Many Domains Registered With False Data 401
bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."
It could also mean (Score:5, Interesting)
Or that a great many domain owners see no reason to post their personal data up on the web where it is available to spammers, phishers or other net criminals. Not to mention random psychos who have some beef with the site's contents.
Legitimate reason to do it (Score:4, Interesting)
I don't want ppl to know my real contact info (Score:5, Interesting)
Fuzzy math? (Score:2, Interesting)
How is 0.42 of a domain clearly fake?
If I were a smart spammer (Score:5, Interesting)
False data or laziness? or both? (Score:3, Interesting)
Also, why does everyone need to know that information? Is there a privacy concern here?
WHOIS guard (Score:3, Interesting)
This way my domains have valid info but at the same time not everyone out there can get my address or phone number.
Many registrars have this as an optional service (Score:5, Interesting)
Amusingly (Score:3, Interesting)
Re:Or attempts at "Privacy" (Score:3, Interesting)
My site has photos of lots of quite expensive art that I own. I am not particularly happy that anyone who sees it can simply look up my name and address and find out where I live.
There needs to be something better.
I call BS - 3 pieces of junk mail 5 yrs (Score:3, Interesting)
I feel the benifits of having someone contact me due to forgoten registration/ problems and other reasons outweigh the anonymous aproach.
I had a stalker... (Score:4, Interesting)
thank God i set the address to an old address where i used to live. How do i know that he used that data?
in his emails to us, he talked about how he was watching our apartment and described the old apartment i used to work at perfectly.
so - get fscked if you think i'll ever use my real personal data for my domains.
Re:Or maybe... (Score:2, Interesting)
I do this for customers (Score:1, Interesting)
Re:Many registrars have this as an optional servic (Score:3, Interesting)
B) why should the registrar or ISP get to make additional money on top of the already outrageous costs associated with registering a domain name just to protect my information that shouldn't be required anyway?
C) My domain information is fake. Fuck em.
Re:I call BS - 3 pieces of junk mail 5 yrs (Score:5, Interesting)
I think it's pretty obvious that there are certainly spammers trolling the whois database. I ask you, WHY would they pass up that super easy source of email addresses? But hey, it's my anecdote vs. your anecdote, do they cancel each other out?
GAO zone transfer into private industry? (Score:2, Interesting)
I was getting ready to rant and say well, of course individuals use fake information because, as the article already points out -- Any user can look up this data via one of the many whois sites on the net - and most users don't actually want to be looked-up.
I was getting ready to talk about the difference between 'personal use' domains, where the ability to contact the owner is almost immaterial to the correct operation of the personal use, and how the reverse is true for corporate domain users where you'd bloody well have valid dns, technical, and ABUSE contact information clearly laid out.
And then I did something I almost never do - I RTFA and whoaaaa, isn't this a bit outside of the GAO jurisdiction? To wit, from their own website (URL:http://www.gao.gov/about/what.html) Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars. GAO advises Congress and the heads of executive agencies (such as Environmental Protection Agency, EPA, Department of Defense, DOD, and Health and Human Services, HHS) about ways to make government more effective and responsive. GAO evaluates federal programs, audits federal expenditures, and issues legal opinions. When GAO reports its findings to Congress, it recommends actions. Its work leads to laws and acts that improve government operations, and save billions of dollars.
So, where is the direct federal impact, ability to make government more efficient (oh, unless you meant the Patriot Act enforcement agencies...), and study of taxpayer dollars related to GAO's research?
And what the heck is the GAO doing colluding with ICANN, other than to more tightly couple its operations with that of the US government?
PS: Why not look at .gov names? Oh wait, perhaps you cannot because (http://slashdot.org/article.pl?sid=02/09/21/12592 11&tid=95 [slashdot.org]) "Verisign stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."
Re:Or attempts at "Privacy" (Score:3, Interesting)
Please define, in advance and universally, who the "people who legitimately need this information" are. If I get a phishing expedition message that uses a compromised website as a hiding place, how does a registrar differentiate between my wanting to contact that person to inform them of the compromise, and Bob The Spammer's desire to send that person spam? And, as a domain owner, which would weigh heaviest in your mind - preventing spam from Bob, or not finding out for days or weeks that your server has been used for criminal activities, and a prosecuter in Chicago now wants to speak with your attorney about negotiatiating your plea?
This is why the default is to publish the information. Using proxy registrations must have provisions for passing such notifications through to the responsible parties, or it violates the spirit and letter of the regulations that require responsible party contact information in the first place. I don't know many people who are going to provide such as service for free.
Perhaps a compromise would be that you could chose one public contact method... Some way that you can be reached for domain- or server-related notifications. And, of course, there is no requirement that what you publish be your "personal contact info", because it is simple to set up an email address for a specific purpose.
Re:Or attempts at "Privacy" (Score:3, Interesting)
And which country would pass (and enforce) these laws?
The large majority of the spam I receive isn't from my country... and, I really don't give a rat's ass about another country's laws.
I suspect people in other countries feel the same about laws made by my country.
Re:Or attempts at "Privacy" (Score:3, Interesting)
Simple, when it's a personal domain, the tech contact and domain owner are, oddly enough, the same person.
At present, I have the choice, fill in bogus information, or provide my personal information (which I do).
Small/personal site owners don't necessarily want their private info out. And the amount of crap spam I get which is clearly trolled from my whois record is annoying.