[At-Large] Impressions from the Whois-Review

Derek Smythe derek at aa419.org
Mon Jan 31 23:35:26 UTC 2011 

On 2011/01/31 23:53, Avri Doria wrote:
>
> On 31 Jan 2011, at 15:56, Evan Leibovitch wrote:
>
>> It's only become that way because privacy advocates want
>> to obfuscate domain ownership (using proxies, etc) in such a way that would
>> require intervention through law-enforcement methods (ie, court orders).
>
>
> I would not call that obfuscation.  I would call it protecting our rights.
> And why shouldn't due process be required?
>
> What I term Law and Order is when people want to skip the due process step and take the law into their own hands.

What do we call it when registrars and resellers abuse the trust put 
in them, allowing parties to register anonymously knowing full well - 
even encouraging a certain segment of the domain owner market that 
targets innocent parties on the net via malware/spam/fraud, yet hide 
the existence of non-existing real end user details behind layers of 
laywers in disprate jurisdictions, deliberately so as to frustrate law 
enforcement that may wish to follow due process on behalf of the 
defrauded victims (who we also supposed to be represented here)

I pointed this out previously, nobody cared to comment.

>
.....
>
> I am thankful for proxies that allow me to tell the truth on my registrations and keep the bad guys away from my door and stop them from calling me at dinner time.  And as a user, I will grateful when I know that if I need to find a registrant who is abusing me, I will be able to work through the proxy and the courts to have that dealt with.
I agree with the first part. However do you believe that due process 
will succeed in all cases?  In most cases? Or will you perhaps reach a 
dead end? And after how much expense? And at whose cost? And at what harm?

>
> The key is to make sure that registrants give accurate info and that proxy operators and registrars respond to lawful due process.
Agreed 101%. I would also like to impose that condition on proxy 
providers.

 >But as long as the those who insist that everyone hang out on the 
network with all of their private information exposed, it is my guess 
that this will never happen.

As you already said, the tools are there; "I am thankful for proxies 
...". So I do not agree with you here.


However do you think that is why we have whois information like in the 
following domain:

horizonbanck.com

My geographical knowledge may not be the best in the world, but even I 
know Thailand is not in the USA. I have to be no genius to tell you 
the telephone number is bad. All we have is an anonymous difficult to 
trace email address.

There certainly is a desire for more than privacy by the registrant 
here, in fact anonymity. However a UDRP would be too slow a process 
and we need to ask why such domains exist and how come it is possible 
that they enter the system. We also need to ask how many such domains 
enter the system per day and their potential for harm to any unwitting 
internet user.

Unwitting is not illegal.
However, what about the actions of the domain owner?
Incidentally, thanks to whois data that is open, we see this 
registrant is a repeat offender, spoofing the Reserve Bank of India.
So who will we defend here - the victim or the domain owner?

That brings us to a basic reality. Domains such as these, some with 
obviously bad whois details, some with seemingly credible though 
equally fake registration details and many hidden behind proxies, are 
registered daily and for equally nefarious purposes.

The system is broken at grass roots level. To fix it and protect more 
domain registrants and general internet users in a long term solution, 
we would have to have a system whereby the registrant details are 
verified before any form of domain registration would be accepted. 
Blind faith, as long as you pay the domain registration fees, does not 
work.


Furthermore, any domain linked to commercial activity should not be 
using a proxy. Are we going to deny any party the right to know who he 
is dealing with? Contact details on a web page is just that, details 
on a page.


We cannot use the car registration plate databases as examples for 
domains. The take on processes differs vastly - verified versus 
unverified. This would only be a painful process the first time as 
future registrations could piggyback on the initial registration.

Where in the rest of respectable commerce and industry do you find 
anybody willingly act as a proxy for a party you do not know and have 
not verified?

Trying to now use unverified details and give it a veneer of 
respectibility by hiding garbage info behind a proxy (many times 
themselves unverified and not a natural or legal person), would be 
like trying to hide the dog's mess in a cupboard. Sooner or later it 
is bound to stink. Ignore it even longer and anybody close may be 
susceptible to disease or whatever is morphing in that cupboard. Yet 
this is exactly what we are seeing and trying to do with domains. 
It's simple: junk in, junk out.

Some may say that I am now tarnishing innocent domain registrants, 
however by the same token domain ownership bears responsibility. 
Separate the two and we have the joke that is the WHOIS system at the 
start of 2011. The few spoil it for the bulk.


Derek

More information about the At-Large mailing list