My view is that the IP constituency ranges from genuine protective and for the good of all to totally abusive in self interest, much as the privacy group stretches from a genuine desire for privacy to nefarious actors that desire anonimity. The truth is somewhere in between. To move forward in any way, we first have to understand there is no passing the buck - this hurts us, our fellow internet users (be they registrants or not) to legitimate businesses. There are many that would have a "them" vs "us" scenario and in some cases it is in their best interest to distract us all. However, to move forward we all have to understand and accept the system is being manipulated and we have to work together to oust bad actors, even if (dare I say it) we work with members of the "evil" IP constituency. We all have valid points and need to accept that privacy is needed, but not at all costs. Currently privacy is hurting us (the general consumer) as implemented, also the IP constituency. In the end there are those tat do not care, it's just more business. Even though off topic, we even see it with SSL certificates. Nowadays a SSL certificate is worthless, it has to be a "special" certificate to convey any trust (theoretically, but that has also been proven wrong). Example: https://airfrcdcuk.com/intcourier/contactus.htm Beautiful SSL certificate (most likely free or a cheapie) There is nothing bogus about https://airfrcdcuk.com/PositiveSSL_tl_trans.gif Note how the company registration and VAT number for http://www.samedayuk.com/ has been stolen. This domain is in turn being used to target the general consumer. Let us look at where this consumer finds himself from the victim list on airfrcdcuk.com:
Sweden United States of Ame USA Dominican United States of Ame JORDAN UNITED STATES OF AME U.S.A United States of Ame United States of Ame USA United Kingdom USA Israel Australia USA Saudi Arabia VENEZUELA VENEZUELA jordan New York POLAND Canada New Zealand USA United Kingdom Denmark Sweden Canada AUSTRALIA Espana United State U S A Malaysia
So who do we blame? The fraudster tucked safely away in Nigeria in this instance, laughing at us getting nowhere? Registrars are basically giving most of this to him at virtually no cost. Why, he is actually becoming quite wealthy after the years he has been exploiting the system. He is using his fake registrant details for his business "bigbizhosting.com". Yes, fake whois:
165, Jalan Ampang, Kuala Lumpur, 50450 MY
is the address for the Hotel Nikko in KL, Malysia. "Dig" around a bit and get to agamahost@yahoo.com. But Agamahost (Donmaco/Ace live Web Host/....) is in Nigeria, quite a bit removed from Malaysia - whoops! Well at least that is better than the reseller that lives in a tree in New Zealand (as per his whois) and acts as a proxy for other German users (who happen to set up fake shops, spoofs etc) and host on bullet proof hosting in Russia. All in the name of privacy of course! My point is we cannot argue with the IP constituency at this stage. There has to be better checks throughout the system to cut out the bad actors. Both us and the IP constituency needs to agree on this is a start of making it better for all users, commercial or not. At the moment there is little credibility in the system and is even being used as a reason in some camps to do away with he current whois system. Should we ask why trust on the Internet is declining to an all time low if we are selling trust away (unverified and with free privacy) at about $10 per domain? Where in the real non-virtual world would you see this? Maybe this is too cheap. The savings is being passed on to discrete registrants, the real cost is being paid later by bystanders being drawn in (see the country list above), in terms of secondary security products (anti-virus, firewalls, associated spam costs etc). We are trying to do something that is unsustainable. Derek On 2011/05/07 02:33, Antony Van Couvering wrote:
Derek,
These are great points. If you want to get a response to "how do we counter the IP constituency," it might be useful to hear the perspective of registrars.
It may be easy to see what a registrar should do to solve any particular evil. But the question is, what can a registrar do to deal with a particular evil AND ALSO provide services that consumers want AND ALSO not do things to piss off the consumers. Asking a registrar to remove popular services or do things that cause a hue and cry with its customers is not realistic. Of course the IP people don't care about that, because they only care about their livelihood.
You might want to forward this to the registrar list and see what they say. Registrars, as you point out, are a big part of the solution, so they need to be engaged.
Antony
On May 7, 2011, at 7:41 AM, Derek Smythe wrote:
Hi Folks
Here is a more than excellent example of why domain abuse issues belongs at the registrar and why true privacy will not be possible until abusers are taken care of.
It all started off with a report of a phishing site. Doing a reverse lookup on the IP the domain was hosted on, we get the list included below.
Spending a bit of time on the search engines quickly shows numerous frauds related to the relevant domains. Digging a bit deeper keeps on leading to a specific "hosting provider" with a track record of these type of domains and even SSL certificate abuse.
Now, looking a bit closer at them in terms of whois details, we find gross privacy abuse for the domains used in fraud and fraud attempts.
For those that know how, looking very closely at them leads to victims to this fraud and details showing them all to be of the same origin as regards certain design elements.
Now, considering the background of the hosting provider, he specializes in these.
How do we counter the the IP constituency if they throw these examples at us?
How do we deal with this form of domain abuse? The authorities are in the know for a more than a while know. The SSL certificate providers are in the know as well. The domain registrars are in the know.
Doing a bit of backtracking leads to this post: http://www.jaguarpc.com/forums/showthread.php?t=24529
Now here is the sad part; Since that post, the hosting was terminated and simply moved to another IP at the same hoster, later we have two more more victims in Australia after this move.
http://www.rbol-uk.com/INT-UK/ (as I said, those that know how ...)
In fact the Nigerian hosting provider is simply moving hosting once caught out. In the meantime the "free one year privacy" is abused to for anonymity and to make tracking more difficult. Without finding, stopping and disabling these domains, the misery they create at the hands of the abusers continues.
As you will see, there is no easy way to do a 1-to-1 mapping of domain name against the spoofed domain, so more TLDs will just compound the issue.
It also does not help if we claim that domain names have no special meaning, in the eyes of the "ordinary user", how can http://www.barclaysonlineservice.com not be part of Barclays Bank PLC?
Just one such IP - 209.217.237.134: adamscolechambers.com airfrcdcuk.com Download your scam kit at https://airfrcdcuk.com/images/intcourier.zip ... or use the online pages: https://airfrcdcuk.com/intcourier/contactus.htm
if you search a bit on the contact details, you will see it's a continuation of http://www.complaintsboard.com/?search=Air%20Freight%20Courier%20Delivery%20...
albmb-my.com (http://www.albmb-my.com/INT-BANKING/ - initial report) albmb-my.net babaplc.com banquefinamauk.com barbplcuk.com barcba-uk.com barcbplcuk.com barclaysonlineservice.com barristermayallemersonstuart.com bdl-eu.com boabn.com boaplc-online.com cahootbplc.com capitalcrownbplc.com cbplconline.net chelseabuk.com chevronoilcompany-uk.com chmbchina.com ctmfirm.com davidhunterpartnerschambers.com daviesandpartnerschambers.com ddicourier.com dhlhome-uk.com dib-ae.com dislamiconline-ae.net e-alliancetrustsonline.com e-clydesdalebauk.com e-clydesdalebauk.net e-creditalliance.com eu-finciu.com eurolacbn.com expressparceldelivery-ng.com fbi-govs.com fbi-uk.com fbidirect.org fcmbdirect.com fcmbhome.com frontierforwardings.com fsaofficeonline.com fwcdsonline.com g-maildirect.com gainvestmentlimited.com gcc-as.com globalinvestltd.net halimicrofinance.com hlisbs.com ibarclaydirect.com iraqreconstructionjobs.net irsukonline.com katiemarchart.com kayenterprisesinsurance.com kmiexpresscourier.com leighdaysolicitors.com ltsb-official.com macsreview.com milestonemonetaryfirm.com monitoringcommission.org nbgroupplc.com nokiastaff.com norwichcitybn.com ntwstbnplc.com nwsttbplc.com planfslimited.com rbimb.com rbnsplc.net rbosmy.com responsecs.com rrs-asociados.com thehotmailupdate.com thestudenteventhost.com tpcapitallimited.com uknl-office.com ukpdac.com ukworldlinkcourier.com un-worldwide.org upds-ng.com wapblogin.com yahoo-maildirectonline.com zenithb-ng.com zenithoffices.com
Note the impunity with which even the FBI, IRS, United Nations is being impersonated, never mind Yahoo, Hotmail and the rest. And this party has been doing it for years now.
Now ask yourself: what number of legitimate domain owners are targeted by lack of domain privacy vs what number of the public are victimized by domain "anonymity"? Which is the lesser of the two evils?
Just some real world food for thought.
Derek Smythe Artists Against 419 http://www.aa419.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org