WHATIS Going To Happen To WHOIS?

dmoberhaus writes: A European data privacy law goes into effect in May, but it's already having far reaching consequences, especially when it comes to publicly available WHOIS data. Motherboard spoke to a domain registrar, ICANN and some security researchers about how anticipation of the EU privacy laws implementation has already gutted WHOIS data, why this is dangerous and what the future of WHOIS looks like.
ICANN requires registars to make data on their customers publicly available -- but registrars would be more than happy to stop, according to Tim Chen, the CEO of a WHOIS data analytics firm. Besides hiding their customer lists, it would also address complaints about spammers harvesting email addresses. So registars like GoDaddy "are taking this opportunity to see how far they can push things."

But the article has some sympathy for ICANN. "On the one hand, the organization is under pressure from law enforcement officials and security researchers who depend on WHOIS data to investigate possible crimes or mitigate devastating malware attacks. On the other hand, the organization must also accomodate laws like the GDPR that are the only bulwark against the wholesale of individuals' data by internet giants like Google and Facebook." In 2014 ICANN suggested a "gated" registry that would only authorize access to people who identified themselves and their purpose for accessing the data. But progress has been slow, according to the article, which adds "It's uncertain when ICANN will have a finalized protocol for a next generation version of WHOIS, but an overhaul of this nearly 30-year-old protocol is long overdue.

"The notion that individual data should require a requester to also provide their own data is both equitable and intuitive -- the only remaining question is how to make it work."

Scammers use data...

[Camel+Pilot]

Anyone who has a registered domain or ssl certificate is familiar with the perennial scam of getting a fraudulent letter or emailing informing them that their domain is about to expire please send money now.

Molehill

[bidule]

What's wrong with having WHOIS point to a middleman who must forward to the owner?

There's no privacy issue that way.

Re:Molehill

[davecb]

I was peripheral to the discussion, and a customer bid on the "new whois" proposal: this is how it was supposed to work. A domain name in .com was supposed to be just like a business, and it was expected that the business contact could be your marketing department or in-house counsel. In .net and .org it was the same.

In .ca, the registrant name is the registrar, and when contacted they will contact me.

Is there even any point?

[ZorinLynx]

Most domains are owned by proxy anyway, so if you do a whois you're just going to get the name of the proxy.

The days of using whois to hold domain owners responsible for anything have been long over for a long time; anyone doing anything shady (or just wanting basic privacy) is using a proxy.

Re:Nonsense

[zifn4b]

Before you post, do a 5 second Google search and locate this nice, easy to parse GDPR Key Changes document

Reminds me of David Brin's Transparent Society

[Paul+Fernhout]

https://en.wikipedia.org/wiki/...
"Brin argues that it will be good for society if the powers of surveillance are shared with the citizenry, allowing "sousveillance" or "viewing from below," enabling the public to watch the watchers. According to Brin, this only continues the same trend promoted by Adam Smith, John Locke, the US Constitutionalists and the western enlightenment, who held that any elite (whether commercial, governmental, or aristocratic) should experience constraints upon its power. And there is no power-equalizer greater than knowledge."

From the article: "The notion that individual data should require a requester to also provide their own data is both equitable and intuitive -- the only remaining question is how to make it work."