SoylentNews is people
SoylentNews
The US government has waded into the omni-shambles that is the internet infrastructure industry's failed effort to comply with European privacy laws.
Having tried to use its behind-the-scenes influence at a recent meeting of DNS overseer ICANN to drive decisions, the Department of Commerce's frustration had led to it going public with a letter to ICANN [PDF] in which it pressures the organization to investigate the world's largest registrar GoDaddy for limiting access to its "Whois" service.
In preparation for the May 25 deadline of Europe's General Data Protection Regulation (GDPR), and in light of the utter failure of ICANN to come up with a way to make the Whois service compliant with that law, GoDaddy has started hiding personal contact details for the 50 million+ domain names it looks after and has begun throttling access to its Whois service.
That would appear to be a commonsense response to a law that can see the company fined millions of dollars for failing to keep personal details private. But it earned the ire of several companies that make a living from accessing such details.
A letter [PDF] from one intellectual property lawyer representing those interests urged ICANN to take action against what he claimed were "clear and direct violations" of GoDaddy's contract with ICANN. ICANN responded [PDF] with no more than an acknowledgement it had received the complaint.
But the US government has unexpectedly came to their defense, noting in its letter that "the actions taken by GoDaddy last month... are of grave concern for NTIA given the US government's interest in maintaining a Whois service that is quickly accessible for legitimate purposes."
-- submitted from IRC
(Score: 3, Disagree) by lentilla on Saturday April 21 2018, @06:24AM (11 children)
Occasionally we might want to get into contact with someone who owns a domain.
So let's have a show of hands - has anybody; in say the last fifteen years; had any success in contacting somebody via the WHOIS information?
No, I didn't think so. You pretty much have to pipe any email address you publish in the WHOIS record straight to /dev/null because the signal-to-noise ratio is about one to a million.
(Score: 4, Touché) by The Mighty Buzzard on Saturday April 21 2018, @06:46AM
Why, yes. Yes I have.
My rights don't end where your fear begins.
(Score: 4, Interesting) by MostCynical on Saturday April 21 2018, @07:38AM
I was once working for a government department. They were changing their domain names (yay for "branding"), so we needed to contact the 'owner', and Whois gave us the name of the employee who had registered the domain, and their desk phone number (obsolete) and email (also obselete).
Amazingly, the person still worked for the department, and could be tracked down using the internal directory, and they were even in a similar role, and could therefore 'manage' the redirection and update the contact details to the current person in the role...
Tl;dr: whois doesn't work well with government departments (norm for that matter, does the apple play store for registering apps.. "Individual" is king, even if the work is done by appointment or delegation..)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1, Interesting) by Anonymous Coward on Saturday April 21 2018, @08:08AM (7 children)
When I get spam e-mail, I often report it to the appropriate abuse contact. I received sincere-looking responses on Thursday and Friday (U.S. time), the last times I made reports.
When I'm spammed by sites run by people who violate RFC 2142, I try telephoning if they're in my country. Another course of action I sometimes take is to contact their upstream provider. When nothing else works, I blacklist. Of course, I've encountered irresponsible attitudes like yours. Spammers naturally gravitate toward sites that disregard abuse reports. The attitude you profess is not unusual. Yet it's far from universal, even among the sites from which I receive spam. Often enough, I see indications that my reports are read by a person (as the RFC requires) and are acted on. On rare occasions, I've managed to contact the owner of a misconfigured site, and it was corrected. That happened within the last few months. I encourage you to establish and monitor the mailboxes specified by RFC 2142 that are appropriate to your site, and to act on the reports that arrive. If your site sends e-mail, your site's e-mail deliverability may improve, due to fewer people reporting it to their e-mail providers or to community blacklists as a spam source. If your site is a Web host, you may learn sooner about security breaches or problematic content. If, on the other hand, you're truly too busy to read those e-mails, please consider hiring someone to host your Internet presence, or discontinue it. You'll be doing the rest of us a favor.
(Score: 4, Interesting) by Lester on Saturday April 21 2018, @09:54AM (6 children)
An abuse email could be public without revealing any private data. Nevertheless, GDPR doesn't say that nobody can access to whois data, but that those data shouldn't be public. I don't know the details, but for instance ISPs and registrars may have access to data and report abuses, but not me. There is a proposal from ICANN, an "accreditation program" [icann.org] that is more or less accepted by GDPR.
I have no objection to be addressable so that any one can contact me regarding to domain issues. But I can't see why my data must be public so spammers can offer me to transfer my domain to another registrar, or worse, many scammer try to cheat me to transfer my domain (let alone enlarge my penis or cheap loans). I don't know why I should make home address public, it is only useful to make me fill a fake address, so legitimate post real mail will never ever reach me.
(Score: 3, Interesting) by The Mighty Buzzard on Saturday April 21 2018, @12:55PM (5 children)
Accreditation program? Really? I've heard a lot of silly things in my time but people cheering on a requirement of a license to talk to someone else definitely makes the top ten list.
My rights don't end where your fear begins.
(Score: 3, Disagree) by Lester on Saturday April 21 2018, @02:29PM (4 children)
When there is a billion of anonymous people watching my data, yes, please, I want a barrier.
(Score: 4, Insightful) by The Mighty Buzzard on Saturday April 21 2018, @04:00PM (3 children)
Yeah, that whole responsibility coming with freedom thing just doesn't work for some people.
My rights don't end where your fear begins.
(Score: -1, Troll) by Anonymous Coward on Saturday April 21 2018, @05:24PM
Well that explains why you're a gay Mexican who identifies as a vagina, but it doesn't really help this discussion.
(Score: 0) by Anonymous Coward on Saturday April 21 2018, @08:54PM (1 child)
Yes, because someone's personal information not being publicly available for all is such an egregious violation of freedom and responsibility.
(Score: 3, Insightful) by The Mighty Buzzard on Saturday April 21 2018, @09:52PM
You don't get it, do you? You want the freedom to say what you like that comes with owning a domain, you also have to take the personal responsibility for what you say.
My rights don't end where your fear begins.
(Score: 3, Touché) by MichaelDavidCrawford on Saturday April 21 2018, @03:12PM
A New York Times columnist had a personal website. I used Whois to get his email address. I got a useful reply
Yes I Have No Bananas. [gofundme.com]