[At-Large] I: [ALAC-Announce] ICANN News Alert -- Notice of Preliminary Determination To Grant Registrar Data Retention Waiver Request for Ascio Technologies, Inc. Danmark - filial af Ascio Technologies, Inc. USA

Thu Dec 17 22:29:41 UTC 2015

On 2015-12-17 07:44 PM, John R. Levine wrote:

> People with no experience with large networks, which includes pretty
> much everyone on the ALAC, often seem to believe that collecting less
> information about domain registrants always improves the privacy of
> Internet users.  The reality is much more subtle.
> 
> The vast majority of users have never registered a domain and never
> will, so WHOIS doesn't affect them, while the vast majority of domains
> are registered for commercial purposes, and a dismaying number for
> criminal purposes.  A large registrar often turns off 10,000 domains a
> day for malware, phishing, and other malevolent behavior.
> 
> The WHOIS information that most of the waivers concern is very useful
> for identifying and dealing with criminals.  That is so even though a
> lot of it is faked, since the crooks tend to have patterns when they
> fake stuff. I'm not guessing about this, I talk to people every day at
> network operators who are protecting their users and law enforcement
> who are protecting their citizens.
> 
> Registrars should certainly comply with their national laws, and I
> agree that some of ICANN's rules are silly, e.g., when they grant a
> waiver, it should automatically apply to other registrars or
> registries in the same jurisdiction.  But when you make it harder to
> tell who's behind a domain, you're also making it easier for criminals
> to siphon the money out of your grandmother's bank account.  That may
> be a reasonable tradeoff, but it's a tradeoff and one that deserves
> better than the kneejerk reeactions we always see here.
> 
> R's,
> John

+1

To illustrate the point, search for "fjrasile at yahoo.com". Hint:
Supplying bogus data has nothing to do with privacy. Also look at the
period over which those domains were registered with the registrar
constantly being made aware of the issue. You'll also find this party
uses more than one registrar.

This is just one of many such.

We also do not wish to subject the public to domains such as
eicu-ae.com (spoofing eic.ac.ae ); "beautiful" WHOIS not even meeting
the basic sanity checks. Yet we wish to hide this with privacy? Such
issues are seen daily on domains that are registered for purposes to
the detriment of the ordinary innocent user.

The problem is the majority of registrants are not malicious. But a
small handful are and they are extremely active in registering domains
with ever changing fake WHOIS details. Even fake WHOIS details may
leave patterns (as John said).

Ironically I've alerted victims of credit card fraud that their
details are being abused by a fraudster in WHOIS where the the pattern
did not match the other circumstances. Were it not for WHOIS, this
would have slipped past the victim due to the small amounts involved.

Here's the problem. Unaccountable privacy is nothing more than
anonymity and can be used to devastating effect against the ordinary
innocent people using the internet. Some Registrars have shown
themselves to not really do WHOIS sanity checks or care, some are
deliberately obstructive and discourage reporting fake WHOIS, ignoring
ongoing linked issues. The WDPRS system has shown itself to not be
effective in such cases. Some registrars simply does not care.

Laws differ from country to country. Some Registrars and resellers use
this as a strategic marketing tool to attract a certain type of
client. Some openly attract clients practising what would be
considered illegal activities, such a fraud, in Europe, the US and
most parts of the word, simply due to a jurisdiction issues and they
way local law is structured. So for a mere $10-$15 a repeat malicious
registrant can go jurisdiction shopping, targeting whomever he wishes,
even residents of the country he lives in.

E.g.: http://mediaon.com/Real-Whois-Protection.php
Ironically the initial home of the German "Fake Shopkeeper Gang" who
was responsible for Germany largest cyber fraud losses up to 2012.

The gang moved to 'Russian' reseller Heihachi (Home of the disavowed
Wikileaks copy). Later both the German gang and the Austrian owner of
Heihachi were arrested. The owner of Heihachi had a prior criminal
record, yet was a reseller for one of America's largest Registrars,
had fake whois details as was constantly pointed out to the registrar
and ICANN. So the reseller was offered a WHOIS proxy service by the
registrar. In turn Heihachi offered WHOIS proxy services for domains
belonging to carders, botnet herders, malware creators and
distributors etc.

Is this the Internet we we want?

The problem is law enforcement simply does not have the resources to
cater for all of the abuse found on the net. Then there is the
international social/political issues. This is no reflection on the
authorities, rather the state of the net and certain realities. That
is why the authorities rely on partnerships with other private groups.

Regards,

Derek Smythe
Artists Against 419
http://www.aa419.org