Nominet Compromising UK WHOIS Privacy, Wants To See Gov't-Issued ID

ktetch-pirate (1850548) writes Earlier this week, Nominet launched the .uk domain to great fanfare, but hidden in that activity has been Nominet's new policy of exposing personal domain owners' home addresses. Justification is based on a site being judged "commercial," which can mean anything from a few Google ads or an Amazon widget, to an email subscription box or linking to too many commercial sites, according to Nominet reps. In the meantime though, they want your driving license or passport to ensure "accuracy" because they "want to make things safe."

Re:Seems Prudent

[ktetch-pirate]

Except that any personal site HAS to have their 'correct info' there, and any hint of 'commercialism' (such as linking to 'trading sites') and that private info - your home address - is now going to be published. I bet no-one can see absolutely ANYTHING wrong with that at all.... like pizza-bombing or SWATing (SO19-ing?) someone. Because that never EVER happens.

Re:the internet is growing up

[RelaxedTension]

You forget that the details being available is where things started, and the option for details to be hidden showed up because of the problems having that information openly available has caused. The "social will" you talk about is not society at at large, it is governments and law enforcement wanting that information out in the open for their own purposes. General society either outright prefers the ability to remain anonymous or could give a crap about the details being shown except in very specific cases.

Having a website in no way equates to driving a car, that is a ridiculous analogy. Your driver's license is not openly available to millions at any given time, and a website is not a large vehicle that can be driven into a crowd of actual flesh and blood people. And if the service provider has monopoly, where exactly do you take your business?

Re:Laws like European Electronic Commerce Directiv

[Animats]

Right. The European Union has completely different privacy rules for individuals and businesses. For individuals, there's the European Privacy Directive, which gives Europeans much stronger privacy rights than in the US. For businesses, it's completely different. Online businesses face the European Electronic Commerce Directive, and have to disclose who's behind the business.

That's deliberate EU policy. The whole point of the single European market is to make it easy to buy and sell across national boundaries within the EU. So there are lots of EU rules which benefit consumers and prevent businesses from operating in the country with the weakest regulation.

The .us domain registrar doesn't allow anonymous registration, either. Actually, neither does ICANN. The registrant listed in Whois owns the domain. If that's some "private registration" front, they own the domain. This became a big deal when RegisterFly tanked and people with "private registration" discovered they really didn't own domains they thought were theirs. That took months to straighten out.

Re:Domains By Proxy

[SuricouRaven]

I'm in the UK, and I use Domains by Proxy.

I work with a school. I occasionally give students the address of my server, as I've a couple of utilities up there I made for use in IT classes (A public-domain* music collection, a utility to make rollover graphics). I can't risk students finding out my home address! I'd get a brick through my window for all the games sites I blocked.

*Only in Europe. Sorry yanks.

this should apply to all domains worldwide

[bl968]

Every single domain should have accurate and verifiable information for the owner, administrative, and technical contacts. The use of services which anonymize or mask domain owners should be prohibited.Whois was intended to enable you to identify the ownership of a domain and who to contact about it.

Re:this should apply to all domains worldwide

[astralagos]

Because domain generation is one of the most basic techniques used by malware authors and phishers to organize their attacks, as exemplified in the stone age by fast flux networks, Rock Phish, and Conficker, and in modern cases by Kelihos and most of the crap on Zeus networks. Because when a floor has to figure out what's going on with an address, the first thing they do is look up information on whois, which is already a poorly organized hot mess and the problem is further exacerbated by inaccurate info, outdated info, or flat out lies. We know that half the NICs are sleazeballs, but we don't often know which half, and so every incident takes a few hours of gumshoe work to validate that yes, it's some idiot high school again and not a real network threat. Because we're paying a palpable bandwidth task for blind scanning and spam coming down the network from bulletproof hosting providers and god knows what else, and it's not even interesting attacks anymore because it's not technically literate kids doing exciting things -- it's organized crime rings. And then, after you've spent 2 hours ripping through a dozen poorly designed databases to decide whether or not you can block that network, somebody from ICANN comes floating down on their cloud and suggests Qu'ils mangent de la brioche. I'm all for privacy, you want to be private, be private. You want to go ahead and have a blog, post on tumblr or something. But once you register a name, you're opting to enter an already public resource. You want to drive, you put on license plates. You want to have your own domain, put in public information.

Re:Nominet is typical British hypocrisy.

[ktetch-pirate]

The main problem is the constant 'goal shifting'. First it was because there was a widget link to Amazon for my book
I disabled it Then it was "I had google adverts". I disabled them. Then I had 'lots of links to trading sites" and "email subscription module" And then I filed a complaint for being absurd, and so the next morning they published my home address. UK Gov calls a business anything that makes a profit. It also accepts that hobbies can bring in some money, but when it becomes profitable, then it's not a business and is a hobby. Nominet calls a site commercial based on the "I'll know it when I see it" standard, with an extremist mindset.To quote the 'senior Nominet Customer advisor' who was chosen to deal with this case,

I would like to agree with a point you raised 'pretty much ANY website is a 'trading website''. This is the case and it's rare that a .uk domain name is able to opt-out of having their address details displayed.

It's the same as indecency. What's acceptable to one, may be offensive to another. Should we go to the extremist view, 'skin showing is indecent' to appease the extremists, or should things reflect societal norms? Like 'all skin is indecent', anything involving anything commercial, even at one remove, makes this site commercial' is an extremist view. Does linking to your twitter profile, or a facebook page make you 'commercial'? Just read a good book, and wanted to share that on your site, with a link to where you can buy it means you're a business? Nominet says so. is that normal in the current state of society?

Re:TFA's a bit long - can't find ref to passport!

[ktetch-pirate]

read the last link, Anyway, Nominet is demanding ID to 'validate' names, even though under UK law, pseudonyms not designed to deceive are legal for use, else they sieze the domains. They do this despite accepting the pseudnym and the legal right to use one in the UK, and the identity of the person in the case (me)
Basically, if you have a UK domain, and they can't 'verify' you in the big brother databases, you got to send them ID now.