Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: ICANN

03 Sep 2007

More on WHOIS privacy ICANN

Last week I wrote a note the ICANN WHOIS privacy battle, and why nothing's likely to change any time soon. Like many of my articles, it is mirrored at CircleID, where some of the commenters missed the point.

One person noted that info about car registrations, to which I roughly likened WHOIS, are usually available only to law enforcement, and that corporations can often be registered in the name of a proxy, so why can't WHOIS do the same thing?

If we were starting from a blank sheet of paper, it would certainly be possible to set up a registration system with registrants represented by proxies. But we don't have a blank sheet, we have the existing WHOIS. All of the existing WHOIS proposals have, as I laid out in my previous article, been completely one-sided. The privacy crowd gets to redact some amount of information, while those of us who actually use WHOIS get nothing whatsoever in return. Why is anyone surprised this is not a winning proposal?

The biggest problem with WHOIS is that much of the data is wrong, and (unlike cars and corporations) there are no meaningful consequences if a registrant lies. If the OPOC proposal were combined with changes to ensure that the data behind the OPOC were real, that could lead to a deal. But the idea that someone should be responsible for even minimal verification of the OPOC itself, much less the rest of the info met with horror. It's too much work! It's someone else's problem! So, no surprise, no deal.

posted at: 22:03 :: permanent link to this entry :: 1 comments
posted at: 22:03 :: permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)

Just about anyone can get hold of car data in the UK, you simply have to have a good reason. The form required is called "v888". This isn't the worst (or best) model to follow IMHO; making the extended information on whois (eg. real billing address, domain-account UID etc..) available to those with good reason to see it. As you've pointed out the public information is largely worthless in many circumstances. I'm not sure the "too much work" holds water either. Billing addresses for card payments would be enough for most cases stolen data/identity-details aside of course. Payment processors validate these nearly all the time for customer-not-present transactions anyway.

(by Chris 04 Sep 2007 02:59)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

Email: you@wherever (required, for confirmation)
Title: (optional)
Show my Email address
Save my Name and Email for next time


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Spam trends update for Sep-Nov 2023
32 days ago

A keen grasp of the obvious
Italian Apple Cake
530 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.