ICANNWatch | WHOIS in a .name? It'll cost you to find out

WHOIS in a .name? It'll cost you to find out
posted by tbyfield on Tuesday October 09 2007, @04:10PM

fnord writes "As Milton Meuller pointed out, the most recent attempt by the various stakeholders failed (again) to come up with a consensus on the thorny question of what should go into ICANN's TLDs' WHOIS and how/when/why/who can access it. If I'm reading him right, but for a difference between competing monetary interests, us privacy advocates (for whom monetary concerns are tangential) could have lost out. Now, in a delicious irony, that mysterious invisible hand of the free market has come along to give those seeking privacy more than they could hope for, for free. The .name registry is now charging $2 for others to access its WHOIS and (far more mysteriously, at least to this scribe) ICANN is already saying that they have no problem with it.

On first reading this I wondered if I'd woken to an alternate universe or slept until April first. Is this the same ICANN we've come to know and... well, watch? The IP interests have always been the tail that wags the ICANN dog. They want our shoe sizes in the WHOIS just to register my.kewl-domain.name lest we cost them money should said shoes appear to trespass on their intellectual property, intentionally or otherwise.

Now the shoe appears to be on the other foot. Instead of me having to pay (much more than $2) for some service to maintain my WHOIS privacy so as to cut down on spammers and other crazies (which cost me in time), even though all I want to do is put up pictures of my (I assume) non-trademark infringing kewl cat, now (finally) those IP weenies (who arrived unfashionably late to the internet party and then started throwing their weight around) will have to pony up some time and money to go fishing in the WHOIS.

Why all the animal references? I just realized I am in the same reality, the same ICANN zoo. This current ICANN position is no different from any other, it wasn't arrived at by consensus, it just fell full blown from Olympus. I suspect the ICANN board will be as surprised to hear of this as I was. The only difference in this case is that for once we great unwashed seem to benefit from it. Perhaps Milton can tell us whether such a position was even discussed in the extensive recent WHOIS discussions, is it an accident that this is showing up only after the close of months of work.

Some comments about the comments in the WiReD article:

...a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams.

What consensus appointed security researchers the internet police (they often don't even agree amongst themselves)? And most hackers and scammers (normally two different animals) are unlikely to give correct information anyway. Whatever nastiness they're up to, it probably carries stiffer penalties than fudging their WHOIS data, and that does't stop them. Hell, I don't provide accurate data and never have and have never been called on it for countless domains, going back to when registration was free. I always knew that this internet thing should be taken with a dash of paranoia. The only accurate data I provide is a valid email address and for that I use a address unique to that domain, and with a good spam filter.

"Just imagine you get a call from us telling you about a problem and offering help to fix it, versus you getting a call from your ISP informing you they shut down your server due to a breach of policy," Frantzen said.

If I got a call from Frantzen I'd tell him to take a hike and mind his own business or I'll call the real authorities, or if in an extremely charitable frame of mind, I'd ask for his home phone and address and maybe I'd get back to him... maybe. Let me get this straight, we need a public WHOIS so as to become magnets for spam, IP lawyers, and now overzealous strangers who'll bypass my spam filter (at first). Great. If someone has hacked my site and my ISP (more accurately, my hosting company) shuts me down without notifying me (because they have my contact info elsewhere, and it isn't public), then I'd change ISP's. Most ISP's don't act that rashly, and the hack would be their responsibility anyway, the attack would be targetting their server. So again, I'd change ISP's. This is so much FUD.

Karen Lentz, ICANN's domain registrar liaison, says that GNR is allowed to keep the data behind a paid firewall as part of its contract with ICANN, and to comply with British privacy laws.

The reference to the contract needs more looking into. Is this only in .name's contract as they are more or less by definition for individuals? If not, VeriSign and/or other registries will be laughing all the way to the bank (again). Or was the reference to the 'paid' firewall was intended to mean that the registrant would pay for it, as has to date been the case. If so, this truly is a delicious irony. The reference to privacy laws strikes me as suspect. You're allowed privacy by law but if someone pays $2 it supercedes the law? I doubt it.

And finally to the Internet Storm Center Swa Frantzen's comments he states:

I can be sympathetic to privacy, but if you have something to say (email, web, ... something that needs a domainname) I want to have the right to know who you are and I want those giving you the domainname to verify you are who you are before letting you have the domainname.

This is the crux of it, unless Frantzen is the one selling me the domain name I don't see what business it is of his. That's between me and the registry/registrar/hosting co. He wants the right to know who I am. Too bad, someone can reply to my comments here anonymously and while I may not like it I have no right to change it. I'll get over it. As if we don't have enough of the grey suit IP crowd running around, now we've got well-meaning but misguided grey hats too. Just another recipe for disaster. Hello, you don't know me, but I'm a white hat hacker calling because you have a problem with your site and I want to help you fix it. It's called social engineering, look into it. Perhaps the Internet Storm Center could shorten its name to iFEMA. -g"

ICANNWatch Login

[ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

Related Links

· VeriSign/NSI
· ICANN
· WiReD
· comments
· social engineering
· fnord
· pointed
· invisible hand
· now
· saying
· More Privacy stories
· Also by tbyfield

This discussion has been archived. No new comments can be posted.

WHOIS in a .name? It'll cost you to find out | Log in/Create an Account | Top | 1 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

WHOIS to ride into sunset?
by fnord ({groy2k} {at} {yahoo.com}) on Tuesday October 30 2007, @08:43PM (#16969)
User #2810 Info

Canada's Globe and Mail has an article [theglobeandmail.com] on a new sunset arrangement being discussed for WHOIS. It's also covered on slashdot [slashdot.org] and elsewhere. This should be interesting. Sorry about misspelling your name, Milton. -g

[ Reply to This | Parent ]

Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com