Slashdot Mirror
ICANN Working Group Seeks To Kill WHOIS
angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."
Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?
BTW, I think the headline is a: alarmist and b: misleading. It would be better written as "ICANN Working Group seeks to replace WHOIS."
Operation Guillotine is in effect.
A corporation is a single point of failure. As ICANN repeatedly demonstrates.
"centralized data store maintained by a third party"
Also the US government would certainly love to manage such entity.
So that's a huge no.
whois icann?
Great, so we are going to privatize the WHOIS service and make it much more difficult (pay per query?) to get information out of it.
Guessing one of the usual corrupt telcos or domain name registration companies will bid to be the 'third party' and find a way to fuck this up good.
As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.
This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.
"Grab them by the pussy" -- President of the United States of America
However can we tell if someone is spoofing their WHOIS data? Quick, we have to make a completely unnecessary power grab before it's too late!
Thanks but no thanks, ICANN.
What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.
There should be a way for any person to contact any domain owner or domain-owning company. Putting a service in to vet requests will make it harder.
This is bad. And less transparent. And less distributed. And more expensive.
Seems like a solution in search of a problem.
Though it would be nice to see some of the WHOIS spam cleaned up.
Even some of Google's WHOIS information has been jihacked by pr0n advertisers.
-- I'm old enough to have lived through six different meanings of the word "hacker."
data store maintained by a third party
What domain privacy rules would be applicable?
Questions raise, answers kill. Raise questions to stay alive.
Find someone with private registration services. Record all fields. Put those fields into your website. Then some BS data request or subpoena or whatever would result in the private registration company claiming there is no associated record and some huge argument, none of which results in them getting your data. It's ridiculously insecure and a horrible idea to attach your name to a website. That's just asking for nonstop trouble, spam, scam calls, scam e-mails, domain scams, threats, etc.
'nuff said.
They just fired the guy responsible for this form and want to outsource it.
http://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm
Everything must be orderly. No rough edges or flaws. Nothing without permission. Submit to the designated authority and conform to the mandate.
Easy to explain what it is, and the same explanation also say why it is wrong. Anyway, this goes with the current agenda of taking control of internet.
This action is not with your best interests in heart. This proposal comes with the intent of ICANN maximizing their own profits. They will blow smoke about privacy and other such utter bullshit to try to get people to support this but make no mistake, this will make the internet a less pleasant experience for users and a better hiding place for spammers.
How so, you might ask? Right now the current WHOIS gives vague lipservice to requiring domain registrations (and only under a very specific list of TLDs at that) to be registered with valid information. As it is, a not-insignificant portion of all new registrations at any given time are completed with missing or completely bogus information. And yet when this happens ICANN - who is tasked with making WHOIS data legible - almost always does nothing.
Now, they are just looking to openly embrace obfuscated, missing, and utterly bogus data in WHOIS records. The only people who benefit form this are the registrars that sell domains that benefit from that kind of lax registration requirement - spammers, scammers, and the like. If you don't think this matters to you, just wait until someone you know has their identity stolen after they mistype the web page for their bank, click on a fake ebay email, or do anything of that nature. The scum that will make money off of this will get to someone close to you, and this action will make it even less likely that those types will ever see any kind of punishment for their actions.
In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Is it to milk money from me whenever I want to know who keeps trying to hack me or is it to keep me from finding out who it is because such "sensitive information" will only be available to governments and the content industry?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Currently the DNS Whois information is set by the DNS host which is NOT under US control. So a German domain company sees the logins and any identity documentation needed for the German .DE domain owner but the NSA doesn't.
The published information is often just a subset of that information and often out of date.
By 'centralizing' it, ICANN can force an identity requirement on ALL domains. e.g. require a passport or id card.
Which in turn would let them fill the new NSA Domain to Identity Card database with the worlds identity cards.
Because, you know, we've never seen people trying to wrestle control into a single entity that is free to start with, and once total and absolute control is established, begin to start charging for the service. 'Maintenance' and other profitable excuses.
a) There will be one central database, it will be in the USA.
b) Moving a database from one place to another fixes nothing. It does however change the jurisdiction of the data.
c) The database needs an authoritative copy of your WhoIs, how will they know your identity?
d) The DNS provider currently is the one who handles billing (and has thus has your identity confirmed). This new authority will need some for of identity document to confirm the same.
e) So an identity document record will be added to this database and a requirement to hold a domain.
f) Now add an NSA secret warrant and you have the ultimate goal.
1. Is WHOIS actually broken?
2. Does this proposal actually fix it?
3. Is this proposal just a way for the proposers to privatize a free and common resource so they can make money out of it?
4. Can we identify these jackasses by name and make sure they never have anything to do with ICANN again?
Where ever you have a gate, you end up with a gatekeeper and you must pay a toll to pass through. If not this year, then next.
But don't worry, it will just be a reasonable amount to cover expenses, plus a little extra if you want your information in less than a month.
They are not talking about blocking all access to the data.
They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.
They are also proposing adding additional contact fields that have been frequently requested for WHOIS data.
They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals. In particular it does not talk about refusing access, simply limiting the requests to authenticated users to prevent thinks like bulk-searches that scammers frequently use. The report recommends only limited fields require authenticated access, not those used commonly by individuals or by website administrators for abuse mitigation.
Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) that are not currently available, but will be very useful for domain abusers spanning many TLDs.
//TODO: Think of witty sig statement
None of the things you've listed require the database to be centralized in NSA land.
" The big difference is that there will be a single source; you won't need to do the two-step process currently in place. "
It's one step now, you're just using the wrong Whois tool.
"They are also proposing adding additional contact fields that have been frequently requested for WHOIS data."
By who? Not by me.
"They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals."
Wait, *more* data or *less* data? So NSA gets the data but other countries don't.
"Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) "
The only people who ever wanted that was the RIAA and MPAA, and they wanted it for copyright reasons. Search of whois data is already available on websites.
" domain abusers"
So a new crime of domain abuse ?
Like AS numbers, network blocks etc?
Oh wait, they don't make money out of that will be thrown out?
bash$
Presumably a trusted third party like the US, or even better the NSA?
Yeah, right. Like Network Solutions turned out to be a great idea or something.
time to replace icann with.... fuck, just about anything would be better... even microsoft, and that's saying a lot
Why the fuck would you centralise whois? Just put the whole internet on one place and be done with it since we're at it (oh, wait, it's happening already - facebook, googleplus!).
Not to mention much easier access for american agencies to the addresses of anyone who owns a domain. Whois information should be private by default.
STUPID idea.
The proposal is aimed at charging the domain squatters for the thousands or millions of daily hits they make, which do burden the whois system profoundly. I'm aware of entire companies that were founded to do this during the "dotcom" bubble, most of which thankfully died out during the "dotbomb" burst. But the business remains intact, and is even more populated by fraudsters than it was then. And this proposal is clearly aimed at limiting the large scale data mining to a much more select clientele.
It might help the system. The fraudulent registrations and registrars unresponsive to abuse complaints are a constant drain on network administrator resources. But there's no reason to think that this centralized data will be used to actually monitor for or prevent abuse. Like when Verisign declared "*.com" to point to automatically point to their web pages and email systems, it's likely to cause a lot of chaos and serve only a small group in a place to profit from it.
If I am reading this correctly, by giving the WHOIS functionality over to a 3rd party for database consolidation, means that in order to do queries, I'll more than likely will have to pay for access. I'm not much of a WHOIS user, except for when I get phone calls from "Microsoft Technical Support" informing me that I have viruses that their "database" is detecting. Then they want me to go to a website to download a "program" that will remove said viruses.
I've gotten their site shutdown 3 times now by doing a WHOIS and informing their webhost provider of their scam.
So.. now I'll have to pay to do this? What is this crap? /sigh.
there needs to be an alternative to the old central domain name system. ... ... 'cause on a far away alien planet they are WAY beyond internet v1
the internetz should be redundant. anything "central" and "hierarchical"
introduces a single point of failure (failure can mean many things) and is "NOT A GOOD THING(tm)".
the internetz is not dumb terminals connecting to datacenter-server-farms.
it's the users with a personal computer.
it is interesting how the fear was propagated starting with viruses, malware and firewalls to
basically render every user a dumb terminal with no services running (out of fear).
if you're using linux you got 99% the same code running as a datacenter server (hardware mostly different).
basically we need a replacement to the central, hierarchical domain name system.
if the users can agree on giving each other names, then we can continue to improve the internet instead
of using (good for a time) old paradigms.
what would become possible you ask? direct calling for example. no more having to ask a (possibly spying )central
location for the "address" of a target. call direct.
another example would be direct mail or even pull email. you send an email to friend, friend only gets a link no data,
follows link to pick-up mail from your computer (to him). etc
thanks and do think a bout it
I think this somewhat falls under "Chicken or the Egg." Surely some of the government crackdowns have come simply because of the Internet. Suddenly, in the 90's people had access to spread information across the globe with very little resistance aside from language barriers. In the 00's, while there was an explosion of cat videos and informational noise being spread, certain organizations began accumulating all the information that the human race could bring together, resulting in a form of renaissance of global informational wealth...again, despite the (almost deafening) noise of the general public. This wealth is now starting militant reshaping of the world around us as the Old World Order tries to tighten its grasp and the New World Order attempts to break free. Ideas are spreading faster than ever, and what we're seeing now is the current regimes scrambling to reign it in so they can keep the control they are so used to... which means breaking freedoms.
If the internet didn't exist yet, we'd still be ideologically in the early 90's where you'd have small pockets of conflict, but nothing on the order of what we have now...which wouldn't have given anyone the inkling that the Internet would be such a world changing force until it was unleashed upon the world to feed off the cumulative knowledge and become the unstoppable behemoth of ideas that will eventually turn all of humanity into the hive-minded Borg that Roddenberry warned us about. This is the direction we are moving in. Once our every thought, our every idea, our very essence is put into the Internet and translated into every language that the world will understand, the Internet will become the source of our memories and all of our collective information for each and every other person to access and reshape. The Internet is the Borg. It is The Matrix. It is Skynet. It is beautiful. It is terrifying.
Whois, much like the egregiously insecure and broken email system, does need to be replaced (you'd be amazed how upset my friend was when I let her know that her full name, address, and phone number were available to anyone due to her owning a few domains).
Personally, what I think needs to be done is the TLD providers need to handle the information, allowing it to be run in accordance with the laws of the country corresponding with the domain. German laws for .de, UK laws for *.uk, Japanese laws for .jp, and so forth. At the same time, I think it would be nice to allow optional support for subdomains to be whois-capable, provided by the domain owner. For example, allow myexample.tld to provide information for dyndnsuser.myexample.tld or facilityname.myexample.tld on their own terms.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Stupid question bonus round.. wouldn't this cut into domain privacy surcharges all yer registrar friends try and rake in? I mean if records can no longer be accessed by joe spammer such privacy services become useless...don't it?
I for one would fully support abolishing ICANN and replacing it with an institution that at least tries to care about what is actually best for the Internet. We see failure after failure in policy from ICANN consistantly doing what is good for business regardless of its effect on the network. e.g. TLD sprawl and ongoing "study" designed to greenlight "dotless" names. Sheer madness. Shame we continue to allow them to get away with being a bunch of greedy little pricks.
This doesn't answer all your questions. Sorry.
There are standardized addresses. Unfortunately, people who don't understand basic systems engineering (or who do, but are extremely greedy and amoral) refuse to use them.
Anyone providing Internet mail services is required by the SMTP protocol definition to have a human being receiving mail at the postmaster@domain.tld address. This has been true in every single revision of the protocol starting with RFC822 and continuing to the present day in RFC2821.
If you aren't manning the postmaster address, what you're doing is simply not SMTP, so it isn't Internet email. It is something else - metaphorically a bicycle wobbling down the center of the freeway, perhaps, or in the case of the big government-owning vendors like Verizon a steamroller in a pedestrian tunnel, crewed by laughing psychopaths.
The abuse@domain.tld address is slightly different - it is required by RFC2142, just like the hostmaster@domain.tld address is, but that RFC is not a protocol definition or a requirement for Internet connection.
However, the following statement is objectively true: If a domain does not staff the abuse, hostmaster and postmaster accounts, they will fall in at least one of two categories: technically incompetent or ethically corrupt.
The technically incompetent cannot handle the mail filtering required to deal with the spamload on these addresses. AOL claims that they are part of this group.
The ethically corrupt understand that the Internet is fundamentally a system of agreements - that wires and computers cannot function as a whole unless they use agreed-upon, mutually respected protocols, just as people cannot communicate efficiently unless they share some kind of common language. However, they also know the Internet's protocols are robust enough that only the majority of users must scrupulously comply with them, and extremely wealthy and powerful players can gain commerical advantage by breaking the rules they insist everyone else respect. Verizon and Microsoft fall in this category.
Because people continue to buy services from the technically incompetent and the ethically corrupt, they continue to prosper. This is something the free market is supposed to magically correct, but amazingly enough the same people trumpeting the power and the glory of free markets seem to be working very hard to support regional monopolies and strengthen barriers to entry in communications markets.
Centralized data store maintained by a third party? What is this another gambit to help before the chronicles of whistle-blower releases reaches the next stage?
What a farce!
Encourage all and any participants voting on this one to slam the door shut and to suspect those proposing this centralization.
Centralization is the gateway drug to tyranny!
http://www.aisnota.com/slashdot/ Welcome to Logic and the Future
If you read the questions posted at ICANNs share your thoughts page : http://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm, it's clear they've already made their decision to move forward this this ridiculous plan.
Whois is an invaluable tool for web hosters and managed service providers. To say we'll need to request access to this information in the future is absurd. I see no security "risks" with the whois information being available. If i'm able to legally look up ownership and tax records for property in the US, why is it more dangerous to view the ownership details of a domain name / ip block?
I simply don't understand what they hope to "fix" with this system.
... technically incompetent or ethically corrupt ...
Thank you. I've never seen or heard this argument expressed as well as this. Sorry, but I just ran out of mod points.
After having sat through a few of these meetings, and looking at who is mostly controlling the the board, it is obvious that there is a lot of parties with self interest involved in these decisions. The problem is really as simple as those who believe there should be public information on the operators, and those that want to see public information (law authorities, researchers, any many others) This WHOIS discussion has been a pinball for some time.
Frankly, in my opinion, if you want a 'public' resource (Internet name or address) you should be able to see who operates it.
But on one side there are people that believe it will hurt their business (Many hosting business [see board] believe this). There are also those who are worried the data can be abused. (eg. email scrapers), at least that is a reason they put up for proposing changes.
This is a compromise proposal to appease the law agencies (oh, you get to see the info) while getting away without having to publicize the data.
'whois' is still very important, and a world without any form of accoutability, will not be a happy place. (I think that 4-5 different proposals on whois have come and went over the last 10 years)