I agree with Evan at this stage. A while ago I was accused of fear mongering on this exact issue. Yet hardly had the mails being sent arrived in my mailbox, that I had problems getting a domain that blatantly spoofed a real bank, not only in content but in name as well, cancelled. Emails to the privacy provider yielded no results. Mails to the registrar resulted in a "contact the hosting party" attempt at passing the buck. This response does not acknowledge the fact that fraudulent domains do jump from hoster to hoster. Eventually I emailed the CEO of the registar and privacy provider (same person) and I had to spell out provisions of the RAA. This was after two weeks of to and fro! The Attorney General's office in the same state as the registrar was copied on my emails. The AG's office asked to be updated on the situation since they have encountered similar problems; I quote (Registrar name redacted): "We have gotten a bunch of these in the past. We would be like to kept in the loop on what ****** says about stopping the redirect to the phishing site." Yet this is one of the USA's biggest registrars and my complaint is not unique! Nor are the issues with registrars and privacy providers on proven fraudulent domains unique. Likewise I have another similar bank spoof issue showing another privacy provider in whois that been outstanding for a week now, with absolutely no response. What amazes me is how uncontactable these privacy providers can be. Contact via the supplied online form yields slow and inaccurate responses. No other contact details are available on the webpages for the privacy provider. As such the logical fallback is the whois details. However: ** Telephone number in whois yields a voice mail to use the online forms. ** Whois shows a postal address, but says postal emails will not be accepted (which is in another country to the telephone number). ** email address in whois asks to use the online form. Yet the domains protected are scam and fraudulent domains, proven as such to the privacy providers. I know the system better than the average person on the street. How much of a chance does the average person on the street have to enforce their rights if they are scammed. Go figure. Consider this: - We are all experts here compared to the average user out there. If we feel threatened exposing ourselves on the internet, how much more so is the normal internet user at risk in reality? - How many registrants vs ordinary internet users are there? The privacy issue plays off the one party against the other. - Can we really rely on law enforcement to investigate each and every domain that is used to scam somebody? If not, who will the party be that does this and how will the parties that do obtain whois data? Being a domain registrant myself, my attitude is that before I allow hundreds of innocents to be targeted, I will rather protect myself by other means. Until checks and balances are fundamental to all privacy mechanisms, we simply cannot afford blanket privacy protection as we will simply be aggravating current domain abuse issues. A such privacy as a core value must be measured against the safety of all internet users. One of the most effective forms of protection when doing business with a party via a website or such form of Internet interaction is doing a whois lookup and deciding for myself that an addresses such as the following being fake or not: - FEDEXDELIVERYSERVICEONLINE.COM Registrant: xdeliveryserv Dorothy Miller (**** <at> hotmail.com) 8870 Brentford Ave San Diego ACT,92126 AU Tel. +61.221256556 - PRISEGIVERS.COM Registrant: prisegivers JODI DANNER (***** <at> hotmail.com) 112 N OMAHA AVE SIOUX FALLS ACT,57103 AU Tel. +61.2535251156 Depriving me of this information put me at severe risk, yet is the safety of all also not a human right? Derek Evan Leibovitch wrote:
Danny Younger wrote:
As you may be aware, privacy is not an ICANN "Core Value". The word "privacy" does not appear within the bylaws. I am of the view that ICANN would be well served by articulating that it respects privacy.
Privacy of who? From What?
Until the term is specified in those contexts, I will be more than happy to argue AGAINST its inclusion as a core value. And I most certainly oppose the absolute, without limit, protection of privacy.
I do not consider protecting the privacy of registrants -- empowering them to hide from those they attack or defraud -- to be a core value.
I do not consider protecting privacy, as a shield behind which to slander and defame, to be a core value.
And I most certainly do not consider the invokation of privacy to impede transparency within ICANN's own processes to be a core value.
As far as I'm concerned, the right of aggrieved Internet users to confront their attackers is at least equal to the right of those attackers to hide after playing hit-and-run.
If we ultimately seek to arrive at a consensus on the fundamental issue of protection of personal privacy, we need to have a starting point to stimulate ICANN-wide discussion. Accordingly, I am asking you to drive home this point by petitioning the ICANN Board to amend its core values section in the bylaws so that privacy may come to be acknowledged as a value to be respected.
I oppose any such initiative until we have a more focused idea of what it it we are asking to be respected. Blanket worship of an undefined term "privacy", without bound, offers the potential for as much abuse as it supposes to prevent.
- Evan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
At-Large Official Site: http://atlarge.icann.org