Couldn't have done this without WHOIS
Some people I know have been trying to figure out, without success, who is funding the health care front group U.S. Citizens Association. One look at a few registration records did the trick: http://www.walletpop.com/blog/2009/12/16/why-these-u-s-citizens-serve-as-a-g... Law enforcement, by the way, wouldn't care about unmasking front groups. Even in its current state, WHOIS data still can be useful.
And in a similar vein, a well known escrow scam abusing a private registration this time. This scam would be an ideal case study of how one criminal group abuses the DNS system. They are still going strong as we can see despite victims have done the required. I have been in touch with the real owners being spoofed who are aware of the situation and have all but given up. So who are the victims? What does this contribute to the system and humanity except a potential case study and a few domain registrations? Derek Beau Brendler wrote:
Some people I know have been trying to figure out, without success, who is funding the health care front group U.S. Citizens Association. One look at a few registration records did the trick:
http://www.walletpop.com/blog/2009/12/16/why-these-u-s-citizens-serve-as-a-g...
Law enforcement, by the way, wouldn't care about unmasking front groups. Even in its current state, WHOIS data still can be useful.
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann...
At-Large Official Site: http://atlarge.icann.org
On 12/17/2009 04:32 PM, Derek Smythe wrote:
And in a similar vein, a well known escrow scam abusing a private registration this time. This scam would be an ideal case study of how one criminal group abuses the DNS system. They are still going strong as we can see despite victims have done the required.
I have been in touch with the real owners being spoofed who are aware of the situation and have all but given up.
Have they contacted law enforcement? Have the filed a civil complaint with "john doe" defendants so that they can open up a court-supervised discovery and subpoena process? Absent a concrete demonstration that these people have utilized the above channels I doubt that these people can not obtain relief through existing channels. And thus I am unconvinced that there is merit in the proposition that there exists a vacuum that must be filled by an ICANN as an internet policeman that also doubles as judge-jury-executioner. Hasn't the history of everything since Moses and the Golden Calf through the 20th century hot and cold war madness, not to mention the "W" presidency, adequately demonstrated the dangers of paranoia driven creation of police/security apparatus? --karl--
On Thu, Dec 17, 2009 at 9:52 AM, Beau Brendler <beaubrendler@earthlink.net> wrote:
Some people I know have been trying to figure out, without success, who is funding the health care front group U.S. Citizens Association. One look at a few registration records did the trick:
http://www.walletpop.com/blog/2009/12/16/why-these-u-s-citizens-serve-as-a-g...
Law enforcement, by the way, wouldn't care about unmasking front groups. Even in its current state, WHOIS data still can be useful.
I'm not yet convinced about the relevance of WHOIS data which I believe has to be correct but kept private if the registrant makes the choice. Proper and accessible WHOIS data does not fix -with all due respect- the stupidity of people falling for very obvious scams, or prevent criminals to find the way and loopholes to take advantage or augment the stupidity and/or commit a crime. Look at Bernard Madoff, he was Chairman of NASDAQ, operating under a supposed regulated market, registered with the SEC, well known, and still he figured how to perpetrate a $60 billion fraud. BTW, the WHOIS data for his company was always complete and legit, now obviously under control of the liquidation trustees. ICANN has no mandate or role to become a regulatory or law enforcement agency, much less the net-police, yes it still has the right/duty to enforce its contracts. Regards Jorge
I'm not yet convinced about the relevance of WHOIS data which I believe has to be correct but kept private if the registrant makes the choice.
I know people who use WHOIS info to deal with scams and frauds on a daily basis. If you're saying that we're lying, it's hard to have a discussion. The current WHOIS rules say that the WHOIS info has to be correct. The various WHOIS privacy services list debatably "correct" info. R's, John
On Thu, Dec 17, 2009 at 9:14 PM, John R. Levine <johnl@iecc.com> wrote:
I'm not yet convinced about the relevance of WHOIS data which I believe has to be correct but kept private if the registrant makes the choice.
I know people who use WHOIS info to deal with scams and frauds on a daily basis. If you're saying that we're lying, it's hard to have a discussion.
I'm not saying that you or anybody in particular is lying, and I agree that any information that can be legally obtained to deal with scams/fraud, including WHOIS data is a valid source. The original subject clearly states that the WHOIS data was the enabling factor to unmask this particular group, that affirmation is what does not convince me.
The current WHOIS rules say that the WHOIS info has to be correct. The various WHOIS privacy services list debatably "correct" info.
Then what's all the fuss about ? who is breaking the rules ? Regards Jorge
The original subject clearly states that the WHOIS data was the enabling factor to unmask this particular group, that affirmation is what does not convince me.
Well, OK, let's flip it around. Beau and I have told you that we use WHOIS to deal with scams and frauds all the time. Why don't you believe us? Do we have some reason to lie about it?
The current WHOIS rules say that the WHOIS info has to be correct. The various WHOIS privacy services list debatably "correct" info.
Then what's all the fuss about ? who is breaking the rules ?
Large numbers of registrants who put in false information, of course. If I sound exasperated, it's because I am baffled that so many people seem to believe that the DNS should be run for the convenience of vanity registrants (of whom I am one) rather than for the benefit of Internet users. R's, John
The original subject clearly states that the WHOIS data was the enabling factor to unmask this particular group, that affirmation is what does not convince me.
Well, OK, let's flip it around. Beau and I have told you that we use WHOIS to deal with scams and frauds all the time. Why don't you believe us? Do we have some reason to lie about it?
The current WHOIS rules say that the WHOIS info has to be correct. The various WHOIS privacy services list debatably "correct" info.
Then what's all the fuss about ? who is breaking the rules ?
Large numbers of registrants who put in false information, of course.
Perhaps I put false information because I don't want people noseying around my private information. If I break the law, let law enforcement deal with me. And I don't think your lying, I know people who use whois in the way your describing. But if you (and they) are to have access to my personal information, I'd like to know who you are, what your interest is, how you will handle the data you collect (following which privacy regulations, Japan's?) Adam
If I sound exasperated, it's because I am baffled that so many people seem to believe that the DNS should be run for the convenience of vanity registrants (of whom I am one) rather than for the benefit of Internet users.
R's, John
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann...
At-Large Official Site: http://atlarge.icann.org
The original subject clearly states that the WHOIS data was the enabling factor to unmask this particular group, that affirmation is what does not convince me.
Well, OK, let's flip it around. Beau and I have told you that we use WHOIS to deal with scams and frauds all the time. Why don't you believe us? Do we have some reason to lie about it?
The current WHOIS rules say that the WHOIS info has to be correct. The various WHOIS privacy services list debatably "correct" info.
Then what's all the fuss about ? who is breaking the rules ?
Large numbers of registrants who put in false information, of course.
Perhaps I put false information because I don't want people noseying around my private information.
If I break the law, let law enforcement deal with me.
And I don't think your lying, I know people who use whois in the way your describing. But if you (and they) are to have access to my personal information, I'd like to know who you are, what your interest is, how you will handle the data you collect (following which privacy regulations, Japan's?)
Adam
The rules, read contract, states that YOU are supposed to put YOUR real information there! I use this information to track down spammers. I know of one spamming company that when sued, switched their whois to be a private service, to escape judgment. As far as legal process and investigations it does not work like that. To get the law enforcement to take action, it has to be shown that there is sufficient numbers/harm present to take action. This applies to individual/civil actions. Without accurate public whois information, how does one determine if the 1000 spam received is from one bad spammer or from 1000 different people who mad a mistake? Should I file a lawsuit for 1 spam? Should the FTC start an investigation over 1 spam? If you want to use a privacy service, then the privacy service should accept liability for your actions. For an invid
Perhaps I put false information because I don't want people noseying around my private information.
That's fine, then your registrar tells you to fix it or cancels your registration under the WDPRS rules.
If I break the law, let law enforcement deal with me.
Indeed. Eventually. Not everything that is anti-social is or should be illegal, and every society has a range of sanctions below those that involve policemen and courts.
And I don't think your lying, I know people who use whois in the way your describing. But if you (and they) are to have access to my personal information, I'd like to know who you are, what your interest is, how you will handle the data you collect (following which privacy regulations, Japan's?)
Once again, I am baffled at the assumption that the Internet should be run for the benefit of us vanity domain registrants rather than for the benefit of its users. We're already seeing increasing amounts of preemptive blacklisting of ESPs (mail service bureaus) whose customers send annoying mail, even though that blocks a fair amount of less annoying mail, too. Given how annoying domains with anonymous or false WHOIS info tend to be, I expect we'll be seeing increasing amounts of preemptive blacklisting there, too. You don't have to say who you are, but we don't have to accept your traffic. R's, John
Once again, I am baffled at the assumption that the Internet should be run for the benefit of us vanity domain registrants rather than for the benefit of its users.
Unfortunately the Internet is being run and has been run for many years for the benefit of service providers (not just access providers) and its shareholders, user's interests are at the bottom and rarely get to higher levels in the bottom-up process, particularly at ICANN. My .02 Jorge
Once again, I am baffled at the assumption that the Internet should be run for the benefit of us vanity domain registrants rather than for the benefit of its users.
Unfortunately the Internet is being run and has been run for many years for the benefit of service providers (not just access providers) and its shareholders, user's interests are at the bottom and rarely get to higher levels in the bottom-up process, particularly at ICANN.
I concur with the sentiment that the Internet should be run for the benefit of its users. But since about 99.99% of those users haven't registered a domain and never will, why does anyone thing that the interests of the .01% with domains is more important than the interests of everyone else? Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
Once again, I am baffled at the assumption that the Internet should be run for the benefit of us vanity domain registrants rather than for the benefit of its users.
Unfortunately the Internet is being run and has been run for many years for the benefit of service providers (not just access providers) and its shareholders, user's interests are at the bottom and rarely get to higher levels in the bottom-up process, particularly at ICANN.
I concur with the sentiment that the Internet should be run for the benefit of its users. But since about 99.99% of those users haven't registered a domain and never will, why does anyone thing that the interests of the .01% with domains is more important than the interests of everyone else?
May be we have to blame you for writing the book, now the Internet is full of Dummies and they are taking over :-). Just kidding. I'd argue that probably the percentage is higher than 0.01%, but yes you are right, the majority of Internet users interests are not represented or are miss-represented. OK, lets talk a little bit about representation and how much the average Internet user knows about ICANN ... Over the past few days while jogging, shopping at the supermarket, picking up the kids from school, talking with the neighbors, etc., I did the following exercise, randomly and without previous notice I asked people (around 80 total) the following two questions: (just for completeness I did this in the north area of San Antonio, Texas) 1- Do you use the Internet frequently ? 2- Do you know what is ICANN ? - Only one guy answered NO to 1, and he said that he does not use the Internet because he believes it's a plot of the CIA and an alien race to suck up all the information from our brains. I should have noticed the JD smell on his breath before asking :-S - Five, said, of course "Yes we can", Go Obama ???? - One said, "Ohhh those guys that committed fraud on the presidential primaries", they were talking about "Acorn" I believe - Another one said "I think I made some photocopies there", I believe she was talking about "Ikon" - Two said "Yess we love him and are big fans of Clay Aiken" ... duhhhh - The rest didn't have a clue besides one guy that said "Ahhh those dudes from AOL that give you the email address", at least this one was several hundred miles away but pointing in the right direction Besides the first guy that was ready to go for another drink, I took the time to explain to them what ICANN is and gave them ICANN's URL for additional information. Probably it would be a good idea to make the Home Page more "Joe the Plumber" friendly for people that are not already part of the ICANN community. I really liked the video production about IDNs, perhaps ICANN can produce something similar to introduce the general public about what ICANN is and does. Talking about percentages, and assuming that At-Large (as it is claimed) is the natural and largest constituency representing individual users I took the time to go through the current list of "certified/accredited" ALSs posted at http://www.atlarge.icann.org/en/applications?tid_1=All&tid_2=791 and reviewed the associated documents, and put together a spreadsheet with some info, numbers, URLs, etc. First observation. While all ALSs use the same or very similar template, there is no uniformity or "standard" in the way the information is provided, for example, it's almost impossible to ascertain how many actual/active members some ALSs have, some consider members just their "clients", others the subscribers to a magazine or mailing list, some intentionally or not, don't provide much information about how many members they have, some have a large number of members but it's not clear how many are active and engaged. Anyway, from the 113 I took a look at, I assumed that if no reasonable number of members was reported it was ok to assume that just the person presenting the application or the people listed as directors or other type of organizational role can be counted as members. Then lets says that being members of the ALSs makes you an "Internet user", plus that AFAIK some RALOs also accept individual members at a bare minimum I came up to a 60,734 number of members/users. What's the guesstimate of Internet users today, lets say around 1.6 billion ? That's not bad, that makes At-Large about 0.0038% representative of individual Internet users. Another observation, you would guess that being part of the major entity coordinating common resources and infrastructure of the Internet almost all of the ALSs use the Internet/Web as the primary way to reach out and communicate to its members. Not so fast. For a representative sample I invite you to pay a visit to the following sites: http://www.nexti.eti.br/ http://www.ofokngo.org/ http://www.internautavenezuela.ve/ http://www.isocindiachennai.in/ http://www.cdnua.org.cn/ http://www.macsis.ma/ http://www.densi.com.br/ http://www.cpvi.groupe-jeremie.org/ http://www.emergingfutures.net/ http://afcn.org/ http://www.itps.org/ http://www.uwi.edu/ http://www.amio.maori.nz/ http://privaterra.org/ http://www.hiip.org/ http://www.iunet.org/ http://americaatlarge.org/ http://americaatlarge.com/ http://AmericaAtLarge.net/ http://americaatlarge.us/ http://americaalarge.com/ http://americaalarge.net/ http://americaalarge.org/ http://americaalarge.us/ http://www.al-china.org.cn/ http://www.hess-cr.com/~acdi/ I didn't spend too much time on each website, but on top of that if you get to visit some of the sites listed on each application, you will find that on some of them the latests news or events are from 2007, 2008, even 2005 !! Another thing that always amused me, even when in most parts of the world nobility titles have been abolished, how fast some folks become "chair of this", "president of that", etc. Then talking about accountability and bad actors, shouldn't we start cleaning up at home ? Does anybody at ICANN perform regular audits ? and isn't the ALS certification process way too lax .... ? Hope you all have a wonderful Holiday Season and great start on 2010, perhaps the new year will bring a substantial reduction in BS and better hopes for an organization that still needs a lot of improvement. Warmest Regards Jorge PS. If you like a copy of the spreadsheet is available for a nominal fee of one gTLD.
OK, lets talk a little bit about representation and how much the average Internet user knows about ICANN ...
Your estimates of how much the average user knows about ICANN, to wit, nothing, sounds right to me.
Then talking about accountability and bad actors, shouldn't we start cleaning up at home ?
Sure. But surely you're not saying that we have to choose between improving the ALAC and ALS processes on the one hand, and working for the interests of Internet users on the other. Let's do both. R's, John
On 12/17/2009 07:14 PM, John R. Levine wrote: I know people who use WHOIS info to deal with scams and frauds on a
daily basis. If you're saying that we're lying, it's hard to have a discussion.
Vigilante justice was also used at times to deal with scams and frauds, but we've learned that that kind of rough process meant that innocent people were too often strung-up along with the horse thieves. Kafka's book "The Trial" begins with a line saying that someone, someone who is never identified, has been asking unknown questions about Joseph K. Whois is right out of Kafka - unknown people dig through our private information for unknown reasons (although clearly the trademark people do it a lot to make accusations.) It would make sense, and also meet a modicum of polite behaviour, if those who are making inquiries into whois left a calling card so that those who are being data-mined at least know the identity of the data-miner. To be a bit more explicit: Whois access rules should be such that anyone who accesses the whois data should be required, as a pre-condition, to: 1. Leave their own identity and contact information, along with authentication of that identity and contact information. 2. Leave a statement stating the particulars, reasons, and factual basis upon which they are making the inquiry - if they can not state reasons then access ought to be denied. This list of reasons and facts could serve a kind of estoppel function should the data-miner use the whois data for another reason. 3. Agree to a privacy policy, with third party beneficiary rights in the data subject, that strongly restricts what use may be made of the data and requiring destruction of the copied data after a period of time. This information should be sent to the data subject so that the domain name owner can know, unlike the unfortunate Joseph K., who is asking questions about him and why. And a summary list of those making data inquiries should be periodically published to the public so that we all can see who are those who are making a large number of whois inquiries and thus who we might reasonably begin to suspect of data mining. --karl--
On Thu, 17 Dec 2009 10:52:43 -0500 (GMT-05:00), Beau Brendler <beaubrendler@earthlink.net> wrote:
Some people I know have been trying to figure out, without success, who is funding the health care front group U.S. Citizens Association. One look at a few registration records did the trick:
http://www.walletpop.com/blog/2009/12/16/why-these-u-s-citizens-serve-as-a-g...
Law enforcement, by the way, wouldn't care about unmasking front groups. Even in its current state, WHOIS data still can be useful.
Actually, you used the WHOIS for what it was not designed for originally , ie identify a domain name holder to report technical issues with his/her domain name/DNS server, etc. I am glad you unmasked a front group using WHOIS, but at the same time, it seems that the problem is defective legislation related to different kinds of US not-for-profits, which does not mandate enough transparency. So, WHOIS is the wrong answer to this issue. In many European countries, for example, there is a legal obligation that web sites carry a page listing the contact details of the publisher. For my ALS, this is http://www.isoc.lu/l-association/coordonnees and it even includes the association registration number. Speaking as an individual, natural person, needless to say I agree with Adam's comments. I would also like to know who queries my WHOIS records, in what capacity and what they intend to do with the data. But I agree that companies should not be allowed to use proxy services. After all, transparency is a key element in the trust relationship between a consumer and a service/goods provider, and especially those asking for donations. The main issue I see in the ICANN context is that proxy and privacy services are totally unregulated, unlike registry and registrars. We need a proper framework and rules for these services, as well as a signed agreement with ICANN. This would help eliminate bad actors in the proxy/privacy services fields. Patrick -- Blog: http://patrick.vande-walle.eu Twitter: http://twitter.vande-walle.eu
I agree with Karl, Adam, and Patrick, it won't take too long to anybody to find my contact information without using WHOIS, the only reason why I chose to keep my WHOIS data private is because I want to know who is asking for it. And Patrick is very right to point that WHOIS (as the DNS too) is being used for something it was not intended or designed for, and not to unmask crime or facilitate the life of trademark protectors and vigilantes. If there are "accredited" registrars that enable criminals or let people register a domain name with phony information just because it's incremental revenue, IMHO regardless of WHOIS, they are the ones that are first breaking the "rules" (ie registrar agreement) and they should provide if required and following a proper process that includes notifying the registrant that somebody is looking for its contact information, and if law enforcement has an "order" to obtain the information they would probably have to release it without consent from the registrant. Also, there will still be loopholes because the name space has and will continue to have some segments, like particular ccTLDs that don't have an agreement and will probably never have, and that give a squat about WHOIS. My .02 Jorge
On 12/18/2009 03:05 AM, Patrick Vande Walle wrote:
In many European countries, for example, there is a legal obligation that web sites carry a page listing the contact details of the publisher. For my ALS, this is http://www.isoc.lu/l-association/coordonnees and it even includes the association registration number.
As one who makes a strong distinction between the web and the internet I find such a legal obligation to be somewhat different than "whois". Particularly in that at least the rule you mention gives the website owner control of exactly what is published and at least there is a log created of what IP addresses (and browser and referrer record and timestamp) fetched that page. "whois" pertains to domain names (let's leave out of the dicussion the separate "whois" for IP addresses.) That rule about website contact information pertains to that different abstraction of the HTTP[S] based web. At that level of domain names it has been suggested that a solution better than "whois" is to us DNS itself. In particular it has been suggested that people set up "whois.example.TLD" TXT records in their zone files sort of like this:
whois.cavebear.com. 172800 IN TXT "fax-number: +1.831.xxx.xxxx" whois.cavebear.com. 172800 IN TXT "address-3: USA" whois.cavebear.com. 172800 IN TXT "phone-number: +1.831.xxx.xxx" whois.cavebear.com. 172800 IN TXT "other-stuff: This site is operated by Karl Auerbach" whois.cavebear.com. 172800 IN TXT "address-1: xxx xxxxxxx xxx" whois.cavebear.com. 172800 IN TXT "address-2: Santa Cruz, CA 95060-1500" whois.cavebear.com. 172800 IN TXT "company-name: CaveBear"
(Some people have suggested a bit more structure for the text.) Regarding the history of "whois" - back in the early 1970's there weren't a lot of us on the net. There were various "handbooks" (such as the ARPAnet handbook) that were paper, and later electronic, listings of our names, work addresses, and email addresses. It was sort of like a roster for a club. It wasn't created for the purpose of reporting technical issue. The purpose was much more broad; the purpose was to allow us to collaborate on anything from technical issues to ordering pizza. The important point was that there was an implicit assumption that we were all colleagues. We've lost that assumption as whois grew from what was in essence a club roster into a worldwide database of personally identifiable information. --karl--
Actually, you used the WHOIS for what it was not designed for originally , ie identify a domain name holder to report technical issues with his/her domain name/DNS server, etc.
Hmmn. Could you point to the documentation of this most implausible claim, preferably back in the early 1990s when it first was an issue?
The main issue I see in the ICANN context is that proxy and privacy services are totally unregulated, unlike registry and registrars. We need a proper framework and rules for these services, as well as a signed agreement with ICANN. This would help eliminate bad actors in the proxy/privacy services fields.
Actually, I agree. Since the proxy service is the listed owner of its domains, it should be clear that they bear responsibility for what the domain's users do. This is consistent with the way nominees work in the real world. R's, John
Since the proxy service is the listed owner of its domains, it should be clear that they bear responsibility for what the domain's users do. This is consistent with the way nominees work in the real world.
The better analogy is that the privacy service is the agent for service of process. It's a conduit for correspondence and a point of contact. Nothing more. Bret
On Fri, Dec 18, 2009 at 1:44 PM, John R. Levine <johnl@iecc.com> wrote:
Actually, you used the WHOIS for what it was not designed for originally , ie identify a domain name holder to report technical issues with his/her domain name/DNS server, etc.
Hmmn. Could you point to the documentation of this most implausible claim, preferably back in the early 1990s when it first was an issue?
About the original use/intent of WHOIS: http://tools.ietf.org/html/rfc812 Regards Jorge
On 12/18/2009 12:08 PM, Jorge Amodio wrote:
About the original use/intent of WHOIS: http://tools.ietf.org/html/rfc812
We had ARPAnet handbooks with all of our names and contact info nearly a decade before the 1982 date of that RFC. But there is a deeper issue here... John L. says that whois info is required by our domain name registration contract with a registrar. That is true. But those terms are imposed by a worldwide monopoly, ICANN, in which we domain name users have effectively no voice even though that organization has legal existence and tax exemptions for the purpose of acting for the benefit of the public. The issue here is not the contract terms themselves but, rather, the fact that even after more than a decade of existence, ICANN is not accountable to the public. Even after a decade ICANN acts more like an enforcement arm of the intellectual property protection industry and a money pump for the domain name registrar community than it does as a protector of the public interest. If internet users had a real voice in the setting of those terms in the contract, and if ICANN were to be able to excuse itself from restraint-of-trade laws, then perhaps I (and perhaps some others) might be willing to accept the whois rules in the contracts. But absent accountability, absent a role for users to have a role in the making of those contract terms, and absent a reason to excuse ICANN's restraint of an open and competitive marketplace, then those contract terms should be treated more as the diktat of an overlord than negotiated contract-terms. --karl--
Patrick Vande Walle wrote:
On Thu, 17 Dec 2009 10:52:43 -0500 (GMT-05:00), Beau Brendler <beaubrendler@earthlink.net> wrote:
Some people I know have been trying to figure out, without success, who is funding the health care front group U.S. Citizens Association. One look at a few registration records did the trick:
http://www.walletpop.com/blog/2009/12/16/why-these-u-s-citizens-serve-as-a-g...
Law enforcement, by the way, wouldn't care about unmasking front groups. Even in its current state, WHOIS data still can be useful.
Actually, you used the WHOIS for what it was not designed for originally , ie identify a domain name holder to report technical issues with his/her domain name/DNS server, etc. I am glad you unmasked a front group using WHOIS, but at the same time, it seems that the problem is defective legislation related to different kinds of US not-for-profits, which does not mandate enough transparency. So, WHOIS is the wrong answer to this issue.
Actually, the internet was not designed to protect innocent users from bad actors deliberately targeting them and the internet in general the devastating effects that would have down the line. In fact there is no official way of identifying the perpetrators. WHOIS is the nearest approximation of only one of the methods of identification we have, be the WHOIS details fake or using identity theft. However each of the methods in itself may not be conclusive but is only one bit of the evidence trail. Nonetheless WHOIS details playing and important part in the evidence trail. However do not believe me, speak to your law enforcement officials.
In many European countries, for example, there is a legal obligation that web sites carry a page listing the contact details of the publisher. For my ALS, this is http://www.isoc.lu/l-association/coordonnees and it even includes the association registration number.
Speaking as an individual, natural person, needless to say I agree with Adam's comments. I would also like to know who queries my WHOIS records, in what capacity and what they intend to do with the data. But I agree that companies should not be allowed to use proxy services. After all, transparency is a key element in the trust relationship between a consumer and a service/goods provider, and especially those asking for donations.
While I would agree with you, this would also be a red flag for bad actors to change identity. In fact a major part of the learning process for bad actors is abuse reports forwarded to them by ignorant trusting service providers.
The main issue I see in the ICANN context is that proxy and privacy services are totally unregulated, unlike registry and registrars. We need a proper framework and rules for these services, as well as a signed agreement with ICANN. This would help eliminate bad actors in the proxy/privacy services fields.
Agreed, totally and absolutely. Privacy and proxy providers should not equate to unaccountability.
Patrick
Derek
participants (9)
-
Adam Peake -
Beau Brendler -
Bill Silverstein -
Bret Fausett -
Derek Smythe -
John R. Levine -
Jorge Amodio -
Karl Auerbach -
Patrick Vande Walle