On 03/25/2017 06:36 AM, Michael Orlitzky wrote:
On 03/24/2017 09:44 PM, John Levine wrote:
Sure, but the arguments we're seeing at ICANN are way beyond
reasonable. Everyone thinks it's important to protect the personal
information of people, but most domains are not registered by people.
That's a self-fulfilling prophecy. How many of those are registered by
people who didn't want their home address publicly listed?
Agreed, data is needed here to make intelligent decisions.
How many people are spammed from having their email address listed?
Wrong question. :) "How many spams do people receive where their e-mail
address was retrieved from whois?" is the right question. The answer to
the first is 100%, but that's not meaningful. I use a different e-mail
address on my whois contacts on purpose for just this reason. I get
10-20 messages a day flagged by spamassassin, and about half that which
SA misses for some reason. Easily 99.9% of those are to my e-mail
addresses which are publicly available on the Internet. I get a handful
a month to my whois contact address. (And less than that to my PGP key
spamtrap addresses, for what that's worth.)
The spammers themselves have said that trolling whois for addresses is
not valuable to them because they can get so many more addresses so much
cheaper from other sources. Spam researchers have repeatedly validated
this.
When it comes to privacy I'm much more concerned about the most
vulnerable folks not being required to publish their residential address
and personal phone number in whois. Those actually can be serious
threats, up to and including physical harm for some.
How many get scammed by the domain-renewal scumbags?
A lot? Probably? But that's part of being a domain holder. IMO the
registrars should be doing a better job of educating the users.
How many people have
been harassed at home for something they wrote on a blog? Has anyone
been killed?
There are numerous examples of the first, I'm not aware of any examples
of the second, but it's only a matter of time.
I'm in favor of privacy being an optional feature, as it is now, where
registrars (or the privacy-providing party) take on a legal obligation
to pass all communications to the registrant within 24 hours. Most folks
don't need that, but the ones who do need it should have it.
Can someone
list the ways that the WHOIS data is used for good?
Sure. :) I work with companies all the time who are interested in
procuring domain names for new projects, campaigns, etc.; and want to
know who's already registered what, where.
I also work with companies that want to take action against bad actors
who are using "confusingly similar" domains to spread malware, porn,
etc. (Usually ending in a UDRP case)
And to John's objection to privacy for companies in another message,
your outlook is unrealistic. It's often very important to secure names
in advance for a project that hasn't been publicly announced (because
once it's announced the speculators will swoop in). Not being able to
mask ownership information for these domains, prior to the announcement,
would be a serious business risk, and serve to stifle innovation around
domain names.
hope this helps,
Doug
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
