Perhaps it's time that some would consider new RBLs and Blackhole feeds based on.... : Domains with deliberately unavailable WHOIS data. Including domains whose registrant has failed to cause their domain registrar and/or registry to list personally identifiable details for registrant and contacts on servers available to the public using the TCP port 43 WHOIS service. For any reason, whether use of a privacy service, or by a Default "Opt-to-Privacy Rule" enforced by a local / country-specific regulation such as GPDR. Stance * Ultimate burden goes to the REGISTRANT of any Internet Domain to take the steps to ensure their domain or IP address registry makes public contacts appear in WHOIS at all times for their Domain and/or IP address(es) --- including a traceable registrant name AND direct Telephone and E-mail contacts to a responsible party specific to the domain from which a timely response is available and are not through a re-mailer or proxy service. People may have in their country a legal right to secure control of a domain on a registry And anonymize their registration: "Choose not to have personal information listed in WHOIS". HOWEVER, Making this choice might then result in adverse consequences towards connectivity AND accessibility to your resources from others during such times as you exercise your option to have no identifiable WHOIS data. The registration of a domain with hidden or anonymous data only ensures exclusivity of control. Registration of a domain with questionable or unverifiable personal registrant or contact information does not guarantee that ISPs or other sites connected to the internet will choose to allow their own users and DNS infrastructure access to un-WHOISable domains. Then have: ------------------- * Right-hand sided BLs for Internet domains with no direct WHOIS-listed registrant address and real-person contacts including name, address, direct e-mail and phone number valid for contact during the domain's operational hours. * Addons/Extensions for Common Web Browsers to check the BLs before allowing access to a HTTP or HTTPS URL. Then display a prominent "Anonymized Domain: Probable Scam/Phishing Site" within the Web Browser MUA; And limit or disable high-risk functions for anonymous sites: such as Web Form Submissions, Scripting, Cookies, Etc to Non-WHOIS'd domains. if the domain's WHOIS listing is missing or showed a privacy service, or had appeared t runcated or anonymized. * IP Address DNSBL for IP Address allocations with no direct WHOIS-listed holder address real-person contacts. including name, address, direct e-mail and phone number valid for contact during the hours when that IP address is connected to the internet. * DNS response policy zones (for resolver blacklists) for internet domains with no WHOIS-listed registrant & real-person contacts including name, address, direct e-mail and phone number valid for contact. The EU GDPR _might_ require your registrar to offer you the ability Opt by default to mask your personal information and e-mail from domain or IP WHOIS data, But should you choose to Not opt to have identifiable contacts and ownership published: There may be networks and resources that will refuse access, Or whose users will not be allowed to resolve your DNS names, due to your refusal to identify yourself/provide contacts for vetting, identifying and reporting technical issues, abuse, etc. Real-Life equivalent would be.... Directories/Listings of Recommended businesses that refuse to accept listings from businesses whose Owner wants to stay Anonymous. Or people who don't want to buy their groceries from random shady buildings that don't even have a proper sign out..... -- -JH On Wed, May 16, 2018 at 4:10 PM, Constantine A. Murenin <mureninc@gmail.com> wrote:
I think this is the worst of both worlds. The data is basically still public, but you cannot access it unless someone marks you as a "friend".
This policy is basically what Facebook is. And how well it played out once folks realised that their shared data wasn't actually private?
C.
On 16 May 2018 at 16:02, Brian Kantor <Brian@ampr.org> wrote:
A draft of the new ICANN Whois policy was published a few days ago.
https://www.icann.org/en/system/files/files/proposed-gtld-registration-data-...
From that document:
"This Temporary Specification for gTLD Registration Data (Temporary Specification) establishes temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies in light of the GDPR. Consistent with ICANN’s stated objective to comply with the GDPR, while maintaining the existing WHOIS system to the greatest extent possible, the Temporary Specification maintains robust collection of Registration Data (including Registrant, Administrative, and Technical contact information), but restricts most Personal Data to layered/tiered access. Users with a legitimate and proportionate purpose for accessing the non-public Personal Data will be able to request such access through Registrars and Registry Operators. Users will also maintain the ability to contact the Registrant or Administrative and Technical contacts through an anonymized email or web form. The Temporary Specification shall be implemented where required by the GDPR, while providing flexibility to Registry Operators and Registrars to choose to apply the requirements on a global basis based on implementation, commercial reasonableness and fairness considerations. The Temporary Specification applies to all registrations, without requiring Registrars to differentiate between registrations of legal and natural persons. It also covers data processing arrangements between and among ICANN, Registry Operators, Registrars, and Data Escrow Agents as necessary for compliance with the GDPR."
-- -Mysid