no whois info ?

• Previous message (by thread): no whois info ?
• Next message (by thread): no whois info ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rich Kulawiec wrote:

  > 1. Anyone controlling an operational resource (such as a domain) can't
> be anonymous.  This _in no way_ prevents anyone from doing things
> anonymously on the Internet: it just means that they can't control an
> operational resource, because that way lies madness.

As long as that person is contactable, why should it matter if they are 
anonymous?  If you get a quick response to 
abuse at some_anonymous_domain.net, does it REALLY matter to you if the 
person's name is Tom, John, or Susan?

There seem to be two definitions of "anonymous" floating around here. 
One seems to equal "no working contact information", and one seems to 
equal "private registration ala domainsbyproxy.net".  I can understand 
why people might want to take non-existent whois records into account, 
but I just don't see the argument against anonymous records.

Killing anonymous records won't stop spammers.  It can however harm a 
vulnerable section of the Internet.

> 2. If someone wants to remain anonymous -- say, as in the example Janet
> cited, of sexual abuse victims -- then one of the very LAST things they
> should do is register a domain.  Doing so creates a record (in the
> registrar's billing department if nowhere else) that clearly traces
> back to them.  Further, an anonymously-registered domain isn't much
> good without services such as DNS and web hosting: and those, of course,
> represent still more potential information leaks.

There are layers of privacy.  Let's say a person has a restraining order 
against an ex-husband, ex-girlfriend, etc.  That person has moved and 
doesn't want to be easily found.  Now, which will be easier for the ex - 
typing in whois, or somehow getting the billing records from the registrar?

As for DNS & web hosting - there are sites out there that offer 
anonymous hosting & DNS to groups like abuse survivors, etc.

> It's much better, if anonymity is the goal, not to begin by causing
> this data to exist.

Great!  So, if you are a vulnerable minority, don't use the internet. 
Don't have political free speech in your country?  Don't talk.  You have 
an abusive ex?  Sorry, can't help you.  Whistle blower?  The hell with 
you. Pissed off a drug dealer by turning them in?  Good for you!  Sorry, 
we have to take away your internet access now.

100% Anonymity is not possible, true.  Neither is 100% security.  But 
does that mean you give up running any kind of firewall?

> 3. Anonymous domain registration, like free email services, is an
> abuse magnet.  [Almost] nobody offering either has yet demonstrated the
> ability to properly deal with the ensuing abuse: they've simply forced
> the costs of doing so onto the entire rest of the Internet.

OK, how many anonymous domains (ala domainsbyproxy) have you been unable 
to contact?  Real numbers, please.  I'm not talking about missing or 
false whois records.

> It's thus not surprising that a pretty good working hypothesis is to
> presume that any domain which either (a) has anonymous registration or
> (b) has contact addresses at freemail providers is owned by people
> intent on abusing the Internet.  No, it's not always true, but as a
> first-cut approximation it works quite well. 

I'm sorry, I guess I'm still one of those "innocent until proven guilty" 
folks.  Yes, it means first run spammers get me.  That's a price I'm 
willing to pay.  If, as an end user, you want more aggressive filtering, 
that should be up to you.  I have no problem with that.

If decisions start impacting innocents on the Internet at large, THAT's 
a problem.

> 4. Spammers have a myriad of ways of "harvesting" mail addresses that
> yield the same data but without requiring WHOIS output.

Yes, they do.  But, I get less spam, and MUCH less snail mail, with 
anonymous registrations.

> 6. Spam is a problem for everyone, and so it's everyone's responsibility
> to fight it.  Those who want the privilege of controlling operational
> resources must also accept the responsibility of doing their part.

I agree.  But why should it matter if you know the name of the person 
controlling an operational resource if they are responsible net citizens?

• Previous message (by thread): no whois info ?
• Next message (by thread): no whois info ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]