from the privacy-fading-away-like-a-sunset dept.
ICANN is currently considering [pdf] new rules that will affect Privacy & Proxy services. Opponents claim this to be yet another effort by big business to bypass due process, as ICANN is being lobbied to make private registrations unlawful for "commercial" use. As it has been argued effectively in the courts that any website with advertisements is commercial in nature, opponents say this can strip private registrations from any personal website or blog that funds itself by ads. Proponents of new rule complain that P/P services are too often slow to respond, to respond at all, and determining the proper entity for legal action is too difficult. Proponents ask that personally identifiable information be disclosed upon written demand to ICANN, without a court order required, with only ICANN ostensibly determining if the written demand is correct, lawful for all parties, and suitable grounds for bypassing due process in the domain holder's country.
Namecheap.com, the EFF, and Fight For The Future currently have a campaign going to call and write into ICANN before the deadline for public comments, on July 7, 2015. Of course, you can call them directly (busy signal all day) at their LA offices - +1-310-301-5800 to make a comment, or email them directly at comments-ppsai-initial-05may15@icann.org and policy-staff@icann.org
ICANN is currently only seeking comment, and is unable to come to a consensus on this issue yet. Assuming ICANN does eliminate P/P for everyone, we are left with the Distortion part of Avoid-Distort-Block-Break.
How would Soylentils respond to the lack of private registrations?
Original Submission
Related Stories
The Pirate Bay's original .org domain has been suspended over an ICANN domain verification issue.
Pirate Bay's original .org domain was suspended by EuroDNS a few hours ago, after the registrant failed to verify the contact details. Even though it's no longer the main domain name for the site, the bookmark was still in use by many people as a redirect to Pirate Bay's latest home base.
[...] The person managing the domain name has failed to verify the contact details and until this is done the domain name will stop functioning. "This domain name is pending ICANN verification and has been suspended. If you are the owner of this domain you can reactivate this domain by logging into your EuroDNS account," reads the notice that appears.
For the site's users the issue doesn't cause any problems. The Pirate Bay site is still reachable via the .se domain name, which redirects visitors to several other official TPB domain names.
[More after the break.]
(Score: 2, Interesting) by Anonymous Coward on Friday June 26 2015, @12:15PM
port 53 is a abomination.
p2p nameing solution dearly needed.
just go onion :)
(Score: 0) by Anonymous Coward on Friday June 26 2015, @12:53PM
no no no!
you can just willy-nilly start making meaningfull packets with an intelligent program.
think of all the mansions, ferraris and yachts that can't be built and sold.
people need to make a living with their serverfarms already.
just think what would happen if such a slew of code would exist and were installed on each internet connected computing device, autonomous managing their huamn-readable naming all by themselfs?
all the lost "jobs" sheesh! the economy would go down the crappers.
furthermore the internet already is killing the circuit-switched landline network and you have to think about at least keeping some of the legacy hierarchical thinking in the new packet-switched network ...
kids these days ... sheesh ... no respect.
(Score: 2) by kaszz on Friday June 26 2015, @01:29PM
Corporate overlords vs Peonic plebs. My crystal ball says 1-0..
You can't win these fights by playing nice.
(Score: 0) by Anonymous Coward on Friday June 26 2015, @02:04PM
Search yields nada.
(Score: 0) by Anonymous Coward on Friday June 26 2015, @02:07PM
Pro tip: Try thinking.
(Score: 1, Insightful) by Anonymous Coward on Friday June 26 2015, @03:55PM
Pro pro tip: Hallucinating that random phrases actually make sense is not the same thing as thinking.
(Score: 2) by tangomargarine on Friday June 26 2015, @03:58PM
Maybe it's like Embrace, Extend, Extinguish?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1, Informative) by Anonymous Coward on Friday June 26 2015, @04:27PM
Probably something along these lines
Avoid doing things that expose your data to collection - like not having a domain
Distort the collected data - like using a fake name for the registration info
Block the collection of data - like the current practice of some registrars to be a proxy for your domain contacts
Break the use of collected data - like spam filters
(Score: 2) by edIII on Friday June 26 2015, @09:49PM
Avoid, Distort, Block, Break [huffingtonpost.com]
Bruce Schneier coined the phrase, and it's advice from him on how we can fight back against surveillance in general. I've personally adopted it as my motto in all things, and I go as far as to categorize my activities now into those 4 categories. Anything I do in public I consider part of a collective activity towards all four.
Interestingly enough I cannot locate any article from him directly, only this article in the Huffington Post.
Avoid - Just avoid surveillance, meaning stay away from monitored channels and areas.
Distort - When accepting surveillance in channels and areas, make every attempt to distort the collected data. This is poisoning the well by making sure meta data collected about you is wildly inaccurate, misleading, and links to unrelated records if possible. In short, it's not possible to yield accurate predictions using Big Data methods when large percentages of the data itself is false. Distortion hides the Actor, but also helps other Actors.
Block - Tools, Tools, and more Tools. Use the tools to the best of your ability to block surveillance from capturing any data at all. Passive option, and an effective one. The less amount of data Big Data has to work with, the less damaging their activities are towards the public.
Break - Mostly illegal activities here, and all undesirable to those performing the surveillance. This is active dissent (speech), civil disobedience, "necklacing" speed traps with burning tires, hacking systems for the purposes of data and systems destruction, etc. This is where we break with a passive approach, and just actively start trashing all their toys.
Government was right when it called it's Come-To-Jesus meeting with technology groups to complain about a new culture of fighting them. We *are* fighting them now, and it will end up just like Sony when they thought they were bigger, more powerful, and smarter than the world community..... The PS4 was hacked right open and they took it away from Sony. With ADBB, the technical people of the world will take it back.
I'm seriously thinking of getting t-shirts with ADBB all over it.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Interesting) by MrGuy on Friday June 26 2015, @02:28PM
The original idea was that there should be some way to contact owners of registered domains. This is a useful concept for a number of reasons. There's a way to report misconfigurations, possible bad users/actors, report possible intrusions that you've noticed that may impact other domains, report security issues the owner might not be aware of, etc.
Then people realized you could mine that information for contact details for sending spam, or making vague extortionate copyright threats, or just griefing.
So, the registrars realized there was a business opportunity - you can list US as your domain contact, so technically you have info on file, but you're not actually contactable. This solved the spam problem, but was kind of a terrible solution to the problem. Because it completely broke the original intent of "give me a way to contact the domain owner," but didn't remove the requirement of "have contact info on file."
So today, almost every site has domain contact info, but it's almost always inoperable - the e-mail address basically throws away all incoming e-mail.
The proposal here ("require the information to be real in some cases and not others") doesn't fix the problem. IMO it makes it worse, because the class that "needs" good info isn't nearly as well defined as it sounds, and also there's no enforcement mechanism that makes sense (e.g. I register foo.com as a purely informational website with anonymous info, then later start doing e-commerce on foo.com. When/how/by whom do I become required to provide good info?)
Either make a system where domain owners are contactable, or remove the requirement entirely. I don't object to having the ability for a registrant to be hidden behind a third-party anonymizing proxy (e.g. their domain registrar), but the contact info needs to WORK. For EVERYONE. If a registrar wants to offer anonymizing service, fine. But they have to deliver legitimate mail sent to the owner contact. If there's a phone number, someone needs to answer it, and that person needs to be capable of delivering messages to the owner. If there's a physical mailing address, they need to accept and forward mail to the actual owner.
This is a bad patch on a bad system. Fix the system, or get rid of it.
(Score: 1, Insightful) by Anonymous Coward on Friday June 26 2015, @03:24PM
The original idea was that there should be some way to contact owners of registered domains.
If the owners wanted that, they could just put that on their websites. And you don't need their full names merely to contact them. This will be garbage, and copyright thugs will love this.
I say get rid of the requirement to provide contact details entirely.
(Score: 2) by kaszz on Saturday June 27 2015, @12:32AM
And the website could be down so you need to contact them by other means.
(Score: 1) by Nollij on Saturday June 27 2015, @07:45AM
Not all domains are used for a public website. Some are strictly used for e-mail, or other (non-HTTP) services.
There are many companies that buy domain names, exclusively for internal use (used only by employees, to access internal resources, completely separate from a public-facing website)
(Score: 4, Interesting) by curunir_wolf on Friday June 26 2015, @05:31PM
also there's no enforcement mechanism that makes sense (e.g. I register foo.com as a purely informational website with anonymous info, then later start doing e-commerce on foo.com. When/how/by whom do I become required to provide good info?)
They want support for this proposal, and that is why they are using the phrase "which are used for online financial transactions" as a place to start, and put the system in place. Camel's nose in the tent, as it were. More people will be okay with it. Once the system is in place, it will expand to cover everyone (except, of course, governments, politicians, and large corporations).
Right now, I can pay my ISP an extra $10 - 20 to anonymize my information on Whois. I still have to provide it to my ISP - that has already been made a legal requirement. But with the crackpot stuff I sometimes tend to put on the Intarwebs, I don't want to become a victim of doxing or swatting by some butt-hurt "hactivist". So it's worth it. But when they expand this system, or decide that fee needs to be $1000 or more, well, it just won't be available to me any more.
So, in the long run, this is an effort to end anonymous speech, to scrub unpopular opinions from the Web, and coerce small players into leaving the website business or, worse, further centralizing distribution of content. There are currently only six media companies in the US that control 90% of all media. There are plenty of elitists that would love to see all of the content on the Internet controlled by those six companies. It would make it so much easier to drown out any dissenting voices, wouldn't it?
I am a crackpot
(Score: 1) by strato on Saturday June 27 2015, @02:33PM
If you use the "anonymous" feature for your registration, make sure you understand the legal status of your hostname.
When I looked at this a few years ago, the ISP wanted to transfer ownership of the hostname to themselves i.e. I wouldn't actually be the registered owner. That was unacceptable to me.
(Score: 2) by Gravis on Friday June 26 2015, @06:12PM
i've only seen "Privacy & Proxy" services used by domain name squatters and other disreputable businesses. you should be free to post what you like but you shouldn't be free from the consequences of such actions. P/P only help to obfusticate registration information from those who don't have a lawyer at their disposal. who are P/P services really protecting and who are they protecting them from?
I understand some may desire the illusion of privacy but it comes at an unjustifiably high cost for everyone else.
(Score: 2) by edIII on Friday June 26 2015, @10:21PM
You're looking at it wrong. I don't think anybody is saying to remove people from consequences.
As for the unjustifiably high cost..... do you drive around with your actual home address on your license plate? Does the back of your t-shirt contain the GPS coordinates of where you sleep? Of course not. So this isn't an illusion, it's real privacy. Nowhere else is anyone demanded to publicly publish their real contact details and home addresses, and in nearly all cases, such information is protected by law, and disclosures are heavily regulated.
Let's address your issue of squatters and disreputable businesses. The squatter deal is just dead wrong, and quite frankly, stupid unless it's completely free. In any case, squatters have the business model of buy/sell domains so they will be highly motivated to respond to communications. So no problem with the squatters. Disreputable businesses? Not exactly. The other poster pointed out SPAM, and for such a small cost to have a business answer the email, answer the phone, and deliver you messages is a good thing. Businesses in general *wish* to be contacted. I fully expect that P/P to be forwarding to me all of the email actually. Not filtering it for SPAM, or even answering it really. Just forwarding it to me. As for answering the phone, yes, I fully expect my messages to be delivered.
Free of consequences? You seem to imply that a P/P service can just outright block consequences from happening. This simply isn't true. While you may disagree with the fact you need to have your lawyer file a subpoena to access that information, that doesn't mean it isn't fully within due process and on the "up and up".
That unjustifiably high cost you mention is purely the "extra added" cost of our judicial systems working the way they were intended. *IF* there are P/P businesses that are not acting properly, then the answer is not to outlaw P/P, but to create huge fines when the P/P doesn't get contact with the domain holder within a reasonable time period. You can make it really simple, by just mandating that a P/P that doesn't effect contact within 10 business days can cause a 30-day countdown to where ICANN can just disable the domain name with entries to 127.0.0.1.
As a P/P customer I wouldn't object the reveal of my information as a result of my negligence or willful ignorance of the situation. If I was out of the country, I should have hired somebody to take care of it, or maintained the ability to be contacted. 40 days is a pretty long amount of time to be completely without contact.
Sorry, but due process is never unjustifiable, or too costly for a society. The most I'm willing to do is to mandate that any registered business, sole proprietorship, etc. provide it's full legal contact information for the business. That is fairly standard as a requirement doing business, and it's hard for me to justify anything but small activist groups remaining private to hide literal home addresses and residences. That legal contact information can always be a lawyer . On that, you have no hope of change. So as long as a P/P is formed by a lawyer, has one on hand like debt collection companies, you can do nothing about them legally representing their clients. All you can do is punish the lawyers for bad behavior. Let's not really talk about that, since it puts me into full Godwin mode talking about the Final Solution and the bottom of the Marianas Trench :) We have to deal with the lawyers outside of the DNS too.
It's also worthy to point out, that unless you are talking about the dregs of society who are difficult to bring into a court room anyways (with their shallow pockets too), just about everyone else will have an address suitable for legal service, and a P/P that is lawyer based can actually receive service on behalf of the client!
So how many different ways can I show you today how consequences can currently be enforced against a domain holder? At least in the USA.... the rest of the world needs to take care of its own legal environments.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by Pino P on Saturday June 27 2015, @01:35AM
Nowhere else is anyone demanded to publicly publish their real contact details and home addresses
Then you must not be familiar with laws comparable to the Impressum law in Germany [wikipedia.org]. Both the European Union [sitetruth.com] and the State of California [sitetruth.com] have laws against anonymous Internet businesses.
(Score: 2) by Gravis on Saturday June 27 2015, @02:06AM
Nowhere else is anyone demanded to publicly publish their real contact details and home addresses, and in nearly all cases, such information is protected by law, and disclosures are heavily regulated.
that's not true at all. if you buy property, all that info is on file and publicly available. a domain name is like land, it's a finite resource that is bought and sold so i think the owners should also be publicly listed.
(Score: 2) by urza9814 on Tuesday June 30 2015, @05:39PM
My personal apartment? Not right now. But I'm planning to open a business soon, and you're damn right I'm gonna put the address on my car, and on my clothes, and *everywhere else* I can get it!
What's up with all the comments about peoples' personal info? The rule change is for *commercial* registrations. If you own a business, and you're not willing to make any contact info for that business public...why the hell are you in business in the first place? This is no more violation of your privacy than the phone book.
(Score: 2) by edIII on Tuesday June 30 2015, @10:37PM
Maybe that's why you need to read TFS & TFA? The rule change *isn't just* for commercial registrations, and may apply to *consumer* registrations. Hence, the situation. Furthermore, no rules have been made just yet. Only proposed rules being discussed with public comment.
I will quote myself from the TFS:
The link to the article about how ads are being construed as commercial activity is here: https://domainskate.com/google-adsense-operation-at-forefront-of-udrp-over-samsunghug-com-domain/ [domainskate.com]
Otherwise, I completely agree with you. Businesses should be regulated to provide timely contact information in their registrations, or the agents they elect to do so, must provide timely responses to all requests. Additionally, I think P/P consumer services should be regulated to be responsive to requests. Otherwise the proponents are correct that P/P serves as a dodge to escape due process.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by urza9814 on Wednesday July 01 2015, @01:24PM
Yeah, it'll apply to "consumer" registrations, assuming those consumers are using their website to try to sell a product. Which doesn't really sound like a consumer to me. Sounds rather...commercial.
You sure you got the right link there? "Commercial" or "commerce" don't appear anywhere in that link, and I don't see how anything there is relevant...hell, they ruled in favor of the site owner. And frankly, the site in question is one that I would certainly hope these sorts of rules would apply to.
I can understand a need for anonymous publishing -- you can't have free speech without anonymous speech -- but this does not in any way conflict with that. Firstly because you can't really get a domain anonymously to begin with -- the registrar knows who you are. Secondly, you can't take money anonymously -- if you have ads, the advertisers know who they're paying. If you want to publish something truly anonymous you really have to use a free host and a free "domain" (something like a .tk or a subdomain of the host probably)...and that may have ads, but you won't be the one getting the revenue so that shouldn't matter.
There is also the spam problem of course. But anonymous registrations are also quite beneficial to spammers. We need a better system.
(Score: 2) by edIII on Thursday July 02 2015, @01:58AM
The link came from an article being posted. I didn't read it much, and must admit that I assumed it was a court case example (my bad). Pretty much everything hangs on that anyways, since we are worried about tom foolery in classifying consumer as commercial just because of ads. Thanks for letting me know.
It's not true anonymity that I care about though, and it's perfectly fine if *somebody* knows who I am.
That's not any different than the license plate example I gave you. We both know there are extremely good reasons not to be running around in public announcing the location of where you sleep. I'm a big ol' ugly dude that just about any POS out there will think twice about before bothering. That cute little 5'2" college co-ed? She might get followed home, even by a nice guy who just can't help himself. I actually worry about some girls in my life for that reason alone. There *are* bad dudes and predators out there, and don't forget it just because you're not in their food chain.
The Internet is not any different, and given the penchant for doxxing in the presence of undesirable speech, I think it's a very good idea to protect the *home* addresses of domain owners.
We don't need a better system, and that's my point. It's perfectly okay for *anyone* to need to subpoena a P/P. It's not rocket science. In Las Vegas, I can take $25 and a few forms, and proceed to remove your P/P anonymity through due process. So I'm not going to come to the defense of those complaining due process is "just tooooo hard" when it's really their stupidity and laziness of not wanting to download and read forms. If it's a business with lawyers on retainer, they can *really* suck my dick since I think it's pretty shitty of them to complain about legal fees when they're literally a protected class in my country and have all the fucking money. 30 minutes (if she's drunk or stoned) of a paralegal's time and the forms are filled out, and they're always going down to court anyways, so it's literally not costing them much of anything. Those with real complaints aren't in the US I notice. A US court will have no problems whatsoever convincing the P/P to become responsive, especially if the rule change allows ICANN to revoke their ability to operate if they become unresponsive.
Small claims has just as many teeth with subpeona's under most circumstances, and the average Joe is not put out by P/P services *anyways*. So why do we need a better system? Unless you're saying a new kind of distributed and open DNS, I'm going to disagree.
For that matter, if all anyone needs to do is file a subpeona, why do we need to publish an address again? I'm not even seeing the need for an address when the courts can get one with a document and amend the filing from John Doe to EdIII or Urza9814. I just can't agree to remove due process without much better reasoning and justification, especially when the lack of due process causes clear harm to the citizen by default.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by urza9814 on Thursday July 02 2015, @12:32PM
It shouldn't take a subpoena to inform a webmaster that their site is being used as part of a botnet, or that it's been hacked, or whatever else.
I'm still not saying we need to force *everybody* to publish their address...just people engaged in commerce. If you're running your site as a business and you don't have a proper business address and you don't want to give out your home address then you can get a PO box.