Derek and all my friends,

  My remarks and comments interspersed below...

Derek Smythe wrote:

Jeffrey and all

Re: Identifying user concerns

I have changed the subject line to a more appropriate one.

Good idea and choice.
 

This is an excellent idea, one that I would dearly love to participate in.

However, I would like to change item (2), phishing, to encompass fraud
which may appear to be phishing typo domains at first glance, but upon
analysis found not to be. As such I would like to say fraud for want
of a better word.

  Ok, but phishing is the single most intrusive and potentially damaging
sort of fraud that prays on users lack of understanding.  Most phishing
is caused or originated by spoofing IP addresses and/or Domain names,
from an insider of a legitimate originating domain name's Email address,
a result of misconfigured DNS being either exploited or intentionally
misconfigured in order to suck information from visitors to that
domain name.  There are of course other root causes as well.
Many of these causes can be eliminated or severally reduced
by cleaning up DNS configs and an area where ICANN can
make a huge difference.
 

There are many domains with fake whois, registered via proxy servers
paid for by anonymous means that make the registrant untraceable. This
is deliberately so.  Example: http://butterfis.com/sl/

Exactly right, and here is again where ICANN can make a huge
difference if they will only police their registrars and registries.
And if for instance, ICANN will require Registrars to make
substantial corrections to the accuracy of Whois data, limit access
to personal an private data in some Whois's, and revamp registration
software.
 

Likewise many domains are registered with stolen credit card details,
the victims details appearing in whois, opening them up to even more
abuse. I have a lot of case history on this issue. Some resellers even
offer domain registrations with no whois details ever asked.

Yes this is a significant problem and once which I mentioned
on circleid.  ICANN can't really address this problem very well
however. The only manner in which ICANN could address this
problem is limit the number of Domain names any one registrant
can register in a given length of time.  Not a very good approach
really.  The other manner in which ICANN could address this
problem is to eliminate the reseller market in some manner.  But
this is never going to happen for obvious reasons...
 

Of course, this is taking us into the third point you have here, the
second point sometimes even originating from the first.

Yep!
 

While I would not dare register a domain without some form of whois
protection, I was extremely relieved when recent initiatives to have
whois details in domains removed from public scrutiny. At the moment
we are each other's best watchdogs and we simply cannot afford general
whois privacy, since this would simply hide a problem and not fix a
problem. Yet we have to break this vicious cycle and move forward.
Anonymity must not result in no responsibility. However this is what
we are seeing currently.

  I don't believe in the idea that anonymity leads to poor responsibility.
 

In fact this is currently used to actually identity victims of credit
card fraud. We have teachers, estate agents etc living in small towns
all across America who are not even aware they own a Microsoft
Lottery, a NatWest Bank, FBI or CIA spoof domain. Big business is
ignoring this problem. We have hundreds of supposedly American
citizens with a fetish for registering Central Bank of Nigeria domains
all of a sudden.

Yes, I was recently hit with a NatWest bank false account.  I turned
that over to US-CERT for their review.  The reason FBI and CIA
as well as NSA spoofs are occurring is because their DNS's are
misconfigured badly leaking TTL's
 

There is another group of people who is not in the ICANN, registrar or
registrant class, who are victims of a system with quite a few quirks
and no accountability.

Yes the accountability of large IP interests and their internet
presence's such as Banks and other financial institutions whom
are the largest segment that have little or no accountability except
to themselves which is no accountability at all.
 

This is undermining faith in the Internet since the average Internet
user can simply not understand how such a system as advanced and
sophisticated as the Internet can operate with no accountability.
These are ordinary people that may not be very technical and are from
all over the world with no meaningful recourse.

Sad but currently largely true.
 

I can carry on and on, but I think this is enough to get the point across.

I suggest the following documents would be a starting point:
http://www.icann.org/announcements/advisory-10may02.htm
http://www.icann.org/announcements/advisory-03apr03.htm

Regards

Derek
http://www.aa419.org

> Danny and all my friends,
>
>   I think in order to make some progress identifying users
> main concerns, and listing them would be a good first start.
> So from our members anyway, here is a short list:
>
> 1.) Solving the growing spam problem.
> 2.) Means and methods of addressing phishing
> 3.) Personal privacy on the net.
>
.......
.......

>

Regards,

Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827