Is WHOIS going to go away?
Filip Hruska
fhr at fhrnet.eu
Sat Apr 14 20:20:06 UTC 2018
On 04/14/2018 07:29 PM, Florian Weimer wrote:
> * Filip Hruska:
>
>> EURID (.eu) WHOIS already works on a basis that no information about the
>> registrant is available via standard WHOIS.
>> In order to get any useful information you have to go to
>> https://whois.eurid.eu and make a request there.
>>
>> Seems like a reasonable solution.
> Why? How does the protocol matter?
>
> Either you may publish individual personal information for use by the
> general public, or you may not. Adding a 4 to the port number doesn't
> change that.
>
The EURID webwhois cannot be scraped, there are anti-bot measures in
place (captcha, throttling, all information displayed in images).
Scraping WHOIS systems for thousands domains at once using the WHOIS
protocol is easy though. There are "WHOIS History" sites which scrape
all domains and then publish the data along with the date of retrieval.
GDPR contains this in relation to the right to erasure:
1. Where the controller has made the personal data public and is
obliged pursuant to paragraph 1 to erase the personal data, *the
controller, taking account of available technology and the cost of
implementation, shall take reasonable steps, including technical
measures, to inform controllers which are processing the personal
data that the data subject has requested the erasure* by such
controllers of any links to, or*copy or replication of, those
personal data*.
Controller is the TLD operator in this case, other controllers would be
WHOIS scrapers. The problem here is the definition of "reasonable steps".
Would doing nothing be reasonable? Or would the TLD operator need to
somehow track all those scrapers and contact them?
IANAL, but I see a problem here.
--
Filip Hruska
Linux System Administrator
More information about the NANOG
mailing list