
Protest ICANN's Proposal to Kill WHOIS Privacy - ted0
https://respectourprivacy.com
======
aaron-lebo
Namecheap doesn't sell whois protection for certain domains like .io anyway,
so this is less of an issue than it might seem...

However, it feels like the Internet is losing its way. It is impossible to
point to what specifically is causing it, but I feel like people have gotten
so used to ceding their identities, data, and privacy to massive organizations
like Facebook (and those organizations engage in actions like tracking anyway)
that culture in general just doesn't care. The Internet used to be and still
is a decentralized system which can empower people, but as it continues to get
more and more centralized and governments and organizations don't see broad
resistance against invasions of privacy, the Internet becomes less and less
something that empowers and more like something that can trap people. And
that's not even considering the Idiocracy-style apps and games that are
getting pumped out on a daily basis that people are literally wasting their
lives away on.

I imagine this comes off as a bit snobbish or melodramatic, but the very
audience that uses this site are the people creating this future. You can't
get too angry at ICANN killing WHOIS privacy if you work for a company that
disregards privacy, too.

note: I use all of these services. I just wish there was more I
dunno....rage...from the technology creators about whatever it is that we are
creating, which we all seem to know isn't okay but we do anyway. It just
amazes me that posts like this or documentaries about Aaron Schwartz can
coexist on the frontpage with stories about the latest derivative tech
company. This is very much an inudstry with two minds.

~~~
nly
The problem is the class of people who care about this stuff (like you and me)
have largely lost control over shaping the future of the Internet, its
protocols, and the things attached to it.

When it comes to the web, it feels like Google are now doing more to shape
things to their business model than anyone else. HTTP/2, WebAssembly... it's
only a matter of time before Chrome becomes the Play Store. This is a
completely different vision to the days of centralized but federated services
like e-mail, newsgroups and IRC. The web still feels like a pool of ugly
hacks, but now it's ripe.

When you look outside of the web, there's little innovation on the _open_
Internet. You can probably count the exciting non-proprietary stuff that has
touched mainstream in the last 15 years on one hand (BitTorrent, Tor,
Bitcoin). Most of what's 'hot' on the Internet isn't innovative at all, and
it's all walled, proprietary, and monopolised (IM, social networking, VoIP)

~~~
TazeTSchnitzel
> WebAssembly

Huh? That's not a Google-exclusive thing.

~~~
cwyers
It's not even something that originated with Google, it comes out of Mozilla's
work on ASM.js. If Google had their way we'd have NaCl instead.

------
james_pm
Another, similar petition:
[http://www.savedomainprivacy.org](http://www.savedomainprivacy.org)

A very long list of domain registrars have come together on this one:

1 & 1 Internet Blacknight Domain.com DomainIt Domains By Proxy DomainCocoon
Inc. Endurance International Group, Inc. eNom EuroDNS GoDaddy IDCPrivacy.com
InternetX GmbH Key-Systems, GmbH Moniker Online Services, LLC Moniker Privacy
Services, LLC Name.com Namecheap NetEarth One, inc. Perfect Privacy, LLC
Tucows Web.com Whoisprivacy.com, Ltd.

------
gruez
I'm divided on this. On one hand, if everyone can use whois privacy, what's
the point of whois? On the other, I guess bad guys can always put in fake
names or create their own shell companies, so we might as well let everyone
have it.

~~~
yc1010
Well what IS the point of whois? I always thought it was a dumb idea created
by someone "just because they could" in the early days of the web, sort of how
people used scrolling text and blinking fonts "just because they could"

Oh speaking of Markmonitor I just send their DMCA emails to spam now (they can
send me a proper notice via normal DMCA channel as is required if they so
care) since every single one is for a dead pages or false notices, hell they
even sent one the other day for a domain not in used in 7 years!

~~~
kijeda
WHOIS significantly predates the existence of the web. The notion is if you
have a public network resource identifier (IP address, domain name, AS number,
etc.) that there be a record of who to contact to report administrative or
technical problems to pertaining to that network resource. It is perhaps
similar to having a formally registered place of business on record for a
company to receive important correspondence.

Obviously the usages of WHOIS have drifted over time to go beyond that.

------
gnoway
This seems like an overreaction to me. The point of the proposal is to
establish an accreditation process for privacy and proxy providers, and part
of that would be to bring their practices in line with established verified-
identity rules. The point is not to remove whois privacy options from
everyone, and in fact the commercial/non-commercial split is specifically
disregarded as a general decision point in the proposal. It looks like the
only groups who are at risk of losing whois privacy protection are those
engaging in online financial transactions for a commercial purpose; this is
pretty clearly targeted at banks and such, not all businesses, and the
proposal notes that often there are already requirements for these businesses
to put this information on their website anyway.

The petition site says this:

"Under new guidelines proposed by MarkMonitor and others who represent the
same industries that backed SOPA, domain holders with sites associated to
"commercial activity" will no longer be able to protect their private
information with WHOIS protection services."

The linked ICANN working group document says this:

"The WG agrees that the status of a registrant as a commercial organization,
non-commercial organization, or individual should not be the driving factor in
whether P/P services are available to the registrant. Fundamentally, P/P
services should remain available to registrants irrespective of their status
as commercial or non-commercial organizations or as individuals."

And this:

“[D]omains used for online financial transactions for commercial purpose
should be ineligible for privacy and proxy registrations.”

And this:

"Given the foregoing discussion, the WG does not believe that P/P
registrations should be limited to private individuals who use their domains
for non-commercial purposes"

Basically this seems like total knee-jerk crap to me and I am surprised the
EFF is banging this drum. What am I missing?

~~~
stephenr
I would read that as any entity doing commerce that includes a payment,
online. I.e. - if you want to make credit card charges etc.

Frankly I'm not fantastically bothered if that's the definition. A lot of
"traditional" internet rules/guidelines seems to follow the U.S. model of
being an unregulated mess.

------
junto
I imagine that if someone wanted to prove a point, they could just target
every single person on the ICANN commitee, use their whois data and dox them.
Then offer them whois privacy services.

I don't agree with harassment per se, but direct action is sometimes quite
effective.

------
tzs
> Under new guidelines proposed by MarkMonitor and others who represent the
> same industries that backed SOPA

Uhm...what? When Wikimedia moved all their domains off of GoDaddy to protest
GoDaddy's support of SOPA, they moved them to MarkMonitor. A quick WHOIS check
shows that MarkMonitor is still the registrar wikipedia.org (I didn't check
any other Wikimedia domains). Other SOPA opponents such as Google and Facebook
use or have used MarkMonitor services.

Fight for the Future occasionally sensationalizes things to try to get more
signups, and tossing in gratuitous references to SOPA is one way to do that.
I'm tempted to flag this, but it does link to the actual proposed rules so
I'll refrain.

~~~
rubbingalcohol
This campaign is not being run by Fight for the Future (source: I'm Fight for
the Future's CTO). We've signed onto effort, but this is spearheaded by
Namecheap and other groups. I respect your opinion about sensationalizing, but
I disagree.

There are many individuals and organizations in the industry of Internet
governance who supported SOPA. More and more, the ICANN is writing rules that
overwhelmingly favor copyright enforcement and eschew anonymity, such as the
recent rule [allowing ICANN to cancel registrations for domains that don't
verify their contact details][1]

After SOPA failed, the vested interests that supported it have parted it out
and have been steadily chipping away at Internet freedom bit by bit. ICANN's
recent rules are one example. Trans-Pacific Partnership's [restrictions on
fair use][2] and expansion of copyright law is another. Rather than pass it
outright, the lobbying groups that supported SOPA are passing it little by
little.

The copyright and government surveillance industries have demanded an end to
online privacy, and now it's up to the few remaining people who give a shit to
keep the Internet from being completely taken over by malicious influencers.

[1]: [https://iwantmyname.com/blog/2014/01/icanns-new-rules-for-
do...](https://iwantmyname.com/blog/2014/01/icanns-new-rules-for-domain-
registrants-require-you-to-verify-your-contact-details.html)

[2]:
[https://www.techdirt.com/articles/20150328/07314930468/how-t...](https://www.techdirt.com/articles/20150328/07314930468/how-
tpp-agreement-could-be-used-to-undermine-free-speech-fair-use-us.shtml)

~~~
tptacek
Your comment doesn't rebut the argument 'tzs made, which is that there's no
evidence that MarkMonitor is a SOPA supporter. Neither of the two links you
provided even contain the string "MarkMonitor".

Would you mind please addressing the comment 'tzs actually wrote? It seems
like an important point, worth clarifying.

------
heimatau
I'm not sure where I read this but can't other domain registrars pull the veil
on WHOIS privacy? Like Google is/has a domain registrar within the company,
they have privileged access and can look behind the 'privacy'. A few years
back the SEO community were up and arms about it for a week or so.

I know this is worried about public knowledge but we don't really have
privacy, as far as I know, due to the privileged status of domain registrars.

~~~
duskwuff
No, absolutely not. This is why many registrars recommend that you disable
WHOIS privacy when transferring a domain; if it's left enabled, the "private"
email address displayed may not reliably forward confirmation emails to you.

There are some differences from registry to registry, but the .com/.net
registries don't even store contact information at the registry level -- WHOIS
is the _only_ source of contact information.

------
IGS_SEO
Anyone with any intelligence of the Internet/Web knows online bandits are
already having a field day with government data and public information online.
It is insanity for ANY company or organization to place ANY information online
without PRIVACY or ENCRYPTION. Website owners need to protect what they have
invested in from being stolen abused and misused worldwide. ICANN is playing
big-data, police state and does not care for the protection of business or
privacy. The fight for privacy is a MUST!

------
Sir_Cmpwn
My concern with WHOIS is less about privacy and more about how annoying it is
to update 20 domains when I move.

~~~
Animats
Won't your registrar change all of them at once for you? Who are you using? Or
do you have different contact information on each domain, in which case you
made your own mess.

~~~
Sir_Cmpwn
I've registered with several registrairs since no one registrair has all TLDs.

------
hackuser
Private Whois services, at least the implementations I've seen, have a big
drawback: You surrender your domain registration to the company providing
privacy.

------
pornel
If there was competition then instead of petitioning the unelected governor
we'd just take our business elsewhere.

How realistic is having an alternative DNS root?

------
jakeogh
I doubt the pyramid domain model is going to be the dominant way we find
resources in 10 years.

~~~
dogma1138
It's not the dominant way today, heck most people don't even use URL's anymore
they type it in Google...

As for the URI model i don't think that's going to change much, unless there
will be a complete abstraction which is something that companies like Google
are heavily pushing for, there are some merits for it, but you will also
relinquish allot of the control you have today.

I don't like HTTP/2 or WebAssembly for that reason much either, having a non-
ASII protocol and a browser that eats up only bytecode means i lose allot of
control over the content I'm getting served. Tho the advantages of it on a
technical level might be enough to shove all those concerns to the same drawer
i keep my tin foil hat in.

~~~
jakeogh
Good points, although I don't mean different ways of google breaking URI's
like #!. IMHO the net is much nicer to use without JS. Rather, I'm thinking
about a blockchain replacing DNS. Couldn't agree more that obfuscating
information behind code you must execute first is bad.

------
dogma1138
The big issue i have with this whole WHOIS privacy thing is that it does
absolutely squat to prevent governments and corporations from getting the
details but it makes it impossible for regular individuals to get the details
when needed.

I've seen multiple cases of activities raging from purely illegal activities
like phishing to simple griefing, and normally you can't do shit about it.

You can have phishing domains which are registered trough even basic privacy
shields operating with impunity and you can't do anything about it.

The police doesn't care, the privacy protection is structured in such a manner
that you need to get a court order in like 3 different jurisdictions which is
impossible even if you are a decent size business unless you have a lot of
money not to mention a small business or an individual.

If they are also running something nasty on that domain you might be lucky and
you can get their hosting company to cooperate the site will go down but
taking control over the domain name it self is nearly impossible.

Edit: Here is an actual case from personal exprience

UK Company with a mycompany.com domain with 1-1.5M GBP a year in revenue and
they can't get the mycompany.co.uk domain which is used for spam and phishing
taken off.

The co.uk domain is used for some annoying stuff and was registered by
"socialshop" and technically ENOM/Rightside but the NS servers and the actual
domain registration is handled by privacyprotect.org.

This whole thing was structured in such way that for anyone to talk to you you
had to file criminal and civil suits in Hong Kong, Australia, UK/EU and maybe
the US to deal with Rightside.

This isn't something that even most SMB's could handle unless it's a huge
drain on their business since this ordeal will probably cost more than a
yearly revenue for most small and medium businesses.

Luckily they hosted in France of all places and the hosting companies shutdown
the website without asking for anythig as soon as the abuse notice was sent.

It seemed like this was just a run of the mill automated phishing/spam
campaign so once the website was taken down all traffic from that domain
stopped, but they can revive it at any given time.

The whole deal was a bit odd and sad, ENOM did the domain registration and
then transferred all the control over the domain to the privacy service which
was used to register the domain in the 1st place. Heck they can't even take it
off since they can't touch the name servers of that domain since they don't
run it. The privacy service won't speak to you and will send you on a legal
wild-goose chase around the globe.

This isn't even a privacy/WHOIS issue honestly, the whole registration system
is designed to be abused because it's profitable that way.

------
Animats
ICANN is doing something quite reasonable. They're insisting that online
businesses can't lie about who they are. What's the problem with that?
Business operators that don't disclose their actual business name and address
are criminals in many jurisdictions: California [1]. European Union.[2]

The "respectyourprivacy" site raises the terrible fear that web site operators
might get spam. Big deal. You have spam filters, right? Or that a business
might have to have a telephone number that reaches someone. Any business which
doesn't, you probably don't want to deal with anyway.

I'm annoyed with the EFF for supporting this. They seem to want to make the
Internet a safe space for scumbags. Look who else is supporting this -
Namecheap, a bulk domain company. Who needs domains in bulk? Only scumbags,
with their spam and made-for-Adsense sites. Namecheap is worried that the junk
domain business might collapse. That would be a good thing.

I've had my real address and phone number on all my domains for two decades.
That info is also on my trademarks, patents, and D/B/A names. It's just not a
problem if you're not a scumbag.

[1] [http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=bpc&gr...](http://www.leginfo.ca.gov/cgi-
bin/displaycode?section=bpc&group=17001-18000&file=17530-17539.6) [2]
[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:...](http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:EN:HTML)

~~~
realusername
Your HN profile does not list an email address or phone number. Maybe you
should apply your own advice and add some details to not be part of the
"scumbag" people as you say. Or maybe you are just afraid to receive spam or
be harassed like everyone else, there are reasons not to have details.

~~~
Animats
I have a valid email address in my HN profile. There's no "publish email
address" option for HN, though. I just put my name and main web site in the
"about" box. I can be reached at "nagle@animats.com" if needed.

(That's an older site of mine; my main site today is "sitetruth.com". I also
have "aetherltd.com" as a hobby site. I'm "nagle" on all those sites, and
email works.)

