I'm going to try to keep this short, hence it's incomplete/choppy. Maybe we should take it to off-list mail with those interested. On Sat, Dec 11, 2004 at 10:06:10PM -0700, Janet Sullivan wrote:
Great! So, if you are a vulnerable minority, don't use the internet.
I said precisely the opposite. This _in no way_ prevents anyone from doing things anonymously on the Internet: it just means that they can't control an operational resource, because that way lies madness. And anyone who *is* a vulnerable minority should avoid doing this (that is, deliberately exposing themselves by controlling an operational resource) at all costs, because it self-identifies and instantly compromises the very privacy they seek/need/want. This doesn't stop anybody from doing anything they want online -- *except* controlling those resources, which is, like I said earlier, is one of the very last things they should want to do if they're truly concerned about their privacy. And the other side of it is: I don't think an Internet with anonymous people controlling operational resources is workable.
OK, how many anonymous domains (ala domainsbyproxy) have you been unable to contact?
I *never* attempt to contact the owners of a domain which appears to be the source of abuse, anonymous or otherwise. It's a complete waste of time. I use the means at my disposal to ascertain whether it's really them (which, 99% of the time, is blindingly obvious) and then act accordingly. In the remaining 1% of the cases, where substantial doubt remains, I note it and await further developments. Sometimes those further developments include reports/claims of joe-jobs; sometimes they include clinching proof (either way) that eluded me; sometimes they're not forthcoming for a very long time. <shrug> So be it. But I learned long ago that (modulo some very rare cases) the only thing that can come out of contacting said domain owners is possible disclosure of the means by which the abuse was detected, and the fact that it _has_ been detected, and that's not a good thing.
But, I get less spam, and MUCH less snail mail, with anonymous registrations.
Today, perhaps. Do you really think it's going to stay that way? Surely you must know that eventually the spammers WILL get their hands on your "private" domain registration data, WILL use it to spam -- and oh-by-the-way will also make a tidy profit doing a side business in selling it to anyone with cash-in-hand? C'mon, these are people with bags of money to spend. Do you *really* think that the underpaid clerk at J. Random Registrar is going to turn down $50K in tax-free income in exchange for a freshly-burned CD? And of course, once the data's in the wild, it's not like those who are selling it will balk at providing it to customers who have serious axes to grind. Or if you want to believe in the fiction of 100% trustworthy registrars, what happens when one of their [key] systems is zombie'd? Or when somone figures out how to hijack one of the data feeds and snarf all the brand-new domain data as soon as it's created? There is a market for this data. Therefore it will be acquired and sold. And attempts to maintain the pretense that it's otherwise -- while no doubt inflating the profits of those peddling "anonymous" registration -- are disengenuous, and in the long run, potentially very damaging, with the extent of the damage perhaps proportional to the degree on which people rely on it. (More bluntly: some people are going to be burned very badly by this. And the subsequent inevitable litigation won't undo it.)
I agree. But why should it matter if you know the name of the person controlling an operational resource if they are responsible net citizens?
Maybe, but I think where we differ is that I strongly believe that responsibility (for operational resources) _requires_ public identification. [ Oh: please note: content is not an operational resource. F'instance, I have no problem, for instance, with someone running a blog anonymously. I have a serious problem with someone running a network anonymously. ] ---Rsk