There are two ways to use the Internet: one is to be very open with your identity (you are Dom Hetzel, and a quick Google search finds where you work and a picture of your face, unless that's a different Dom Hetzel) and the other is to be secretive about your identity (I am (currently) "immibis" (and you only see that in the headers) - that seems like some random letters and not a real person's name. Do I even have a face?). There's not really an in-between option. There's no "not skanky but also not publishing my full name and address to the whole world".
Some people seem to default to the former and some to the latter. Possibly based on getting burned in the past or seeing others get burned. Possibly a generational gap. You mentioned your domain has been around for a very long time. I heard there was once a time on the Internet when strangers were generally trustworthy. My registrar knows my real name and address, but it's not published in WHOIS since they (like most registrars one might use for a personal website) offer free WHOIS privacy. I'm not going out of my way to buy a domain from a shady registrar with Bitcoin, but I'm also only giving my personal info to trustworthy companies and not the entire Internet. I presume there are at least one or two things you ever thought about putting on your personal domain, but didn't because the whole world would be able to associate it with your full name and address. On 20 July 2025 1:46:09 am GMT+02:00, Dorn Hetzel via NANOG <nanog@lists.nanog.org> wrote: >None of my personal domains have any sort of privacy turned on, never have >(it didn't exist when the oldest ones were registered via SRI), and never >will. >Personally, it feels skanky to do it, but I guess that's just one opinion. > > >On Sat, Jul 19, 2025 at 7:39 PM Gary Sparkes via NANOG < >nanog@lists.nanog.org> wrote: > >> Cloudflare and Namecheap default to privacy, and don't charge for it. >> >> -----Original Message----- >> From: Mel Beckman via NANOG <nanog@lists.nanog.org> >> Sent: Saturday, July 19, 2025 7:11 PM >> To: nanog@lists.nanog.org >> Cc: b...@theworld.com; nanog@lists.nanog.org; Mel Beckman <m...@beckman.org> >> Subject: Re: GoDaddy deleting most ancillary registration contact >> information >> >> > On Jul 19, 2025, at 2:03 PM, David Conrad via NANOG < >> nanog@lists.nanog.org> wrote: >> > I believe it is the result of most if not all Registrars defaulting to >> “privacy” for registrations since GDPR was enacted. >> >> David, >> >> Most if not all? I don’t know of any registrars that default to “privacy” >> for registrations. In fact, the all sell it as an add-on option that you >> have to explicitly accept and agree to pay for. >> >> It seems like registrars are doing this to just reduce the amount of data >> they’re responsible to maintain, while not reducing costs one iota. >> >> I’ll bet if the FTC, or whoever, mandated that this reduced level of >> service required a refund to existing registrants, we’d find exactly how >> much non-European Registrars really respect the GPDR! >> >> -mel via cell >> >> > Barry, >> > >> >> On Jul 19, 2025, at 11:50 AM, b...@theworld.com wrote: >> >>> On July 18, 2025 at 19:39 nanog@lists.nanog.org (David Conrad via >> NANOG) wrote: >> >>> My somewhat cynical answer: if you relied on domain (and likely IP >> address/ASN in the future) registration data, it might be worthwhile >> figuring out alternatives to that reliance. Les cynically: pragmatically, >> given the vast majority of contact information these days points to privacy >> providers or is redacted, I’m unclear there will be significant impact — >> the data is already pretty useless. >> >> Even if 90% were useless it would still be of use, possibly >> >> critically, in the other 10% of cases and I don't think it's anywhere >> >> near 90%. >> > >> > I’ve not done an exhaustive survey myself, but the “majority of contact >> information” comment was taken from my interactions with law enforcement >> and I believe it is the result of most if not all Registrars defaulting to >> “privacy” for registrations since GDPR was enacted. However, since the law >> enforcement folks I deal with are mostly interested in current activities, >> e.g., phish/botnet/etc., it’s likely they focus on recently registered >> domains so there may be a selection bias. As such, I won’t argue the point. >> > >> >> Particularly if one can consider legitimate "privacy providers" >> >> useful as they can be contacted, subpoenaed, etc. which you seem to >> >> count as being in the "useless" category. >> > >> > As mentioned, ICANN still requires registrars to collect valid contact >> information, however that information is not provided to the public as it >> once was. It is, of course, still subject to subpoena/court order >> (depending on jurisdiction, of course) and it’s theoretically possible, if >> you can make your case to the registrar, that they’ll provide registration >> information to you if you can demonstrate “legitimate interest” (at the >> registrar’s discretion and risk, of course). >> > >> >> Whatever happened to "if your registration data is fraudulent, >> >> obsolete, or incorrect you stand to have your registration canceled"? >> > >> > AFAIK, it remains a contractual requirement despite ICANN undertaking a >> law suit in Germany to enforce it for admin-c and tech-c and losing (if >> interested, see >> https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-icann-against-german-domain-registrar-highlights >> ). >> > >> > However, this gets into an “interesting” (or “infuriating”, depending on >> your POV) discussion about what contact information “accuracy” means. ICANN >> Accredited Registrars’ view (which I provide without comment) is at >> https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registration-Data-Accuracy-March-2024.pdf >> . >> > >> >> This seems like an admission that this policy was not enforced. >> > >> > >> > Not sure how you got there. Registrars (or their lawyers) will (have, >> and do) argue that they abide by the policy (see the Registrar’s position >> above). ICANN Contractual Compliance argues that they enforce the policy >> (see pretty much any statement by the head of ICANN CC). I have my >> opinions, but they’re not particularly relevant. Since GDPR, the flagging >> of inaccurate registration has unsurprisingly tanked, so it’s difficult for >> the public to determine if registration information is accurate or >> inaccurate (for whatever value of the variable “accurate" you want to use). >> Perhaps somewhat relevant, see sections 5.2 and 6.4 of >> https://www.icann.org/en/system/files/files/inferential-analysis-maliciously-registered-domains-08nov24-en.pdf, >> but that probably doesn’t help that much. >> > >> > Regards, >> > -drc >> > >> > _______________________________________________ >> > NANOG mailing list >> > https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/VT >> > C33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/ >> > <signature.asc> >> _______________________________________________ >> NANOG mailing list >> >> https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/VFIPBHSKZYDFMKRT5RRMPCGMIESCXUZ6/ >> _______________________________________________ >> NANOG mailing list >> >> https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/EX7HBCA5RDMPXEZ3R4RSOWU33RS242AD/ >_______________________________________________ >NANOG mailing list >https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/H2JC46XX6B4TOLBK5LDBFKK63LCJMRCL/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/PEK25AWEVMQFWAHMOFZJ5WHVI33BV4AS/
