Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Studies Secretive Domain Owners

Posted by kdawson on from the all-swords-are-double-edged dept.

alphadogg quotes from a Network World piece reporting on ICANN's study of the prevalence of proxy services that shield registrants' personal information from WHOIS queries. "Approximately 15% to 25% of domain names have been registered in a manner that limits the amount of personal information available to the public... according to the preliminary results of a report from ICANN... Domain owners who want to limit the amount of personal information available to the public generally use a privacy [proxy] service. ... [Proxy services] register domain names on behalf of registrants. The main objective of ICANN's study — which was based on a random sample of 2,400 domain names registered under .com, .net, .org, .biz, and .info — is to establish baseline information to inform the ICANN community on how common privacy and proxy services are." Spammers and other miscreants abuse the ability to register domains by proxy, in order to avoid being found; but ordinary users have a legitimate interest in keeping their personal information out of the hands of those same bad actors. What's the right balance?

18 of 101 comments (clear)

  1. Right balance? What .uk has by IBBoard · · Score: 3, Informative

    The right balance is what .uk domains have - free information hiding for non-trading individuals, but information displayed for companies. They still have your information, but you don't have to show it to the world and you don't have to pay someone to hide it. As long as "squatting on a domain and pumping it full of ads" is considered "trading" then it's the perfect balance.

    1. Re:Right balance? What .uk has by sopssa · · Score: 3, Insightful

      In my opinion better balance would be based on if the individual is a person or a company. I do not want my personal information like name, address, phone number and so on all over the internet. Even if the site contains ads on it.

      On the other hand having your company info available in whois is quite an non-matter, theres public records available already and it doesn't break any individuals privacy.

    2. Re:Right balance? What .uk has by sumdumass · · Score: 3, Insightful

      A lot of company domain names are registered to individuals inside the company for some reason. I've had to deal with that many times over the years when a former IT person is listed as the owner and is the only one capable of making changes to it. Anyways, I don't think there is anything that could stop that from happening on purpose. A reason you might want to do it on purpose might be in order to get around the public knowing your associated with several different sights praising your products or pretending to sell them because they're the best.

      I got a domain once for the purpose of protesting some things on a local level. The more popular the site became, the more annoying it was. I used fake information (this was before it became against the law to do so) but kept the admin Email and contact phone number to a legitimate line. I got threats and all kinds of crap including the phone ringing at 2 am because someone wanted to disagree with something. I ended up paying a company to list themselves as the owner. It's what stopped the calls and crap. I've since given the site away to some like minded people who use it to this day.

      I can see why someone would want their info hidden.

    3. Re:Right balance? What .uk has by jonbryce · · Score: 3, Informative

      If you are trading on the internet, the EU's E-Commerce directive requires you to publish your contact details on your website.

    4. Re:Right balance? What .uk has by frisket · · Score: 3, Insightful

      I disagree. Leaving aside the squatters and ad-pumpers (I wish we could :-) the "ordinary user" should not be able to hide their identity. Hiding physical address details is an unfortunate but acceptable security restriction today; but hiding email, phone, and other contact data is just wrong. It's abused by thousands of companies to prevent people contacting them when their poxy products fail, or to hide their true ownership and identity. Registering a personal domain is one thing; registering a domain as a business should bring with it the responsibility to publish valid contact information and keep it up to date. It should be illegal for registrars to hide the identity of their business registrants.

    5. Re:Right balance? What .uk has by xaxa · · Score: 3, Informative

      That's almost exactly what UK domains have:

      $ whois [whatever].__.uk

              Domain name:
                      [whatever].__.uk

              Registrant:
                      Joe Bloggs

              Registrant type:
                      UK Individual

              Registrant's address:
                      The registrant is a non-trading individual who has opted to have their
                      address omitted from the WHOIS service.

      There's a box to tick when you register a .uk asking if you'd like your address hidden. You can't hide your name, but you could put "J Bloggs" and become a little more anonymous.

      Whether it breaks your privacy depends what you're doing with the site. I have a friend who has a fetish modelling site, she doesn't want to be traceable from it.

    6. Re:Right balance? What .uk has by Borov · · Score: 3, Informative

      Yup: "Article 5 General information to be provided 1. In addition to other information requirements established by Community law, Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: [...]" Check out the EU Directive

      --
      http://www.bordev.pl
  2. I just want my e-mail protected by Blejdfist · · Score: 5, Insightful

    I have registered a few domains by proxy, but the only reason is to have my e-mail address hidden so those pesky spammers won't scrape it of the whois entry.

  3. Re:Don't hide. by Lincolnshire+Poacher · · Score: 3, Insightful

    > If you want a domain, you will have to stand that you are public.

    Says the poster whose profile reads:


    (email not shown publicly)

    My registrar proxies my personal information and forwards any legitimate queries. Every year I am required to re-validate my information. This ensures that I can be contacted regarding the domain and can respond appropriately. Why then does any third party require my street address and phone number?

  4. Re:100% anonymous! by X0563511 · · Score: 3, Funny

    Of course, the email addresses you enter MUST be valid and accessible, lest you ever want to do various things such as transferring domains.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  5. Re:Don't hide. by Anonymous Coward · · Score: 5, Insightful

    If you want a domain, you will have to stand that you are public.

    If you want to hide your personal information start a company and register the domain on the company.

    Why? I own a small site with a non-existant readership. I do little doodles and post them there ("webcomic" would be insulting to the people that actually write comics). It doesn't sell anything, is totally divorced from the real universe in both setting and characters, and exists purely for fun. If you want to get in touch there is an email address in the About page, or the WHOIS data will tell you who the web host is, and they'll pass it on to me. Adding personal info that the WHOIS requests like name, address and telephone number would add absolutely nothing to the website, and would just splash my personal data all over the web regardless of the fact that people can contact me without it anyway. If there was ever a legal situation where I refused to reveal my identity then the hosting company has all of that.

    To me, your suggestion is like saying *anyone* posting *anything* on the web should stand up publicly and reveal personal info. It's pointless, and just exposes personal data apparently for the hell of it. Would you fancy adding your name, address and telephone number to your Slashdot account?

  6. Re:100% anonymous! by sumdumass · · Score: 4, Informative

    It also doesn't solve the problem that providing fake information to domain registrars is a felony in the US and probably a couple more countries. In fact, if you commit a felony that is somehow connected to a domain with fake registration information, your sentence is automatically increased by 7 years or doubled whichever is less.

    I'm not sure I would recommend doing that. And if your in a country where it isn't illegal, then make sure the registrar isn't or it could suck you into the law there. I'm not sure they would extradite you or anything, but a warrant could sneak up on you down the road when attempting to get a better job or visiting certain countries or if the cops in your own country get a boner for you and want to use it as an excuse to take you down town once a year and hold you for several days seeing if anyone wants to extradite you. I was once held for 3 days on 4 or 5 unpaid parking tickets from 10 years prior that happens 5 months after I sold the car.

  7. Re:100% anonymous! by sakdoctor · · Score: 4, Interesting

    I copied this idea from Microsoft.com and put: Administrator, Domain
    as my name for my small business site.

    Sometimes I even get physical mail with "Dear Mr Domain Administrator..."

  8. Maybe its un-intetnional. by wjh31 · · Score: 3, Interesting

    I purchased the domain for my site through my web host, as a result if you look up the domain on whois all you get are the details for the host rather than me.C ould it be that the number is so high because of the average joe registering through a site that puts its own details forward to the likes of whois, rather than because the majority of people are intentionally trying to hide their details. Hanlon's Razor. Or have i just completely mis-understood this.

  9. Re:Don't hide. by dbIII · · Score: 4, Funny

    I think "Heroes" pointed this situation out quite well when Hiro and Anjo turned up on online stripper Nikki's doorstep after reading the whois information for her domain. You don't always want people to be able to find your physical address.

  10. namecheap by JimboFBX · · Score: 3, Interesting

    My only experience with domain registration is with namecheap (and I highly recommend them). It (for free) has a tool called whoisguard which puts all your personal information as a random string of numbers and letters @whoisguard.com (it also has a free dynamic DNS client so people with non-fixed IPs can update as needed). The e-mail itself still forwards to your real e-mail address, but that random string can get updated weekly to prevent it being sold. Simple to say, I never got a single bit of spam.

    Funny thing is, I called up namecheap to verify they were legitimate before registering with them and their answering machine gave me the impression that it was a one-man operation. I'm curious if they really are.

    In contrast, I used to intern for a business that did register with their real contact information. Besides getting fax spam and e-mail spam, we also got a scammer who used Sprint TTY to try to get us to order 6 laptops through Dell and mail them to New Jersey.

  11. The purpose for whois contact info has changed by Anonymous Coward · · Score: 5, Interesting

    Way back when technical contacts used to use whois data to call each other when there was a problem. Domain contacts were people that actually knew something about networking or system administration. Today this use is pointless. The typical domain owner doesn't manage there network or the systems hosting their web pages. What it mutated into was ICANN helping trademark owners or MAFIAA organizations being able to more easily sue people.
    Note that some of the CCTLD owners haven't been strong armed into signing away their authority to ICANN yet and keep contact info out of whois. For example tonic.

  12. Re:100% anonymous! by sumdumass · · Score: 3, Informative

    It seems your right. Further examination of the law indicates that the false information is illegal on it's own only when tied to trademark and copyright violations.

    However, the sentencing enhancements (see section g) seem to apply to any felony committed that can be tied to false domain information. I'm assuming this could be tied to failures to report taxable income that becomes a felony (under reporting sales from the site), to committing felony fraud or anything else that the domain could be linked to.

    The domain proxy services wouldn't necessarily cause a violation of this law. That's because you are contracting the proxy service to purchase-register the domain on your behalf in which they promise to allow you the control and ownership rights to. The information wouldn't be false, it would just be complicated or obscured but still accurate and readily availible.