back to article ICANN puts Whois on end-of-life list

ICANN is proposing a goodbye to Whois, saying that data is often inaccurate and suggesting that some search fields should be restricted to “authenticated requestors”. Its discussion paper, here, says Whois is “broken”. The paper seems to suggest that one of the things that's “broken” the Whois system is the proliferation of …

COMMENTS

This topic is closed for new posts.
  1. Crazy Operations Guy
    WTF?

    Fixing something they broke

    "The paper seems to suggest that one of the things that's 'broken' the Whois system is the proliferation of new gTLDs"

    And who's fault is that?

    *eyes ICANN hard*

    1. Gannon (J.) Dick
      Meh

      Re: Fixing something they broke

      ICANN has always been Orwellian. Hence the minor modification:

      "All animals are equal, but some animals are more equal than others"

  2. Anonymous Coward
    Anonymous Coward

    Yup. Whois should definitely be going the way of the Dodo.

    As mentioned in the article already the data is predominantly useless as there's no guarantee that it was ever correctly filled up in the first place and most people I know just throw garbage in as spam bots are very well known to harvest whois data.

    Plus removing whois also solves the problem of individuals monitoring the expiry dates of domains hoping to steal a domain name and subsequently demand ransom.

    There's really no reason for whois to exist. If they're adamant on keeping it the output should be limited to "IsRegistered? [Yes/No]". Done. Finish. There's nothing else anyone else needs to know.

    As it is Geographic gTLD registrars are notorious for having whois servers which don't even work in the first place. So we may as well just pack up and call it a day for everyone.

    Also, I don't see the additional income of "whois privacy" ever covering up the cost of maintaining a whois server. And in the first place most people will just opt to enter garbage information rather than genuine information and then subsequently pay for "whois privacy".

    Nuff said.

    1. An0n C0w4rd
      Thumb Down

      Re: Yup. Whois should definitely be going the way of the Dodo.

      Really? Registration date is normally interesting if you get a spam e-mail from a domain - you can see if it was set up recently just for spamming and can safely be blocked or is a legitimate domain that has been hijacked. You can also pick up other interesting bits of info from whois if you're dealing with abusive registrations, although the proliferation of privacy services has undermined that to an extent.

      Should whois evolve? Yes, absolutely. RFC 812 (obsoleted by 954, obsoleted by 3912) is way out of date for modern usage. However, saying all you need to know is if the domain exists or not is going too far the other way. If nothing else, DNS already tells you that.

      1. NullReference Exception
        Unhappy

        Re: Yup. Whois should definitely be going the way of the Dodo.

        Exactly. Even if the contact info is bogus or private, you can tell a lot from just the registrar id and the domain registration date (mail from young domains is more likely to be spam, certain registrars are more abuse-friendly than others, etc.) It would be very handy to have an automated way to query this information to help with spam filtering or greylisting. But from the sounds of it, ICANN wants to restrict this data to people who cough up money. Yet another nail in the coffin of the small-time email operator...

    2. Crazy Operations Guy

      Re: Yup. Whois should definitely be going the way of the Dodo.

      Its useful if that domain is unintentionally spewing spam and you need someone to yell at. I also use it to weed out bad domains (EG, of it was registered in the past month, then its unlikely its holding anything worth-while).

      I just hope they set up a replacement with this kind of information at least giving out a 'Registered date' and 'Abuse contact' fields. Preferably having a confirmed-working email address for the abuse contact Even better would be 'You don't get an MX record for this domain if you don't validate your email address'.

      As far as people getting my registration info, there isn't much I care about in there. someone could spam me all day long on my contact addresses and I don't give a shit.

    3. Anonymous Coward
      Anonymous Coward

      Re: Yup. Whois should definitely be going the way of the Dodo.

      and whose fault is the bad/erroneous or downright lying data in the domain registration - isn't that the registrars fault for not policing the registration in the first place.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yup. Whois should definitely be going the way of the Dodo.

        Also the nameservers listed at the bottom is mighty handy when you're moving domains around

  3. Jim Benn
    FAIL

    Fascinating.

    Somehow, This does not seem right. Maybe if we chuck all the bits that cannot make a profit (because we deliberately did not spend the money & effort to maintain them), everything will just be "better". But what do I know. This just could be an exception to my cynicism.

  4. Ole Juul

    I hope they don't break it

    I like whois. It allows me to find useful information about sites. It's also a major phone book for me, especially in cases where I don't know or remember the last name. That said, I think the number of people who put garbage in there is also a problem. Is it the responsibility of the registrar to police that? I don't know, but it's certainly a nuisance and if people had their domains taken away for violating the ICANN TOS, I'd be happy. Regarding spam bots, I haven't had a problem with that and I've religiously followed the TOS for some years now. Sure, whois should probably be updated, but let's not loose the good parts in the process.

    1. Crazy Operations Guy

      Re: I hope they don't break it

      Its also how I look up the address of places I've worked at previously because very few of them have a proper "Contact Us" page.

  5. objectivesea

    Don't throw out the baby just yet....

    The main use I make for WHOIS data is tracking down swine who lie in e-mail headers about their identities or pretend to be legitimate businesses in order to steal money. Whatever mechanism takes the place of WHOIS should at the very least make such spoofing impossible.

  6. Jon Bar

    Um, yeah, No.

    I moderate on several forums and I use "whois" to track down spammers (in order to ban their sorry arses) and to find out banned members who are trying to sneak back in. Both of those instances are certianly violations of the ISP's Terms & Conditions; that should be something ICANN should encourage people to use. Or maybe they want the cash pool of people registering new bogus domains so they can spam more freely.

  7. snowweb
    Stop

    How will we investigate mischief then?

    I regularly investigate hacking attempts against my servers/networks and also investigate the sources of spam for the purpose of determining a) whether it is actually malicious/spam and b) in order to report such events to their ISP's.

    How will we do this if their is no domain accountability?

    At a time when internet integrity is policed by it's members, this seems like a pretty irresponsible move.

  8. Cliff

    The data overhead? Really?!

    The article cites data add being a running cost for the poor registrars. Data is cheaper now than ever before, and the 1-2kb it takes to serve up a whois is probably close to the size of the http header the requester is sending to ask for it in the first place. What am I missing?

    1. lglethal Silver badge
      Go

      Re: The data overhead? Really?!

      What are you missing? The fact that ICANN cant make money from Whois....

      Or am I being too cynical?

  9. This post has been deleted by its author

    1. Richard 12 Silver badge
      FAIL

      I'm very, very glad "he" got caught.

      My first thought is "Good riddance to the freeloading bastard".

      Did you really mean to say "Removing WHOIS would let me my friend get away with copyright infringement on a commercial basis", because that's what it sounded like.

      Wouldn't have worked anyway, because it's a tennis club, so it's got a real, physical location given on the website. (Incidentally, Getty embed a watermark into all images to ensure they can be easily identified. This survives physical printing, so forget 'print-screen' copy.)

      If you're foolish enough to use a Getty image or any other clearly in-copyright, all-rights-reserved image without a licence - whether as a 'placeholder' or not - you deserve everything you get.

      Just don't do it - if you want a placeholder, search one of the many free-for-commercial-use sites or take your own photo. Nobody forced you him to use a Getty image.

      Getty are simply a group of photographers who'd like to get paid for their work!

      If you genuinely think photographers should just give away all of their work for free, then your acquaintance should be giving away his website design service as well.

      Let me guess - he doesn't agree with that?

      1. Ol'Peculier
        Unhappy

        Re: I'm very, very glad "he" got caught.

        I agree with everything you say, apart from Getty is a "group of photographers wanting to be paid"

        They are a major monopoly and use that power in an amazingly aggressive manner, take a look at the sports pages in any broadsheet and see who is supplying all their images compared to a few years ago, when there would be five or six agencies listed.

        1. JimC

          A major monopoly??

          Hard to be a major monopoly when every amateur in the world has a digital camera...

          Perhaps they're just the only agency left standing, in which case maybe their approach to freeloading thieving bastards is justified...

          1. Anonymous Coward
            Anonymous Coward

            Re: A major monopoly??

            http://www.sxc.hu

            Free stock photography...sometimes you have to ask permission (check the conditions per image); but often not.

            1. Anonymous Coward
              Anonymous Coward

              Re: A major monopoly??

              http://www.sxc.hu..... "Stock.XCHNG is under new management! Getty Images is proud to now wholly-own the world's best free stock site. SXC has a long history and a great community, and we're excited to grow with this unique site. We also have lots of expertise and experience to offer as industry leaders."... Free stock photography from Getty? How long before it isn't free....?

              1. Anonymous Coward
                Anonymous Coward

                Re: A major monopoly??

                Really? Damn. Hope they don't fuck it up too badly...I use that site fairly often. Thanks for the info.

      2. Anonymous Coward
        Anonymous Coward

        'Getty are simply a group of photographers who'd like to get paid for their work!'

        Getty as an organization is nowhere near the Saint you're describing. They've gone through many changes of hands, and clearly have debt collection vultures at the top. I'm not a web designer so I have no position here. My interest purely as a techy in understanding how Getty's Web Crawlers locate copyright works...

        http://en.wikipedia.org/wiki/Getty_Images

        'Controversial practices to enforce copyright'

        "Getty Images caused controversy for its pursuit of copyright enforcement on behalf of its photographers. Rather than pursue a policy of sending out cease and desist" notices, Getty typically mails out a demand letter claiming substantial sums of damages to owners of websites which it believes are using their images in infringement of their photographers' copyright. Getty commonly tries to intimidate website owners by sending collection agents, even though a demand letter cannot create a debt."

  10. Kevin Johnston

    So have I read this correctly?

    ICAAN see it as something which makes them no money and it is known that people are not required to enter valid information as there is no regulatory body that could take action against people that fib.

    A body such as......ooh, I don't know....maybe ICAAN?

    I wonder if their Whois entry has valid details?

  11. Anonymous Coward
    Anonymous Coward

    Ah, management babble

    "Instead, the EWG recommends a paradigm shift..."

    Why not just say:

    "The data is inaccurate, so we're taking it away. Also, we're not making any money from it, so we don't like that you can access it."

    Anytime I hear the words "paradigm shift", I immediately go into cynic mode.

  12. Daniel B.
    Boffin

    Still useful...

    It serves as at least a way to know who owns a domain, useful sometimes for legal reasons. As others have mentioned, it also serves to weed out spammers.

    Really, the decision to axe Whois sounds as dumb as axing DNS altogether: what use is to have DNS if we can't know who's responsible for the domains? Also, ICANN seems to be forgetting that whois is also used for reverse DNS tracking: that's where we get who owns which net blocks. That's even more important...

  13. This post has been deleted by its author

  14. Sir Runcible Spoon

    Sir

    Won't somebody think of the limericks!

  15. Down not across
    Megaphone

    Money grabbing barstewards

    "Whois searches, on the other hand, don't yield income for the registrars."

    There in lies the rub. So what, they're already being paid for the registration service. Whois is not value added service, it is part of the service that is already being paid for. IMHO.

    ICANN has lost the plot. Quite some time ago to be fair.

    1. btrower

      Re: Money grabbing barstewards

      Re: "ICANN has lost the plot. Quite some time ago to be fair."

      Spot on. Whois is an essential tool for me. This seems like some sort of power grab.

  16. Yes Me Silver badge
    Coffee/keyboard

    Not permissible and not appropriate

    "Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use."

    In other words, they want to allow people who register domains to be able to hide that fact from the public. I don't think that's appropriate and I don't think it should be permitted.

    To say that again: who registered any domain name *must* be public information. Anything else will just help slimeballs and swindlers. (And providing such information to the public should just be part of the cost of doing business for the registries: quit moaning that whois costs money.)

    It goes without saying the the IP address part of whois is equally vital.

  17. SImon Hobson Bronze badge

    It's all very well ...

    OK, so The Reg have tipped us off about this, but cane I find an address to email ? Well not in the limited spare bit of lunchtime I have available.

    I'm with the above, Whois may have its faults, but IMO the proposed centralised system is more broken, and their assumptions & conclusions are faulty.

    Firstly, providing Whois is simply a cost of running a registry. If the argument is that this cost is unreasonable, then what else shouldn't they have to provide ? And I really can't see any way that running something that's "just like whois but newer" plus "fund a share of some central body to duplicate the data" is going to significantly reduce operating costs - the registrar still has to collect the data, validate it (they are best placed as they are the only ones with customer contact), store it, and disseminate it.

    If the complaint is that the data is rubbish, then that's "simply" a matter of enforcing existing policies/agreements. For those registrars who hold rubbish, give them some time to clean up and terminate anyone that doesn't. If they know there's a lot of rubbish, then they probably have a good idea who the guilty registrars are.

    As for functions like "find out what domains I 'own", well wow - perhaps all the bookshops should get together to form a central registry so I can remember what I've bought ! If the end user is too stupid to keep basic records, then why should world+dog hold his hand for him ? There might be some argument for having such a feature available to law enforcement, but is that really sufficient reason to rip out a system and install la costly, bureaucratic, and fragile central system that won't serve end user's needs ?

    IMO, the distributed system is best, for much the same reasons that we consider a distributed DNS system to be good. And besides, who wants to hand ALL registration data en-masse to the USA (well at least without tham having to do some snooping effort !) I guess that has to be part of the reason - to give the USA the power of veto over all domains, not just those held with US based registrars.

This topic is closed for new posts.

Other stories you might like