Are Public WHOIS Records Necessary? 122
Logic Bomb writes: "CNN is hosting an interesting article from the Associated Press about WHOIS records. Privacy advocates do not like that the owner of a domain name, along with personal contact information, must be made public. It's an interesting issue embodying some larger debates, like whether one truly "owns" a domain name. A justification for public databases of registrants, given by one person quoted in the article, is that the domain name system is a public resource, and therefore you only own the right to use a domain name, not the name itself. People have a right to know who is controlling elements of a public resource, so whois records should be open to all."
Re:Spamming is so easy... (Score:1)
I just started getting nailed with spam, and from big names too like verizon, and abercrombiekids at an addresses that didnt even exist until a few days ago. Well, actually, since I added that address to my qmail dot files the mail is getting through now. The address must have been build from my first name and my domain. Theres only one place where that info would have come from.
But the spam company does give my the option of opting-out, FROM EACH SPAM CAMPAIGN, ONE AT A TIME AS THE SPAM COMES IN.
Behold the convenience http://mx01.edirectnetwork.net/cgi-bin/optout.cgi
I should note that I add new aliases all the time to help me track - and stop - the sources of spam.
So do I, but I do it with Sneakemail [sneakemail.com], thats what it was made for.
A few experiences... (Score:2)
Also, when I found the exploit [geekissues.org] in MBNA [mbna.com]'s online credit card application system, it is precisely this information (I also own a .org and a .com domain) they used to contact me and threaten me in several ways.
--
Re:No more Network Solutions (Score:1)
If I'm corresponding with salesperson@some-business.com, and they're not conducting business in an appropriate manner (e.g. insulting my mother, lying about the product, etc.) then the WHOIS records can probably point me towards someone above their head to talk to.
Another way of looking at it is if someone creates a domain for spam, and starts harassing me, WHOIS gives me contact info for the owner.
People who realize that their domain's registration info is publicly available are probably far less likely to do immature things like spam...
Re:Example: WHOIS information for slashdot.org (Score:1)
$ fwhois slashdot.org@whois.internic.net
Re:WHOIS should stay. (Score:3)
I always check WHOIS for a domain before sending out those "abuse@" and "...master@" type emails, just in case. We recently had a major series of alerts on our firewall from a host in another ISP's address pool, and it looked very much like we had been compromised. Ran WHOIS against the offending domain and it turns out to be the personal domain of a consultant we were using who had locked himself out of our system and was trying to get back in to fix the problem. The matter was "discussed". Without WHOIS though, the guy would have got a napalm enema from his ISP because he tried to avoid getting us out of bed in the early hours or the morning.
Let's face it; the only people who really stand to gain from removal of the WHOIS database are the companies that have something to hide and generate most of the negative press the Internet receives. Or can someone provide an example of a genuine, non-privacy, reason to withhold details from WHOIS that cannot be worked around? We are talking about a technical contact here; an employee who's views may not reflect that of the employer, and may even work for a different company remember.
And as for spam, I use a dedicated email address for this type of thing anyway, which means you can really tighten up the email filters... Or alternatively, has anyone tried submitting a fred@NOSPAM.domain.com type email to WHOIS to break the spammer's scripts?
Re:WHOIS should stay. (Score:2)
--
Domains names are not public resources (Score:2)
But there is _not_ only one DNS namespace, DNS entries are not public resources.
Missing the point - admins need whois info (Score:3)
Suddenly, we'd have to ask some "third party" to handle abuse queries for us, as we wouldn't be able to contact the registrants of particular domains directly.
Whats the bet that this third party would a) charge for this service and b) only operate in US time??
This situation would be untenable, and if anyone seriously proposes that this be done, I don't think any ISP would actually back it.
chrome.
This is Moronic (Score:1)
Re:WHOIS should stay. (Score:1)
"Now, you have regular people using it and there's a much greater need to protect privacy," he said.
I think that about sums up the problem. "Regular" people can see who is who and owns what. Can't have the peasants getting too informed can we?
Re:Home address (Score:1)
Re:I "abuse" it (Score:1)
Are you saying that a society can only function if the source of all information is public record? I think that's nonsense, I even think that "anonymous pamphleteering" can be of great value. It provides a means to express unpopular views. Expression of unpopular ideas is good.
The fact that anonymity can be abused for fraud is less important than the protection it can offer those who have unpopular, but important, things to say.
You mean the WHOIS record for their domain listed the 'parent' companies? If they got 'em that way, they've just been stupid.
Yep, that's definitely the smarter solution (Score:1)
Guess, I didn't see it enough from an admins perspective who has to contact somebody (or multiple entities) at once. And ten days for 16 addresses sounds like enough to deter a spammer.
You mentioned naive and I fear you're on the spot here. Somebody, somewhere finds a way to hack it. Even if this means bribing somebody who's in the position to get that information without restrictions.
Re:Give us the choice! (Score:1)
~cHris
--
Chris Naden
"Sometimes, home is just where you pour your coffee"
Loss of privacy. (Score:1)
Re:Minimal information set (Score:1)
YES! They are *absolutely* necessary. (Score:2)
I actually believe two things.
1) The email addresses given for domain registrations should be *private* and for administrative purposes only. STRICTLY for administrative purposes only. Not to be sold to spammers.
2) Mailing addresses and other standard contact information should be made available as to who the registered owner is. Technical contact should always be reachable by phone. Real owner should as well. No fraudulent information should be accepted.
3) There should be a standard email address at every domain like 'domain@' whom will receive mail related to the domain.
But let's remember, again, what gives this power. If icann ever gets really out of hand, alittle friendly revolt (generally without some other party trying to rise to power) will take care of the situation.
Re:Yeah, I am called Bill Gates and I live in RedM (Score:2)
Sure, they historically don't do anything about it.... but believe it or not, in this case, Mr. Gates *could* SUE you, quite easily, if you had pretended to be him registering a domain.
And yes. I know you were being funny. And it was!
Re:WHOIS should stay. (Score:1)
Re:Is this really such a big deal? (Score:1)
This is also how I deal with all those annoying mandatory questionnaires in Eudora, etc.: give the wrong age, wrong gender, wrong zip code and income, wrong everything. If enough people give fake info, it will remove the incentive to try to collect the info.
If spam is a problem, people can pick an ISP that uses spam filtering.
--
Re:I "abuse" it (Score:1)
You need the registrant information, simply to contact people. Whether or not you put your actual info down is another thing entirely - as long as it goes to an email address that gets to you, then put whatever you want.
I've tracked down a number of spammers using a chain of whois info (whois the spam domain. Find out who owns it. Whois the owner. Find their owner. Whois that owner. Find a contact email and number. Yell/LART as desired). I've contacted businesses based on their domain and info provided - I'd say you put up as much as you want, but there must be some way to contact you. Someone suggested a front that you register with, and they then pass the info. Fine. As long as I can get to the source, I don't care.
And I don't put my info in registrations - I put down my first name, last initial, and an email alias. The rest of it is either company info or a po box.
Protect your own privacy, and limit as little as you can at the base.
So there.
Re:Domains names are not public resources (Score:1)
between domainnames and ip addresses. Then you
can have contacts for the machines and contacts
for the domains, with the machine contacts being
very useful to network people, and domain contacts
being more useful for business purposes.
It's really a data normalization problem.
The ip addresses must be unique in one table,
with domain names not having to be unique once
they are qualified with the rootserver.
Once split, technical contact still works,
but you can have competition for nameservers,
and in fact, can create new TLDs.
Re:I "abuse" it (Score:1)
Speaking as someone who has been rung up, threatened, and verbally abused, as a direct result of some content on a domain that was in my name, I would simply like to say "fuck that".
I'm simply glad I listed a PO box as contact address, rather than my residential address, since the individual in question lived in the same town. I imagine if that had not been the case, I would have ended up on one end or another of some assault charges.
Re:Who said that? (Score:1)
You don't have to know any Unix tools to do a whois. All you need is internet access. See here [swhois.net], here [amnesi.com], here [allwhois.com], or just do an internet search for whois. You'll get a ton.
But, if you take precautions, the info they can get isn't anything special. Slashdot's info [amnesi.com] is a good example of how the email can be set up. For security reasons, the phone number should be an 800 number. If it is not, someone can use a war dialer to dial all the numbers on that phone exchange to figure out which lines, if any, have dialup servers. There are still plenty of cracks where the initial point of entry is a dialup server, believe it or not.
Re:A few experiences... (Score:2)
Imagine you live in China or some country like that and you're trying to criticize the government on your website. Oh, but you really can't do that because they can easily know where you live and that can be dangerous for your life! Or imagine you're a writer running a weblog, showing some of your provocative writing to the world, infuriating by chance members of some conservative community. Now they too know where you live, they can surely drive down to pay you a visit, harrass you, throw things at your house, nice stuff like that.
I see a lot of posts talking about how this is useful for network admins (for spam or DoS issues, for instance). It is. But think about how the Internet is being used today; this is NOT your academic environment of yore when you used the Whois DB to get in touch with your fellow hackers, talk about routers while getting a beer. The Net is being used for many other activities, some of which need and deserve some amount of privacy. And I also think the get-yourself-a-geocities-account-then answer is not acceptable.
What about useless whois info? (Score:1)
Registrant:
MatrixHost
not listed
Notlisted, Notlisted 99999
United States
Registrar: Dotster (http://www.dotster.com)
Domain Name: MATRIX-HOST.COM
Created on: 13-NOV-00
Expires on: 13-NOV-01
Last Updated on: 13-NOV-00
Administrative Contact:
Levites, Seagen seagen@matrixhost.com
MatrixHost
not listed
Notlisted, Notlisted 99999
United States
not listed
Technical Contact:
Levites, Seagen seagen@matrixhost.com
MatrixHost
not listed
Notlisted, Notlisted 99999
United States
not listed
Domain servers in listed order:
NS1.DOTSTERINC.COM 216.34.94.170
NS2.DOTSTERINC.COM 64.85.73.15
Re:Excuse me? Heard of "Realty Trusts"? (Score:1)
Last I checked most free web page services required a real name and addy.
*snort*
Of course, if they don't verify, it would be easy to circumvent
While it's not a matter of free web hosting, but rather free access to a website, I offer the following: nytimes.com, to the best of their knowledge, believes me to be a middle-aged woman with a PhD who makes 60-80k/year. I don't think they have any more going in the way of verification than sites giving away webpages.
whois database (Score:1)
my question is, how many people actually know of whois? i bet, that not many - sure all of us geeks know it but who else? typical internet-home users have no idea of it.
imho it should be freely available as it has been (if you know where to look for, nowadays)
An ounce of prevention (Score:3)
However, some measures should be implemented that make address harvesting totally unprofitable.
For example: The web accessible database only reveals the name (or company) that owns the domain. To get all the information you have to request that by e-mail. This would allow the following scenario:
Only one request per e-mail
A maximum of three requests per day, per e-mail address. Alternatively: only one request per e-mail address can be pending. All other requests are trashed
A three hour delay between the request and the response
Known spammer domains are not eligible to retrieve the information
This would have to be applied on a world wide scale, meaning that all registrars and all country nics must adhere to those rules or have their registration privileges yanked.
Would this make abuses of whois impossible? Probably not. But it would make address harvesting very uneconomic. Considering that spammers are gread freeks by default they would try different attempts to gather mail addresses.
Re:Home address (Score:1)
Name Ownership (Score:2)
So if the individual only buys the right to use a name - who owns the name? The public? Hardly. One doesn't pay the public trust for use of the name. One pays the registrar. When looking at some of the registrar contracts, one gets the distinct impression that registrars are claiming ownership of these "public resources".
Which is worse? (Score:2)
OR
You have no method of finding out who is behind a site. Oh, that linux site was registred by foo@microsoft.com...
I say tough luck Clark Kent!
Public WHOIS (Score:3)
The other side is the desire, even the need for anonymity in some cases. In no event should any corporation, or other business entity, ever need, or be allowed to act anonymously. That should be reserved to individuals only, and used wisely and with discretion.
That said, ALL commercial URL's should be required to comply with legal alias/assumed name registration. The rest of us, well, leave it to our individual discretion, but please do respect the need for occasional complete anonymity.
Re:MOD PARENT UP!!! (Score:1)
Shouldn't you be off playing with yer new playstation 2 anyway?
I use it to complain about SPAM (Score:2)
The responses have been generally fair. Most times they say mea culpa (sp?) and trash the account of the SPAMmer. Of course they just move on to another ISP but it's an inconvenience that's my only legit weapon against them.
I say keep this DB. The details don't need to be personal afterall, they've got their own domain! They can give a Title instead of a name and an e-mail address in the domain instead of a personal one.
This is an important resource in the fight against people who run such appaulingly insecure mail servers that SPAMmers the world over use them with impunity. Every mail server that's closed up is one less that SPAMmers can use.
Craig.
Domain names and business names. (Score:2)
1. I can investigate possible names for my business without having to do a full trademark search for every one. This is deeper than just checking to see if a domain is available because...
2. Some companies have marginal claim to a domain based on their current corporate name or product names and may be willing to part with it, if it is not currently hosting a web site. In this case, it is nice to be able to email or phone a human and ask about the domain's status.
I currently hold about 20 domains. About a third of those are actively being used, and the rest are pseudo-speculation for my business: I want the domains for future branding reasons, but there is no guarentee that I will actually use them.
I am quite happy to supply my contact information regarding those names. Truth be told, I would appreciate being contacted if someone else felt they had a claim on one of the names. And I don't mean that I want to make buckets of cash reselling the domain: it simply makes business sense that if there is already a strong brand, I should probably avoid it for my own business.
On a personal level, as others have mentioned here, the information I have provided is already quite public, although not necessarily so accessible. Is there any current tracking of whois lookups? I don't know for sure, but I certainly doubt it as the quantity of data would be substantial. Such tracking could conceivably be used as discouragement against inappropriate use of the whois data, similar to the tracking of credit information requests. But, such tracking also begs the question... it is also somewhat of an invasion of privacy.
Also like other posters, I don't think it's that critical of an issue, and anyone who is making it so should probably be picking a fight elsewhere. I personally find whois useful, but neither would it destroy me if it was no longer publicly available...
Re:WHOIS should stay. (Score:2)
Agreed completely - but can we please NOT follow the example of web2010.com, who created the following WHOIS entry for me on a domain of mine:
whois holly-marie-coombs.com@whois.corenic.net
[whois.corenic.net]
James Sutherland (template COCO-645538) jas88@cam.ac.uk
20 Young St
Craigie
Perth, - PH2 OEF uk
Domain Name: holly-marie-coombs.com
Status: production
Admin Contact:
James Sutherland (COCO-645538)
jas88@cam.ac.uk
+441738443515 (snip) Contact information is one thing, but my home address and 'phone number?!
Re:Frankly (Score:1)
Minimal information set (Score:1)
I have used the WHOIS information on several occasions:
- Notify a company that I cannot connect to their server
- Notify a company that their registration information has expired and I cannot connect to their server
- Contact a company to see if I could purchase their domain name
On all of these instances, all I needed was the email address of a technical contact. I did not need phone numbers, names, or addresses.So it appears that all that is really needed for public WHOIS is:
- domain name
- company/person holding the name
- email contacts
YesDoes anyone really know what internet time it is??/Does anyone really care??
Re:I "abuse" it (Score:1)
The argument for anonynimity is not an argument for impersonation.
What sickens me.. (Score:2)
Take DNS.
I had no problem with NetSol running the Internic way back when. I had no problem with the 'rules' about who could regiser what. I even had no problem when the US Govt. stopped funding the thing, and Internic started charging a registration fee. (I mean, it DOES cost money to run the registry).
The thing that I have a problem with, is netsol went from honorably running the registry, to turning the registry database into a commoditty; rather than something available to everyone, anytime, it was now something they wanted you to pay to access. Then they started hiding email addresses.. and just basically changing the rules. Notice that they didn't even attempt to rock the boat until they got really big.
The thing that gets me is, they got the valuable information, or shoudl I say potentially valuable, because people, consciously or unconsciously, trusted them to run the registry in a cool manner.
Now they screw it up.
Re:Can't compare it with a phone directory (Score:1)
URLs and e-mail addresses can certainly be "unlisted" and provide you with whatever levels of privacy are actually possible. As the registrant of a domain, though, it makes sense for you to have contact info available in the case where other system operators need to contact you because of abuse coming from your site, in order to track down problems in the (shared) Internet network infrastructure (though these days, this is less common), etc.
If you're worried about someone knowing that you own www.hotsexbabes.com or whatever, you can always register under an assumed name and use a P.O. Box address (you can even get "anonymous remailer" P.O. Boxes). As long as you have a legitimate e-mail address where you can be contacted, so the registrar can send you your forms, and a valid method of payment, the registrars don't really care very much what name and address you use.
This may be more trouble for you, but if privacy is a concern, you can get a reasonable amount of it without denying others in the community the ability to contact you about your site if it seems to be the source of some issues. (An argument could be made that you can always send such issues to root@domainname.com - but I think the ability to send a "cease and desist" letter to persistent spam sites and other nuisances is of some value - though, of course, the registrars don't actually check valid physical addresses...)
While I can see the valid points of both the privacy argument and the community argument, I think one can get reasonable enough privacy protection if desired that having WHOIS public is not such a big negative deal and the community seems to like having it...
Just cause it's on the net.... (Score:1)
And, on top of that, in Canada (where I am) there are laws that govern the request for information. I can submit a request to city hall for any public records, and any company that exists, more of their records are public than they think. The company from whom I request has a set period of time to reply with either the info that I requested or a damned good excuse, which I can appeal.
It's not a matter of public vs. private, it's a matter of availability.
Re:WHOIS should stay. (Score:2)
Now if only these people actually read their email...
I'm sure plenty of them do, but I recently tried contacting the admins at cw.net about a problem with their servers. They appear to be suffering some major traffic overload in the afternoons. My packets get routed through them when going from my ISP to my dedicated server, and two hops in cw.net's domain add over 600ms to the ping time. An 800ms ping may be okay for web surfing, but it makes a linux shell almost useless.
--
Re:Access costs (Score:2)
Man, some Americans are stupid.
--
Re:WHOIS should stay. (Score:1)
Isn't your address and phone number also contact information?
And is there a good reason you provided your home address and phone as administrative contact information?
Re:WHOIS should stay. (Score:1)
When one of our customers "moves" a domain name to our system we have a nightly perl script that does a regex on the whois record for their domain to see if they actually changed the DNS and Tech contact over to our systems.
Without whois, we would have a very hard time determining who had control over what domain, and where that domain was hosted!
Re:Secret names in public domain (Score:1)
Once upon a time, not so long ago, acutally, your claim would have been correct, but no longer.
Re:Secret names in public domain (Score:1)
The telco, ISP, and other services we buy are just that - services which get a person what they want: their own domain, which is public. I think we're just looking at the exact same thing from different points of view.
Personal WHOIS spam story (Score:1)
At work, our domain used to be hosted by a third-party, as we didn't have the in-house know how to do it ourselves. On the WHOIS information, one of the three contacts was someone at our company, while the other two contact points were people at that third-party that did the hosting. The e-mail address listed for the guy at our company was his first name @ our domain.com. However, when the people doing our hosting actually set up e-mail accounts, he went with his first initial followed by his last name. Furthermore, when we took control of the domain ourself (about 5 months ago), he vanished from the WHOIS information completely.
This address that is not, was not, and will not be valid (except for a few days in the transition where I had set up the mail server to forward any unknown addresses to me; Postfix's luser_relay option for the curious). Scanning the mail logs for the past 4.5 weeks indicates 64 attempts to send mail to the address. For an address that, aside from a WHOIS record, was *never* used.
Public disclosure is better (Score:2)
Businesses can't be anonymous, at least in the US. There has to be an address for service of process somewhere. (If it's fake, winning default judgements is really easy.) So it's not a business issue.
Spam is the only big problem, and only because it's still legal. We need to fix that. There are only a few hundred spammers, after all.
So people can get your address. What are they going to do, come and beat you up? The idiots who threaten via E-mail are unlikely to do much in person. A friend of mine puts on her web site "If you have something nasty, dirty, whatever, to say to us, don't share your gutlessness here--come say it to our faces. You know where to find us--San Francisco, California. Just ask around..." Few take her up on it.
All my domains carry my name and address. Maybe three times a year somebody says something nasty. Only one real threat in the last five years, and that was when I exposed an invention-broker scam. He's out of business and I'm still here. And I'm the guy who runs Downside [downside.com], which predicts dot-com failures. So quit worrying.
Frankly (Score:2)
----
Re:Example: WHOIS information for slashdot.org (Score:1)
whois queries to whois.internic.net and whois.networksolutions.com both (apparently) refer to whois.networksolutions.com, yet each give differing amounts of info.
could this be purposely done to confuse old folks like me?
or is my brain just fried from to much coffee this morning?
I've puzzled over this one. The problem is that the whois database for the
It could also have something to do with their terms and conditions of use for the database, too. I dunno - I'm not a registry
-- And let there be light... so he fluffed the light spell
Re:Access costs (Score:2)
--
Re:Yeah, I am called Bill Gates and I live in RedM (Score:1)
WHOIS should stay. (Score:5)
OTOH, I dispise the commercial abuse of the whois database to spam those listed.
WHOIS should stay, with strict penalties for those proven to data-mine and spam listees; Without involving the legal system it could simply be ruled that anyone guilty of wholesale mining of WHOIS would be effectively removed from the internet by putting all of their registered domains on hold.
-- Greg
Spamming is so easy... (Score:1)
I'd hesitate to accuse them of selling the email database outright, since it's so damn easy to write a script that slowly scans whois for emails.
But in my experience, very few people actually do that. Mostly, the same list gets sold and resold. Even when I use /etc/mail/access.db to fake that the address is dead, they keep re-selling it to new losers; after all, shouldn't you get more money for a big list than a small one? Spam is so fly-by-night that the consequences for selling crap addresses are small.
I should note that I add new aliases all the time to help me track - and stop - the sources of spam.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
No more Network Solutions (Score:3)
--
Re:WHOIS should stay. (Score:1)
It is contact information, but it is the wrong contact information! I do not control those DNS servers or that zone. They do.
And is there a good reason you provided your home address and phone as administrative contact information?
I didn't. That's why I'm complaining: this was the billing info for my credit card! I have no control over the WHOIS entry: they created it from my billing info without informing me.
Give us the choice! (Score:1)
Is this really such a big deal? (Score:5)
Re:WHOIS should stay. (Score:1)
Ah, I see now. My apologies for assuming too much.
That is wrong, but it isn't something wrong with WHOIS. Your registrar screwed up, either by accident or design. You should fix that. Only the really cheap, fly-by-night registrars charge for changing contact information (as opposed to registrant information).
Oh, and the only contact that needs to be related to contol of the DNS zone is the technical one. You want that one like that so they can make necessary changes if the name service changes. The rest of the contacts are usually related to the registrant.
alias (Score:1)
Please forward all criticism to
Miss Lydia Finnigan
912 Bells Avenue #77
Detroit, MI 48116
313/626-4200
I "abuse" it (Score:5)
Tansparency and openess is essential to a (socially) functioning internet, and that can only be acheived if the source of all information is public record. In British Columbia four or five years ago, it was uncovered (after a lot of investigative work) that a pro-forestry "citizens group" that did a lot of pro-job/anti-hippie lobbying of the government had in fact been set up, funded and controlled by a joint effort of Interfor and MacMillan Bloedell (two forestry companies). A massive abuse of public trust and gross misrepresentation to the public that put a whole pile of egg on both corporations faces.... the bottom line is that this organization masqueraded as a "citizen's group" for several years before being exposed, and only after a very exhaustive investigation by several media outlets and environmental groups...
Don't want your name in the DB? Use a Role. (Score:3)
Technical contact should almost always be a role anyway, to save great amounts of trouble when your IT guy with his name on all your domains leaves. Any self-respecting ISP that registers domain names frequently will have a generic internic@isp.com or something similar for interfacing with domain registration.
just another sign of the times (Score:4)
It seems to me that this is changing. The whois database used to be just a simple means of finding out who owned a website, getting their contact information, and then contacting them. Now-a-days, it's become a means of grabbing more email for spam, or for offers to buy the domain from them, or (in a worst case scenario) it helps people figure out who to sue.
Idunno, i look back and i think, when i started on the 'net, i saw it catching on and i thought this would be a great way for people to change their ways; learn to live in a communal environment where everyone played by the rules and those who didn't were swiftly and effectively dealt with...
seems to me rather than the internet changing us, we're changing the 'net.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Home address (Score:4)
Add that to the registrar's claim that *they* really own my domain name anyway, and if they take it from me or accidentally "lose" it ("oops, well too bad for you") I'm out of business.
What can you say about a company that claims ownership of your property, can cost you your job, and puts your family's lives at risk?
What are they going to do next? Poison our water supply?
ownership of domains (Score:2)
I've not thought about this enough to formulate my own views on the ownership of domains, but I expect that they will be considered private property that can be owned outright, and they will be treated accordingly. Thus, the public databases will go away, as, barring an outright change in the attitude of lawmakers, they should.
Re:The sign - $ (Score:1)
idunno. i think that's beginning to sound like "how does an aids patient survive HIV"
answer: they don't.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Net::ParseWhois (Score:3)
Abe
Why display the data? Look at Nominet's solution. (Score:4)
The WHOIS data publically available looks as follows:-
All companies who wish to administer and register domains apply to become members of Nominet, with membership you get a , this can be looked up and tell you who is technically responsible for the domain. Each domain registered is tagged with this and this allows me, with the correct PGP signature, to change any of the details on the domain.
It's up to the registering company to decide how their customers specify changes and many have automated systems of their own. And if you're wondering wether this would work for large domain spaces like .com, .org and .net then the answer is almost definately a yes - .uk is the largest country specific domain space - thanks to Nominet fees being just £5 (Thats $7.20) for two years. Some companies charge this and nothing else and many ISPs give domain names away simply for using their dial-up service.
The Whois database (Score:2)
Recently I have received a spam regarding some kind of "pre-registration" scheme of new top level domain names with a link to a website. Now how do I know if this is for real, or just another scam (e.g. e-mail address harvesting)? How else can one start investigating other than going to the Whois records?
Re:ownership of domains (Score:1)
The public databases are needed so that we can find who actually does "own" a domain -- it doesn't need to be my home address, any mailing address (like a PO Box) will do, just so that I can be mailed the renewal notice or any valuable offers for my prized domain name
Re:Analoguous to land records (Score:1)
>record of it somewhere that's accessible by
>everyone.
Yes, and now that I am a happy homeowner, I get
vast quantities of paper spam from everyone who
has bought my county's property records. At least
they don't have my (unpublished) phone number. I already get phone spam because I got a recycled
number.
I want to register a domain. I am looking at that right now. But I don't want to open myself up to
spammers, junkmail, telemarketers, stalkers, or any other lowlife who knows how to use whois.
Re:WHOIS should stay. (Score:1)
Does it really matter? (Score:2)
I have several domains under gTLDs, well actually they're all ©org but that's besides the point - and my name and address appears on all of them - does it bother me? No, and I'll tell you why©
The details on my domain records are available easily to anyone who has the time and inclination to look for for them, they appear on my CV on my homepage, in the WHOIS info for my domains and in the WHOIS info for my NIC handle©
Even if this information wasn't available in those places, I'm pretty sure it wouldn't take long to track down - anyone who knew my name ¥which also appears on my homepage on the CV and the bottom of each page could find out where I lived without much difficultly - I'm pretty sure electoral registers are public information, armed with my name and roughly where I live ¥also on my page you can find out my address with out much difficulty, just by flicking through a telephone directory if necesary©
The fact is if people really didn't want other people to be able to find out where they are, they wouldn't register domains, they'd just stick to using the free space from their ISP with the typicaly non-descript URL that comes with it or one of the free hosting services©
You make the choice of having your personal information made public when you register a domain - if you don't like it, don't do it© It's your choice©
Secret names in public domain (Score:1)
Re:Can't compare it with a phone directory (Score:1)
What's important for me is that the contact informations for my domains are available to all in case something happens. I don't have my personal phone number public on the contact information, because.. well.. it's unlisted. :) Although, I have another phone line dedicated for my domains which is public. But that could just be a 555- number anyway.
And it could be important for verification purposes... domain hacked?
Re:An ounce of prevention (Score:1)
A 3-hour delay before that information is accessible is totally counter-productive when the WHOIS information is being used to contact somebody whose network is AFU.
The same goal can be accomplished much more reasonably with an exponential (2^x) backoff routine, with a 15-second seed. Reset the backoff 24 hours after the last request, and refuse to queue more than 4 requests at once.
This means that for a (naive) spammer to harvest 16 email addresses at once that it will take about 16000 minutes, or ten and a half days.
On the other hand, a sysadmin who needs two or three WHOIS entries (and sometimes you need to "chain" them to find info) can get his information in less than 5 minutes.
Reasonable, no?
--
My views (Score:1)
It is a required evil (Score:1)
Bah (Score:2)
I have two seperate thoughts on this.
First of all, I think one of the original reason for the whois database was so that network administrators could get ahold of each other to resolve problems. That made sense when domains were networks. Nowdays, most domains are just web sites, and the contact information is a webmaster rather than a network admin. Perhaps (this is just an idea) the whois database should list, not who registered the domain, but who is in charge of the network that hosts the domain.
And, secondly, this privacy issue seems bogus to me. If there are a lot of people who want to have a domain anonymously, then there is a market force that can easily be brought to bear upon the problem. Just have a domain "holding" company. If you want to run foo.org anonymously, then pay Bar Inc to handle the registration for that domain on your behalf. Then Bar Inc is in the whois database instead of you, and you have a contract with Bar Inc that stipulates under what conditions your identity should be revealed to others, gives you the power to control the domain, etc. Basically, they would be a kind of proxy for you.
---
Re:Watch it. sonny. I know where you live. (Score:1)
True. Although, at the same time, it doesn't cost much for an individual to aquire a seperate address and phone number. (I.e., you don't actually have to buy a building.) Get a PO Box and a cheap pager.
Proposal (Score:2)
OK, I agree with the assertion that WHOIS records are vital -- I know I've used them for real work myself.
But as someone who just bought a domain name and really doesn't care to have to have my email address and home phone number publicized to every spammer and stalker on the planet, I am somewhat shocked at the /. collective brain's attitude.
This is a problem crying out for a technical solution. There is one obvious such solution, which was used at MIT on their finger server(s) for some time (dunno if it's still there): their fingerd would not serve more than N responses in M minutes to the same requesting IP address. This meant that downloading their finger db wholesale was not feasible.
That would probably kill a lot of spam, while still allowing sysadmins to contact one another.
Secondly, some budding entrepreneur should set up an aliasing phone service and mail service, such that you can put into the WHOIS db their phone number plus your unique extension; and that you can configure your account with this service such that calls between 9am and 5pm are routed to your work addy, or are routed to a vmail service so you can call back if legitimate, or routed to /dev/null or whatever; that you can put their mail address down, and they will forward physical mail to you (like a PO Box only with home delivery); thus personal phone and home address are not available to the general public.
This would basically solve the problem.
Excuse me? Heard of "Realty Trusts"? (Score:2)
Yes, how is it different? My last three landlords certainly didn't have their names on the deeds. Their properties were held by realty trusts, of which they were the beneficiaries, or corporations, of which they were effectively the owner.
A realty trust is the probate/tax equivalent of an alias. I don't see why we shouldn't have the same thing available for domain name registrations.
That is logically absurd. That's like saying "if you're willing to die for your cause, you should be willing to paint a target on your forehead."
Last I checked most free web page services required a real name and addy. Of course, if they don't verify, it would be easy to circumvent, but just because you wish to get an unpopular message out doesn't mean you are a criminal, are willing to break the law, or are willing to enter into a contract in bad faith.
Freenet at the moment is vaporware. A lovely idea, I'll believe it when I see it.
Most people here are really only looking at this from the standpoint of the tech -- which surprizes me, usually /.rs are hip to the political consequences of things.
tracking abusive sites (Score:2)
not only is it a good thing... (Score:2)
Without WHOIS, I would have to dig for a domain of a name server, then search the web to find this ISP. Upon locating the phone number, then and only then can I start my search for the elusive and wiley hostmaster.
With WHOIS I issue one command and usually have not only the email address of the hostmaster, but his/her phone number too. The clueful even seem to put a phone number down that has a decent chance of intelligence on the other end.
Close WHOIS to the public and you'd better give me a subscription!
Analoguous to land records (Score:2)
Why should domain names be any different? If these were made private, you'd probably have to have a court order in order to get to know who owns a domain you might be interested in buying or even worse, who to contact in SPAM related issues.
Public it is and public it should be.
Re:WHOIS should stay. (Score:2)
I look at owning a domain name like owning a piece of real estate. It should remain on the public record. I recently (within the last 2 months) bought a condo here in the states and was overwhelmed, appalled and annoyed at the fact that I reveived SOOOO much junk mail from people offering me their services as a "new neighbor." However this is a consequence that I have to live with.
Oh the flip side, I bought the property as an investment and have since been contacted by several realtors who have expressed interest in a client of theirs purchasing the property. I have not marketed this property, but they have access to this information through public records.
Domain names are (IMHO) like real estate, and the information of their owners should remain as public domain. It truly is a double edged sword, but it is just a price that we all pay for information being free.
Good reasons for it! (Score:2)
Microsoft.com.se.fait.hax0rizer.par.tout.zoy.orgs .nu r orists.net
Microsoft.com.inspires.c opycat.wanna be.subversives.net Microsoft.com.has.no.linuxclue.com o s.francs.douze.org Microsoft.com
Microsoft.com.owned.by.mat.hacksware.com
Microsoft.com.n-aime.bill.que.quand.il.n-est.pa
Microsoft.com.is.secretly.run.by.illuminati.ter
Microsoft.com.is.nothing.but.a.monster.org
Microsoft.com.is.at.the.mercy.of.detriment.org
Microsoft.com.hacked.by.hacksware.com
Microsoft.com.fait.vraiment.des.logiciels.a.tri
--
Watch it. sonny. I know where you live. (Score:5)
No? Why not? It's not *terifically* private information; in most cases, anyone really determined could find it out. It could be useful to let people call you or send you gifts, or so that your friends can look it up to come to parties after you've moved house. But it's usual for people to be a little bit circumspect with their home address, and with good reason: "I know where you live" is a threat.
The bias here is basically that
--
ICANN conflating True Names and Contact Needs (Score:3)
In practice, ICANN's Data Grabbing isn't accomplishing its positive goals - When I've wanted to hunt down a spammer using Whois, it's generally not very practical - the Supposed True Name info is bogus, or it's a mailbox from a mailbox vendor, or it's outside the US in some jurisdiction where I don't know the alphabet, much less the legal code, and the email contract addresses either get you a black hole, or bounce, or sell your email to other spammers. On the other hand, people have supposedly been stalked, and lots of people have been spammed using this information, and it's Nobody's Business.
* Technically, I'm probably not allowed to use the phrase "Nobody's Business" here in California, because there's a store by that name in Mendocino County, so it'd be name-squatting or trademark dilution or something
What about transparency? (Score:2)
Can't compare it with a phone directory (Score:2)
It's like a global phone directory -- without the option for an unlisted number.
But is it really? The owner of the number is the phone company, the administrator is the phone company. And we get the contact information for the phone company. If I register a domain, I will be the "phone company", right or wrong? Now if we talk about an email address (user@domain) or homepage (http://domain/~user) then there's no need for contact information and the user can be "unlisted".
I think it should be compared to a phone company contacts, not a phone directory listing. You will always have the option NOT to register a top level domain. And get another private URL. How often do you pick your own phone number?
Are domain names really public resources? (Score:2)
I know that that's been the current thinking, but how accurate is it?
I'm not convinced that domain names are public resources. I certainly will agree that the registries are essentially public resources, preventing domain name collisions, but the domain name itself I really don't see as a public resource.
If I start a company, I have to come up with a name for that company to establish presence in my area. I'm required to do a name search for that company name to ensure that I'm not infringing on a name already in use. The name of my company is my own - tied up in its identity.
The same is true of the domain name system. If I want a domain name, I do a search to find one that hasn't been taken. If someone beat me to the domain name, then I either have to come up with a new one or negotiate with the current holder to turn it over. If the current holder has no legitimate interest in the domain, then there has to be some existing law regarding corporate/personal identity to cover this.
I suppose I'm also not convinced that ICANN's processes for this are any good, but that's a rant for another time.
Re:Are domain names really public resources? (Score:2)
Which raises the question of who owns the domain name before it is registered, or after it ceases to be registered. Network Solutions claims that they own the expired domains that their customers have registered, but I'm really hoping that ICANN, the Commerce Department, or the courts will fix that.
Anyhow, back to the matter at hand. If the registrant owns the domain (even temporarily), then it is very important that the registration information be public. This is just like buying real estate. You can go down to the county courthouse and find out who owns any parcel of land in the county, and this is very important for resolving legal matters. Domains are not any different in that regard.
What's the point of privacy? (Score:2)
We like to hide. Whois is easy for us to avoid. Except we registered that one site -- microsoft.sux.a.lot.com and accidently left our real e-mail address be known, the one that Grandma uses to write that once a month letter to. It has now shown up in the whois database!
What are we afraid of? Are we afraid of government monitoring our mp3 trading? Are we consumed by guilt, fearing that the Corporate intenty that has profiled me so well that they get me to actually click on a banner ad will know who I really am? I think the beautiful girl who used to brew my coffee knew my secret life too.
Spam scares us. Sure it is annoying, but that's not what is frightening about it. It is frightening because they found us. They know us. They know our secret.
Someday, maybe it will become clear to us that we have no secret. We are just like everyone else. We are consumers.
The sign - $ (Score:2)
At times I wonder how a collective environment such as the interenet survives self-serving commercial interest.
Domains are public records (Score:2)
You need an open database to be able to trust it - otherwise, how could you know it was not being tampered with ?
I don't believe commercial spamming is a problem - owners of domains in general are much more dangerous when fighting spammers than the general audience.
I believe the Maintainers of RIPE right now just want to hold the copyright in order to void a split(someone copying their service) - however, there may be good reasons to have competition on the field.
As long as... (Score:2)
---
seumas.com