Is WHOIS going to go away?

bzs at theworld.com bzs at theworld.com
Fri Apr 20 00:19:36 UTC 2018


Inline...

On April 19, 2018 at 22:24 farzi at gatech.edu (Badiei, Farzaneh) wrote:
 > “Granted there's
 > that gray area of dissident political movements etc. but their full
 > time job is protecting their identity.”
 > 
 >  
 > 
 > You think? The median number of domain name registration that used privacy
 > proxy service in the Middle East is 24%. See the DNS Market study: https://
 > www.icann.org/en/system/files/files/meac-dns-study-26feb16-en.pdf
 > 
 >  
 > 
 > Now lets look at the distribution of that number: “Rates of privacy proxy
 > registrations varied across countries in the region, with the lowest rates seen
 > in Iran (7%) and Turkey (12%), and the highest rates in Syria (32%), Algeria
 > and Egypt (31% each).” I guess some people who share your band name in those
 > countries with the lowest percentage of privacy proxy service might not really
 > know how they can use privacy proxy services ! Lets just keep their personal
 > information public until they find out how and why their house has been raided.

So you think restricting WHOIS access will protect dissidents from
abusive governments?

Of all the rationalizations that one seems particularly weak.

Can we possibly find a lower common denominator on which to base
global internet policy?

And is anyone going to assure them that new WHOIS policies will
protect them? Even allow them (or their surviving kin) to sue etc if
it fails? Where is the warranty here?

I think dissidents who might, if identified as domain owners, become
targets of government reprisal need a better plan than some new WHOIS
policies.

 > 
 > Also I don’t really understand why people keep saying “whois is going away” and
 > “whois is going dark”
 > 
 >  
 > 
 > It is not. Personal information in the database should be made private. WHOIS
 > contains more than personal information. You are the technical people,  you
 > know better than me.

It should contain exactly whatever contact information the registrant
provides for public disclosure, including a privacy option. That's
commonly available right now.

This is why I suggested putting the WHOIS information into the DNS
under each domain owner's control.

 > Thanks for bringing up the grey area anyway. Not many consider that in the
 > discussions. But it’s not only dissidents. It’s also journalists and especially
 > female journalists that work on issues that some might not like. Also sometimes
 > you don’t even know you have to hide your identity because you don’t think you
 > are doing anything against the  law, the problem is that we don’t have the rule
 > of law everywhere in the world.

And I'll say no one is going to fix that by making WHOIS info less
public.

They need to use proxies or privatization options (or overthrow their
governments but easier said than done.)

Even that doesn't protect them from, for example, govt authorities
just demanding the information from registrars within their
jurisdiction (e.g., ccTLDs), or a sympathetic jurisdiction.

Or hosting or cloud companies etc. Any link in the chain.

As I said, if one is fearful of reprisal they need to design their own
privacy or hire someone who can provide it. I know there are hosting
companies who specialize in political dissidents and similar and have
worked through issues such as jurisdiction.

I can understand the feelgood appeal of all this but I think the
problem is way beyond crippling WHOIS for some people.

(end of my reply)

 > 
 >  
 > 
 >  
 > 
 > Best
 > 
 >  
 > 
 > Dr. Farzaneh Badiei
 > Research Associate, School of Public Policy
 > Executive Director, Internet Governance Project
 > 
 >  
 > 
 > From: bzs at theworld.com
 > Sent: Thursday, April 19, 2018 5:58 PM
 > To: Aaron C. de Bruyn
 > Cc: nanog at nanog.org; Rich Kulawiec
 > Subject: Re: Is WHOIS going to go away?
 > 
 >  
 > 
 > 
 > One of the memes driving this WHOIS change is the old idea of
 > "starving the beast".
 > 
 > People involved in policy discussions complain that "spammers" -- many
 > only marginally fit that term other than by the strictest
 > interpretation -- use the public WHOIS data to contact domain owners.
 > 
 > I've countered that 20+ years experience trying to "starve the beast"
 > by trying to deny them access to email and other casual contact info
 > has proven the approach to be useless.
 > 
 > Choosing the privacy options on your domain registration is probably
 > just as, if not more, effective.
 > 
 > Another argument against this whole idea is that in most countries one
 > is required by law to provide valid contact information if they are
 > doing business with the general public. That would include soliciting
 > donations etc.
 > 
 > And that's essentially why domains exist, organizational contact.
 > 
 > This trend towards "vanity" domains is relatively recent and really
 > the only reason one can even claim there is a problem.
 > I doubt Microsoft or General Motors are excited to see that their
 > domain registration contact information will soon be protected by law.
 > 
 > --
 >         -Barry Shein
 > 
 > Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
 > Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
 > The World: Since 1989  | A Public Information Utility | *oo*
 > 
 >  
 > 

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


More information about the NANOG mailing list