Those exposed 1.2 billion people are the Internet end users whom the ALAC  is trying to protect. Who is accountable for this exposure, who is responsible for the server which is causing the damage?

 

 

 

Still waiting for Facebook to publish a verified whois of their account holders ;-)

Best,

Volker

I don't want to disagree with someone from my own stakeholder group, but I don't understand how this is a "quick solution to the SSAD problem"? These services contain names, emails, and LinkedIn URLs - I don't see how these are substitutes for the data elements in Whois. And how are you even meant to know who to search for in one of these third-party services, absent the name of a registrant? These third-party services that pull in random data sets should be reigned in, not what we recommend others turn to locate/trace a registrant.

 

Ayden Férdeline 

 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Monday, December 9, 2019 3:44 AM, Mueller, Milton L <milton@gatech.edu> wrote:

 

I am wondering how many of the people involved in EPDP are familiar with data enrichment companies such as People Data Labs.

If you're not you may be amazed at how vast is the number of people encompassed in their records, and how many data points are aggregated in them. As we battle mightily over how much disclosure of measly Whois records we will allow and under what circumstances, it might be useful to take a look at this article, https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/  

 

There you will see a storehouse of names, email addresses, phone numbers, social media profile information and physical addresses for 1.2 billion people, all available for subscribers to this service and - in this bizarre case - all of it exposed to anyone with the right IP address due to a configuration error of an Elasticsearch server. 

 

 Based on my exposure to these data enrichment services, I think we may have found a quick solution to the SSAD problem. One could conclude that we don't need one at all, because any serious requestor can get a ton of data about virtually anyone on the internet - automatically, instantly - by using one of these services. 

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.. A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. www.dataviper.io

I'll leave you all with that thought. See you Tuesday.

 

Dr Milton L Mueller, Professor

School of Public Policy

Georgia Institute of Technology

Internet Governance Project 

 

 

_______________________________________________

Gnso-epdp-team mailing list

Gnso-epdp-team@icann.org

https://mm.icann.org/mailman/listinfo/gnso-epdp-team

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.