SoylentNews is people
SoylentNews
The Whois public database of domain name registration details is dead.
In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
The letter also has harsh words for ICANN's proposed interim solution, criticizing its vagueness and noting it needs to include explicit wording about what can be done with registrant data, as well as introduce auditing and compliance functions to make sure the data isn't being abused.
ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.
ICANN has already acknowledged it has no chance of doing so: a blog post by the company in response to the letter warns that without being granted a special temporary exemption from the law, the system will fracture.
[...] Critics point out that ICANN has largely brought these problems on itself, having ignored official warnings from the Article 29 Working Party for nearly a decade, and only taking the GDPR requirements seriously six months ago when there has been a clear two-year lead time.
One company that is caught in the middle of the dispute is sanguine about the possible death of the service. "Is this the end of public Whois? Yes, in its current form," CEO of Irish registrar Blacknight, Michele Neylon told us. "But is it going to go completely dark? No."
Neylon has long complained about ICANN's refusal to acknowledge European law when it comes to the Whois service: back in 2013, he refused to sign an updated version of the contract that domain name sellers have with ICANN until it gave him a legal waiver over its data retention requirements.
"That decision probably cost us money, but if we have to choose between operating legally or illegally our path is clear," he wrote in a blog post this week.
(Score: 2, Insightful) by jmorris on Sunday April 15 2018, @06:19AM (16 children)
It isn't supposed to just be court orders. The technical contact is supposed to contactable by any other admin on the Internet in case of network problems. The Internet was supposed to be a decentralized network without a few huge overlords.
Didn't some of us, the ones with a friggin' clue, warn everyone that handing the Internet over to the corrupt and insane U.N. would end badly?
(Score: 4, Informative) by tftp on Sunday April 15 2018, @06:34AM
Can't say much about the UN, but for the decade that I own/manage a dozen domains not a single soul wanted to contact me. The reason for such inattention is that I do not manage an AS, do not own routers... you get the drift. If the Internet is broken, it's not because of me. Call Comcast. With regard to contacting a domain owner in the future, a simple web form on the site of the registrar will do.
(Score: 5, Insightful) by maxwell demon on Sunday April 15 2018, @06:56AM (5 children)
This is about EU data privacy laws. The U.N. have exactly zero relevance in that.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Troll) by jmorris on Sunday April 15 2018, @08:03AM (4 children)
If control of the Internet remained in U.S. custody, E.U. laws would mean what exactly? It would mean, at most, a funny tweet from Trump when some EU minion huffed and puffed about ICANN not respecting their "authoritah." Transferring it to U.N. control means every nation state and abonination like the E.U. gets a say in Internet governance. Just wait until Saudi Arabia gets around to some mandating.
(Score: 3, Interesting) by janrinok on Sunday April 15 2018, @08:37AM (1 child)
Whois without information is what exactly?
(Score: 5, Insightful) by Dr Spin on Sunday April 15 2018, @05:29PM
Whois will be unable tp publish personal information. Corporate information is still permitted to be published,
so if the domain is controlled by a business, then it is business as usual (not sure its a pun, but definitely intended).
If they are someone's personal details, then the are personal (duh), and in any reasonable scenario, said
person is entitled to keep his/her personal details private.
Keeping them private does not in anyway imply that message can not be passed to the owner of the private details. The
sender of said swatting^H^H^H^H^H^H^H message does not need the personal details of the person. The registry
can forward them - if they cannot write the necessary code t automate this, they could hire someone on Fivr to write
a Perl script (might need 10 more to debug it, so other methods could be superior, and I am willing to offer advice for a
(not particularly modest) fee.
You Americans need to keep calm, The world is not about to end just because you cannot control the entire world.
However, if you don't stop trying, you are going to alienate a lot of people.
Warning: Opening your mouth may invalidate your brain!
(Score: 3, Interesting) by Anonymous Coward on Sunday April 15 2018, @09:28AM (1 child)
It would still mean the European registrars couldn't provide customer data to ICANN.
With the following outcomes
1) ICANN just accepts fake data (as it already does, even if it's not official). Which will just make things worse for everyone as you would know even less which data is real and which isn't in whois
2) ICANN cracks down on it an shuts down all European registrars. In that case the dreaded split of the Internet will happen, with a non-0 risk of the US losing the fight and a lot of costs
3) ICANN needs to do something about finally and properly instead of pretending the problem does not exist
In the end, it unless ICANNs goal suddenly became to fuck up the internet, it doesn't matter who controls it, we'd still be in exactly this situation.
(Score: 0) by Anonymous Coward on Sunday April 15 2018, @06:44PM
If ICANN insists on the data, and EU law prohibits it, then the result of that interaction is obvious: no personal domains in Europe.
It's not going to affect any full-fledged corporation in Europe. If you have stuff like CEO/president/shareholders, you just put down your corporate identity and all is fine.
(Score: 4, Insightful) by Anonymous Coward on Sunday April 15 2018, @07:21AM (1 child)
The solution isn't eliminating whois. The solution is getting rid of the allowance/requirement for detailed personal information to be in it. The only things that whois really needs today are: 'Registrar', 'Country of Origin', 'Email Address' and if further information is needed: 'Business Identification Number or the word Personal for a non-business site.'. Those provide all needed details for standardized means of contact, including law enforcement needs without revealing anything too private. Since the business ID number has to be registered with the local government anyway they can act as the barrier (or lack thereof) for lookup of the business. Handling of personal site lookups would be more difficult and likely better left to local governments who can subpoena the records from the registrar or pressure ICANN if the registrar refuses to provide contact information.
The added benefit to this solution is it eliminates 'rent-seeking' behavior from registrars who originally started putting that information in public not out of legal necessity, but rather so they could sell 'privacy services' to people already paying registration fees for a domain. Prior to the change, email and maybe administrator or organization name were the only mandatory fields in most whois entries.
(Score: 1, Interesting) by Anonymous Coward on Sunday April 15 2018, @05:58PM
No, the solution is to eliminate the need for 'registrars'. We shouldn't have to 'register' with anybody to put up a web site. Domain names can be cached locally, like your contacts list, and it can work perfectly alongside a public DNS (you could even demand that your government operate one) where people can voluntarily register for the convenience of their business or whatever. With a minimum of effort we could do this now, and completely change the nature of domain registrars.
Oh, and IP addressing will have to be restricted to five sets of three numbers (base 10), and static (for the life of the connection), but changeable upon demand. That's not too hard to remember for enough time to put it in your little address book.
So, as you can see, the entire wide area network really needs a complete redesign, comprised only of switches and cables. The content is determined solely at the endpoints. Not only will it be more private, it will be a bit more personal. If you keep a white list, you keep out the riff-raff.
(Score: 5, Insightful) by Anonymous Coward on Sunday April 15 2018, @07:44AM (2 children)
It's called 3 R's. Reading is part of that. Also, reading *comprehension* is important part of reading.
You have so much bullshit in your one sentence it's quite unbelievable. First, you assume "Internet is run by UN". Secondly, you assume diplomats at UN are "insane". Then you accuse the entire body of UN of being corrupt. All without any proof. Then you assume that it is *you* that has any idea and that you are in the poor, minority of people that actually has an idea of how things should be for everyone because you are the only one with a "clue". Well, Mr. jmorris, you actually have no clue which means your statement is quite irrelevant.
1. UN has nothing to do with internet
2. The law is EU data privacy law
3. UN is not "insane" - it's actually a very sane way of different nations to meet and talk to each other. Would you rather they don't talk at all?
4. UN, the institution, is far less corrupt than many of its members. This is mainly because UN has no power and it's composed of nations that do not look past corruption that easily.
5. ICANN doesn't want to test Europe's privacy laws.
6. This is about Whois service.... which is kind of stupid these days. All you get is spam.
So please, get a "clue". Read the RFCs,
https://www.ietf.org/rfc/rfc2142.txt [ietf.org]
and then you can contact the people you want in case of problems with their domains.
(Score: 0) by Anonymous Coward on Sunday April 15 2018, @09:55AM
Damn!
(Score: 1, Interesting) by Anonymous Coward on Monday April 16 2018, @03:06AM
Compliance to RFC 2142 is voluntary. Major operators including [archive.org] Google [zork.net] and Comcast [archive.org] flout it, or flouted it.
(Score: 3, Informative) by pTamok on Sunday April 15 2018, @10:39AM
The technical contact is supposed to contactable by any other admin on the Internet in case of network problems. The Internet was supposed to be a decentralized network without a few huge overlords.
There is nothing in this that stops the technical contact from being contactable - you just send an email to the listed pseudonymous redirection address.
What this stops is organisations harvesting contact information for profit. If you want to know who the technical contact is, rather than their role, then that's when you'll need a reason that stands up in (ultimately) a court of law.
If you don't like it, you don't have to use the domains that enforce this. You can choose to use only domains that make people's private information available to all for free.
(Score: 0) by Anonymous Coward on Sunday April 15 2018, @07:02PM
because biz interests in the US are less corrupt, more humane to consumers? jesus, wtf is wrong with you.
(Score: 0) by Anonymous Coward on Monday April 16 2018, @07:36AM
That would be fine for IP networks - i.e. anyone with a BGP AS number. Those have admins who (should)know what they doing.
A domain, on the other hand, has gone from something that points to a network to something that points to a page, many of which are owned by individuals with no administrators.
Additionally, mis-configured traffic will be coming from an IP network, not from a domain. Even if you look up the PTR record of the source IP, that server may have thousands of domains.
(Score: 0) by Anonymous Coward on Monday April 16 2018, @05:13PM
a tech email is one thing. that could even be forwarded to me by my registrar. whois wants your goddamned home address and wants to publish that shit on the internet.