Most memorably, I reached someone who imported erectile dysfunction supplements from China, only to have them destroyed by order of the FDA because they were actually made with prescription drugs. He said he felt the manufacturer defrauded him and was happy to talk.
But that hasn't worked for me in at least three years, as far as I can remember. The robocall problem has just gotten ridiculous, so everyone's paying to be anonymous. I briefly had a domain registered without privacy protection a couple of years ago, sort of out of principle, and immediately started getting spammy calls about SEO services.
If you don't want your personal information to be visible thats very different to the full range of what whois can do. You can always use a proxy so there are options for privacy available. I've never got a single spam email/call from my whois data.
Also, ARIN only has allocations made in North America.
Plus, ARIN only covers North American allocations.
It's a pretty common thing with European providers, I think.
WHOIS blackout and redesign under GDPR should address the problem of some registries requiring non-obfuscated WHOIS (some even requiring me to put in the ID number of my ID card)
I get a ton of spam because of this. However, I'd rather have this system than one in which all the owners are secret. I've had to look up owner information before to contact owners of various properties, and having that hidden would have made that task impossible.
You can hide the ownership information of a house, if you pay extra money, by hiring a lawyer to create an entity and put the entity on the property, but then the lawyer has to put their address, and forward any requests on to you, just like the whois privacy folks.
I think it is a good thing that every domain has valid contact info.
The only way to get access to someone's address or phone number is to show up at the local community office and provide sufficient information (which means name + any previous address or known phone number registered with the office)
I think the same should go for domains. Unless you have a good reason (which IMO means spam complain, journalism or legal contact) you shouldn't be able to get any way to contact me. And for the above I have an imprint too which is protected against scrapers and spammers as best as I can unlike the WHOIS.
I don't mean to be cynical, but isn't this system also the one in which some people simply register their houses under a shell company?
The issue with this system is it also lets people look up where you live by name alone, which can be bad if you want to own your house and have a stalker problem. The map works 2 ways.
Disclaimer: Applies primarily to IL and FL, not an attorney, nor your attorney.
Also, the bit about mortgages means that mortgages rates are lower when appraisals are more accurate; the largest inputs to home value appraisals in the US are sales data and tax data.
As for house market - in other counties (where dará is more hidden) it still works. and as far as I know housing market in the US is quite... weird, so it seems this data doesn't help that much?
But in any case, those are the problems that transparency are trying to help solve.
Does your "valid" include domain registrars that provide WHOIS protection that includes forwarding messages to the protected owner?
And, honest question, why do you think that domains should have contact info?
Unlike WHOIS it's on a website so you can protect this information much more easily from scraping and spamming.
Plus I'm fairly certain providing temporary mail addresses (with decent lifetime) would also be okay.
Specialised Lawyer isn't quite right, a business that competes with you needs to file a complaint (IIRC from law course).
From what I understand the eventual plan for WHOIS to only allow access if there is truly legitimate interest. Everything else can be filtered over the registrar.
Uh, really? Where?
> Processing shall be lawful [...if...] processing is necessary for compliance with a legal obligation to which the controller is subject
The publication of personal information on whois cannot stop soon enough.
running a hobby project should not require you to share your private contact details with the world
I think ICANN is going to quickly realize that they will need to take an active role in brokering communication with domain holders; this way they will have to act as gatekeepers against spam.
I run a few small web sites, and in the past few years have gotten zero calls from devops types calling about a problem, and dozens, if not hundreds, of telemarketing calls, to a number that is only listed on my whois data.
They then handle all communications people want to send to you. More registration authorities should take stances like this.
Now if only they could get DNSSEC support...
Me: Are people who are not Canadian citizens able to purchase/register .ca domains? I've read that a Canadian phone number is needed for registration. Additionally, can a non-Canadian citizen get CIRA's WHOIS privacy for their domain?
Their Response: Thanks for getting in touch with CIRA, [redacted]. CIRA has 18 Canadian Presence categories, we require full contact information when an individual or a business is registering a .CA domain name. That doesn't mean you have to be in Canada to hold a .CA domain, many Canadian live all over the world and registered .CA domain names. A non Canadian could hold a .CA domain name but that would require them to either register a Canadian Trade Mark, Canadian Corporation, or hold a Permanent Resident card. The WHOIS information is "masked" or "privacy protected" when the .CA category of "Canadian Citizen - Individual" is selected.
So it looks like WHOIS privacy is not easily available if one isn't a Canadian citizen. I still like the model, however.
I'd prefer that they'd charge me 5 eurocents per query rather than using my time and effort to feed Google's AI.
See also https://www.denic.de/webwhois-web20/ for the .de registry's captcha.
I use Google Domains and it supports DNSSEC on my .ca domains.
Long term ICANN intends to create a privileged group (other registrars, law enforcement, etc) Who will be able to get to the full whois data. So a sort of tiered system. Expect this to take a minimum of a year. The ICANN multi stake holder model means nothing happens fast.
To a substantial degree it's privacy for the powerful and transparency for the weak. It should be the reverse: The powerful and government institutions should be transparent, and citizens should have their privacy.
Hear, hear! The most frustrating part of the Clinton email fiasco to me was the contrast between the rule bending going on at the highest levels in the name of privacy, and the pervasive monitoring that the rest of us are subjected to.
And trademark owners, of course. So that the Three Letter Corporation (TLC) can continue sending lawyers to wrestle away control over the domain of Theodore L. Clark's personal homepage initially set up in 1995 (and enthusiastically maintained since).
Because chaos and mayhem would result if there's even a single ccTLD where the "tlc" label is not assigned to the same one entity that just redirects it to their .com anyway.
GDPR was announced over 2 years ago, why are they only just starting now?
Even if ICANN only took GDPR seriously, their plan A was awful and their plan B was non-existent, see the thread further up: https://news.ycombinator.com/item?id=17081950
I understand it is a lot of annoying work, but adtech and data brokers (etc etc) have been gutting privacy and the internet for long enough. We've let it come this far, now we get regulated.
(disclaimer: I only started working on compliance this year, do as I say, not as I do ;))
But ICANN are delusional idiots, maybe because they get so much money from US intellectual property interests. They did nothing, and then seemed to think that they could get a moratorium on enforcement. But even their own Non-Commercial Stakeholders Group basically told them to get lost .
It's a fascinating story of just how terrible ICANN is. As always, the Register has a great write-up .
One thing it clear, they deserve it. I do feel bad for registrars though, and hope they had more sense than ICANN and developed a plan B.
Have we really? The first it cropped up on my radar was late 2017 and I'm in a business that adheres very strictly to EU DP best practices (so was already mostly GDPR compliant).
I'm not sure whose job it was to promote awareness of this but Britain's data protection agency certainly didn't do a good job of it given they've had my email address for years(!)
Not displayed due to GDPR
ARIN, RIPE, APNIC and AFRINIC run whois databases for IP space. Network operators use them to find who controls chunks of v4 space (ranging from the globally-minimum-announceable /24 to /12). ISPs can use tools like SWIP to point the whois for a block of space in use by a customer to that customer's whois info.
I sincerely hope that this doesn't become more difficult to use, because it will make basic network diagnostics at a WAN scale much more annoying.
The good news is that the typical ISP-level info in IP space whois databases doesn't fall under the GPDR, since most are role accounts (firstname.lastname@example.org , email@example.com, etc). Also generic phone numbers for NOC and network engineering groups. However, a lot of ISPs do currently have individual persons listed as points of contact in their whois entries.
I used to put fake info there anyway, I don't want my domain linked to my home address, or provide an easy way for spammers to get my email.
But don't remove it, it's a useful thing I use a lot, most of the times for security purpose, you see a suspicious IP address or domain while observing a packet capture, WHOIS tells you who owns it, you find in a log an IP address that tries to bruteforce into your server, WHOIS tells you who it is and gives you an address to contact and ask explanations, you need to find a person to contact if you have a problem with a website, contact the email address in the WHOIS record of the domain, you are sure that you are contacting the right person, even if the site gets hacked in the worst way the WHOIS record can't change.
I received a torrent of marketing mails for months even though I immediately changed it to a noreply mail address. We receive numerous complaints from customers who ignored our warnings.
And if that isn't enough, ICANN can fix this without compromise. One mass email. "Respond expressly allowing us to publish your PII, or lose your domain."
Contract doesn't trump law, and ICANN isn't a supernation that excludes actual sovereigns from governing behavior relating to it.
> And if that isn't enough, ICANN can fix this without compromise. One mass email. "Respond expressly allowing us to publish your PII, or lose your domain."
No, it can't, IIRC, because GDPR specifically excludes this kind of “agree or no service” from qualifying as effective consent.
It would also set the rather terrible precedent that ICANN can add terms after the fact.
Everyone has a right to privacy, and that's what the GDPR is about ensuring for EU subjects. Your thinking is extinct and I strongly suggest changing it, or fading away like everyone else who feels the same way.
This is far from an absolute. Each country more or less dictates the rights of their people, and many countries do not directly provide this right. As an example, the Indian supreme court only declared it a right last year, and most articles talking about it only list a very select few other countries as ones that provide this right.
And since GST, if you register a domain you are supposedly a business owner and need to provide a GST number mandatorily. Check these out with Net4.
Indian govt sucks big time when it comes to privacy.
What happens next - do patents and copyrights have owner’s right to be forgotten?
If so, then who do you sue for stealing your copyright?
The intent is good - let me be clear about that. But the implementation is having second order affects that are going to f* with things in a big way because it wasn’t thought through as thoroughly as it should have been. *
* Key thought here is that it might be extremely difficult to think through all the second order effects, which suggests to me that a better phase in process should have been implemented.
EDIT - Not sure why this is being voted down. If i’m Not clear here, then please see my follow-on comment for (hopefully) a more clear view of my position. I’m not saying Whois is stupid - I’m saying GDPR is (due to the lack of thinking around second-order effects).
In fact, IBM and Microsoft run this one, which is a global database.
So my question, is if Whois had to take their site offline due to GDPR, then will things like this go offline?
My concern is that GDPR will have a chilling effect not just on free speech, but on open information of many kinds.
PS - for reference, here is a good overview of the issues that an open patent database helps solve: http://oropo.net/oropo_report_20150615.pdf
I don't think the US patent database will go offline, the EU one might hide personal information like name and address unless you request access under legitimate interest.
That is, anyone but the public. Oh, EU, you've done it again.
There are lots things that fall under that category, but I haven't really looked into it deeply because in my work we don't have any data collected due to government regulations.
I don't even understand the question. Why would anyone "stealing" your copyright or patent register themselves in those databases? The purpose of those databases is to let the legitimate inventor/author inform everyone else that they "own" the thing, not to catch infringers.
So somebody’s random claim would look just as real as mine.
Sure, lawyers will have access to this, but now you have to talk with a lawyer to see if that job candidate really does own the patent.
It’s things like this that are stupid.
The reason the database is going dark is that ICANN has completely bungled this process, failing to address the GDPR in time (it was adopted two years ago!), and so now they have no choice but to take it down until they can fix it. And it might be that the future WHOIS database won't let you publish data, but that's ICANN's decision, not the EU's.
So to take it to the patent database, all that means is that the patent database must ask consent from the patent author and owner (assuming it's an individual) to show their personal data.
But let's assume they actually couldn't show names at all (which, again, is not the case). All you'd have to do with to get a (digitally signed) certificate from the patent office saying that you're the author, and then you'd send a copy of that to whoever you want. Hardly a terrible thing.
I'll say it again - people are underestimating the unintended consequences. And I believe they are severely underestimating it as well.
Anyone who uses the data of EU citizens should have known about it. They certainly had plenty of time to consider the effects of it on their own operations.
However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.
So regardless of how long ago it came out (and trust me, 2 years is nothing for dealing with something like this), it still wasn’t well thought thru.
For what it’s worth, this law affects my company, as we have clients that are EU citizens. But only those that live in the US with a social security number. (I work in finance). My company has one office with just a few people. I never heard about GDPR until earlier this year. So my question is what happens if someone files a GDPR issue with my company? My clients information is available all over the world via login to our staff. We travel to various places. So what happens now? Some law in a place I’ve not been in a decade (exempting EU-controlled islands in the Caribbean) has just put my company in a strange legal position. Am I going to spend tens of thousands of dollars with lawyers and consultants to figure it out? No. Why? Because it would put me out of business. Plus, as a financial company, I have a requirement for saving information for 7 years. All data? Hard to say, as the IS law leaves that discretion to my company (as it should be).
So this law was horribly thought thru. I’ll probably get downvotes for this, but wait a couple years and see how crazy fines affect companies large and small for innocent issues, and I’ll be proven right.
The GDPR has been discussed for well over 2 years. It came out in 2012. Before then, it was being discussed publicly. Its predecessor, the Data Protection Directive, has been around for a long time.
You really have no justification for calling it horribly thought through. Laws like this don't appear overnight and without wide consultation. In any case, if the requirement was to apply the law out every scenario before implementing it, pretty much no law would ever be implemented.
The aim of the GDPR is to make organisations treat personal information properly, not to penalise them for every little infringement. I very much doubt there will be enough capacity to deal with every minor offence; it's more likely that large companies or those with many complaints against them will be the first targets.
Ultimately, if you're not sure about something, you most likely aren't the only one. Things will become clearer as regulations and guidelines appear, and the first complaints are dealt with. If you believe you're behaving fairly, you're probably fine or at least that's something you can argue.
Hmm, so you're saying the US doesn't do anything like this? DCMA, FBAR & FATCA, etc, etc.
The only reason Americans are complaining about this one is that they're the ones having to comply with a very sane law. Or because they haven't read it, and have no fucking clue how it or privacy works.
> are EU citizens. But only those that live in the US with a social security number. [...] So my question is what happens if someone files a GDPR issue with my company?
Read the GDPR. Only companies outside the EU that specifically go after EU residents are in scope. It has nothing to do with e.g. EU nationals residing abroad.
So enough of this "woe is us" bollocks. It happens every post about GDPR, and I'm sick of the FUD tactics.
For what it's worth, FATCA, DCMA , et al really suck too, and I think those have terrible unintended consequences. But this post was about GDPR because that's what the topic of the oringinal post is.
And no, I'm not complaining about it - I'm saying it's poorly implemented.
And before you go off on Americans having to comply with a law OUTSIDE OUR JURISDICTION, how about we hold all of our crappy laws over your head. And fine you 4% of revenues for one of our bullshit laws? You wouldn't like it either, WHICH IS MY POINT - it's a poorly implemented law.
You seem super supportive of this law, but what will your position be when China "improves" their Social Credit system to require anybody in any country who deals with a Chinese national to report their information/conversation/etc to the Chinese govt within 24 hours of gathering the data? Will you support that because the Chinese have the noble goal of social stability? Or will you decide that in this particular case, and because you don't like their extra-territorial law, that "they can't do it." ?
I have no intention of reading the GDPR because IT'S NOT MY LAW ! Does that not resonate with you? I don't expect you to read the DMCA, FATCA, Patriot Act, etc, so why do you expect me to read yours? It has nothing to do with me (except for those unintended consequences that I'm trying to explain above).
And before you go off on Americans having to comply with a law OUTSIDE OUR JURISDICTION, how about we hold all of our crappy laws over your head. And fine you 4% of revenues for one of our bullshit laws?
Kind of hard to reconcile those two positions, given that the former is just a perfect example of the latter.
My point is that GDPR sucks (as does DMCA, etc). Extra-territorial laws have wide ranging unintended consequences, and hence should be avoided. That's why we have treaties.