Re: [At-Large] Issue Report on Thick Whois
Since I have been tasked with summarizing comments on this topic, I do ask that a new thread be started to discuss privacy issues and whether we should have Whois in any form or not. The question here is whether specific registries should move from thin whois (as currently defined) to thick whois (as currently defined). The content is effectively the same regardless of the outcome, and it is all publicly available. Alan
* Alan Greenberg wrote:
The question here is whether specific registries should move from thin whois (as currently defined) to thick whois (as currently defined). The content is effectively the same regardless of the outcome, and it is all publicly available.
Thank you for pointing the discussion back. I do prefer thin WHOIS, because every party has to provide the information which can be verified by the party itself and for which the party is liable directly (they simply has to know their contrators/customers/resellers). So thin WHOIS make the chain of responsiblity visible without preventing access to information (despite local law might oppose). Thick WHOIS is the model to hide the chain of responsiblity by copying personal data (of a third party) outsite of the jurisdiction of the contract parties.
On 25/11/11 11:35, Lutz Donnerhacke wrote:
Thank you for pointing the discussion back.
I do prefer thin WHOIS, because every party has to provide the information which can be verified by the party itself and for which the party is liable directly (they simply has to know their contrators/customers/resellers).
So thin WHOIS make the chain of responsiblity visible without preventing access to information (despite local law might oppose).
Thick WHOIS is the model to hide the chain of responsiblity by copying personal data (of a third party) outsite of the jurisdiction of the contract parties.
+1. I would add that, in some parts of the world, exporting personal data of citizens to a third country is mostly illegal. The thin WHOIS model has the advantage of allowing registrars to (mostly) comply with local law. Patrick
I do prefer thin WHOIS, because every party has to provide the information which can be verified by the party itself and for which the party is liable directly (they simply has to know their contrators/customers/resellers).
All thick WHOIS includes the identity of the registrar, so this argument is silly unless you think that registries are so incompetent as to be unable to publish the information that the registrars provide via EPP. (If you do think that, examples would be helpful.) The only honest reason to favor thin registries is as a backdoor way to hide the identities of registrants who are criminals and the far smaller set of registrants who (probably wrongly) believe that A) their personal contact information is secret and B) they would suffer significant harm were anyone other than the registrars, who are perfectly reliable, to know who they are. Having written more than my share of software that attempts to retrieve the WHOIS info of people who submit their contact details to abuse.net, I can report from experience that the current thin WHOIS does indeed often fail to provide even the information that the registrars have. Thick WHOIS, on the other hand, is reliable and consitent. I also note that this particular question says nothing about proxy WHOIS, which is available in thick registries to exactly the same degree it is in thin ones. R's, John
Having written more than my share of software that attempts to retrieve the WHOIS info of people who submit their contact details to abuse.net, I can report from experience that the current thin WHOIS does indeed often fail to provide even the information that the registrars have. Thick WHOIS, on the other hand, is reliable and consitent.
Related note: the proximate reason to ask for thick WHOIS is to make registrar transfers work better. It is currently close to impossible to get the contact info from some sleazy registrars required to validate a transfer request. So for anyone who's opposed to thick WHOIS, in fact you're supporting the interests of those sleazy registrars against the interests of registrants, including individuals, who want to switch to a better one. If you counterargue that ICANN compliance should fix the problem, I agree, and while they're at it, they should require that registrars fix all the obviously bogus visible WHOIS info, too. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
And now we have come full circle. The Preliminary Issue Report that we are discussing here (at least intermittently) was requested by the GNSO Council in direct response to a Recommendation in the recent Inter-Registrar Transfer Policy PDP. Alan At 25/11/2011 07:58 PM, John R. Levine wrote:
Related note: the proximate reason to ask for thick WHOIS is to make registrar transfers work better. It is currently close to impossible to get the contact info from some sleazy registrars required to validate a transfer request.
So for anyone who's opposed to thick WHOIS, in fact you're supporting the interests of those sleazy registrars against the interests of registrants, including individuals, who want to switch to a better one. If you counterargue that ICANN compliance should fix the problem, I agree, and while they're at it, they should require that registrars fix all the obviously bogus visible WHOIS info, too.
At 25/11/2011 05:35 AM, Lutz Donnerhacke wrote:
Thank you for pointing the discussion back.
I do prefer thin WHOIS, because every party has to provide the information which can be verified by the party itself and for which the party is liable directly (they simply has to know their contrators/customers/resellers).
So thin WHOIS make the chain of responsiblity visible without preventing access to information (despite local law might oppose).
Thick WHOIS is the model to hide the chain of responsiblity by copying personal data (of a third party) outsite of the jurisdiction of the contract parties.
I guess I don't follow your logic. I agree that the chain of responsibility is generally visible for the thin model (although some registrars make it a bit difficult to identify the reseller, and I don't think anyone identifies nested resellers, which can be nested many deep). But for the thick model, the registry identifies who the registrar of record is, so the chain is equally visible. I understand the concern about sending data outside of the jurisdiction, but that does not seem to be linked to hiding the chain of responsibility. Alan
participants (4)
-
Alan Greenberg -
John R. Levine -
Lutz Donnerhacke -
Patrick Vande Walle