Inline... On April 20, 2018 at 03:47 farzi@gatech.edu (Badiei, Farzaneh) wrote:
Dear John,
The days when some in the technical community could just discard others arguments by saying that "[you] have no idea how the Internet works" have long passed. I will not get intimidated nor will I step back. Old tricks, won't work, it's as old as the dysfunctional WHOIS and will disappear.
No one responded most likely because you are speaking to a vast "room" of engineers etc and just said WHOIS is "old and dysfunctional" without a single word as to why you believe this to be the case. The DNS system is almost exactly the same age, is that also a problem? At least that's what pops into a technical person's mind. And "dysfunctional" seems like it's based on assumptions others here may not share. So we are left to guess whether you have any idea how any of this works, it's an article of faith? Challenging someone's understanding of a system they are criticizing is not "intimidation", it's just an assumption lacking any evidence to the contrary. And TBH "it will disappear" sounds like a purely political threat. We shall see in the fullness of time...in about 20 years ICANN has failed to do much anything regarding WHOIS other than talk about it a lot.
Also your last paragraph obliges me to clarify: it's not always a "he" that might be arguing! it's sometimes, though might it be rarely, a "she".
No one asked to protect people from their governments (I have heard this before as well). But also people should not be endangered or even minimally disturbed by making their personal information public. There are many many scenarios when personal information can be abused, and governments might not be involved.
So why aren't current privacy options sufficient? Why not, as I have suggested in many forums now, just move the publicly visable information into the DNS and thus completely under the domain owner's control? Why does ICANN simultaneously press for the accuracy (and precision) of this information while bemoaning its public availability? Well, there are reasons, I could answer that I suppose. But disconnecting the public function of WHOIS from the business need for customer information seems like a reasonable approach. As is even stated in the relevant RFCs WHOIS is a public directory of domain owners and contact information. Not very different from a phone directory, and with similar provisions for privacy. It's not like the IETF et al created WHOIS out of thin air, it was intended to be a lot like a phone (or similar) directory.
I might not know as much as you do about how the Internet works. But I know one thing: There will be a change. The convenience of security researchers and trademark owners is not going to be set above domain name registrants right to data protection. But I am sure the cybersecurity community can come up with a more creative way of preserving cybersecurity without relying on using personal information of domain name registrants and violating their rights!
But the current ICANN proposals as I understand them make all this information available to anyone who can pay the price or meet certain criteria which don't seem terribly exclusive other than "those we respect vs those we don't". They've proposed a "tiered access". Which sounds to me more like an intent to monetize WHOIS not protect its content in general. Or is only allowing for example folks like Cambridge Analytica or other vast and well-funded opinion and marketing organizations access somehow a protection of "rights"? One problem with that sort of access is that once it's out there, it's out there! One can write rules about "legitimate" use and redistribution but as we see every day breaches and just disregard for such rules are rampant. Why pretend that making WHOIS non-public will protect anyone? The current system has its appeal, it's public information, if you do not want your information public there are various ways to protect your own information (e.g., check that privacy box, pay a third party proxy, etc.) And for that matter one of those "access tiers" is "law enforcement", what government won't meet that criteria? Is there some intent by ICANN to vet "good" governments vs "bad" governments when granting law enforcement general access? Note: This is not search warrant type access, it's general access to the entire WHOIS database without prior restraint. And there's still that annoying question about warrantability of this supposed protection of privacy. You really haven't spent a word answering any of the issues raised here, you mostly complained about the pronouns used. They might be valid complaints, but they're not sufficient to provide a response to the issues. P.S For the record we know each other from ICANN meetings and Farzaneh can do a lot better than this.
Farzaneh
In article <23257.12824.250276.763926@gargle.gargle.HOWL> you write:
So you think restricting WHOIS access will protect dissidents from abusive governments?
Of all the rationalizations that one seems particularly weak.
Oh, you're missing the point. This is a meme that's been floating around in academia for a decade: the brave dissident who somehow has managed to find web hosting, e-mail, broadband, and mobile phone service but for whom nothing stands between her and certain death but the proxy whois on her vanity domain.
If someone makes this argument you can be 100% sure he's parroting something he heard somewhere and has no idea how the Internet actually works.
------------------------------------------------------------------------------- From: NANOG <nanog-bounces@nanog.org> on behalf of John Levine <johnl@iecc.com> Sent: Thursday, April 19, 2018 10:43 PM To: nanog@nanog.org Cc: bzs@theworld.com Subject: Re: Is WHOIS going to go away?
In article <23257.12824.250276.763926@gargle.gargle.HOWL> you write:
So you think restricting WHOIS access will protect dissidents from abusive governments?
Of all the rationalizations that one seems particularly weak.
Oh, you're missing the point. This is a meme that's been floating around in academia for a decade: the brave dissident who somehow has managed to find web hosting, e-mail, broadband, and mobile phone service but for whom nothing stands between her and certain death but the proxy whois on her vanity domain.
If someone makes this argument you can be 100% sure he's parroting something he heard somewhere and has no idea how the Internet actually works.
R's, John
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*