Slashdot Mirror
ICANN Working Group Seeks To Kill WHOIS
angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."
Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?
BTW, I think the headline is a: alarmist and b: misleading. It would be better written as "ICANN Working Group seeks to replace WHOIS."
Operation Guillotine is in effect.
A corporation is a single point of failure. As ICANN repeatedly demonstrates.
"centralized data store maintained by a third party"
Also the US government would certainly love to manage such entity.
So that's a huge no.
Great, so we are going to privatize the WHOIS service and make it much more difficult (pay per query?) to get information out of it.
Guessing one of the usual corrupt telcos or domain name registration companies will bid to be the 'third party' and find a way to fuck this up good.
As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.
This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.
"Grab them by the pussy" -- President of the United States of America
What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.
There should be a way for any person to contact any domain owner or domain-owning company. Putting a service in to vet requests will make it harder.
This is bad. And less transparent. And less distributed. And more expensive.
This action is not with your best interests in heart. This proposal comes with the intent of ICANN maximizing their own profits. They will blow smoke about privacy and other such utter bullshit to try to get people to support this but make no mistake, this will make the internet a less pleasant experience for users and a better hiding place for spammers.
How so, you might ask? Right now the current WHOIS gives vague lipservice to requiring domain registrations (and only under a very specific list of TLDs at that) to be registered with valid information. As it is, a not-insignificant portion of all new registrations at any given time are completed with missing or completely bogus information. And yet when this happens ICANN - who is tasked with making WHOIS data legible - almost always does nothing.
Now, they are just looking to openly embrace obfuscated, missing, and utterly bogus data in WHOIS records. The only people who benefit form this are the registrars that sell domains that benefit from that kind of lax registration requirement - spammers, scammers, and the like. If you don't think this matters to you, just wait until someone you know has their identity stolen after they mistype the web page for their bank, click on a fake ebay email, or do anything of that nature. The scum that will make money off of this will get to someone close to you, and this action will make it even less likely that those types will ever see any kind of punishment for their actions.
In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
two fitty, please
Given ICANN's track record, I'm pretty sure they're just looking for more public resources to carve up and monetize.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
They are not talking about blocking all access to the data.
They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.
They are also proposing adding additional contact fields that have been frequently requested for WHOIS data.
They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals. In particular it does not talk about refusing access, simply limiting the requests to authenticated users to prevent thinks like bulk-searches that scammers frequently use. The report recommends only limited fields require authenticated access, not those used commonly by individuals or by website administrators for abuse mitigation.
Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) that are not currently available, but will be very useful for domain abusers spanning many TLDs.
//TODO: Think of witty sig statement
This doesn't answer all your questions. Sorry.
There are standardized addresses. Unfortunately, people who don't understand basic systems engineering (or who do, but are extremely greedy and amoral) refuse to use them.
Anyone providing Internet mail services is required by the SMTP protocol definition to have a human being receiving mail at the postmaster@domain.tld address. This has been true in every single revision of the protocol starting with RFC822 and continuing to the present day in RFC2821.
If you aren't manning the postmaster address, what you're doing is simply not SMTP, so it isn't Internet email. It is something else - metaphorically a bicycle wobbling down the center of the freeway, perhaps, or in the case of the big government-owning vendors like Verizon a steamroller in a pedestrian tunnel, crewed by laughing psychopaths.
The abuse@domain.tld address is slightly different - it is required by RFC2142, just like the hostmaster@domain.tld address is, but that RFC is not a protocol definition or a requirement for Internet connection.
However, the following statement is objectively true: If a domain does not staff the abuse, hostmaster and postmaster accounts, they will fall in at least one of two categories: technically incompetent or ethically corrupt.
The technically incompetent cannot handle the mail filtering required to deal with the spamload on these addresses. AOL claims that they are part of this group.
The ethically corrupt understand that the Internet is fundamentally a system of agreements - that wires and computers cannot function as a whole unless they use agreed-upon, mutually respected protocols, just as people cannot communicate efficiently unless they share some kind of common language. However, they also know the Internet's protocols are robust enough that only the majority of users must scrupulously comply with them, and extremely wealthy and powerful players can gain commerical advantage by breaking the rules they insist everyone else respect. Verizon and Microsoft fall in this category.
Because people continue to buy services from the technically incompetent and the ethically corrupt, they continue to prosper. This is something the free market is supposed to magically correct, but amazingly enough the same people trumpeting the power and the glory of free markets seem to be working very hard to support regional monopolies and strengthen barriers to entry in communications markets.