On first reading this I wondered if I'd woken to an alternate universe or slept until April first. Is this the same ICANN we've come to know and... well, watch? The IP interests have always been the tail that wags the ICANN dog. They want our shoe sizes in the WHOIS just to register my.kewl-domain.name lest we cost them money should said shoes appear to trespass on their intellectual property, intentionally or otherwise.
Now the shoe appears to be on the other foot. Instead of me having to pay (much more than $2) for some service to maintain my WHOIS privacy so as to cut down on spammers and other crazies (which cost me in time), even though all I want to do is put up pictures of my (I assume) non-trademark infringing kewl cat, now (finally) those IP weenies (who arrived unfashionably late to the internet party and then started throwing their weight around) will have to pony up some time and money to go fishing in the WHOIS.
Why all the animal references? I just realized I am in the same reality, the same ICANN zoo. This current ICANN position is no different from any other, it wasn't arrived at by consensus, it just fell full blown from Olympus. I suspect the ICANN board will be as surprised to hear of this as I was. The only difference in this case is that for once we great unwashed seem to benefit from it. Perhaps Milton can tell us whether such a position was even discussed in the extensive recent WHOIS discussions, is it an accident that this is showing up only after the close of months of work.
Some comments about the comments in the WiReD article:
...a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams.
What consensus appointed security researchers the internet police (they often don't even agree amongst themselves)? And most hackers and scammers (normally two different animals) are unlikely to give correct information anyway. Whatever nastiness they're up to, it probably carries stiffer penalties than fudging their WHOIS data, and that does't stop them. Hell, I don't provide accurate data and never have and have never been called on it for countless domains, going back to when registration was free. I always knew that this internet thing should be taken with a dash of paranoia. The only accurate data I provide is a valid email address and for that I use a address unique to that domain, and with a good spam filter.
"Just imagine you get a call from us telling you about a problem and offering help to fix it, versus you getting a call from your ISP informing you they shut down your server due to a breach of policy," Frantzen said.
If I got a call from Frantzen I'd tell him to take a hike and mind his own business or I'll call the real authorities, or if in an extremely charitable frame of mind, I'd ask for his home phone and address and maybe I'd get back to him... maybe. Let me get this straight, we need a public WHOIS so as to become magnets for spam, IP lawyers, and now overzealous strangers who'll bypass my spam filter (at first). Great. If someone has hacked my site and my ISP (more accurately, my hosting company) shuts me down without notifying me (because they have my contact info elsewhere, and it isn't public), then I'd change ISP's. Most ISP's don't act that rashly, and the hack would be their responsibility anyway, the attack would be targetting their server. So again, I'd change ISP's. This is so much FUD.
Karen Lentz, ICANN's domain registrar liaison, says that GNR is allowed to keep the data behind a paid firewall as part of its contract with ICANN, and to comply with British privacy laws.
The reference to the contract needs more looking into. Is this only in .name's contract as they are more or less by definition for individuals? If not, VeriSign and/or other registries will be laughing all the way to the bank (again). Or was the reference to the 'paid' firewall was intended to mean that the registrant would pay for it, as has to date been the case. If so, this truly is a delicious irony. The reference to privacy laws strikes me as suspect. You're allowed privacy by law but if someone pays $2 it supercedes the law? I doubt it.
And finally to the Internet Storm Center Swa Frantzen's comments he states:
I can be sympathetic to privacy, but if you have something to say (email, web, ... something that needs a domainname) I want to have the right to know who you are and I want those giving you the domainname to verify you are who you are before letting you have the domainname.
This is the crux of it, unless Frantzen is the one selling me the domain name I don't see what business it is of his. That's between me and the registry/registrar/hosting co. He wants the right to know who I am. Too bad, someone can reply to my comments here anonymously and while I may not like it I have no right to change it. I'll get over it. As if we don't have enough of the grey suit IP crowd running around, now we've got well-meaning but misguided grey hats too. Just another recipe for disaster. Hello, you don't know me, but I'm a white hat hacker calling because you have a problem with your site and I want to help you fix it. It's called social engineering, look into it. Perhaps the Internet Storm Center could shorten its name to iFEMA. -g"