Neil Schwartzman wrote:
At 7:50 PM -0500 on 2/11/07, Wendy Seltzer wrote to a bunch of us, saying:
Neil Schwartzman wrote:
Like I said - show me a list of names of people who can't afford the commercial obfuscation systems, who have an identifiable need for a domain and a private whois record, and I will pay out of my own pocket to cover the services. How about an orthogonal set: people who need more than obfuscation, but actual anonymity in their domain registrations?
I've worked with and talked to people whose names were revealed by "proxy" services such as Domains-by-Proxy based on an unverified complaint from an adverse claimant. These are people engaged in legitimate advocacy and criticism, who have legitimate interests in stable location pointers for their online speech, who fear reprisals if their identities are known.
Hi Wendy,
Why do they not use a hosted offshore service and post-through-proxy if they want truly secure anonymity? Anyone with a true desire to post data that could land them in trouble doesn't want a domain in their own name - they want to be several arms lengths away from the public data.
Sure, and some use Tor's hidden services or Freenet.
I'm also left wondering what these activists did prior to them having Internet access and why are those methods no longer effective?
Why should the activists be denied access to the most effective new means of communication? Shouldn't they be able to put up posters in bus stops with a URL for more information just as a commercial advertiser can?
Owning a domain is akin to driving a car, owning a piece of land, or anything else that is public-facing; there is a measure of personal responsibility involved.
It's not that they can't pay, but that no one offers them the anonymity they want at any price.
So is it your position that there needs to be completely anonymous domain registration?
Yes, I believe there should be. Speech is not like driving a car and a domain name doesn't go out and commit fraud. Where a domain name is used in a fraud, such as phishing or collecting botnet controls, anti-attack measures such as suspending service could be taken without requiring the identity behind the domain name. --Wendy -- Wendy Seltzer -- wendy@seltzer.org Visiting Assistant Professor of Law, Brooklyn Law School Fellow, Berkman Center for Internet & Society http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/