Apologies if this is off-topic. No chance of it ever happening, correct? =;] Allen Dear Network Solutions(R) Customer, Did you know that current rules require all domain name service providers to list the information you provide when you register a domain name in a public database known as WHOIS? To help you protect your personal information and online investment, I want to let you know that Network Solutions is campaigning for stronger privacy protection in the domain name industry. As part of this effort, we have developed a new site, www.InternetPrivacyAdvocate.org, which outlines the steps we are taking to protect your personal data. The site also offers helpful tips for what you can do to keep your private data even more secure. The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit corporation responsible for oversight of domain name registrations and for accrediting domain name service providers. As an ICANN-accredited registrar, we are also required to request that our customers verify, and if necessary, update their WHOIS contact information. Customers are responsible for ensuring this information is current, and ICANN mandates that outdated contact information can be grounds for domain name cancellation. View the WHOIS information for the domain name(s) you have registered with Network Solutions, and if necessary, update your information. To help protect your privacy, we have added enhanced capabilities, which allow you to select the Administrative and Technical contact information you would like listed in WHOIS through your Network Solutions account. To learn how to assign WHOIS contact information and about other actions you can take to protect your personal information today, visit www.InternetPrivacyAdvocate.org. Sincerely, Brian Cute Policy Director Network Solutions, Inc. ***************************************************** This e-mail was sent from a notification-only address. Please do not reply to this message. For Network Solutions customer service inquiries, please contact: customerservice@networksolutions.com. Unsubscribe from certain e-mail promotions from Network Solutions. Access our Privacy Policy. Access our Service Agreement. (C) 2003 Network Solutions, Inc. All rights reserved.
Sue, I know it's short notice, but, can we try and get someone from ICANN to explain at Chicago why they haven't pulled Verisign's contracts for malfeasance? Further, can we get someone from Verisign to explain how Verisign plans to correct these actions and stop taking unilateral destructive actions with the public trust? This has real operational impact, and, it certainly needs more coordination that Verisign has so far been willing to apply. Thanks, Owen --On Wednesday, October 1, 2003 19:17 -0500 Allen McRay <amcray@amcray.net> wrote:
Apologies if this is off-topic. No chance of it ever happening, correct? =;]
Allen
Dear Network Solutions(R) Customer,
Did you know that current rules require all domain name service providers to list the information you provide when you register a domain name in a public database known as WHOIS?
To help you protect your personal information and online investment, I want to let you know that Network Solutions is campaigning for stronger privacy protection in the domain name industry. As part of this effort, we have developed a new site, www.InternetPrivacyAdvocate.org, which outlines the steps we are taking to protect your personal data. The site also offers helpful tips for what you can do to keep your private data even more secure.
The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit corporation responsible for oversight of domain name registrations and for accrediting domain name service providers. As an ICANN-accredited registrar, we are also required to request that our customers verify, and if necessary, update their WHOIS contact information. Customers are responsible for ensuring this information is current, and ICANN mandates that outdated contact information can be grounds for domain name cancellation.
View the WHOIS information for the domain name(s) you have registered with Network Solutions, and if necessary, update your information. To help protect your privacy, we have added enhanced capabilities, which allow you to select the Administrative and Technical contact information you would like listed in WHOIS through your Network Solutions account.
To learn how to assign WHOIS contact information and about other actions you can take to protect your personal information today, visit www.InternetPrivacyAdvocate.org.
Sincerely,
Brian Cute Policy Director Network Solutions, Inc.
***************************************************** This e-mail was sent from a notification-only address. Please do not reply to this message. For Network Solutions customer service inquiries, please contact: customerservice@networksolutions.com.
Unsubscribe from certain e-mail promotions from Network Solutions.
Access our Privacy Policy.
Access our Service Agreement.
(C) 2003 Network Solutions, Inc. All rights reserved.
Owen,
I know it's short notice, but, can we try and get someone from ICANN to explain at Chicago why they haven't pulled Verisign's contracts for malfeasance? Further, can we get someone from Verisign to explain how Verisign plans to correct these actions and stop taking unilateral destructive actions with the public trust?
This has real operational impact, and, it certainly needs more coordination that Verisign has so far been willing to apply.
I'm happy to see Verisign's actions on the Chicago NANOG agenda... http://www.nanog.org/mtg-0310/dns.html But (alas) I don't see any ICANN names on the list... http://www.nanog.org/mtg-0310/attendee.list.html Keep in mind that NANOG is a "North America..." entity and what your addressing here is a global issue. :-) Martin
I'm happy to see Verisign's actions on the Chicago NANOG agenda...
http://www.nanog.org/mtg-0310/dns.html
But (alas) I don't see any ICANN names on the list...
http://www.nanog.org/mtg-0310/attendee.list.html
Keep in mind that NANOG is a "North America..." entity and what your addressing here is a global issue. :-)
Aww a shame Merit is using Verisign to accept registration :/ You are choosing to pay the NANOG registration fee by credit card. Please press the button below to process your transaction securely through VeriSign Payment Services. (The VeriSign site requires the use of JavaScript.)
Allen McRay wrote:
To learn how to assign WHOIS contact information and about other actions you can take to protect your personal information today, visit www.InternetPrivacyAdvocate.org.
It's rediculous to state that placing contact information for a domain name is a privacy issue. A domain is public record, as should the contact information be. Is verisign out to help spammers any way that they can? It's bad enough that the whois information is often out of date with obvious bogus information like 555-1212. -Jack
Not to start a war, but you can block your Telephone Number from being listed in the phone book, so why shouldn't you be able to block your whois info? What valid reason would you have for getting in contact with a domain owner, if they've unlisted themselves and don't want to be contacted? Netblock info, yes, because that's where the abuse comes from. Domains are forged a lot more than IP's are. As long as you can see some contact info for 1.2.3.4, who cares what the listed contact info for spammer.com is? Chances are if they know what they're doing, it's bogus info anway, so you track them through their (hopefully) friendly upstream. Any abuse/misuse/etc I've ever tracked down has been via netblock, never domain. But, maybe I'm just not thinking of something. Jeff
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jack Bates Sent: Thursday, October 02, 2003 11:08 AM To: Allen McRay Cc: Nanog Subject: Re: Internet privacy
Allen McRay wrote:
To learn how to assign WHOIS contact information and about
other actions you
can take to protect your personal information today, visit www.InternetPrivacyAdvocate.org.
It's rediculous to state that placing contact information for a domain name is a privacy issue. A domain is public record, as should the contact information be. Is verisign out to help spammers any way that they can? It's bad enough that the whois information is often out of date with obvious bogus information like 555-1212.
-Jack
Jeffrey Meltzer wrote:
What valid reason would you have for getting in contact with a domain owner, if they've unlisted themselves and don't want to be contacted?
Problem with email or a website to a given domain. The fact that IP addresses aren't swip'd out to the individual owners. Multiple domains owned by different people can be hosted on the same IP. Sometimes it's a matter of fixing problems, not just abuse. -Jack
--On Thursday, October 2, 2003 12:08 PM -0400 Jeffrey Meltzer <jeffrey@icsnet.com> wrote:
Not to start a war, but you can block your Telephone Number from being listed in the phone book, so why shouldn't you be able to block your whois info?
Because you don't need a domain name to live on the Ineternet. If you choose to have a domain name, then, it's akin to hanging out your own shingle. If you hang out a shingle, you have an obligation to provide a certain amount of contact information as a matter of public record. Noone is saying you should have to give up your contact information to posess a single /32 IP address, or, even a small collection of them. However, domain names are a different thing from phone numbers. Domain names are the ability to operate your own phone book. Certainly I have never heard of a phone book publisher that didn't provide contact information for redressing errors/etc.
What valid reason would you have for getting in contact with a domain owner, if they've unlisted themselves and don't want to be contacted?
What valid reason is there for allowing a domain owner to be unlisted and uncontactable. If you want to remain anonymous, then you don't need a domain. Owen
In a message written on Thu, Oct 02, 2003 at 01:22:12PM -0700, Owen DeLong wrote:
What valid reason is there for allowing a domain owner to be unlisted and uncontactable. If you want to remain anonymous, then you don't need a domain.
It is possible to be anonymous and contactable. Is that that good enough (for domains, IP allocations, or other things served up via whois)? Is it key we know the owners real identity, or just know enough information to be able to contact them? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
Personally, I think having to present your real identity for a domain name is a legitimate requirement. For small (/29 or smaller) IP allocations, I have no problem with the upstream provider taking responsibility. For domains and larger netblocks, I think the individual should be accountable, identifiable, and, contactable. Owen --On Thursday, October 2, 2003 4:38 PM -0400 Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Thu, Oct 02, 2003 at 01:22:12PM -0700, Owen DeLong wrote:
What valid reason is there for allowing a domain owner to be unlisted and uncontactable. If you want to remain anonymous, then you don't need a domain.
It is possible to be anonymous and contactable. Is that that good enough (for domains, IP allocations, or other things served up via whois)? Is it key we know the owners real identity, or just know enough information to be able to contact them?
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Thursday, October 2, 2003 1:22 PM -0700 Owen DeLong <owen@delong.com> wrote:
Because you don't need a domain name to live on the Ineternet. If you choose to have a domain name, then, it's akin to hanging out your own shingle. If you hang out a shingle, you have an obligation to provide a certain amount of contact information as a matter of public record.
As a company director and officer I do not have to make my home address and telephone number available. I don't even have to make the company's office address or telephone number public. But I do have to provide an "office of record" where the company (or its officers and directors) can be served legal notice. Typically this is the address of the company's lawyer. There's no reason why domain registrations should be any different. I can think of many good reasons for someone not wanting their home address and telephone number listed in the domain contact info. (For starters, think spousal abuse. Your policy would prevent a woman hiding from an abusive spouse from registering a .name domain.) HOWEVER, there does need to be *some* form of valid contact information provided. Registrars might want to consider offering a point-of-contact intermediary service as a "value added" product. --lyndon
--On Thursday, October 2, 2003 2:50 PM -0600 Lyndon Nerenberg <lyndon@orthanc.ab.ca> wrote:
On Thursday, October 2, 2003 1:22 PM -0700 Owen DeLong <owen@delong.com> wrote:
Because you don't need a domain name to live on the Ineternet. If you choose to have a domain name, then, it's akin to hanging out your own shingle. If you hang out a shingle, you have an obligation to provide a certain amount of contact information as a matter of public record.
As a company director and officer I do not have to make my home address and telephone number available. I don't even have to make the company's office address or telephone number public. But I do have to provide an "office of record" where the company (or its officers and directors) can be served legal notice. Typically this is the address of the company's lawyer.
Right... I have no problem with that.
There's no reason why domain registrations should be any different. I can think of many good reasons for someone not wanting their home address and telephone number listed in the domain contact info. (For starters, think spousal abuse. Your policy would prevent a woman hiding from an abusive spouse from registering a .name domain.)
If someone registers a domain and wants to pay their lawyer to be the contact of record for the domain, there is nothing in existing policy or process that prevents them from doing so. Further, there is no need for such a woman to register a domain under her own name. The facilities already exist for handling such situations.
HOWEVER, there does need to be *some* form of valid contact information provided.
Right.
Registrars might want to consider offering a point-of-contact intermediary service as a "value added" product.
I think this would be a very bad thing. If some independent organization wants to provide that service, fine. Allowing registrars to provide it allows for the possibility of a conflict of interest if any policies ever come to fruition to allow revocation of resources for bad contact data. Think about it, if you allow the registrar (who has the ultimate obligation to pull the domain) to instead obscure their contact for a fee, then, you have essentially eliminated any such protection. Owen
--lyndon
Think about it, if you allow the registrar (who has the ultimate obligation to pull the domain) to instead obscure their contact for a fee, then, you have essentially eliminated any such protection.
That would depend on the terms of the contract between you and the registrar. But I do agree that this would be better served by a neutral third party (who would probably charge a lot less than a lawyer would). No matter who you go with for the service, read the fine print before you sign on the line ... --lyndon
Whatever responsibile third party wants to provide this service already can. There is no need for any changes. The changes proposed by Verisign and the things they are currently promoting do not fall within that. Owen --On Thursday, October 2, 2003 3:07 PM -0600 Lyndon Nerenberg <lyndon@orthanc.ab.ca> wrote:
Think about it, if you allow the registrar (who has the ultimate obligation to pull the domain) to instead obscure their contact for a fee, then, you have essentially eliminated any such protection.
That would depend on the terms of the contract between you and the registrar. But I do agree that this would be better served by a neutral third party (who would probably charge a lot less than a lawyer would).
No matter who you go with for the service, read the fine print before you sign on the line ...
--lyndon
On Oct 2, 2003, at 5:01 PM, Owen DeLong wrote:
<snip> I think this would be a very bad thing. If some independent organization wants to provide that service, fine. Allowing registrars to provide it allows for the possibility of a conflict of interest if any policies ever come to fruition to allow revocation of resources for bad contact data.
Think about it, if you allow the registrar (who has the ultimate obligation to pull the domain) to instead obscure their contact for a fee, then, you have essentially eliminated any such protection.
Godaddy seems to be offering this service already - http://www.domainsbyproxy.com/
Owen
-- Matt Levine <matt@deliver3.com> "The Trouble with doing anything right the first time is that nobody appreciates how difficult it was." -BIX
On 2 Oct 2003 20:50 UTC Lyndon Nerenberg <lyndon@orthanc.ab.ca> wrote: | As a company director and officer I do not have to make my home | address and telephone number available. I don't even have to make | the company's office address or telephone number public. That may be so in your jurisdiction. Some other jurisdictions differ. | But I do have to provide an "office of record" where the company | (or its officers and directors) can be served legal notice. | Typically this is the address of the company's lawyer. If there is a person at the office of record that accepts liability for you (should you prove to be uncontactable) that ought to be sufficient. | There's no reason why domain registrations should be any different. | I can think of many good reasons for someone not wanting their home | address and telephone number listed in the domain contact info. That may be so. If someone is unwilling to be contacted, it is arguable if they should have any responsibility for a domain; owners can delegate the responsibility _provided_ the delegated party accepts the liability. | HOWEVER, there does need to be *some* form of valid contact information | provided. Registrars might want to consider offering a point-of-contact | intermediary service as a "value added" product. GoDaddy already does. It works very well. However other registrars might handle such a service in very different ways which could cause a lot of harm. -- Richard Cox
What valid reason would you have for getting in contact with a domain owner, if they've unlisted themselves and don't want to be contacted?
What valid reason is there for allowing a domain owner to be unlisted and uncontactable. If you want to remain anonymous, then you don't need a domain.
Hi Owen. I tried contacting you via telephone to discuss this issue further, as not to further engage in off-topic chatter here, but I was unable to, as DELONG.COM is registered a beeper that has been disconnected. Do you have a current phone number I can reach you at? Glass houses, stones? Michael
OK... I'll correct the phone number. However, I will note that the address and email address are both valid contact information, and, you could easily have sent this in private email had your intent been to avoid further off-topic discussion. Owen --On Friday, October 3, 2003 13:05 -0400 "Booth, Michael (ENG)" <MBooth@corp.as26857.com> wrote:
What valid reason would you have for getting in contact with a domain owner, if they've unlisted themselves and don't want to be contacted?
What valid reason is there for allowing a domain owner to be unlisted and uncontactable. If you want to remain anonymous, then you don't need a domain.
Hi Owen. I tried contacting you via telephone to discuss this issue further, as not to further engage in off-topic chatter here, but I was unable to, as DELONG.COM is registered a beeper that has been disconnected. Do you have a current phone number I can reach you at?
Glass houses, stones?
Michael
they can? It's bad enough that the whois information is often out of date with obvious bogus information like 555-1212.
or that it seems to revert to information circa 1994.. and is nearly impossible to change now. I gave up, moved all my important domains to an OpenSRS affiliate (domainmonger mostly)
Amen. If there is a problem with a domain that I have registered, I want people to be able to find out who I am, and contact me. If I don't respond to a request, don't put forth my best efforts, or remove myself from the network until the problem is corrected - then pull the plug on me. Plain and simple. The "whois" lookup gives anyone, even with limited skills, the ability to possibly contact someone in regards to a domain. I know there have been abuses of the system, but the advantages of having this information readily available far outweigh what will come when it is hidden from public view. Allen
It's rediculous to state that placing contact information for a domain name is a privacy issue. A domain is public record, as should the contact information be. Is verisign out to help spammers any way that they can? It's bad enough that the whois information is often out of date with obvious bogus information like 555-1212.
-Jack
On Wed, 1 Oct 2003, Allen McRay wrote:
Apologies if this is off-topic. No chance of it ever happening, correct? =;]
What's interesting about Verisign's proposal is they are lobbying to eliminate "free" or compulsary distribution of the WHOIS data; they are NOT lobbying to keep the data private. Eliminating public WHOIS access increases the value of Verisign's database when they sell the (now private) database to list generators. Currently, Verisign is competiting in the listmarket with other vendors which mine the same WHOIS data or get it through a compulsary bulk data agreement. Why pay Verisign when you can get the information for "free?"
participants (13)
-
Allen McRay
-
Booth, Michael (ENG)
-
Jack Bates
-
Jeffrey Meltzer
-
Leo Bicknell
-
Lyndon Nerenberg
-
Martin J. Levy
-
Matt Levine
-
mike harrison
-
Owen DeLong
-
Richard Cox
-
Sean Donelan
-
Stephen J. Wilcox