICANN... Domain owners who want to limit the amount of personal information available to the public generally use a privacy [proxy] service. ... [Proxy services] register domain names on behalf of registrants. The main objective of ICANN's study — which was based on a random sample of 2,400 domain names registered under .com, .net, .org, .biz, and .info — is to establish baseline information to inform the ICANN community on how common privacy and proxy services are." Spammers and other miscreants abuse the ability to register domains by proxy, in order to avoid being found; but ordinary users have a legitimate interest in keeping their personal information out of the hands of those same bad actors. What's the right balance?

101 comments

  1. Right balance? What .uk has by IBBoard · · Score: 3, Informative

    The right balance is what .uk domains have - free information hiding for non-trading individuals, but information displayed for companies. They still have your information, but you don't have to show it to the world and you don't have to pay someone to hide it. As long as "squatting on a domain and pumping it full of ads" is considered "trading" then it's the perfect balance.

    1. Re:Right balance? What .uk has by sopssa · · Score: 3, Insightful

      In my opinion better balance would be based on if the individual is a person or a company. I do not want my personal information like name, address, phone number and so on all over the internet. Even if the site contains ads on it.

      On the other hand having your company info available in whois is quite an non-matter, theres public records available already and it doesn't break any individuals privacy.

    2. Re:Right balance? What .uk has by broken_chaos · · Score: 1

      The same is done in Canada. My personal domain name has hidden information (just shows registrar and DNS servers), whereas domains registered as belonging to a corporation have full information available. I believe this was changed sometime in the past five years -- as I clearly recall personal domain names having fully visible information back in 2004, and maybe even as late as 2007 or 2008.

    3. Re:Right balance? What .uk has by IBBoard · · Score: 1

      I didn't mean "sites with adverts should show details". There's a difference between "spam site that is purely adverts and paying searches" and "personal blog with adverts to support the costs" (although some sites making it a close-run thing with the number of adverts they try to plaster in there).

      Supporting your costs is just supporting your costs, where as squatters with sites full of junk are "trading individuals" because they're registering to either profit off the domain resale or to profit off the ads on hits to a domain that was once someone else's.

    4. Re:Right balance? What .uk has by sumdumass · · Score: 3, Insightful

      A lot of company domain names are registered to individuals inside the company for some reason. I've had to deal with that many times over the years when a former IT person is listed as the owner and is the only one capable of making changes to it. Anyways, I don't think there is anything that could stop that from happening on purpose. A reason you might want to do it on purpose might be in order to get around the public knowing your associated with several different sights praising your products or pretending to sell them because they're the best.

      I got a domain once for the purpose of protesting some things on a local level. The more popular the site became, the more annoying it was. I used fake information (this was before it became against the law to do so) but kept the admin Email and contact phone number to a legitimate line. I got threats and all kinds of crap including the phone ringing at 2 am because someone wanted to disagree with something. I ended up paying a company to list themselves as the owner. It's what stopped the calls and crap. I've since given the site away to some like minded people who use it to this day.

      I can see why someone would want their info hidden.

    5. Re:Right balance? What .uk has by jonbryce · · Score: 3, Informative

      If you are trading on the internet, the EU's E-Commerce directive requires you to publish your contact details on your website.

    6. Re:Right balance? What .uk has by frisket · · Score: 3, Insightful

      I disagree. Leaving aside the squatters and ad-pumpers (I wish we could :-) the "ordinary user" should not be able to hide their identity. Hiding physical address details is an unfortunate but acceptable security restriction today; but hiding email, phone, and other contact data is just wrong. It's abused by thousands of companies to prevent people contacting them when their poxy products fail, or to hide their true ownership and identity. Registering a personal domain is one thing; registering a domain as a business should bring with it the responsibility to publish valid contact information and keep it up to date. It should be illegal for registrars to hide the identity of their business registrants.

    7. Re:Right balance? What .uk has by IBBoard · · Score: 1

      Registering a personal domain is one thing; registering a domain as a business should bring with it the responsibility to publish valid contact information and keep it up to date. It should be illegal for registrars to hide the identity of their business registrants.

      So the companies will just put in fake details instead and people still won't be able to track them down. The .uk system still shows details for companies, just not for individuals. If companies use it to hide details then their WhoIs record will say "Registrant type: UK Individual" and anyone looking at it can go "no they aren't" and tell the registrar, who can then correct their type and show the details.

      Why should my details be on display just because a company could hide theirs by pretending their a non-trading individual? If someone has a legitimate need to contact me as a non-trading individual then they either a) do it through my email, b) contact me and ask for postal details or c) it is sufficiently important (read: has legal or other reasons) that they have a strong enough case to get my details from the registrar.

    8. Re:Right balance? What .uk has by supernova_hq · · Score: 1

      Do they also specify how EASY that information is to find?

    9. Re:Right balance? What .uk has by xaxa · · Score: 3, Informative

      That's almost exactly what UK domains have:

      $ whois [whatever].__.uk

              Domain name:
                      [whatever].__.uk

              Registrant:
                      Joe Bloggs

              Registrant type:
                      UK Individual

              Registrant's address:
                      The registrant is a non-trading individual who has opted to have their
                      address omitted from the WHOIS service.

      There's a box to tick when you register a .uk asking if you'd like your address hidden. You can't hide your name, but you could put "J Bloggs" and become a little more anonymous.

      Whether it breaks your privacy depends what you're doing with the site. I have a friend who has a fetish modelling site, she doesn't want to be traceable from it.

    10. Re:Right balance? What .uk has by Borov · · Score: 3, Informative

      Yup: "Article 5 General information to be provided 1. In addition to other information requirements established by Community law, Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: [...]" Check out the EU Directive

      --
      http://www.bordev.pl
    11. Re:Right balance? What .uk has by Wowsers · · Score: 1

      having your company info available in whois is quite an non-matter, theres public records available already and it doesn't break any individuals privacy

      Maybe sole traders / partnerships / small businesses don't want spammers etc. to know their home addresses. Many small businesses are run from home.

      --
      Take Nobody's Word For It.
    12. Re:Right balance? What .uk has by rtb61 · · Score: 2, Insightful

      I can't help it, Oh Noes it's a telephone book, run away, run away. Show juts one add and it is commercial and you are responsible for that add, you showed it, you profited by it and you are not entitled to hide from the consequences of it and, that includes emails from that domain that contain an add in any way shape or form. You want net privacy, easy, don't get a domain name.

      --
      Chaos - everything, everywhere, everywhen
    13. Re:Right balance? What .uk has by Rieke · · Score: 1

      How will check out if a domain is used commercial or not by this much registered domain names wich are registered in different countrys ?

    14. Re:Right balance? What .uk has by IBBoard · · Score: 1

      I don't know how they check, but that's what they do for UK (and apparently Canadian) domains. Yes, some companies might lie and say they're "non-trading individuals", but if you make the penalty sufficiently severe (like seizing the domain) then companies won't risk it and anyone who finds a mis-labeled domain (a trading domain marked as non-trading) can complain about it. At the end of the day, if you make it easy for people to say "this domain claims to be non-trading but isn't" then domains that are mislabeled but that people don't care about won't cause any additional work load.

    15. Re:Right balance? What .uk has by Nuskrad · · Score: 2, Informative

      Well every registered company in the UK needs to have a publicly available trading address anyway, which can be found on the Companies House database... though I believe this can be a PO Box to give some anonymity.

    16. Re:Right balance? What .uk has by grimw · · Score: 1

      What if I'm a trading individual? I'm not giving my details to anyone but the person I'm doing business with. Get over it.

    17. Re:Right balance? What .uk has by sjames · · Score: 1

      Phone info should NOT be required, email is OK. I do NOT want a phone call from even a tiny fraction of the loonies to be found in a population of 6 billion people.

      I can see requiring it for businesses though.

    18. Re:Right balance? What .uk has by IBBoard · · Score: 1

      If you're a trading individual then you're a company and you have to give out certain details anyway. Contact details are important to know who you're dealing with and where they are (or at least where they claim to be, which can then be checked up on as to whether it exists etc), plus a trading individual can buy a £60 PO Box if they're trading from home.

      If you're an individual then the content you're putting up on your site can have zero relevance to where you live. All adding your address and phone number does is ties your physical and less changeable contact/location details to the content you publish, making it very easy for millions to billions of people to get hold of them and know what they're associated with. Yes, they could look you up in the phone book but a) you can go ex-directory in the UK and b) they just know that they've got a name and a phone number, nothing more in terms of interests/opinions/affiliations/etc. Buying a PO Box for a personal site is overkill (£60 was about equal to my hosting fees for the year before I moved to a VPS).

    19. Re:Right balance? What .uk has by Omnifarious · · Score: 1

      I sort of like this balance as well. An awful lot of useful data about who's funding which astroturfing effort has come from looking at DNS records.

      --
      Need a Python, C++, Unix, Linux develop
    20. Re:Right balance? What .uk has by Anonymous Coward · · Score: 0

      In my opinion better balance would be based on if the individual is a person or a company.

      No go in the US where "the corporate person" has acquired more rights, including to secrecy, than a real person.

      Thomas Jefferson was absolutely correct when he warned against the immense power corporations would accumulate.

    21. Re:Right balance? What .uk has by Anonymous Coward · · Score: 0

      Whether it breaks your privacy depends what you're doing with the site. I have a friend who has a fetish modelling site, she doesn't want to be traceable from it.

      How does she differentiate herself in this regard from IBM or your local purveyor of massive spam or child porn?

    22. Re:Right balance? What .uk has by noundi · · Score: 1

      The right balance is what .uk domains have - free information hiding for non-trading individuals, but information displayed for companies. They still have your information, but you don't have to show it to the world and you don't have to pay someone to hide it. As long as "squatting on a domain and pumping it full of ads" is considered "trading" then it's the perfect balance.

      I slightly disagree. The right balance is complete anonimity unless one is suspected of having committed a crime, at which point only a court may order the service provider to expose your information. The same way all online crime vs. anonimity should be treated, from copyright violation to bank fraud.

      --
      I am the lawn!
    23. Re:Right balance? What .uk has by IBBoard · · Score: 1

      Why should companies be allowed to trade anonymously online? You can't trade anonymously in a street, and having registered addresses gives a known location for the company. I'm always suspicious of companies who anonymise their domain registration - if they're happy to take my money, why aren't they happy for me to know that they're legitimate and not just a front?

  2. In the event... by Anonymous Coward · · Score: 2, Insightful

    where someone's personal information needs to be found out, can't it be found out via a court order if a crime is suspected?

    1. Re:In the event... by sopssa · · Score: 2, Insightful

      where someone's personal information needs to be found out, can't it be found out via a court order if a crime is suspected?

      Yes and the privacy services almost always state this in terms of service too, as well as removing the service in case of spamming and so on.

      Spammers and others just use fakes names anyway, so privacy registration doesn't change anything regarding that, but providers better privacy for real people.

    2. Re:In the event... by pilsner.urquell · · Score: 1

      where someone's personal information needs to be found out, can't it be found out via a court order if a crime is suspected?

      That is what my provider does. It is in the user agreement that if a court order is presented to them they honor it.

      I often interact with unsavory persons to the point of having to carry a weapon, legally of course. I really don't need to sleep with one eye open, too. If law enforcement needs to get a hold of me they have the option to do so.

    3. Re:In the event... by Antony-Kyre · · Score: 1

      Assume it is a given spammers use fake names and addresses. Then, what if we require private registration services to verify names and addresses?

      An address can be verified by sending a postcard through the mail. As for verifying one's name, perhaps the driver's license ID number or something? (Or state ID number, if one lacks a license.)

      Since a state ID number can be verified online in some states, it would tie someone to the domain, even if it's identify theft. (Let's hope that's not the case.)

    4. Re:In the event... by supernova_hq · · Score: 2, Insightful

      Assuming everyone who registers a domain lives in the US....

    5. Re:In the event... by sopssa · · Score: 1

      I'm not sure how the license ID number system works, but since I'm not in the USA it means I would have to scan my passport and send it to some registrar where some random guy will check it and which maybe leads to identify theft too. I'm not comfortable with that, and besides that it's just stupid to send a scan of your passport over email or internet. How long would it take that someone would start doing identify theft with such system?

    6. Re:In the event... by Antony-Kyre · · Score: 1

      I didn't think about the identify theft issue. I was thinking that if someone stole someone else's ID card, they could commit identify theft using their ID number, in terms of using someone else's name in the private registration part.

      But yeah, good point. What if the private registration company commits identify theft against the individual? I don't know.

  3. I just want my e-mail protected by Blejdfist · · Score: 5, Insightful

    I have registered a few domains by proxy, but the only reason is to have my e-mail address hidden so those pesky spammers won't scrape it of the whois entry.

    1. Re:I just want my e-mail protected by Anonymous Coward · · Score: 2, Interesting

      I'm the same way. The address that I used for my domains got so passed around from spammer database to spammer database, that I ended up just having the forward of the account go to /dev/null. So, the few domains I have are done by proxy, and the E-mail that is the contact does not get 5000 emails for your usual crap a day, not to mentional the occassional threat by a spammer to use usernames as From: addresses if I don't pay some guy with e-gold within 3 days.

    2. Re:I just want my e-mail protected by smoker2 · · Score: 1

      I hold a .sh domain and whois just says the domain is not available. You have to go to the registrars site and search from there, where it gives my personal details EXCEPTING my email address and phone number. So scraping is not possible, unless they want to snail mail spam me, which apparently is far too much work as I have never had postal spam resulting from it. I also hold some .com domains, and although my email and phone are listed directly, my email is @gmail.com so spam is dealt with at that end.

    3. Re:I just want my e-mail protected by Anonymous Coward · · Score: 0

      Seriously...

      When I read the article summary "Spammers and other miscreants abuse the ability to register domains by proxy, in order to avoid being found; but ordinary users have a legitimate interest in keeping their personal information out of the hands of those same bad actors. What's the right balance?" I couldn't help but to think spammers and other miscreants probably don't give two shits about these privacy proxies. Well, at least not for their own domains - it could be annoying in their efforts to collect every email address on the planet.

      The spammers and miscreants have made up bogus info to protect themselves since forever ago, long before proxy privacy existed.

    4. Re:I just want my e-mail protected by vlm · · Score: 2, Informative

      So scraping is not possible, unless they want to snail mail spam me, which apparently is far too much work as I have never had postal spam resulting from it.

      Lucky you... Until I renewed for like 10 years, and was annually renewing, for a few months around renewal time I got postal junk mail try superficially to "renew" but it was actually a transfer request.

      Specifically I got endless junk from DROA

      http://en.wikipedia.org/wiki/Domain_Registry_of_America

      "In 2003, the Federal Trade Commission reached a settlement with the company for practices such as transferring domain registrations to their service under the guise of domain renewal, a practice known as domain slamming, and having hidden fees. Despite this action, the company still sends mass direct mail to consumers resembling invoices with "domain name expiration notice" in bold print."

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    5. Re:I just want my e-mail protected by nedwidek · · Score: 1

      DRoA is still scum. Still in business. And still sending those damned letters. Their address is a UPS store PO Box.

      Yes, one of my domains is up for renewal in a few months.

      --
      Post anonymously - For when your opinion embarrasses even you!
  4. Don't hide. by Z00L00K · · Score: 0, Troll

    If you want a domain, you will have to stand that you are public.

    If you want to hide your personal information start a company and register the domain on the company.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Don't hide. by Anonymous Coward · · Score: 2, Interesting

      Network Solutions is now pushing its customers to make their info private when they renew.
      My boss recently renewed our domain and happily told me about how they made his info private for only a few dollars more.
      He was under the impression that this would keep away hackers and spam... when i told him what he really paid for he was pretty annoyed.

    2. Re:Don't hide. by Lincolnshire+Poacher · · Score: 3, Insightful

      > If you want a domain, you will have to stand that you are public.

      Says the poster whose profile reads:


      (email not shown publicly)

      My registrar proxies my personal information and forwards any legitimate queries. Every year I am required to re-validate my information. This ensures that I can be contacted regarding the domain and can respond appropriately. Why then does any third party require my street address and phone number?

    3. Re:Don't hide. by Anonymous Coward · · Score: 5, Insightful

      If you want a domain, you will have to stand that you are public.

      If you want to hide your personal information start a company and register the domain on the company.

      Why? I own a small site with a non-existant readership. I do little doodles and post them there ("webcomic" would be insulting to the people that actually write comics). It doesn't sell anything, is totally divorced from the real universe in both setting and characters, and exists purely for fun. If you want to get in touch there is an email address in the About page, or the WHOIS data will tell you who the web host is, and they'll pass it on to me. Adding personal info that the WHOIS requests like name, address and telephone number would add absolutely nothing to the website, and would just splash my personal data all over the web regardless of the fact that people can contact me without it anyway. If there was ever a legal situation where I refused to reveal my identity then the hosting company has all of that.

      To me, your suggestion is like saying *anyone* posting *anything* on the web should stand up publicly and reveal personal info. It's pointless, and just exposes personal data apparently for the hell of it. Would you fancy adding your name, address and telephone number to your Slashdot account?

    4. Re:Don't hide. by Anonymous Coward · · Score: 2, Interesting

      If you want a domain, you will have to stand that you are public.

      If you want to hide your personal information start a company and register the domain on the company.

      I let my "privacy shield" accidentally lapse on my domain. Keep in mind the type of information that is listed on a WHOIS LOOKUP. Let me post and censor mine

      [Querying whois.internic.net]
      [Redirected to whois.srsplus.com]
      [Querying whois.srsplus.com]
      [whois.srsplus.com]
      thedomainthatiamcurrentlyusing.com

      Registrant:
                      MyFirstName MyLastName (myprivategmailaddress@gmail.com)
                      1234 MyHomeAddress, Apartment X
                      Raleigh, NC 27607
                      US
                      N/A

      Domain Name: thedomainthatiamcurrentlyusing.com

      Administrative, Technical, Billing Contact:
                      MyFirstName MyLastName (myprivategmailaddress@gmail.com)
                      1234 MyHomeAddress, Apartment X
                      Raleigh, NC 27607
                      US
                      N/A

      My usage: I use my domain name for no-ip dyndns service. When registering a domain, you have to provide a valid address. I get snail-mail from people using my whois information (the last one was from some other company trying to get me to transfer my domain to them).

      There are plenty of uses for a domain that are not commercial. "go start a company" is not a logical solution to the problem.

    5. Re:Don't hide. by dbIII · · Score: 4, Funny

      I think "Heroes" pointed this situation out quite well when Hiro and Anjo turned up on online stripper Nikki's doorstep after reading the whois information for her domain. You don't always want people to be able to find your physical address.

    6. Re:Don't hide. by digitalchinky · · Score: 1

      How quaint, having to pay more to show less.

      I guess it's the same as an ISP charging more money to remove the port blocks from SMTP and HTTP.

    7. Re:Don't hide. by IgnitusBoyone · · Score: 1

      I find it odd that my physical address in this country gives no other information except that a mail box is on the street, but the moment I get a Virtual Proxy to map back to the location and actual route-able address privacy goes out the window.
      Between your ISP or your remote host. Someone knows where your DNS (which is by all definition a proxy as well) leads to and who owns the account connected to it. Someone has to pay monthly for the bandwidth. The public has no right to know who owns any website IMO unless a crime has been committed and then it should be a simple number of steps to find the information given the right warrants/subpoena.
      Truth is for most legitimate business want you to contact them. So if there domain is registered through some proxy for what ever admin reasons they still have a contact us page on there website. Examples of spammers and phishers are just silly. Stopping them is more then just asking them to please provide real information before committing your illegal act.

      --
      Momento Mori
    8. Re:Don't hide. by Anonymous Coward · · Score: 0

      You were modded Funny, but it's true. My wife was a dancer a few years back and she used a website to keep in touch with her regulars. We set up her domain as private because we didn't want some freak from the club showing up at our front door with a box of chocolates and a marriage proposal.

    9. Re:Don't hide. by trogdor8667 · · Score: 1

      That's pretty much it. I've made the mistake of having my address display at times before. The junk email was one thing, but the junk snail mail was annoying as anything.

      Since you can't really use the privacy services with the .us domains (and others, I can never remember which ones spefically), I've been tempted a few times to rent out a PO Box to filter out the crap.

    10. Re:Don't hide. by innocent_white_lamb · · Score: 1

      How quaint, having to pay more to show less.
       
              Telephone companies have been doing that for years -- it's not new. You pay $2/month for an unlisted or unpublished phone number around here.

      --
      If you're a zombie and you know it, bite your friend!
    11. Re:Don't hide. by kiore · · Score: 1

      I think this is all overblown and unnecessary paranoia.

      I've got a lot of domains registered and don't get much more spam on the email addresses I use for registration than I do on my personal email address (Which has never been publicly used on a web-site or for domain registrations)

      My partner is a cuddly lady who does fatagrams (partial nudity at stag and birthday parties) and we have the domain name fatagrams.com registered. We've never had any problems related to the domain name.

    12. Re:Don't hide. by Anonymous Coward · · Score: 0

      *FIXED*

      Network Solutions is now pushing its customers to make their info private when they renew.
      My boss recently renewed our domain and happily told me about how they made his info private for only a few dollars more.
      He was under the impression that this would keep away hookers and pRon... when i told him what he really paid for (hookers and pRon for Network Solutions) he was pretty annoyed!

  5. it's all abuseable... by 3seas · · Score: 1

    no matter how you look at it, either way is abusable.

  6. 100% anonymous! by iYk6 · · Score: 2, Funny

    Nobody yet has mentioned the easiest, most reliable method of registering a domain name anonymously. Just enter fake information in the database. As long as it isn't obviously fake, like Fuck You at Fuck St, Fuck, 11111, it won't get deleted. And you don't have to worry about the proxy company selling it, or accidentally giving it away to hackers.

    This of course won't solve the credit card has your name problem, but you can get anonymous debit cards from most grocery stores.

    1. Re:100% anonymous! by X0563511 · · Score: 3, Funny

      Of course, the email addresses you enter MUST be valid and accessible, lest you ever want to do various things such as transferring domains.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:100% anonymous! by sumdumass · · Score: 4, Informative

      It also doesn't solve the problem that providing fake information to domain registrars is a felony in the US and probably a couple more countries. In fact, if you commit a felony that is somehow connected to a domain with fake registration information, your sentence is automatically increased by 7 years or doubled whichever is less.

      I'm not sure I would recommend doing that. And if your in a country where it isn't illegal, then make sure the registrar isn't or it could suck you into the law there. I'm not sure they would extradite you or anything, but a warrant could sneak up on you down the road when attempting to get a better job or visiting certain countries or if the cops in your own country get a boner for you and want to use it as an excuse to take you down town once a year and hold you for several days seeing if anyone wants to extradite you. I was once held for 3 days on 4 or 5 unpaid parking tickets from 10 years prior that happens 5 months after I sold the car.

    3. Re:100% anonymous! by sakdoctor · · Score: 4, Interesting

      I copied this idea from Microsoft.com and put: Administrator, Domain
      as my name for my small business site.

      Sometimes I even get physical mail with "Dear Mr Domain Administrator..."

    4. Re:100% anonymous! by Anonymous Coward · · Score: 1, Interesting

      Looking at the fine Act linked above, the felony provision seems to apply to incorrect registrant contact info for web sites that violate a copyright or trademark. Does that penalty apply to somebody hiding their true contact info for a non-infringing site? Better ask a lawyer, but I'd say "No." Domain registrant proxy services have not been lawyered out of existence, which supports my theory. (Doesn't it?)

    5. Re:100% anonymous! by smoker2 · · Score: 1

      No they don't. I can create an alias, register the domain, then when the process is done, I delete the alias. If I want to admin the domain such that the email becomes vital, I just recreate the alias temporarily. What do you mean by "transfer" ? I can make any changes I like to my DNS records without needing email (and have been doing for over 10 years).

    6. Re:100% anonymous! by Baron_Yam · · Score: 2, Interesting

      When I registered a domain for my small company, I used out-of-date address information and haven't updated it in a decade. The only accurate information is the (Hotmail) email address so I can change the DNS server addresses if necessary.

      If anything ever comes of it, I can just say, "Oh, yeah, forgot to update that..."

      There's no need for my contact information to be made mandatory by law. All countries have stupid laws on the books... this is one for the U.S.A.

    7. Re:100% anonymous! by S.O.B. · · Score: 2, Funny

      If you've been managing DNS records for over 10 years and you don't know what's meant by "transferring domains" then you really don't know what you're doing and should "transfer" your domains to someone who does.

      --
      Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
    8. Re:100% anonymous! by Fear+the+Clam · · Score: 1

      I've done this for years. I also use a separate email address for the domain registrar so I know when someone is referencing it.

      Yes, I'm a "bad person" and violating all sorts of policies, but the policies are flawed. Requiring people to have accurate information should have also includes a requirement for registrars to hide this information from the public for free. Until that change is made, I'm going to continue to violate these terms of agreement. It's like having to pay extra to have an unlisted number--I could an idiot and pay the phone company or could simply get the account in a different name.

      The funny thing is, it's not like I do anything criminal or "subversive" with my domain--in fact it's a tourism site that has won awards--but I've actually been telephoned by spammers who scraped the info from the registrar and I see no reason to continue to be a target of opportunity.

    9. Re:100% anonymous! by Anonymous Coward · · Score: 0

      So do I:

      I put "Domain Administrator" and the name of my company.

      For the email, I usually use an alias such as fea90c0ba9bb3d1701b9d52706b8e82@mydomain.com .

      For the address, I simply pick an address of an old family house in another village (and even in another state)

    10. Re:100% anonymous! by Anonymous Coward · · Score: 0

      I remember looking at the law when it was first passed, as I had entered bad information intentionally. I could not find anywhere that indicated it was a crime in itself, but that it could add to the sentence of crimes committed using the website.

      As I do not regularly commit felonies, I've never had an issue with having my information hidden. While a registrar could probably refuse renewal or shut down your domain, I have never seen anywhere that you could be charged for having inaccurate information filled in, alone. In fact, I am pretty sure people would be up in arms if the government wasted tax dollars by prosecuting people for this anyway...

    11. Re:100% anonymous! by X0563511 · · Score: 1

      When you move a domain from one registrar to another (for any reason) the process involves sending an authorization key to the admin contact email, and along the way approve/deny and other such materials are sent as well.

      This is a mandatory process that ICANN has instituted.

      That you've never done this means you've never had problems with your current registrar, and have never aquired a domain that was already under a particular registrar.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    12. Re:100% anonymous! by Anonymous Coward · · Score: 0

      I looked at the law a little more thoroughly. It appears that your right except that the fake information is enough to cause a felony in itself if tradmark or copyright law had been violated.

      Outside of that, any connections to any other felony offense would result in a maximum sentence doubling or additional 7 years whichever is less. So yea, your right, it isn't a felony in itself unless another element could be associated with it.

    13. Re:100% anonymous! by sumdumass · · Score: 3, Informative

      It seems your right. Further examination of the law indicates that the false information is illegal on it's own only when tied to trademark and copyright violations.

      However, the sentencing enhancements (see section g) seem to apply to any felony committed that can be tied to false domain information. I'm assuming this could be tied to failures to report taxable income that becomes a felony (under reporting sales from the site), to committing felony fraud or anything else that the domain could be linked to.

      The domain proxy services wouldn't necessarily cause a violation of this law. That's because you are contracting the proxy service to purchase-register the domain on your behalf in which they promise to allow you the control and ownership rights to. The information wouldn't be false, it would just be complicated or obscured but still accurate and readily availible.

    14. Re:100% anonymous! by Anonymous Coward · · Score: 0

      Sometimes I even get physical mail with "Dear Mr Domain Administrator..."

      The best I ever heard was a San Francisco non-profit which got mail addressed to "Prevention, Mr. S. F. Suicide".

  7. Wow, what a difference already. by Anonymous Coward · · Score: 0

    Only, what is it, a day? (sorry i aren't brain today)

    I just hope they don't end up suggesting stopping this.
    Allow people to register privately as an individual and that'll solve the problems mostly.

    Eh, who am i kidding, this won't change anything.
    And privacy services like Freenet and the like will only gain from this, which is a very good and very bad thing, depending on who you are.

  8. Genius! by Anonymous Coward · · Score: 0

    The primary purpose of

    ICANN's study of the prevalence of proxy services

    was to

    establish baseline information to inform the ICANN community on how common privacy and proxy services are.

    WOW! How informative!

  9. Maybe its un-intetnional. by wjh31 · · Score: 3, Interesting

    I purchased the domain for my site through my web host, as a result if you look up the domain on whois all you get are the details for the host rather than me.C ould it be that the number is so high because of the average joe registering through a site that puts its own details forward to the likes of whois, rather than because the majority of people are intentionally trying to hide their details. Hanlon's Razor. Or have i just completely mis-understood this.

    1. Re:Maybe its un-intetnional. by Anonymous Coward · · Score: 0

      Try taking that domain to a different web host. You can't. It doesn't show your info because you don't own it. Your web host does.

    2. Re:Maybe its un-intetnional. by herojig · · Score: 2, Informative

      Most ISPs in India/Nepal operate like this as well. It's not true you can't change domains or that you don't own the domain, it just means that you have to go through your provider to make any changes. Not a big deal, just an email.

      --
      I think therefore I can't be ~TTNH
    3. Re:Maybe its un-intetnional. by sopssa · · Score: 2, Interesting

      Until the domain gets popular enough and there comes a disbute between you and the host.. Domain ownership is solely based on that information.

    4. Re:Maybe its un-intetnional. by sjames · · Score: 2, Interesting

      That depends on the quality of the ISP. Some will just do the transfer. Others will auto-renew you at an outrageously high annual rate, then refuse to transfer the domain until you pay the balance. That is, they will hold the domain hostage.

      The cheaper the hosting, the more likely they will hold your domain hostage if you try to leave.

    5. Re:Maybe its un-intetnional. by herojig · · Score: 1

      HA! I guess there are crooks and shadies everywhere. At least here, most folks are honest and would not think to hold you hostage...and they will also not give out your personal information without your consent. Here, everything is done on a personal level, from buying bananas to getting your website hosted. I think that makes a difference in QOS.

      --
      I think therefore I can't be ~TTNH
    6. Re:Maybe its un-intetnional. by AG+the+other · · Score: 2, Interesting

      I work, occasionally, for a small ISP and we have quite a few people who's domains we "own". We charge them about $10 a year extra to handle registration tasks and such.
      Lots of people figure that $10 is a bargain.
      If and when they want to change hosts we transfer them to the new host in whatever manner the customer desires. It's called customer service. If you as a company rip someone's domain off they'll tell 30 or 40 people a year about their bad experience.
      If you as a company provide someone good service they will mention that good service and sometimes even come back to you, which some of them have.

      --
      Non bene pro toto libertas venditur auro
    7. Re:Maybe its un-intetnional. by sjames · · Score: 1

      HA! I guess there are crooks and shadies everywhere. At least here, most folks are honest and would not think to hold you hostage...and they will also not give out your personal information without your consent. Here, everything is done on a personal level, from buying bananas to getting your website hosted. I think that makes a difference in QOS.

      Agreed. Unfortunately, here in the U.S. it's hard to even implement that business model (I've tried). All you ever hear is how someone somewhere else is offering the "same thing" for a dollar less (with absolutely no support and every dirty trick in the book to nickle and dime you to death after the fact).

    8. Re:Maybe its un-intetnional. by herojig · · Score: 1

      It's a societal thing this commerce stuff. I believe the story of how sane a society is told every time something is bought, sold, or traded. In Nepal we work with fractional margins yet still have a cup of tea and a chat over any deal.My only guess is that it's a matter of respect and child-rearing.

      --
      I think therefore I can't be ~TTNH
    9. Re:Maybe its un-intetnional. by sjames · · Score: 1

      There is probably something to that. A part of the issue is a race to the bottom. Given enough people who are willing to stoop lower and customers who are willing to do business with them, those with a stronger moral/ethical code (more respectful and respectable business people) are forced from the market entirely. The problem is made worse when truth in advertising laws are largely ignored so that the less ethical player can get away with deceiving customers into doing business with them rather than with more honest players.

  10. Reputation by Anonymous Coward · · Score: 1, Interesting

    If you claim to be a reputable business as a payment facilitator on the Internet, don't hide behind a proxy service for your domain name.
    A few days ago, I was looking at epassporte.com for a virtual credit card. I ignored them when a lookup on their domain showed they are hiding behing Moniker Privacy Servies.

    1. Re:Reputation by Anonymous Coward · · Score: 0

      So what you're saying is, their plan to protect themselves from loonies succeeded?

  11. namecheap by JimboFBX · · Score: 3, Interesting

    My only experience with domain registration is with namecheap (and I highly recommend them). It (for free) has a tool called whoisguard which puts all your personal information as a random string of numbers and letters @whoisguard.com (it also has a free dynamic DNS client so people with non-fixed IPs can update as needed). The e-mail itself still forwards to your real e-mail address, but that random string can get updated weekly to prevent it being sold. Simple to say, I never got a single bit of spam.

    Funny thing is, I called up namecheap to verify they were legitimate before registering with them and their answering machine gave me the impression that it was a one-man operation. I'm curious if they really are.

    In contrast, I used to intern for a business that did register with their real contact information. Besides getting fax spam and e-mail spam, we also got a scammer who used Sprint TTY to try to get us to order 6 laptops through Dell and mail them to New Jersey.

    1. Re:namecheap by Anonymous Coward · · Score: 0

      I am also their happy customer, but I hope I am not the only one who needs to pay for whoisguard service after the first free year has passed...

      Earlier I was with another company that certainly was a one-man, "just-for-the-money", clueless organization: he basically screwed up the simple process of managing domains almost in every possible way. Took me months and many discussions with ICANN to even succeed in transferring my domains away from there. With namecheap, everything has worked fine. Thumbs up, one-man or not...

  12. The purpose for whois contact info has changed by Anonymous Coward · · Score: 5, Interesting

    Way back when technical contacts used to use whois data to call each other when there was a problem. Domain contacts were people that actually knew something about networking or system administration. Today this use is pointless. The typical domain owner doesn't manage there network or the systems hosting their web pages. What it mutated into was ICANN helping trademark owners or MAFIAA organizations being able to more easily sue people.
    Note that some of the CCTLD owners haven't been strong armed into signing away their authority to ICANN yet and keep contact info out of whois. For example tonic.

  13. use gmail? by jkajala · · Score: 1

    I've had about 20-30 domains registered over several years, and I've never used private domain reg, and still it's very rare that spam gets through in my inbox in Gmail, which I have used several years as well. Maybe I'm just lucky or the gmail spam filtering works very well.

  14. Why did they even bother? by damn_registrars · · Score: 2, Interesting

    ICANN is about to start selling gTLDs. With the gTLDs go all the TOS and AUP authority that ICANN at one point pretended to enforce on .com, .net, and .org (last I heard those three are not yet for sale). Just wait and see how much more spam you'll get when they sell .drug, .pill, .viagra, etc...

    So what they think they are accomplishing by studying obfuscated domain registration data now, I would like to know. Because soon the vast majority of all WHOIS data in the world won't be worth crap or even have consistent or meaningful requirements.

    Part of me wonders if this "study" is just a preliminary step towards them eventually selling all the rights to .com, .net, and .org so they can pull a huge one-year profit, and subsequently tell those of us who ask them to do their jobs (in registrar accreditation) to STFU.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  15. There is too much data in the whois information by medoc · · Score: 1

    With all the nut jobs out there, who wants to have their private street address listed in a public database ?

  16. The right balance is no privacy. by maillemaker · · Score: 1, Interesting

    I already have no privacy on the web. If my government decides they want to eavesdrop on my communications through my ISP, they already do it without a warrant.

    If I have no privacy, nobody should have any.

    I say everyone who hangs a shingle (domain) on the web site should be accountable for it and their names a matter of public record.

    --
    A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
    1. Re:The right balance is no privacy. by Anonymous Coward · · Score: 0

      If you want privacy, why are you broadcasting your business for all to hear? https, ssl, ssh tunnels are there for a reason, you know.

  17. There are other options. by www.sorehands.com · · Score: 2, Informative

    I use my attorney's office for my information. You can always use a P.O. Box, or a mail service center.

    --
    Fight Spammers!
  18. Anonymity. by Anonymous Coward · · Score: 0

    I hold strong views against powerful/assholy people and institutions.

    I have had to endure being "harased" by a criminal (also here) who was able to involve a corrupt police force against me (thankfully, they are grossly incompetent and clueless about the intartubes and I could see them coming for weeks in advance; it took them four months to know who I was online - they did not pursue because I was well beyond their jurisdiction; although they tried).

    I want to post my stuff without every Dick, Tom and Harry able to easily find out who I am.

  19. It's not about balance by rs79 · · Score: 1

    First of all any dedicated spammer or other miscreant can fake contact data with some that is valid but not theirs. Second, you go after the IP not the friggin domain. That's just a label, not the source of the damage.

    This is nothing more than a blatant attempts by the Intellectual Property lobby that has co-opted ICANN (Ironic, but an organization that was tasked with making new TLDs hasn't done so in a decade and as of right now, new TLDs are two years away from whenever you ask, just as they have been since 1996, which is exactly what the TM lobby wants) to be able to serve anybody with a summons for IP infirngement. It has nothing to do with any operational issues in the DNS. No really, I checked.

    Never mind that even some of the women lawyers involved in the creation of ICANN have been stalked from their whois data (Mikki Barry for example).

    If you need clear proof ICANN is just a nexus for the same types that do such good work in the RIAA and MPAA, check this out:

    http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.org/2009q4/005957.html
    http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.org/2009q4/005960.html
    http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.org/2009q4/005961.html

    ICANN is only "open and transparent" when you read between the lines.

    --
    Need Mercedes parts ?
  20. Reasons not to use WHOIS "privacy" services by Animats · · Score: 2, Informative

    Reality check:

    • In the European Union and in California, anonymous businesses are illegal.
    • The listed registrant owns the domain. If you're using a "privacy service", you don't own the domain; you're just leasing it from the privacy service. Customers of RegisterFly, the domain registrar that collapsed, found this out the hard way. Many customers lost domains in that collapse.
    • Google considers "private registration" as a factor in determining whether a site meets their "quality guidelines". Google can't be as tough on this as they should be, though, because Google's revenue model, AdWords, requires a large number of ad-heavy sites. Bing could be tougher; it's too soon to tell.

    We take an even harder line on anonymous businesses at SiteTruth, considering them "bottom feeders".

    Realistically, putting your real name and address in WHOIS info doesn't hurt you unless you're a crook. My real name and address are on all my domains, and I get maybe one phone call every two years, perhaps a letter or two a year, that seem to come from WHOIS data. I had one threat, back in the 1990s; he's out of business and I'm still here. Any e-mail spam is being filtered out by the usual filters. If you're paranoid, get a P.O. box; that's legal.

    1. Re:Reasons not to use WHOIS "privacy" services by JimboFBX · · Score: 2, Insightful

      A domain registrar has no excuse for failing. All of their transactions are virtual, require no man power, and always bring in profit. Their overhead is renting out the cheapest building in town (or paying the mortgage on the home they live in) and paying a modest ISP fee that can easily be scaled with the amount of business they get.

    2. Re:Reasons not to use WHOIS "privacy" services by gmhowell · · Score: 1

      Realistically, putting your real name and address in WHOIS info doesn't hurt you unless you're a crook.

      "You have nothing to fear if you aren't breaking the law" is a pantload. The problem is that the legality of many actions is dubious. Certainly every company has laws on the books that reflects no moral or legal rational and should be struck down.

      I'd like to risk a flamebait mod, but since I don't know if you are referring solely to businesses, or also including individuals as well, I'll let it go.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
  21. If you run a games site,.... by Anonymous Coward · · Score: 0

    ... you dont want kids calling you up or knocking on the door asking for free credits and stuff... Yes, it happens.

  22. Proxy for privacy by bl968 · · Score: 2, Interesting

    As a network administrator I feel that proxy services should be prohibited.

    If my customers are having a problem reaching your web site, then I use whois to find the person to contact to resolve the issue. This is necessary more often than you might thing due to routing issues. I can call my upstream ISP if the problem is on their end, but if not you may need to contact your ISP so that the problem can be worked on from both ends.

    Any domain not listing the actual contact information for the individuals responsible for the domain should be dropped from the db. There are other ways to handle contacts which would not require emails to be displayed. It's that simple. Whois information identifies the mailing address for the registered owner of the domain, and the full contact information for the technical and administrative contacts. For most cases that should be the domain administrators at your hosting company. If you opt to place your own information in those fields, then your information should be made available.

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
    1. Re:Proxy for privacy by bl968 · · Score: 0, Offtopic

      thing = think

      --
      "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
    2. Re:Proxy for privacy by Anonymous Coward · · Score: 0
      You may feel this information is "necessary more often than you might thing due to routing issues"
      but what makes you think you have any sort of right to ask for this information?

      Just because sometimes maybe you might need it? Don't make me laugh.

      If the information isn't there (and correct), then don't connect stuff that depends on it.
      If it is, then write the info down somewhere in case it changes later.

      I never recommend a product or service (or buy one for myself) without doing some sort of due diligence.
      If it's free - well - you take your chances. You certainly get what you paid for.

      Do your due diligence beforehand, not after it's too late.

      You'll get along much better in the World Wide Web if you treat it as the Wild Wild West rather than as a Daycare Center.

      --

      Oh and the Wild Wild West was also the time of nation building. I don't think you can build much from within a Daycare.

      Freedom and opportunity tend to go hand in hand - for good or ill.

  23. One rule for everyone - NO private info. by tomhudson · · Score: 2, Insightful

    Spammers hide their info. If you're running a legit domain, post your owner and admin contact info. It's part and parcel of running a domain, same as a license plate is part and parcel of driving a car, or your name, signature, bank address, and account number on any checks you write.

    This isn't a "why keep the info private if you have nothing to hide" issue - it's about transparency and holding people accountable - and not just spammers. The requirement for valid info would go a good ways towards reducing the amount of spam, which benefits everyone.

    Putting in valid contact info also means that a proxy can't hold your domain hostage if you want to transfer it. If it's worth nothing, there's no harm in putting in correct info, and if it's worth something, there's risk in putting in bogus info. Either way, it's one more party to go through, one more link in the chain that can screw up. Not worth the hassle to make your contact info private.

  24. More importantly ! by unity100 · · Score: 2, Interesting

    a lot of people use those proxy services in order to shield their personal data from their repressive governments in other countries. a proxy in u.s. will not give out data to random repressive country # 2318765, when they ask for the details of the dissenter that is running a blog. its very important for people who live in less civilized countries, for making a stand and changing things.

    --
    Read radical news here