Speaking at the Ruxcon information security conference in Melbourne on Sunday, Vixie, a pioneer of the Internet's DNS system, said that creating the new TLDs goes against ICANN's purpose:
"ICANN is a 501(c)(3) non-profit public charity [under the California Non-profit Public Benefit Corporation Law], and their job is to serve the public, not to serve the companies... I think that until they can come up with an actual public benefit reason they should be creating more of these, they've got no cause to act," Vixie said.
"There should be no price at which you can buy '.microsoft', but there is, and that's a mistake. That indicates corruption, as far as I'm concerned."
Vixie also indicated the WHOIS privacy industry wouldn't exist were it not for criminals:
"There are plenty of folks [who] would like to say [that] for civil society purposes we need the ability for dissidents to register a domain name and complain about their own government, and not have to worry about getting their doors kicked in. Frankly, that is not a realistic scenario, and that is not the way that WHOIS privacy gets used," he said.
Vixie encouraged conference attendees to implement technologies that improve the integrity of DNS (like DNSSEC) and called for replacement of the X.509 Certificate Authority system.
(Score: 5, Informative) by Anonymous Coward on Monday October 26 2015, @06:58PM
If you honestly think stalking and harassment do not happen, I suggest you read the news more often.
In the UK the Royal Mail will reveal, upon request, the verified address used to register a PO Box. This is the case unless a note on file from the police instructs them otherwise.
(Score: 3, Informative) by Anonymous Coward on Monday October 26 2015, @07:27PM
Oh and:
That [ksn.com] must [kobi5.com] be [yahoo.com] why [dailyvoice.com] I [fox5ny.com] just [wlbz2.com] about [postcrescent.com] never [myfoxboston.com] read [fusion.net] about [www.cbc.ca] it? [theblaze.com]
(Score: 2) by frojack on Monday October 26 2015, @08:01PM
I'm saying that Vixie is saying that WHOIS is not used for these purposes. You've presented no evidence that it is used for such purposes.
Even the UK Mail does not verify the address of every P.O. Box punter. Who are you trying to kid?
You can tell them anything, and they won't care, they certainly won't check, they can't find their own ass with both hands.
Your Stalker is NOT going to show up at your post office and demand a physical address.
So screw the royal mail, and send it to your attorney, or Mail Boxes Etc.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Monday October 26 2015, @08:23PM
It's publicly available personal information, of course it is used like that.
Ahh, I see you've had dealings with them ;P They will not provide a PO Box service without a validated id and address.
If they are determined, they will.
Feasible for a company, not for an individual.
For anybody in the public eye, it's not a matter of if they end up being stalked and harassed, simply a matter of time before some determined crazy latches on to them.
(Score: 2) by frojack on Monday October 26 2015, @10:30PM
Feasible for a company, not for an individual.
Last time I counted there were 12 to 13 companies doing private mailboxes in the UK, 3 or of them with nation wide coverage.
And its quite cheap. My business partner is currently in Leeds in a temporary assignment. He's used this method in Italy and Australia as well. Its cheap.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday October 27 2015, @12:15AM
Work for a private mailbox provider do we? Why should I pay for an external subscription service when my domain registrar will offer it for a once-off nominal fee?
(Score: 2) by kurenai.tsubasa on Tuesday October 27 2015, @12:35AM
I have one domain with private registration and several others without. There are two other domains, registered by a friend and a friend of a friend, my server in the clouds hosts, and I suppose it wouldn't be difficult to eventually determine that I'm hosting them (along with the private registration one) for somebody determined. The reverse DNS points to the private registration one, so it'd just be a matter of time.
If one of my users wanted to do something untoward or even post inflammatory content in their $home/www, I have plausable deniability, even if it were secretly myself. In the case of other users, were I given a death threat and doxxing because of something they've posted, I would challenge the SJWs or anti-SJWs or whoever to the death to follow up on it! That's not just Amazon bravado. I seriously doubt that these internet death threats have anything to them.
Of course, if I received a secret order to fork over my users' data, then I'd be in a pickle. On the other hand, I have a feeling the NSA has other means than WHOIS records to determine who's responsible for any given domain (or IP). Those “other means” are probably just simply sending a nastygram to the domain's registrar. Maybe I can get a private registration, but there's still a record of somebody paying the renewal fee, and there's also a record of somebody (me) paying monthly for my server in the clouds.
SWATing is a real problem, but that's something police departments need to work through. 911 dispatch and the officers on the ground need to be aware of the one in a million potential that a 911 call from a hostage or somesuch may just be a troll. The solution, of course, is to follow more civilized procedures instead of going all-out like it's a warzone. I mean, it's not just SWATing, as in the internet harassment technique. Sometimes the police just have the wrong address, and people die anyway. That indicates this is a problem with the police, not the internet.
I guess it's a good thing my property is in a jurisdiction where the cops really are public servants, not gestapo. One benefit of living in a modestly sized town in flyover country I suppose.
Remember when we had landlines and all our names and addresses were published, perhaps not in a format that could be readily thrown through grep, but published nonetheless? I view my information being public for domains I've registered as something like that.