[At-Large] Impressions from the Whois-Review
derek at aa419.org
Mon Jan 31 23:35:26 UTC 2011
On 2011/01/31 23:53, Avri Doria wrote:
> On 31 Jan 2011, at 15:56, Evan Leibovitch wrote:
>> It's only become that way because privacy advocates want
>> to obfuscate domain ownership (using proxies, etc) in such a way that would
>> require intervention through law-enforcement methods (ie, court orders).
> I would not call that obfuscation. I would call it protecting our rights.
> And why shouldn't due process be required?
> What I term Law and Order is when people want to skip the due process step and take the law into their own hands.
What do we call it when registrars and resellers abuse the trust put
in them, allowing parties to register anonymously knowing full well -
even encouraging a certain segment of the domain owner market that
targets innocent parties on the net via malware/spam/fraud, yet hide
the existence of non-existing real end user details behind layers of
laywers in disprate jurisdictions, deliberately so as to frustrate law
enforcement that may wish to follow due process on behalf of the
defrauded victims (who we also supposed to be represented here)
I pointed this out previously, nobody cared to comment.
> I am thankful for proxies that allow me to tell the truth on my registrations and keep the bad guys away from my door and stop them from calling me at dinner time. And as a user, I will grateful when I know that if I need to find a registrant who is abusing me, I will be able to work through the proxy and the courts to have that dealt with.
I agree with the first part. However do you believe that due process
will succeed in all cases? In most cases? Or will you perhaps reach a
dead end? And after how much expense? And at whose cost? And at what harm?
> The key is to make sure that registrants give accurate info and that proxy operators and registrars respond to lawful due process.
Agreed 101%. I would also like to impose that condition on proxy
>But as long as the those who insist that everyone hang out on the
network with all of their private information exposed, it is my guess
that this will never happen.
As you already said, the tools are there; "I am thankful for proxies
...". So I do not agree with you here.
However do you think that is why we have whois information like in the
My geographical knowledge may not be the best in the world, but even I
know Thailand is not in the USA. I have to be no genius to tell you
the telephone number is bad. All we have is an anonymous difficult to
trace email address.
There certainly is a desire for more than privacy by the registrant
here, in fact anonymity. However a UDRP would be too slow a process
and we need to ask why such domains exist and how come it is possible
that they enter the system. We also need to ask how many such domains
enter the system per day and their potential for harm to any unwitting
Unwitting is not illegal.
However, what about the actions of the domain owner?
Incidentally, thanks to whois data that is open, we see this
registrant is a repeat offender, spoofing the Reserve Bank of India.
So who will we defend here - the victim or the domain owner?
That brings us to a basic reality. Domains such as these, some with
obviously bad whois details, some with seemingly credible though
equally fake registration details and many hidden behind proxies, are
registered daily and for equally nefarious purposes.
The system is broken at grass roots level. To fix it and protect more
domain registrants and general internet users in a long term solution,
we would have to have a system whereby the registrant details are
verified before any form of domain registration would be accepted.
Blind faith, as long as you pay the domain registration fees, does not
Furthermore, any domain linked to commercial activity should not be
using a proxy. Are we going to deny any party the right to know who he
is dealing with? Contact details on a web page is just that, details
on a page.
We cannot use the car registration plate databases as examples for
domains. The take on processes differs vastly - verified versus
unverified. This would only be a painful process the first time as
future registrations could piggyback on the initial registration.
Where in the rest of respectable commerce and industry do you find
anybody willingly act as a proxy for a party you do not know and have
Trying to now use unverified details and give it a veneer of
respectibility by hiding garbage info behind a proxy (many times
themselves unverified and not a natural or legal person), would be
like trying to hide the dog's mess in a cupboard. Sooner or later it
is bound to stink. Ignore it even longer and anybody close may be
susceptible to disease or whatever is morphing in that cupboard. Yet
this is exactly what we are seeing and trying to do with domains.
It's simple: junk in, junk out.
Some may say that I am now tarnishing innocent domain registrants,
however by the same token domain ownership bears responsibility.
Separate the two and we have the joke that is the WHOIS system at the
start of 2011. The few spoil it for the bulk.
More information about the At-Large