Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Seeks Comment On Limiting Anonymized Domain Registration

Posted by Soulskill on from the your-computer-is-broadcasting-an-ip-address dept.

angry tapir writes: Privacy advocates are sounding the alarm over a potential policy change (PDF) that would prevent some people from registering website addresses without revealing their personal information. ICANN, the regulatory body that oversees domain names, has asked for public comment on whether it should prohibit the private registration of domains which are "associated with commercial activities and which are used for online financial transactions."

20 of 86 comments (clear)

  1. So basically only the rich by gurps_npc · · Score: 2

    with an army of lawyers and multiple international corporations could remain anonymous.

    --
    excitingthingstodo.blogspot.com
    1. Re:So basically only the rich by Krojack · · Score: 2

      Maybe your joke or comment went over my head but I think you have it backwards.

      Domains part of commercial activities or financial transactions can not be shown as private. Us little peons still can have them as private.

  2. hmmm by pfredphotos · · Score: 4, Insightful

    prohibit the private registration of domains which are "associated with commercial activities and which are used for online financial transactions

    I'm not sure I have a big problem with this. If you do business with a company that can just disappear, that'd be a bummer. That said, you shouldn't do business with a company like that, but people aren't always smart.

    1. Re:hmmm by IamTheRealMike · · Score: 4, Interesting

      Probably would have prevented Satoshi being anonymous when he launched bitcoin.org, and thus might have led to Bitcoin never existing at all.

    2. Re: hmmm by Penguinisto · · Score: 2

      I agree partially with the point, but there is a bit of a difference between a huge publicly-traded corporation that had to jump through a zillion hoops to form up and gain a presence, and the fly-by-night one-man scam 'store' that some dude set up online.

      Yeah, Enron, Worldcom... they disappeared, but only after a long drawn-out process. It was kind of a big news thing when each one of them were slowly drawn and quartered into oblivion - and there were a shit-ton of assets to garnish/seize along the way. Amazingly enough, the board of directors were all rather easily found and many were dragged into court.

      At the other end of the scale, we have "Bob's l33t g4m3r p4rtz store!!!11!". It can cash out its bank account and evaporate into nothing within an hour, at least after enough credit card transactions clear/post to make the scam worthwhile (but long before the chargebacks and cops come flying in). Assets? Yeah - that consists of a domain name, a PO Box for the checks (maybe), and approximately 150MB of crappy cloned website full of copied pictures/text, sitting on a $10/mo hosted webserver? Oh, and good luck finding the dude who ran the scam - he's likely on another continent anyway.

      I mean c'mon... perspective, man!

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    3. Re:hmmm by Curunir_wolf · · Score: 2

      prohibit the private registration of domains which are "associated with commercial activities and which are used for online financial transactions

      I'm not sure I have a big problem with this. If you do business with a company that can just disappear, that'd be a bummer. That said, you shouldn't do business with a company like that, but people aren't always smart.

      Ant that is why they are using the phrase which are used for online financial transactions as a place to start, and put the system in place. Camel's nose in the tent, as it were. More people will be okay with it. Once the system is in place, it will expand to cover everyone (except, of course, governments, politicians, and large corporations).

      Right now, I can pay my ISP an extra $10 - 20 to anonymize my information on Whois. I still have to provide it to my ISP - that has already been made a legal requirement. But with the crackpot stuff I sometimes tend to put on the Intarwebs, I don't want to become a victim of doxing or swatting by some butt-hurt "hactivist". So it's worth it. But when they expand this system, or decide that fee needs to be $1000 or more, well, it just won't be available to me any more.

      So, in the long run, this is an effort to end anonymous speech, to scrub unpopular opinions from the Web, and coerce small players into leaving the website business or, worse, further centralizing distribution of content. There are currently only six media companies in the US that control 90% of all media. There are plenty of elitists that would love to see all of the content on the Internet controlled by those six companies. It would make it so much easier to drown out any dissenting voices, wouldn't it?

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
  3. Why would they start caring now? by damn_registrars · · Score: 5, Interesting

    ICANN has been pro-profit for some time now. They make more money by allowing registrars to sell anonymized domains than if they do not. The privacy question is just window dressing.

    In the end, though, it doesn't make much of a difference. I used to take the time to do WHOIS lookups on particularly egregious spamvertised domains (specifically ones selling counterfeit or contraband products) and contact their registrars and hosting providers. Did it make a difference? No. I even found that specific registrars were notably complacent and willing to do business with the characters behind such operations, so I reported said registrars to ICANN. Did ICANN do anything? No.

    I also pointed out to ICANN that selling gTLDs would be a bad idea as it opened the floodgates to more such doings. Did they care? No.

    In other words, if you are concerned that ICANN might start to prohibit anonymized registration, don't be. They are just trying to drum up some PR to make it look like they care about more than their bottom line. It will all pass soon.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  4. I was wondering if/when this would be on /. by waspleg · · Score: 2

    Namecheap sent this out 2 days ago:

    Hello *redacted*,

    Over the weekend, Namecheap customers sent more than 5000 comments to ICANN, to help fight for privacy and save Whois protection. What an amazing, positive response!

    Unfortunately, due to the way ICANN chooses to approve comments, your voice may not have been heard. We deeply regret this and want to make sure ICANN hears what you have to say. We have revised the way comments are submitted to ICANN via our site RespectOurPrivacy.com. If you submitted a comment to ICANN before June 22, 2015, we would like to ask you to please go back and do so again, to insure your message reaches its target. We sincerely apologize for the inconvenience. This is a truly important and urgent issue, so from the bottoms of our hearts: THANK YOU for taking the time to submit your comments a second time.

    If you haven't submitted your comments to ICANN yet, we encourage you to do so now. Visit RespectOurPrivacy.com and we'll guide you through the process.

    We are dedicated to making sure ICANN hears your voices loud and clear. Together, we can win the fight for online privacy!

    Warmest regards,
    Richard Kirkendall, CEO
    Namecheap.com

    It was enough to convince me. I sent them an email and allowed ICANN to publish as part of the public record.

    1. Re: I was wondering if/when this would be on /. by bill_mcgonigle · · Score: 2

      to play devil's advocate (for now anyway) can't State-level actors simply demand this information anyway?

      I'd be happy seeing cryptographically-secure domain registrations, but I'm not sure the status quo does anything but lull users into a false sense of complacency.

      People who want real privacy are using .onion domain names now, because of the current reality. Making the truth plain isn't always a bad thing.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re: I was wondering if/when this would be on /. by damn_registrars · · Score: 2
      The summary stated this was about domains

      associated with commercial activities and which are used for online financial transactions.

      Is your personal webpage involved in such activities? If not, it would be exempt. No worries though, ICANN knows they will make more money if they do allow anonymous registrations to continue, hence they will. This is just ICANN trying to get some publicity - after all, all press is good press, right?

      That said

      random asshole with a grudge to mail you elephant shit. or, you know, threaten your family, stalk your pets, whatever.

      Happens so rarely it is pretty much a non-issue. Out of how many hundreds of millions of registered domains, such things have happened how many dozens of times? These deranged people could have found other ways to harass their targets in meatspace had the registration data been anonymized.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    3. Re: I was wondering if/when this would be on /. by Jason+Levine · · Score: 2

      Happens so rarely it is pretty much a non-issue.

      It's happened to me so this is definitely not a non-issue for me. I had someone harass me online making all sorts of accusations of "crimes" I've committed and threatening to report me to the police. She claims god talks to her - so no use arguing with her. Do I actually think the police would do anything based on "Hi I'm RANDOM PERSON and god told me this guy's evil?" Of course not. She could make my life a living hell, though if she knew my real name and address. (She was harassing me on a site where I use a pseudonym.)

      In case you think she couldn't do this, she was harassing someone else (one of many people she's targeted) and knew his real name and place of employment. She called his job (he's a teacher) and claimed he is a pedophile (a serious accusation in any case, but needless to say, a career killer if you're a teacher). Luckily, he notified his employer beforehand of her and they brushed her off. She also used Facebook to track down all of his relatives (and people with similar last names) and tell all of them that he's a criminal.

      Luckily, this person isn't the "travel to your home and take matters into her own hands" type, but who knows when she might get frustrated that the police aren't following up on her "god told me" claims? At one point, she might decide that showing up at my front door is god's will. I definitely wouldn't want to be broadcasting my home address to her and every other sicko online.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  5. Good. by buckfeta2014 · · Score: 2

    I'm tired of people owning domains with no way to contact them because of "whois guarding". Maybe ICANN can also go all the way and recall accreditation for registrars known for registering malware/typoscamming/etc domains.

    --
    Buck Feta. You know what to do.
  6. Well... by EmeraldBot · · Score: 4, Insightful

    I have a feeling all the people who are talking about their privacy being invaded have yet to read the summary. It specifically mentions websites associated with "business and financial transactions". Are you proposing that to run a legitimate business, you don't ever have to reveal to your customers such basic things like a phone number or a mailing address? I find it awfully hard to trust a business that doesn't want any interaction with its customers whatsoever.

    --
    "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
    1. Re:Well... by krelvin · · Score: 2

      Nothing more annoying than having a business domain which has hidden their contacts behind a privacy by proxy which never gets responded to to deal with a technical issue related to their domain (email for example).

    2. Re:Well... by bitwise+counselor · · Score: 3, Informative

      Showing advertisements is classified as running a commercial business. I don't think I would want my personal details divulged just for showing advertisements to cover hosting costs.

    3. Re:Well... by MobyDisk · · Score: 3, Insightful

      Are you proposing that to run a legitimate business, you don't ever have to reveal to your customers such basic things like a phone number or a mailing address?

      Actually, this happens all the time.

      I have purchased ads from Google, and I have never been given their address. Google goes out of their way to make sure there is no way to find a human for technical support. Same goes for Steam, eBay, PayPal. Today companies give you a forum and expect the community to support themselves. It's almost impossible to find them unless they sell a physical product.

    4. Re:Well... by ColdWetDog · · Score: 2

      Then don't host adverts. You are a business, even if you aren't trying to make a 'profit'. TANSTAAFL.

      --
      Faster! Faster! Faster would be better!
  7. Public domains only help the bad and hurt the good by EmperorOfCanada · · Score: 2

    Quite simply my Whois data has only been abused. I have received phony bills from fictitious domain registries. I have received threatening letters from companies that I was violating this or that. And then there is the endless spam. Except that this spam carefully exploits the data found in my whois data.

    On the other-hand I don't know of anyone who benefited from whois data beyond curiosity.

  8. I'd go the other way. by Anonymous Coward · · Score: 2, Insightful

    Registrants of domains SHOULD be publicly contactable. It should not be OK for a domain to exist and there to be no way to get in touch with the owner of that domain (if they're sending spam, if you suspect their server has been compromised, if you have a legal issue with the domain's existence.) This is why there's a requirement for WHOIS information to exist. Contacting the owner of another domain SHOULD be a thing that you can do.

    The current "anonymous" registration process (other than being a cash cow for registrars) breaks the reason for having contactable registrants, without removing the requirement entirely. People EXPECT the system to work where domain registrants can be contacted, but usually it's an unmonitored e-mail account at their registrar who won't forward the message. The system is broken today.

    I don't have a problem with the registrant information being private IF it's replaced by information by which the registrant CAN be contacted. Register.com will let me pay them to be the publicly listed domain contact? Fine. Then they better have the ability to pass legitimate messages on to the actual owner (spam filters are fine, /dev/null inbox is not). They better be able to accept legal service on behalf of their customer. They better have the information about their customer to ALLOW that customer to be contacted.

    Either rip the whole notion of WHOIS information out by the roots in its entirety, or make it work properly. Half-ass measures like "well, we're OK with this not really working, except under these circumstances that aren't actually as well defined as you'd think....." make the problem worse, not better. Every owner should be contactable, and whether it's directly or through an anonymizing proxy third party shouldn't matter, as long as it actually works.

  9. Re:Fuck you governments of the world .com by i.r.id10t · · Score: 2

    If you are doing financial stuff, should it be via HTTPS ? And should the SSL Certificate have ownership/identity information in it?

    --
    Don't blame me, I voted for Kodos