Consumer education is always the issue (for us), and I agree with the statement: "A lot of the fraud problem, as I see it, is really outside ICANN -- can we educate Internet users better, technically and information-wise, about verifying the trustworthiness of sites they use?" I want to avoid wasting anyone's time with discussion of matters outside ICANN's scope (though if/when you get more ALSs, there will be more...) But to respond: We do have empirical data that shows consumers don't really regard seals as a measure of a site's credibility: http://www.consumerwebwatch.org/dynamic/web-credibility-reports-princeto n.cfm http://www.consumerwebwatch.org/dynamic/web-credibility-reports-a-matter -of-trust-abstract.cfm That's not to say they are not useful. Businesses like them, we do tell consumers to look for them, but they have proliferated and are easily faked (see "The World's Best Sites," http://weblog.consumerwebwatch.org/theunsponsoredlink/2007/05/the_worlds _best_sites_who_says.html, which put its seal on a site that fooled some "experts" I know, AskDrTech.com). Some "seal" organizations are well-intentioned, like UK's Web Trader was, but find themselves, after a while, without funding or the will to maintain their integrity. As for the BBB system, it's better to have it than not, but I can point to problems with it. Then there's the matter of fraudulent background check sites like CourtRecords.org (http://weblog.consumerwebwatch.org/theunsponsoredlink/2006/09/backgroun d_check_sites_backgro.html), which takes advantage of consumer trust in the .org domain. I'm speaking from my own experience and Consumer Reports' experience using WHOIS as an investigative tool to help resolve consumer complaints. Using WHOIS led us to the mail-drop physical address of AskDrTech.com. WHOIS helped us determine CourtRecords.org was a scam run out of Stockholm, so you could argue that they didn't publish "real" WHOIS data, but it was enough to determine and advise consumers that if they had problems with that site, they could stand a long wait for a refund, and that other consumers should steer clear. We teach consumers to use WHOIS as a means to verify whether a Web site is trustworthy. Surely the argument is not black and white here, between evildoers vs. protecting my daughter's privacy so she can put up a personal Web site. As you say, "The individual domain name registrant, meanwhile, is least likely to know about other options than publishing a home address and contact information when registering a domain name for a personal website or weblog. For that person, using the Net to communicate, I'd like to see better privacy options." Yes, so would we, absolutely. Surely there are technological means? Or a change in classification of "ownership" to the escrow services? Or market forces that might lead consumers to take more precautions using sites with .NET, .BIZ and .TV domains, or that lead young people who want to put up personal Web sites to avoid stalkers to use another domain with different restrictions/precautions, etc.? -----Original Message----- From: Wendy Seltzer [mailto:wendy@seltzer.com] Sent: Tuesday, July 10, 2007 1:33 PM To: Brendler, Beau Cc: Evan Leibovitch; Bret Fausett; Vittorio Bertola; At-Large writ small Subject: Re: [At-Large] Updates on the WHOIS WG I understand the consumer's interest in avoiding spam and fraud, I just don't see publication of personal information in WHOIS as the way to advance that interest. The reputable business will always have the options to display information in WHOIS and in other venues (Better Business Bureau seals, Consumer Reports reviews, the stopbadware.org database), and consumers should be informed about how to look for those. The fraudster will avoid publishing real data in WHOIS, no matter what the compulsion -- he may either use a real Citibank address when registering c1t1bank.com or register at 1 Mickey Mouse Lane. The WHOIS often won't help stop these, but non-DNS law enforcement can. The individual domain name registrant, meanwhile, is least likely to know about other options than publishing a home address and contact information when registering a domain name for a personal website or weblog. For that person, using the Net to communicate, I'd like to see better privacy options. A lot of the fraud problem, as I see it, is really outside ICANN -- can we educate Internet users better, technically and information-wise, about verifying the trustworthiness of sites they use? --Wendy Brendler, Beau wrote:
Basically we (WebWatch) agree with: http://www.ftc.gov/opa/2006/07/whoisdb.shtm
I agree with Evan here, who is particularly eloquent. The consumer constituency we represent cares about getting ripped off, spammed, phished. I'm not saying they don't care about the "privacy rights" of the domain registrant community. But from what I do know about our constituency, most consider the domain registrant community (if they even are aware of such terms or structure) as the authoritative class,
or big business, or somehow responsible for all that junk that fills up their mailboxes -- not their friends and neighbors.
-----Original Message----- From: Evan Leibovitch [mailto:evan@telly.org] Sent: Tuesday, July 10, 2007 12:31 PM To: Bret Fausett Cc: Brendler, Beau; At-Large writ small; Vittorio Bertola Subject: Re: [At-Large] Updates on the WHOIS WG
Bret Fausett wrote:
Just because a person isn't afraid of being stalked because their own home address isn't in the whois database doesn't mean they would support the ability of stalkers to easily find their friends and neighbors. Most people aren't that self-centric ...and I think a healthy concern for others is a hallmark attribute of CU's members. Most non-techie Internet users (that I'm aware of in my own travels) don't think of domain owners as individuals; when I tell them I own my
own domain they consider that a novelty. A check of most registries would probably affirm that individual casual ownership of domains is in the small minority -- especially compared to the massive bulk-domain-procurement activities that were suggested during the workshop on domain tasting. At their most benign, domain owners are providers of useful information and services, at their most severe the
source of spam, phishing, squatting, and popup-window hell.
As such, I would suggest that most people -- especially those not in the tech field -- consider Internet domains far more likely the source
of stalker than victim. I sincerely doubt that many casual Internet users consider domain owners to be their 'friends and neighbours" -- and, as such, are less concerned with their privacy than of end-users.
Individual Internet users know they already have very limited privacy -- even when using pseudomyns in email, they can be traced back through their ISP. Why would one expect that they should naturally support greater anonymity for spammers than for themselves?
- Evan
*** Scanned
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.ica nn.org
At-Large Official Site: http://www.alac.icann.org ALAC Independent: http://www.icannalac.org
-- Wendy Seltzer -- wendy@seltzer.org phone: +1.914.374.0613 Visiting Fellow, Oxford Internet Institute Fellow, Berkman Center for Internet & Society http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/ *** Scanned