An edited version of a post I made on the APWG. Certain parts have been redacted to protect innocent victims. The rest is topical here. Certain parties at Godaddy were copied on the original. ============================================================== I'm not sure if here is anybody on list that can address this issue. I have lodged an ICANN complaint on it, but this is extremely topical in doing what we do, fighting fraud as this affects each of us. So I'll share: http://blog.aa419.org/2017/09/08/an-open-letter-to-godaddy-whois-service/#Oc... I have reached out to folks in other communities fighting abuse. The issue is global and complaints are sandbagged. To show what a harmful effect this has: Consider bogus courier (removed - revealing this leads to innocent victims losing their privacy) This domain is being used in international fraud targeting companies and consumers by an international Cameroonian syndicate. While local distinct members have been identified in law enforcement related operations, this blew into the international sphere. Many domains in this syndicate have been documented, all evidence fully captured for LE, in ongoing efforts since Thursday evening. A glimpse: http://www.angloamericanplatinum.com/media/press-releases/2016/17-11-2016.as... We were working hard at this, when we hit (removed-domain) on Godaddy - a simple issue of not being able to capture a "standards compliant" port 43 whois output format, something supposedly well defined as per ICANN policy that should be available, yet this became a time wasting stumbling block. It took me about 2 hours to get a usable format of whois for this domain. That's how stupid it gets ... (removed-domain) has been scamming and piling up victim companies and consumers since 2016. The targets (each separate) are in: 2016: Vietnam - 1 ton of waste paper Malaysia- 1 ton of waste paper USA - 100 GRAM Discrete parcel (Drug scam?) USA - 300 Kg lobster tail USA - 1.35 tons of skin care products Armenia - 1 ton nuts Thailand - 20ft container of seafood 2017: Ukraine - 5kg Wooden pellets Russia - 2500 reams of paper * Brussels - 2 x 40ft containers of wooden pellets USA - not much info, except from somebody selling "Legal Marijuana". USA - 1 oz purple kush India - 18 tons (20ft container) of ??? Turkey - 50 tons of old newspapers India - 25 tons of waste corrugated paperboard Dubai - 2kgs of red lentils, chick peas, mung beans USA - 50kg crayfish USA - Yacht Saudi Arabia - 10kgs round mullet Fiji - 5 cartons of BIC gas lighters, 1000 pcs/carton India - 2600 reams of paper * * https://www.doubleapaper.com/nl/fraud-alert Each scam leads to another fake supplier and more of these fake couriers. This is akin to "How long is a piece of string?". So now that we know how this $3 bill domain is being abused, we look at it's whois after much effort at getting it only to find another domain attributable to the same party, but suddenly in Thailand, shut down for involvement in paper scams. (removed-domain states an Indian address) While there is "so much concern for the privacy" of the owners of (removed-domain), the owners of this domain do not have any problem trivially leaking personal details of their targets onto the web. Simply search for (removed) and follow the directory up ... enough said. It's also the last issue on tel nr (removed), that leads to alerts such as: https://www.deadiversion.usdoj.gov/pubs/pressreleases/extortion_scam.htm I hope this sheds some light on which fight being fought by very few volunteers, is being hampered by ill advised non-policy conforming registrars blocking of whois details. It's not always LE that opens the "can of worms". LE deals with the result (hopefully) once it's made clear it is a "can of worms". But if LE is not shown the evidence and relevance, they have nothing to go on and it did not happen. Yet tell that to these parties targeted and exposed internationally. Sadly most such cases gather dust at local police stations or like. Yet the victim may be a mom-and-pop shop business, the livelihood of the owners and all associated with them destroyed by the scam. Privacy and protecting privacy is a delicate balancing act between protection and disclosure, very ill understood. I had some discussions with numerous expert who failed to understand how due diligence down to whois level protects all. In this case I used the loan scam nest from Benin as an example. Whois details were vital to untangling this nest and mess. They were either shocked or did a quick pass-the-buck exercise. Luckily EU Registrars did a stellar job mitigating the Benin nest, devastating it. But what about next time? I shudder to think we encounter such a nest on Godaddy. =============================== Hopefully this makes the people here think of exactly what effect whois, or the inability of obtaining whois details, has in a real world environment. Sweeping problematic whois under the carpet of blanket privacy in an environment where policies are weakly enforced, is a recipe for a bloodbath. We're already seeing the effects at one such US registrar who have become the go-to registrar for badness in the domain space. Derek Smythe Artists Against 419 http://www.aa419.org