Inline... On April 19, 2018 at 22:24 farzi@gatech.edu (Badiei, Farzaneh) wrote:
“Granted there's that gray area of dissident political movements etc. but their full time job is protecting their identity.”
You think? The median number of domain name registration that used privacy proxy service in the Middle East is 24%. See the DNS Market study: https:// www.icann.org/en/system/files/files/meac-dns-study-26feb16-en.pdf
Now lets look at the distribution of that number: “Rates of privacy proxy registrations varied across countries in the region, with the lowest rates seen in Iran (7%) and Turkey (12%), and the highest rates in Syria (32%), Algeria and Egypt (31% each).” I guess some people who share your band name in those countries with the lowest percentage of privacy proxy service might not really know how they can use privacy proxy services ! Lets just keep their personal information public until they find out how and why their house has been raided.
So you think restricting WHOIS access will protect dissidents from abusive governments? Of all the rationalizations that one seems particularly weak. Can we possibly find a lower common denominator on which to base global internet policy? And is anyone going to assure them that new WHOIS policies will protect them? Even allow them (or their surviving kin) to sue etc if it fails? Where is the warranty here? I think dissidents who might, if identified as domain owners, become targets of government reprisal need a better plan than some new WHOIS policies.
Also I don’t really understand why people keep saying “whois is going away” and “whois is going dark”
It is not. Personal information in the database should be made private. WHOIS contains more than personal information. You are the technical people, you know better than me.
It should contain exactly whatever contact information the registrant provides for public disclosure, including a privacy option. That's commonly available right now. This is why I suggested putting the WHOIS information into the DNS under each domain owner's control.
Thanks for bringing up the grey area anyway. Not many consider that in the discussions. But it’s not only dissidents. It’s also journalists and especially female journalists that work on issues that some might not like. Also sometimes you don’t even know you have to hide your identity because you don’t think you are doing anything against the law, the problem is that we don’t have the rule of law everywhere in the world.
And I'll say no one is going to fix that by making WHOIS info less public. They need to use proxies or privatization options (or overthrow their governments but easier said than done.) Even that doesn't protect them from, for example, govt authorities just demanding the information from registrars within their jurisdiction (e.g., ccTLDs), or a sympathetic jurisdiction. Or hosting or cloud companies etc. Any link in the chain. As I said, if one is fearful of reprisal they need to design their own privacy or hire someone who can provide it. I know there are hosting companies who specialize in political dissidents and similar and have worked through issues such as jurisdiction. I can understand the feelgood appeal of all this but I think the problem is way beyond crippling WHOIS for some people. (end of my reply)
Best
Dr. Farzaneh Badiei Research Associate, School of Public Policy Executive Director, Internet Governance Project
From: bzs@theworld.com Sent: Thursday, April 19, 2018 5:58 PM To: Aaron C. de Bruyn Cc: nanog@nanog.org; Rich Kulawiec Subject: Re: Is WHOIS going to go away?
One of the memes driving this WHOIS change is the old idea of "starving the beast".
People involved in policy discussions complain that "spammers" -- many only marginally fit that term other than by the strictest interpretation -- use the public WHOIS data to contact domain owners.
I've countered that 20+ years experience trying to "starve the beast" by trying to deny them access to email and other casual contact info has proven the approach to be useless.
Choosing the privacy options on your domain registration is probably just as, if not more, effective.
Another argument against this whole idea is that in most countries one is required by law to provide valid contact information if they are doing business with the general public. That would include soliciting donations etc.
And that's essentially why domains exist, organizational contact.
This trend towards "vanity" domains is relatively recent and really the only reason one can even claim there is a problem. I doubt Microsoft or General Motors are excited to see that their domain registration contact information will soon be protected by law.
-- -Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*