[At-Large] Privacy and domain abuse vs the IP constituency

Patrick Vande Walle patrick at vande-walle.eu
Sat May 7 11:59:39 UTC 2011


Derek,

There can be no bargaining on  fundamental, constitutional or legal rights for individuals, in favour of the commercial interests of a few corporations.  

If such thing were to happen, that would be through the form of a proper, accountable, legislative process, not a parallel enforcement, judicial system set up by private sector companies in order to protect their vested interests. 
This is not the wild west anymore: we have institutions that are in charge of chasing, arresting and judging people who do things against the law. If these institutions do not do their job, talk to your congressman, vote for another party at the next election, i.e exercise your democratic rights as a citizen to influence the society and the administration that runs it. 

And please ask yourself: who you buy a Rolex from a stranger in the street ? If you did, you would only have to blame yourself for your foolishness. Would you buy a Rolex from a stranger on the Internet ?  The same answer applies. The only remedy against stupidity is education. 

I must say I am disappointed to read on a mailing list targeting the interests of individuals that they should give up one of their constitutional rights in order to be friendly to the IP constituency. 

Many lawyers in Europe consider the provisions regarding WHOIS in the RAA to be illegal in Europe. I know of at least one registrar that is under investigation of the data protection office in its country for possibly breaking the local privacy laws for individuals. It is only a matter of time before these provisions will not be enforceable in this part of the world. 

Registrars can be part of the solution, indeed. It only requires legitimate authorities to ask them, as long as they don't break the law. If they are asked by unaccountable vigilantes, asking things against the law, like revealing personal data,  don't be surprised they ignore them. 

Patrick Vande Walle



On 07 May 2011, at 00:41, Derek Smythe wrote:

> Hi Folks
> 
> Here is a more than excellent example of why domain abuse issues
> belongs at the registrar and why true privacy will not be possible
> until abusers are taken care of.
> 
> It all started off with a report of a phishing site. Doing a reverse
> lookup on the IP the domain was hosted on, we get the list included below.
> 
> Spending a bit of time on the search engines quickly shows numerous
> frauds related to the relevant domains. Digging a bit deeper keeps on
> leading to a specific "hosting provider" with a track record of these
> type of domains and even SSL certificate abuse.
> 
> Now, looking a bit closer at them in terms of whois details, we find
> gross privacy abuse for the domains used in fraud and fraud attempts.
> 
> For those that know how, looking very closely at them leads to victims
> to this fraud and details showing them all to be of the same origin as
> regards certain design elements.
> 
> Now, considering the background of the hosting provider, he
> specializes in these.
> 
> How do we counter the the IP constituency if they throw these examples
> at us?
> 
> How do we deal with this form of domain abuse? The authorities are in
> the know for a more than a while know. The SSL certificate providers
> are in the know as well. The domain registrars are in the know.
> 
> Doing a bit of backtracking leads to this post:
> http://www.jaguarpc.com/forums/showthread.php?t=24529
> 
> Now here is the sad part;
> Since that post, the hosting was terminated and simply moved to
> another IP at the same hoster, later we have two more more victims in
> Australia after this move.
> 
> http://www.rbol-uk.com/INT-UK/ (as I said, those that know how ...)
> 
> In fact the Nigerian hosting provider is simply moving hosting once
> caught out. In the meantime the "free one year privacy" is abused to
> for anonymity and to make tracking more difficult. Without finding,
> stopping and disabling these domains, the misery they create at the
> hands of the abusers continues.
> 
> As you will see, there is no easy way to do a 1-to-1 mapping of domain
> name against the spoofed domain, so more TLDs will just compound the
> issue.
> 
> It also does not help if we claim that domain names have no special
> meaning, in the eyes of the "ordinary user", how can
> http://www.barclaysonlineservice.com not be part of Barclays Bank PLC?
> 
> 
> 
> 
> Now ask yourself: what number of legitimate domain owners are targeted
> by lack of domain privacy vs what number of the public are victimized
> by domain "anonymity"? Which is the lesser of the two evils?






More information about the At-Large mailing list