Cloudflare and Namecheap default to privacy, and don't charge for it. -----Original Message----- From: Mel Beckman via NANOG <[email protected]> Sent: Saturday, July 19, 2025 7:11 PM To: [email protected] Cc: [email protected]; [email protected]; Mel Beckman <[email protected]> Subject: Re: GoDaddy deleting most ancillary registration contact information
> On Jul 19, 2025, at 2:03 PM, David Conrad via NANOG <[email protected]> > wrote: > I believe it is the result of most if not all Registrars defaulting to > “privacy” for registrations since GDPR was enacted. David, Most if not all? I don’t know of any registrars that default to “privacy” for registrations. In fact, the all sell it as an add-on option that you have to explicitly accept and agree to pay for. It seems like registrars are doing this to just reduce the amount of data they’re responsible to maintain, while not reducing costs one iota. I’ll bet if the FTC, or whoever, mandated that this reduced level of service required a refund to existing registrants, we’d find exactly how much non-European Registrars really respect the GPDR! -mel via cell > Barry, > >> On Jul 19, 2025, at 11:50 AM, [email protected] wrote: >>> On July 18, 2025 at 19:39 [email protected] (David Conrad via NANOG) >>> wrote: >>> My somewhat cynical answer: if you relied on domain (and likely IP >>> address/ASN in the future) registration data, it might be worthwhile >>> figuring out alternatives to that reliance. Les cynically: pragmatically, >>> given the vast majority of contact information these days points to privacy >>> providers or is redacted, I’m unclear there will be significant impact — >>> the data is already pretty useless. >> Even if 90% were useless it would still be of use, possibly >> critically, in the other 10% of cases and I don't think it's anywhere >> near 90%. > > I’ve not done an exhaustive survey myself, but the “majority of contact > information” comment was taken from my interactions with law enforcement and > I believe it is the result of most if not all Registrars defaulting to > “privacy” for registrations since GDPR was enacted. However, since the law > enforcement folks I deal with are mostly interested in current activities, > e.g., phish/botnet/etc., it’s likely they focus on recently registered > domains so there may be a selection bias. As such, I won’t argue the point. > >> Particularly if one can consider legitimate "privacy providers" >> useful as they can be contacted, subpoenaed, etc. which you seem to >> count as being in the "useless" category. > > As mentioned, ICANN still requires registrars to collect valid contact > information, however that information is not provided to the public as it > once was. It is, of course, still subject to subpoena/court order (depending > on jurisdiction, of course) and it’s theoretically possible, if you can make > your case to the registrar, that they’ll provide registration information to > you if you can demonstrate “legitimate interest” (at the registrar’s > discretion and risk, of course). > >> Whatever happened to "if your registration data is fraudulent, >> obsolete, or incorrect you stand to have your registration canceled"? > > AFAIK, it remains a contractual requirement despite ICANN undertaking a law > suit in Germany to enforce it for admin-c and tech-c and losing (if > interested, see > https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-icann-against-german-domain-registrar-highlights). > > However, this gets into an “interesting” (or “infuriating”, depending on your > POV) discussion about what contact information “accuracy” means. ICANN > Accredited Registrars’ view (which I provide without comment) is at > https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registration-Data-Accuracy-March-2024.pdf. > >> This seems like an admission that this policy was not enforced. > > > Not sure how you got there. Registrars (or their lawyers) will (have, and do) > argue that they abide by the policy (see the Registrar’s position above). > ICANN Contractual Compliance argues that they enforce the policy (see pretty > much any statement by the head of ICANN CC). I have my opinions, but they’re > not particularly relevant. Since GDPR, the flagging of inaccurate > registration has unsurprisingly tanked, so it’s difficult for the public to > determine if registration information is accurate or inaccurate (for whatever > value of the variable “accurate" you want to use). Perhaps somewhat relevant, > see sections 5.2 and 6.4 of > https://www.icann.org/en/system/files/files/inferential-analysis-maliciously-registered-domains-08nov24-en.pdf, > but that probably doesn’t help that much. > > Regards, > -drc > > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/VT > C33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/ > <signature.asc> _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/VFIPBHSKZYDFMKRT5RRMPCGMIESCXUZ6/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/EX7HBCA5RDMPXEZ3R4RSOWU33RS242AD/
