
ICANN Files Legal Action in Germany to Preserve WHOIS Data - whym
https://www.icann.org/news/announcement-2018-05-25-en
======
rococode
I respect ICANN for the most part but the publicity of WHOIS data is seriously
awful. On one of my new domains, I made the mistake of forgetting to turn on
WHOIS privacy. A couple days later I finally realized that I'd forgotten,
after wondering why I was suddenly getting so many spam calls and emails. Two
years later, I still occasionally get the spam... Every time I'm woken up by a
robocall telling me about a $10000 business loan I die a little inside.

~~~
ganoushoreilly
Sadly ICANN isn't the only one that this is a problem with. Try registering on
an gov small business sites, all that information is scrapped non stop.
Because it's for contracting reasons you can't put in _fluff_ either. It's a
really messed up system.

~~~
gcb0
the problem is not really having public data. it is that spammers are still
largely unpunished!

~~~
Kwpolska
No, public data IS a problem. I’d rather not have my home address on the
Internet for anyone to see. I’d rather not mix my Internet and IRL identities.
If I was living in the land of the free, and I had no whois protection,
swatting me would be so easy.

~~~
gcb0
again the problem is that swatting is easy.

or should I be able to swat you easily and without consequences if I happen to
know a public tidbit about you, for example where you live?

------
franga2000
The idea of having to post my full name, phone number and address publicly on
the Internet is absurd. It is dangerous and doesn't actually serve any purpose
(especially when WhoisGuard exists). But, like many things related to ICANN
(think domain parking), it is just another way to squeeze money out of us. I
have no doubt that the people selling "WHOIS anonymization" have a lot of pull
in the ICANN. The GDPR is a great excuse for this. We need more registars and
registries to start resisting - they can't sue everyone.

~~~
ZWoz
For me, wanting presentation in internet and yet wanting to be anonymous is
absurd. People have legitimate needs to contact domain owner, spam/scam issues
for example. Most importantly though, that is old, working model and nobody
forced into this. To me those "I want change" types remind people, who move
into new neighbourhood and then complain about things that have been always
there. Instead destroying, there should be more building: don't change working
thing, make new and better (with blackjack, if I are allowed Futurama
reference :) )

~~~
tscs37
Regarding the first part of your comment; there are perfectly legit reasons
you might not want your full contact details published on a database
accessible to the wider public. Just think of political dissidents in other
countries or people at risk of being doxxed for various reasons or simply not
wanting that information to be public at all.

Regarding the second part, it's not viable to "make new and better". There is
new and maybe better but nobody is using it. The ICANN has a quasi-monopoly on
governing the DNS registration rules on the internet. It's like saying that if
we don't like Facebook we should switch to Diaspora. As much as I'd like to,
Diaspora doesn't have the network of Facebook or the reach which is an
immediate nogo for a lot of people. Not recognizing that is simply ignoring
the reality of many people's lives.

~~~
ZWoz
Thanks for your levelheaded comment! Sadly, I can't discuss more, because this
is clearly emotional topic, if I look into other comments. Most posters here
are young developers, so personal approach is more geared towards privacy. If
you are system administrator, maybe old UNIX greybeard, then you have
different set of problems, communication and open community is then more
important.

I can't point out, why, but I feel that RFC2468 [0] is somewhat relevant here
(as sentiment, not personal experience).

\-------------

[0] [https://tools.ietf.org/html/rfc2468](https://tools.ietf.org/html/rfc2468)

~~~
hueving
I'm old and I care about privacy. Being able to contact a domain owner has
nothing to do with public listings of their physical addresses.

An email address is more than enough for an abuse contact.

------
foepys
WHOIS data is worthless nowadays. A lot of people host content on Wordpress,
Github, Medium, etc. where the WHOIS data doesn't tell who is actually
responsible, and the shady sites are using services to hide the true WHOIS
data anyways.

Edit: There seems to be a misconception (or a lack of reading comprehension).
Hiding is not shady, but shady sites hide WHOIS information always. So it's
eventually useless for the one thing it should do: give information about the
owner in case of unlawful content.

~~~
ggg9990
It’s not shady to not want your home address published to every visitor to
your website.

~~~
kuschku
All birds lay eggs, but not all animals that lay eggs are birds.

All shady sites use WHOIS privacy, but not everyone who uses WHOIS privacy is
shady.

~~~
jstarfish
Actually i have found just as many shady sites use fictitious whois data as
those whose registrars provide whois privacy. It is of little use either way.

------
andridk
The registrars already ruined any transparency, that WHOIS was supposed to
offer by offering "WHOIS protection" services.

So those who couldn't afford WHOIS privacy addons, now get them for free. All
good in my book.

------
ars
It's a hard balance.

On the one hand public resources (like domain names - or plots of land) have
traditionally always been publicly recorded.

But spammers have made that unpleasant.

Does the GDPR apply to records documenting the owner of a house in England?
It's not really all that different with domain names.

~~~
soziawa
> On the one hand public resources (like domain names - or plots of land) have
> traditionally always been publicly recorded.

That is bullshit. Land has been publicly recorded because land is expensive.
Recording the actual owner publicly makes it much more difficult for a bad
actor to sell you land he does not actually own.

A domain is like 15 bucks a year. You can't register a domain name of someone
else's brand, if that brand actually cares.

Publicly recording domain names is like publicly recording who has bought milk
at the supermarket.

~~~
dingaling
Milk is fungible and replenished daily. Domain names, generally, are not.

And many domain names have changed hands for more than the costs of a house.
PrivateJet.com $30 million. CarInsurance.com $50 million.

------
Simulacra
Personally I think this data should be private. There should be some type of
pass through so that A domain name owner doesn’t have to worry about their
personal information being connected with the domain. We know it’s possible
because of the proxy services, that should just become standard.

~~~
Qwertie
Should be at least on request only so you have to have a valid reason to
request it so spammers can't get it.

------
sbhn
2things. 1, Spam that contains my Whois data is very much more concerning,
especially if it looks like a legitimate service I may already be using. 2, if
a company collects my Whois data, and justifies monetising it to me or you,
especially under the guise of ‘its for my/your security’, and I am not
financially compensated for it, or I am unaware of it, or unable to change the
terms and conditions of access/usage of it, then I consider it stolen.

------
Improvotter
And I don't want my home address, phone number, email, name or the name of my
company on there.

~~~
dingaling
I can understand not wanting to publicise personal details but why not the
name of the company? The purpose of a company is to act as a proxy,
financially and legally, for its directors and domain registration seems like
the perfect use-case.

------
amaccuish
ICANN are desperate for this to keep the copyrighters and DMCA people happy.
They had years for this and did nothing. We absolutely need to diversify from
ICANN.

------
emilfihlman
Imho whois private data should have one mandatory field: holder/owner. It
details who controls the domain, be it a individual, an association, a
company, and so on. There is no need for phone numbers of emails there (unless
the controller wants to add that).

This is how it works with .fi domains and I find it perfect. You can still get
enough data that should you really wish you can contact the owner but you
can't really automize it.

------
mirimir
> If EPAG's actions stand, those with legitimate purposes, including security-
> related purposes, law enforcement, intellectual property rights holders, and
> other legitimate users of that information may no longer be able to access
> full WHOIS records.

Aren't most registrations private now? Such as "1&1 Internet, Inc.", "Whois
Privacy Corp., and "Whoisguard".

~~~
ars
> Aren't most registrations private now?

It's similar to how you can buy a house via a corporation, or trust. There is
still a public record of the owner, but finding the person behind that takes
more effort.

The GDPR takes that much further. Are we going to have totally anonymous
ownership of land next?

------
simion314
I think there is a simple solution, make the VHOIS data private and the
hosting would have to provide this 1 a form that would allow you to send an
email to the domain owner without revealing the email 2 a form for requesting
name and phone number but with restrictions, if you request the data you must
have an account so measures to prevent abuse would be implemented, you must
have a reason and domain owner should have the option not to allow the
information to be made available.

Since there are already services to protect your identity why not make them
default by law, what is ICANN losing by this? or is pressure from the
companies that want to sell the "private mode" ?

------
BrandoElFollito
If the official purpose is to be able to reach out to people the domain
belongs to, it is a stupid design.

I have a car. When police wants to know who the car belongs to they ask the
registrar for the match between the number and my name.

I live in France and only French police can check that. If US police need this
info, they will contact the French police.

I have a .fr domain. It should be managed by a French entity, which would hold
my contact data and reveal them to the autorities.

ICANN would like to have this authority everywhere in the world, no surprise
that prior put bogus data.

~~~
donatj
I have contacted domain owners by WHOIS information many times for a number of
reasons such as looking to purchase a domain with nothing on it. It seems to
me to be important public information, not something I should have to go to
the local police for.

~~~
BrandoElFollito
Would you expect the same for your car, phone or house?

I do not want someone to have access to my contact information just because he
wants to buy my car, house, or domain.

~~~
donatj
Honestly I think if people had similar access for car, people would drive a
lot more politely. For house, I have your address by your physical existence
and can write you a letter.

------
jazoom
For anyone who this might help, Namesilo is a registrar that gives everyone
whois protection by default, at no extra cost. That's especially great since
they're already pretty much the lowest cost registrar around. I feel like in a
way they're the Let's Encrypt of the registrar world.

Their website looks like it's from the 90s, and I don't really like it, but I
like everything else about them.

------
CM30
This makes me wonder when we'll see a viable alternative to ICANN and the
current DNS system for domains in general. Maybe the answer is to remove
control from companies and similar organisations and set up a more
decentralised system that requires simply running a Let's Encrypt style
process to register and maintain a domain name.

Do that, and consign this whole system to the dustbin of history.

~~~
tombrossman
Something like this already exists, see the OpenNIC project.
[https://www.opennic.org/](https://www.opennic.org/)

------
ersh
I do not really understand what they may need except for login and password in
order to sell me a domain name.

Would be really cool if I could buy a domain without providing all my real
life details. That is really disturbing.

------
Angostura
Looking at this release, it looks like they are simply requiring Namesilo to
keep _collecting_ the data. I see no mention of it being required for a public
WHOIS.

