Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Internet Your Rights Online

Congress (Still) Looking at whois 66

Posted by michael from the let-your-mouse-do-the-walking dept.
bief writes: "A NY Times [free reg., blah, blah] story examines the whois database debate and provides a fair reading of the current situation about the list that which is being abused by 'marketers who regularly cull the Whois database for e-mail addresses and phone numbers to add to their spam lists.' Responses from registrars to the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property were due on February 1st, but Chris J. Katopis, counsel to the subcommittee, said that as of last week many registrars had not replied. 'If they're not going to respond to a government inquiry,' he said, 'what are they going to do to respond to an aggrieved individual when something happens?'"
This discussion has been archived. No new comments can be posted.

Congress (Still) Looking at whois More

Congress (Still) Looking at whois

Comments Filter:

  • Coincidence? (Score:5, Interesting)

    by UnifiedTechs ( 100743 ) on Saturday March 02, 2002 @08:02AM (#3097282) Homepage
    This is funny, I got this E-mail in my box seconds before this story was posted.

    I visited WWW.GEEK-HOUSE.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website.

    The address I got this E-mail on is NOT shown on the site and is ONLY listed on the whois, I've managed to keep this account spam free for over a year till now.
    • Consider using the myprivacy.ca whois-harvester-buster [myprivacy.ca]. Create a free @myprivacy.ca e-mail address, and then use it in your whois information. If you've registered your domain from (and admittedly small set) of participating ICANN registrars any mail from the registrar will be forwarded to you automatically, but if someone else sends e-mail to the myprivacy.ca e-mail address they have to answer a simple confirmation e-mail before their e-mail will be forwarded to you.

      Of course, this doesn't help if the registrar [netsol.com] decides to send you spam...
    • The wois database once was a worthy resource for internet administration.

      Yet another good thing is destroyed by spammers. Folks, frankly, I wonder when will we start really doing something against these subhuman vermin ? The poison every well they touch, the steal other people's resources and they don't bother detroying whatever they use to advance their cause.

      Put Spammers to jail !

    • The address I got this E-mail on is NOT shown on the site and is ONLY listed on the whois, I've managed to keep this account spam free for over a year till now.

      Under ICANN rules all registrars are obliged to make their customer names available to SPAMers. This provision was insisted upon by the new registrars who wanted to be able to SPAM Network Solutions customers with offers to switch.

      Off course once they had their own customer databases a lot of the registrars have decided to take their customer databases offline. As a result it is quite likely that the mandatory listing rule will get dropped.

      Some of the slimier SPAMers make the start of their mail appear to be a Network Solutions renewal notice.

      Meanwhile lots of privacy minded folk have registered their domain names under false names and addresses which is fine, until they wonder why they have difficulty renewing.

  • Anyone who registers a Web address must provide the company that handles the registration with a name, mailing address, e-mail address and phone number -- certainly, not an unreasonable amount of information to exchange in a business relationship.

    But everyone may not realize that this information is made available to the public in a searchable database called Whois, enabling Internet users to look up any Web address and find out -- in theory, at least -- who owns a particular address. The database is accessible through the Web sites of most registrars, or at some independent sites like betterwhois.com.

    In practice, savvy holders of Web addresses know they can circumvent the system by entering fake information -- resulting in Web sites registered to John Q. Smith on 1234 Main Street or a site owner reachable only through a cryptic e-mail address.

    In some instances the subterfuge is meant to hide online scams or other illegal activity. But in many cases the aim is simply to preserve the privacy of the site owner or to outwit marketers who regularly cull the Whois database for e-mail addresses and phone numbers to add to their spam lists.

    The conflicting motives, and the competing agendas of those interested in finding this information, have lined up various interest groups on opposite sides of a continuing debate over the Whois database. Namely, how much information should be made available to the public about the individuals and businesses that have registered more than 35 million Web addresses (or domain names, as they are known in the trade)? What restrictions, if any, should be placed on who has access to this data?

    On one side of the fence are law enforcement agencies, intellectual property owners and marketers. All of them favor a more accurate, widely accessible registry of domain-name holders, although for different reasons. Investigators and lawyers have been frustrated to find that suspected criminals and copyright infringers can hide behind fake data given to a registrar, which itself may not know the true identity of some customers who have registered domain names. (Some registrars do not even bother to verify credit card data, so a site registered with a stolen card could function for months before anyone bothered to cancel the address.)

    Marketers have a different agenda, perceiving a gold mine of leads in databases they buy from registrars. Although marketers agree not to contact potential customers by e-mail or phone when they buy this data, some registrars privately acknowledge that this promise is routinely broken and that skilled entrepreneurs can capture the same data free -- whether by filtering from the Web's data stream, setting themselves up as registrars or using various other means.

    On the opposite side of the fence are privacy advocates and many consumers and businesses that have registered Web addresses. They generally prefer some restrictions on who can have access to their contact information.

    Registrars, for their part, are of two minds on the issue. They do not want customers angry about who may view their personal data; nor do they want to be responsible for verifying that registrants have submitted accurate information. But as revenue from domain registrations is sagging, some registrars see marketing their data as a source of income.

    The Whois debate has been brewing for some time, but it could come to a boil soon, as Congress, the group overseeing the Internet's address system and privacy advocates all weigh in on how well the system is working. In December, the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property sent letters to 50 United States registrars requesting information about whether and how the companies verify customer data and how they deal with complaints about fraudulent information.

    Responses were due by Feb. 1, but Chris J. Katopis, counsel to the subcommittee, said that as of last week many registrars had not replied. "If they're not going to respond to a government inquiry," he said, "what are they going to do to respond to an aggrieved individual when something happens?"

    Although Congress is focusing primarily on the validity of information in the Whois database, registrars are pessimistic about the prospect of verifying customer data.

    "It's an unsolvable problem," said Larry Erlich, president of DomainRegistry.com, a small registrar based in Bensalem, Pa. Even if registrars tried to weed out obvious problems with a registration, he said, customers could easily change their contact information later.

    Registrars say that with the small profit margins in the business, they cannot afford more extensive screening.

    "To require verification by human beings, I would guess, is going to be cost-prohibitive for most of the industry," said Elana Broitman, director of policy for Register.com (news/quote), one of the largest registrars.

    Register.com is still involved in a lawsuit it filed against Verio, a company that registers domain names and provides other Internet services. Verio is appealing a court ruling that prevented it from using Whois information to market its services to customers of Register.com.

    That lawsuit, among other things, led the group that oversees the domain-name system, the Internet Corporation for Assigned Names and Numbers -- or Icann -- to appoint a task force to study some of the issues surrounding use of the Whois database. The committee is still compiling a report based on more than 3,000 responses to a survey last summer.

    In the meantime, privacy advocates are concerned about the prospect of an even more comprehensive database of domain holders being developed by VeriSign (news/quote), the company that formerly had a government- granted monopoly in the domain registration business. Unlike the current Whois database, which does not include all of the new domain extensions or those assigned to specific countries, the universal Whois repository that VeriSign is developing would be able to search for any domain name.

    Sarah Andrews, research director for the Electronic Privacy Information Center, a privacy rights advocacy group, said the organization was following the development of the universal Whois closely. "We think there are significant risks to privacy, anonymity and free speech," she said, adding that the center is particularly concerned about the right of individuals, especially in less open countries, to publish online anonymously.

    "We think there could be a distinction drawn between individuals and commercial domain-name holders," she said, "and that individuals would not necessarily have to register their names and contact information."

    Miriam Sapiro, director of international policy for VeriSign, said the company was moving forward with development of the universal Whois, according to the terms of its contract with Icann.

    "A lot of people want a better system for accessing information -- what kind of information is yet to be decided -- about domain- name registrants, on a universal basis," Ms. Sapiro said. VeriSign's work is "a technical effort," she said, adding, "It's not intended to get into policy issues that are the proper purview of Icann."

  • In my opinion the database houses more information then it needs. WHOIS shouldn't have all this information, the only way it can be used in the first place is to invade ones privacy. If their doing something illegal with their domain then they'll hide their names, if their not, then the information is useless to anyone with good intentions. If you want to know something about the person who owns a domain, go to their site and find a way to contact them and ask. It's our right to be anonymous if it so pleases us. Grrr... congress will push for the whois to have valid data, and then make it "private" (private means only accessable to the government or those with money.) Big brother 0wnz j00.

    • Not all domains have a "web site" (Score:5, Insightful)

      by satch89450 ( 186046 ) on Saturday March 02, 2002 @10:45AM (#3097515) Homepage

      If you want to know something about the person who owns a domain, go to their site and find a way to contact them and ask.

      Really? Try to contact me, the administrator for satch-test DOT com, modem-museum DOT org, or even jimgalloway DOT com without resorting to the WHOIS database. Or the Slashdot User Information for this ID. :)

      Congratulations. Not every name has a "site" associated with it, contrary to your unwarranted assumption. I hold several domain names to which a web site (1) has not been created because I haven't had the time, (2) will never have a web site because it's used only for electronic mail and other, non-Web, Internet applications, (3) used to have a web site but now is gone, and (4) is intended for secure HTTP traffic with draconian access controls so even if you did figure out how to gain initial access you wuould have to be a cracker to get past the authenticaion that protects the content from the eyes of just anyone.

      The information in the contact information portion of the WHOIS record for those domain names is real, and the spam traffic level is low...for now.

      Please remember there is more to the Internet than just the World Wide Web and P2P file sharing.

    • You, sir, are seriously mistaken. You, like the vast majority of idiots in the world, mistakenly associate "the web" with "having a domain name." It was some brilliant marketing ass (at netsol probablly) that started the whole notition of "getting a web address" instead of "registering a domain name." (The concept of a domain name was too hard for most companies to understand.)

      And by association, most people mistakenly believe the only reason to have a domain name is to have a web site. This has never been true. By extention, as you have proposed, most of these mistaken individuals expect to find detailed, accurate ownership and contact information at said web sites. I have enough trouble finding contact information for actual companies and you expect to be able to find contact data on any random individual's web site?
    • There is a very good reason to have valid whois contact information: so that the reponsible parties can be tracked down and the problem resolved Last week, for a period of about 30 hours, my email server got slammed with over 30,000 copies of the same spam. The spammer aparantly rooted some newbie's RedHat box and installed his sendspam script on it. Aparantly he didn't know how to write code, because it kept sending the same message to the same 20 or so people over and over. Thanks to a little work with dig and whois, I was able to get a phone number for the guy who owned the rooted redhat box and was able to get him to shut it down. [A little more investigation of the addresses used on the spammed webpage led me to the spammer himself. Now I'm going to get a chance to try out all the things I learned from spamcon [suespammers.org].]

  • As Bungie of olde would've said: (Score:1, Insightful)

    by Anonymous Coward
    .blam the .spam !
  • On one side of the fence are law enforcement agencies, intellectual property owners and marketers.
    On the opposite side of the fence are privacy advocates and many consumers and businesses that have registered Web addresses.

    And on which site are the network administrators, which use this information trying to keep their network free of unwanted junk (spam, scans, attacks etc) and to alert other people with broken systems?

    • I agree that, the whois should be protected by some kind of official use only clause. Anybody can look, but the info can be used for official uses such as tracking spam, owners, technical problems.

      The biggest problem would be actualy getting the law written that does this, only this, and wouldn't be twisted to pieces by the lawyers.

      Sure maybe your Aunt Sally might get a little freaked by the notice, but hey she'd be pretty low on the radar compared the asian's who can send 100k SPAM's a hour.

      a little off topic but i got SPAMMED by Microsoft the other day, after all the hype about security and privacy and evil-hackers, the send a Email pimping Visual Studio .NET is here! to a non-existant user!

  • Good initiative (Score:4, Informative)

    by Daath ( 225404 ) <lp AT coder DOT dk> on Saturday March 02, 2002 @08:20AM (#3097308) Homepage Journal
    The administrator of DK-TLD has already implemented some security for the Danish registrants - You can't do a whois on .dk domains any more - You must use their website to get the information... Also you can contact them, and have them hide your email, snail mail address etc so you can actually be sort of anonymous.

    • Re:Good initiative (Score:3, Informative)

      by jjon ( 555854 )
      The .uk domain is even stricter - only the name of the person who registered the site is publicly available.

      Lookup my .co.uk domain [samspade.org]

      In the UK, we have a law called the "Data Protection Act" that protects all "personally identifiable information". This covers my name, e-mail and postal addresses, telephone number, etc - in fact basically anything that's held in a computer and can be retrieved by searching on my name. Companies are not allowed to gather, hold, disclose or use this information without my consent, and if they don't have a good reason to keep it (e.g. if they're just using it for advertising) then I can ask them to delete it.

      This law also stops spammers operating from the UK - they can't legally make a list of e-mail addresses without getting consent from the people involved.

      It's a pity the US doesn't have similar laws.

      • You do not need to register under the data protection act in order to hold a list of email addresses. If you were holding meat-space addresses then you would have to register.
        • That's almost certainly wrong.

          The Act isn't explicit about email addresses as far as I know, but it certainly is implicit: data is "personal" if it can be used to identify a living person. I think most courts would not accept a defense if you tried to claim that an email address like john.doe@hotmail.com was NOT personal data. They probably would also take the same view about 122492,29910@compuserve.com as well.

        • It's a pity the US doesn't have similar laws
        Dude, the US has hundreds of thousands of laws. We enforce maybe less than 1% of them. And even if we did have such a law, people would end up spending years in courts holding people to it.

        See, in the US, the courts don't have much to do with right and wrong, morality, ethics, common sense, or even the actual law. The courts are merely the fist(s) welded be bullies. Whomever has the most money to hire the most lawyers and argue the longest almost always wins. It's the threat of the suit that does the work -- everyone may know the case is baseless, but it'll cost thousands of dollars and years to prove it. (And if it ever does approach an actual court room, the case is magicly "settled" or dropped.)

  • Tag your data (Score:1, Interesting)

    by Anonymous Coward
    When I created my domains (1994 and 1996), they got created with some unusual data in the "company name" field thanks to my ISP's registration process. One was someone's guess at what my domain stood for, and so on.

    The "organization" names have never existed in any other form. I've been getting mail with them in the address for years now. It's obvious who's scraping the whois registries.

    These days, I've added another line to my address information listing the registrar and approximate age of the update. Nobody's mailed one of them yet, but it's only been a couple of months.

    NSI and friends need to salt the databases with spam traps and LART anyone who mails them. Give unique salts to each query and see what happens.
  • I've done both depending how visible or `phony' the website I was setting up was. But that didn't make much difference: got spammed equally every time :(
    Never gave a real telephone number, though.
  • I have a few domains registered.. and I've also gotten spammed in the form that is being discussed, its a pain in the ass, I provide the correct info so that I can be informed in case any problems arise.. but to have my info used for spamming purposes kinda pisses me off and makes me wonder if I should have just put incorrect info and put an email address that goes to a spam-box that gets checked occasionally.. I wonder if people ACTUALLY just put in fake info just to avoid spam ( I'm sure people do this. ) and inasmuch probably missed out on some info ( I have gotten some comments from people about some domains I host that I thought were valuable so I was happy to have my email on the whois record.. )

    Seems that spam is kind of making good info go to shit.. since people do NOT want to get spammed so htey put fake info.. kind of a shame since if they did not use it for spam, it'd be a nice viable database to use for contact info..

    Down with the spammers! why the hell cant we sue 'em? they're shoving it down our throats, lets go shove it back down THEIRS!
  • They're the only one who are sending me regular postal mail. Everyone else is sending mail to my mailbox I just keep for spam... that only gets checked once a month or so, or whenever I sign up for anything that needs a "valid email address." Since this address is the one thats in my WHOIS data, that's the only mailbox that gets spammed.

    -Rick
    ..."Wow... that last lightning was really clo%$#&%^ NO CARRIER"
  • There are actually two distinct databases: one for domain names, and one for IP addresses. The domain name database is not essential for operating the network. However, it is absolutely REQUIRED to have valid contact information in the IP address registry. Otherwise you cannot contact network administrator to alert them of problems. As a result, fewer problems will get fixed in a reasonable time frame, and the overall quality of the network degrades.

    Entries for IP addresses have few privacy problems. Usually, not the end user is listed in the WHOIS database, but the ISP. It would be disastrous if misled privacy advocates and policymakers abolished this database.
    • Actually, there are many, many, many Whois databases. Check out section 2.1 of this [ietf.org] Internet draft for an overview of them. (I'm listed as co-author, but Andrew Newton did 95% of the work.)

      I work in the database group at the RIPE NCC, and there are actually more privacy problems with the IP database than I'm comfortable with. We do our best to protect user information, but of course we also have an obligation to make the information available to those who genuinely need it. It's a tough balance to maintain, since we are a public resource, and do not require registration of any kind to access the database.

      The Regional Internet Registry (RIR) community has guidelines defining the largest network that can be listed without providing end-user contact information. Currently, any network bigger than a /29 (more than 8 IP addresses) needs to have contact information of a person on-site.

      One of the great things about the RIPE NCC and the other RIR's is that if you don't like the policy, you can change it. :)

  • SPAM (Score:1)

    by MRe_nl ( 306212 )
    The only email-adress I really get a lot of spamspamspam on is actually the one I use for ./
    Using a different adress for various activities
    on the net will at least identify the source of of the spammers info!
  • I can understand why they need all your information, but since it's inception I cannot undertand why it needs to make them publicly available.

    What should happen it that this information be held in a repository somewhere that must be asked for by the relevant authoritive bodies such as the Government (concensus, stats, etc) and the Court of Law. Personally I see this no different to publishing my credit card number - becuase on the internet I demand some sort of anonyomity, and I don't wish my address, email and daytime telephone number to be broadcast to any CowboyNeal whose trying to sell his porn banners.

  • whois house.gov (Score:1, Informative)

    by Anonymous Coward
    How's this for a response? Imagine that poor Adams guy getting called by 250,000 /.'ers. With 3 numbers listed, at least one of them has to be accessible. And it's the House I.S. guy, if we piss him off he can just stop all email for the representatives until they do something

    U.S. House of Representatives (HOUSE-DOM)
    Ford House Office Building
    Washington, DC 20515

    Domain Name: HOUSE.GOV
    Status: Active

    Administrative Contact:
    Adams, Joseph L. (JLA1)
    (202) 692-1337
    JOE.ADAMS@MAIL.HOUSE.GOV

    Domain servers in listed order:

    MERCURY.HOUSE.GOV 143.231.1.67
    CADMIUM.HOUSE.GOV 143.231.249.195

    Record last updated on 16-Jan-02.

    Information Systems, U.S. House of Representatives (NET-HOUSE2)
    2nd and D Street, S. W.
    Washington, D.C. 20515
    US

    Netname: HOUSE2
    Netblock: 143.231.0.0 - 143.231.255.255

    Coordinator:
    Adams, Joseph (JA1117-ARIN) joe.adams@MAIL.HOUSE.GOV
    (202) 226-6194 (FAX) (202) 226-0123

    Domain System inverse mapping provided by:

    MERCURY.HOUSE.GOV 143.231.1.67
    NS3.CW.NET 204.70.25.234
    CADMIUM.HOUSE.GOV 143.231.249.195

    Record last updated on 27-Jan-1998.
    Database last updated on 1-Mar-2002 19:57:27 EDT.
  • While I find it an appalling state of affairs that spammers trawl domain registrations simply so they can send out unsolicited advertising, on balance I'm in favour of keeping the system largely as it is.

    Without the ability to lookup the owners of domains and individual IP addresses, it would be much harder to register complaints to ISPs about the torrent of spam that's coming into my mailbox. Traceroute's a useful tool for finding out who a spam host's upstream provider is, but it's not as reliable as whois for getting contact information. If there's no reverse lookup for an address and ICMP packets are screened out several hops out from the offending host then there's no other tool to locate the owner or their provider.

    What's really needed are tougher data privacy laws. The US falls far behind the EU in this respect - it seems that once someone has your address it's impossible to prevent it being sold on to third parties in the States. Though legislation isn't the solution to every problem, banning unsolicited commercial bulk eMail would be a good place to start.
  • What if whois makes a list of visitors/domains, and any mailserver can look at it, decide if it is spam.
    If someone wants to REALLY contact the site holder, let them find a second site that lists them. It would be too much of a bother for anyone who does this on a regular basis.
    Besides, phone lookup would list anyone any(w)hoo ;)
    There may be a time when servers only allow from a contact list, cull the rest. I can imagine it would kill terabytes of pink mailstuff...
  • I manage a whole gambit of domains. I just list my email address as "domainreg@[my main domain].com" on all my whois records. It beats using my personal (or business) addresses. The only thing that ever comes to that address anyhow is renewal reminders from my registar and the rare bit of spam.

    Now... snail mail.. that's a different story. I get (no exageration) two bulk mail cards every single day a telling me that I, too, can accept credit cards today!
  • The NY times, like other similar sites, has a user called 'cipherpunks' with password the same. (Sometimes someone spelled 'cypherpunks' instead, of course.) I suggest everyone uphold this fine tradition (user 'slashdot', maybe?)

  • Not a real Problem (Score:2, Interesting)

    by lostchicken ( 226656 )
    I run my own e-mail server, so I obviously don't sell my address.

    I have three domains in my name with my real e-mail address, and post to slashdot and USENET with my real email address.

    I have never, in 2 years, recieved a piece of spam. The only reason I can see for spam, is people having their addresses sold by their ISP. WHOIS hasn't hurt me, and in two years, I should've been hurt if there was anything wrong.
    • If you have a three or four letter username in your email address, you WILL get spam. I've watched spammers hit my email server with a full dictionary attack. They then remember the email addresses that didn't bounce. It is really irritating to see 1000 msgs failing to be bounced in your queue...

      So the ISP does not have to sell your email address for you to get spam

      --Jeff
    • I have never, in 2 years, recieved a piece of spam...

      I run my own e-mail server...

      Are you sure it's working?

      I've had tagged domain addresses since '94 and get spam both postal and email to addresses on whois records that were deleted up to 5 years ago. IME the mean time between registering a domain and getting spam to that address is in days, not months. I'm pretty sure I'm not selling addresses from my mailserver too.

      It really isn't tough to generate lists of email addresses to newly registered domains.

    • Your mailserver must not be working or there is a spam filter upstream of it. I was getting about 10 a day to the e-mail I used in the domain registration. I just killed that mailbox and put an @spamcop.net address in there. Hopefully, there won't be as many that are stupid enough to send to that one.

      BTW, your e-mail is hidden in your Spamcop posts; although, I don't think Spamcop posts are much of an issue, because it's not a very crawlable web site.

  • Congress has no constitutional authority... (Score:5, Informative)

    by dada21 ( 163177 ) <adam.dada@gmail.com> on Saturday March 02, 2002 @12:00PM (#3097707) Homepage Journal
    We can not allow Congress to do this. The Constitution prohibits them from regulating this industry. If we don't want our information available on whois, we must find a private market solution. I just can't believe people would want MORE government in an area where the lack of government has propelled all of our lives to higher standards.

    If you dislike the whois database containing your information, let's e-mail, call, and write letters to the organizations telling them we want more privacy. Eventually, we must find a way to find a provider who will offer us the privacy we want.

    Or, use the free market solution -- create an e-mail address you don't use, and check it once in a while for important e-mails. Filter out anything but what comes from your ISP or registrar.

    • What Constitutional provision prevents Congress from regulating the Internet, domain registration, Internet commerce, etc?

      The Supreme Court examined the CDA and COPA without ever once even hinting that Congress cannot regulate these areas. The only question they asked was how much Congress can regulate speech on the Internet. Also, courts (but not the Supreme Court, to my knowledge) have routinely enforced anti-cybersquatting laws.

      Either Congress can regulate in this area or the Supreme Court is misinterpreting the Constitution (a proposition of questionable possibility). On my reading, of the constitution, it is the former.
    • We can not allow Congress to do this. The Constitution prohibits them from regulating this industry.

      Actually, I would have guessed that the Internet is about the ultimate in "Interstate Commerce", which Congress is not only allowed to regulate according to the Consitution, but is actually expected to regulate (because who else can, the states?)

    • I just can't believe people would want MORE government in an area where the lack of government has propelled all of our lives to higher standards.


      The US government [whitehouse.gov] has had nothing to do with computing?

      What was that project called again? Arpanet [webopedia.com]?

      I would also assume that various colleges/universities such as MIT and Berkeley had some degree of government funding, and projects such as Unix [webopedia.com] and X [x.org] wouldn't quite be the same without them.

      Let's face it, various problems have been allowed to continue due to a lack of government intervention. Think about how much spam is sent (regardless of whether you filter it -- it's still sent halfway around the world). Think about everybody (even non-companies) getting a .com domain without even trying, leading to the .biz nonsense.

      On the other hand, recent moves by the current conservative government to place backdoors in cryptographic software, and the existence of the 3ch3l0n spy system could well be used to show negative government influence.

      You can say what you like about government intervention (and no doubt the libertarians here will), but you can't deny that the US government has had a profound influence on the computing industry.
    • If you doubt the constitutional validity of Congress's regulations, feel free to bring the matter to the US Supreme Court, which is the ultimate arbiter of what is and what isn't constitutional. I suspect whatever Congress will do will be tested constitutionally within months (the test may be a few dozen attorneys looking at it and deciding that a constitutional challenge is hopeless).

      The US government may sometimes behave in ways you don't like, but that doesn't make them illegitimate or their actions unconstitutional. We live in a democracy, and that's what you have to deal with in a democracy. It's not great, but it sure beats any of the alternatives anybody has been able to come up with. Or, to put it differently, imagine how much worse off we would be if idiots like Bush actually were kings.

  • A whois solution (Score:2, Insightful)

    by MrIcee ( 550834 )
    Actually - removing whois in an attempt to curtail spam is backasswards. ISP's use whois frequently to FIGHT spam and abusers. By traceroute(ing) the sender of the spam, or a network abuser - we can tell the up stream providers, etc. A simple nslookup and then a whois usually gives us the phone number and email address of someone to call to report the abuse. By removing (especially) phone numbers and email addresses from the database it will be much more labor intensive to trace down companies and complain about abuse.

    A better change would be to return email back to it's pre-attachment days (which would make using it for spam more unattractive - as well as shrink the size of the documents and make the net more secure in general).

    Leave whois alone... or make it such that it won't allow datamineing. But don't remove our ability to locate and communicate with owners of domain names!

  • Shooting themselves? (Score:2, Insightful)

    by leeward ( 313589 )

    Seems to me that culling addresses from a whois database for the purposes of spamming would be somewhat self defeating. Maybe I am offbase here, but I would expect that email addresses in whois records would have a far lower than average percentage of people who would fall for spams, and a far higher percentage of people who will complain. And sometimes those complaints actually get spammers nuked (yea I know, rarely).

    Still, I would think that if a spammer actually thought it through, they would use the whois database to do list washing, to minimize complaints.

  • They could only have gotten the info from WHOIS. In fact, they were trying to get my husband, who does the high end geek stuff on our system. MS goes after the technical contacts, in most cases, and if you're female, these pricks talk down to you.

    Of course, after being treated like a mere woman by this flunkie, the tune changed when I calmly informed the maladjusted toadstool that I was the owner of the business. They tried very hard to do the high pressure sell on me when they found out that I made the purchasing decisions--all talking in simple, bandwagon language(because I'm female). Mind you, I don't own any MS software, don't want to, and find being gotten out of bed at 8am by their contract telemarketing flunkies who are treating me like a girl and trying to tell me that using Microsoft B-Central and IIS will bring me untold riches to be about as annoying as it gets before raising my voice.

    I did tell them to put me on their 'do not call' list, which means we'll get one more call from some sales rep who wants to push their B-Central abortion.

    Another great reason to hate Microsoft and wish a rain of firey boulders on Redmond.

    • I've had tagged whois entries since 1994 and get snail-spam from big companies and e-spam from small ones. Consider the possability that companies who claim they need access to it also harvest it.

      As for the issue of privacy vs. the need to contact domain owners... if anybody has a workable solution (sounds like the .dk registry might get busier than they want to be, and, what is the latency in getting a response on average and over time?) I'd love to hear it. I've never been able to figure out one.

      At the end of the day perhaps what's needed is anti-spam policies and or legislation with teeth; and that whois mining is not the real issue.

Slashdot Top Deals

With your bare hands?!?

Close