back to article Whois is dead as Europe hands DNS overlord ICANN its arse

The Whois public database of domain name registration details is dead. In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force. The letter also has …

Bronze badge

Re: I think its fine to not have details public

>There's no practical reason to have publicly visible names and addresses (except of abuse contacts at the ISP in question) for anything any more.

You're probably not old enough to remember something called a "phone directory". These were very handy back in the day, you could look up a person's address and phone number in them.

They became a nuisance only when the cost of calls dropped to free so they could be used by telemarketers and scammers. Whois type records are the phone directory of the Internet; its useful but easy to abuse because there's no cost to the abuser. So, once again, we fix a problem by not fixing it but by degrading the overall capability of the system.

2
0
Silver badge

Re: I think its fine to not have details public

> You're probably not old enough to remember something called a "phone directory". These were very handy back in the day, you could look up a person's address and phone number in them.

You still can, if they've chosen to have their details published in there. Just like WHOIS will be.

0
0

All bow to the data protection Gods

The European data protection bods couldn't care less if they managed to wreck the entire internet, so long as they get to show how important they are.

Hopefully this won't encourage other governments to pass local laws to demand world wide changes.

6
90

Re: All bow to the data protection Gods

Absolutely! Data protection is non-sensical! I mean, what evidence is there of large scale abuse of personal information to control and manipulate people against their wishes? Who are they trying to protect us from? Nanny state! (etc, etc, etc)

75
3
Silver badge

Re: All bow to the data protection Gods

"The European data protection bods couldn't care less if they managed to wreck the entire internet"

How would it do that? If the data concerned were essential to the operation of the internet it wouldn't be affected. All that's affected is the publication of certain data fields and, if you bother to read the article you'll notice that some TLD authorities manage this perfectly well. Could it be that ICANN has had its head up its arse for the last several years whilst it gets on with its own governance issues which have been amply reported here?

"Hopefully this won't encourage other governments to pass local laws to demand world wide changes."

What other governments did you have in mind? The US for instance?

63
2

Re: All bow to the data protection Gods

Having my name and e-mail address visible in the WHOIS for .org has led to spam, spam and spam (the e-mail address used there is unique, so I know exactly where they got it from). The WHOIS has not been of use to me in any way. So good riddance.

49
3
Anonymous Coward

Re: All bow to the data protection Gods

What they are trying to protect you from is any counter narrative to their own.

Freedom of information is a threat to unelected governments.

5
33
Silver badge

Re: All bow to the data protection Gods

What does this have to do with a fucking counter narrative?

If you have a domain, why should your personal data be available for everyone in the world to see, use, and misuse as they see fit?

43
2
Anonymous Coward

Re: All bow to the data protection Gods

I am in the UK, with a UK registered domain name, with a WHOIS entry, and my name and address have been lawfully kept private by the registrar for about 20 years.

ICANN, and the USA in general, have been ignoring the problem for that long.

This is not just a last-minute panic over a two-year lead time, though that's bad enough. It's persistent American exceptionalism, and it is looking as though even the deals they have made in the past are a sham. "Your data is safe with us: we hire the CIA to keep an on-line back-up."

The internet won't collapse, and just think of all the extra fees the lawyers can charge for going to court to get a warrant. Oh, but that means they would have to work for their money..

Internet Lawyers: pissing off the world since 12th April 1994

49
1
Silver badge
Unhappy

so who do you report abuse to, now?

1. fake rolex/handbag marketing

2. spammers

3. blatant violators of the law

4. defamation and slander/libel

5. 'copycat' domains

ALL of these will NOW be made EASIER.

thank you, gummint overreach.

"unintended" consequences? or not?

/me points out that an 'abuse@' e-mail address that is ignored and/or filtered won't be able to receive complaints. A valid mailing address and/or phone number also guarantees that the owner isn't trying to HIDE from authorities. Anonymizing services are available. I use them as well as most domain owners. Why do we need to "GDPR" the domain name registry?

7
63
Anonymous Coward

Re: so who do you report abuse to, now?

The same as before? Like, there will still be a company with this info. It's just *you* will not get it.

Like here. On the Reg. If I or you post, we don't have our addresses and phone numbers exposed. However, if something was required, Reg could provide the info to authorities (not those two as they don't ask for them, but email and ip etc can be).

Plus, you really thought those people use their *real* name and address on those forms? RIIIIIGHT.

43
2
Anonymous Coward

Re: so who do you report abuse to, now?

What happens when you get abusive phone calls? You report it to the police then the police contact the mobile operator and get the details behind the number to perform their duties. Should we have an open online database showing all your details from your phone number?

This is exactly the same principle, any illegal activity will be reported to the authorities who will then get the information from the domain name registrar and deal with it accordingly. In my opinion this is how it should have been set up in the first place. The only people that will be complaining are the spammers, solicitors that like to send out DMCA notices/fines and all those web service companies that bombard you with phone calls and emails offering to build you a website.

Anyone registering domains for illegal activity are not going to put their real details anyway unless they are stupid so all your examples are null and void I'm afraid.

53
2
Silver badge

Re: so who do you report abuse to, now?

If I see for example that natwestbacs[dot]com is registered to Domains By Proxy LLC, then I know it isn't an official Royal Bank of Scotland Group domain. Likewise, if I see that "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service", like on my personal domains, then I know it isn't an RBS domain. So I don't see what the problem is.

15
10
Anonymous Coward

Re: so who do you report abuse to, now?

Then Natwest can request to have their info shown. I don't see anywhere where the law says they cannot. Just it's that Whois cannot!

If you need to use Whois info to know if the banking website is secure, you got bigger problems.

25
1
LDS
Silver badge

Re: so who do you report abuse to, now?

Did you ever find a dodgy site with a working abuse address or real telephone number? Even many ISP abuse addresses are utterly useless, because most of them ignore reports - why kick out dodgy but paying customers, as long as you don't face consequences?

Registrars don't vet registration details, and even criminals buy anonymization, if they see it useful - and be able to extract some more money for each domain is what registrar like.

14
0
Silver badge

Re: so who do you report abuse to, now?

“Then Natwest can request to have their info shown.“

That is exactly my point.

5
1
Silver badge

Re: so who do you report abuse to, now?

“Then Natwest can request to have their info shown.“

That is exactly my point.

Is it? Natwest, as a business, doesn't have personal information in it's domain registration details, it has business contacts which are not personal and so not covered by GDPR anyway. No need to request anything. Just declare on the registration application or renewal that the domain is business or personal and declare that the details are correct. It's not complicated, plenty of registries already do this.

It's not as if they are being asked to create backdoors that only good guys can access. Maybe it's time to start playing hard-ball with some of these orgs claiming to be too big to fail/block when they are (or will be) breaking the law instead of saying "hey don't do that, you've got a year to fix it"

9
0
Silver badge

Re: so who do you report abuse to, now?

you misunderstand gdpr. If the visible registrar contact is a person then that IS personal data. Natwest have personal data on its employees. These employe3s data is needed to perform duties, it is reasonable that a registrar needs a contact in Natwest. Natwest are the data controller. They use a registrar as a data processor and will need a GDPR policy agreement with them. By the registrar posting identifiable data publically they are breaking GDPR as a data processor. Natwest will not be liable for the breach as the controlller as they have shown diligence with an agreement with the data processor.

they do have an agreement right? uh oh. if not that is in the 4% fine bracket if they have not bothered to get agreements. 2% bracket if they have at least some agreements.

1
2

What's the problem here again?

I wonder. It's not like they want to introduce 100% anonymous registrations, is it?

As far as I understood this, the point is that, much like for car registrations, you can't just check the name and address of the owner of some car - if you have a serious reason to want this information, you'll need to go the legal path.

In which case it won't be very different from what's already happening today: In the recent years I haven't seen many smaller domains which hadn't the owner's information filtered out. Apparently the big difference is it won't depend anymore on the registrar's goodwill, but will be a legal requirement.

Isn't it? (Genuine question)

32
2
Silver badge

Re: What's the problem here again?

Exactly. Let's face it, other than some of us techies who do check, most people don't because they don't know about WhoIs or don't care. I find this whole thing is a tempest in a teapot.

The bigger problem is how corrupt is ICAAN? They rake in the money and have "meetings" in exotic places. Since the US government allowed them to be "private", there's no accountability.

2
2
Pint

Just give everyone free opt-out anonymity service.

This has been suggested before and I think it's the best solution. Flip everyone's contact details to anonymized, with the option to switch it off.

6
3
Silver badge

The registry for .uk, Nominet, for example, has long withheld the personal details of domain registrants and provides only technical information publicly.

This is not true. I've just done a quick blast round some of our company .uk domains and some of my personal .uk domains, and the full registration information is returned by whois.nic.uk.

5
1
Silver badge

Log in to your Nominet account and change it if you want to.

7
0
Bronze badge

"This is not true. I've just done a quick blast round some of our company .uk domains and some of my personal .uk domains, and the full registration information is returned by whois.nic.uk."

Non-commercial .uk domains don't need your contact details, but you have to ask your registrar (or Nominet) not to show them. Commercial domains need a contact address, even if it's just a PO Box.

5
0

All domains need contact information. Otherwise it becomes impossible to perpetuate the healthy operation of the domain pool. Domains which do not have valid contact information are subject to be released back into the pool.

I don't care if you're being spammed. If you refuse or are not able to provide a valid means of contact you don't deserve to participate in the domain registration system.

2
4

All domains need contact information. Otherwise it becomes impossible to perpetuate the healthy operation of the domain pool. Domains which do not have valid contact information are subject to be released back into the pool.

I don't care if you're being spammed. If you refuse or are not able to provide a valid means of contact you don't deserve to participate in the domain registration system.

As said several times already, NO ONE is saying that contact details cannot be asked for and stored, IF that is needed to provide the service. This is about who has access to that information. i.e. ICANN having access to your email/phone number in order to let you know your domain is about to expire is a valid business requirement, so is allowed, but some random person on the internet being able to grab your personal contact details in order to spam you is not!

4
0

Typical US centric company that struggles to understand there is a world of 7 bilion other people out there and their opinion does actually matter and their laws do affect you if you want to take their money.

36
1
Silver badge

"willing to make a special exception for ICANN"

Fuck that and the horse it road in on.

ICANN needs no "special exception". It has already had 2 years to pull its finger out and get to the task, but ICANN believes the entire world revolves around it, and has consistently decided everything in its own time and manner, procedures and laws be damned.

I am looking forward to ICANN being refused and brutally put in its place for once, and apparently there is a good chance of that since it has been warned in no uncertain terms that it had better get to work.

48
3
Silver badge

Re: "willing to make a special exception for ICANN"

> decided everything in its own time and manner, procedures and laws

To be clear it's not just national laws they ignore, it's also their own smegging byelaws and procedures.

I agree, refuse the exemption, point out just how long ago this was flagged (similar requests pre-date GDPR btw) and fine the fuckers so hard they regress back into the reasonable, almost competent entity that they once were.

It's been a long time since ICANN could be described as even near fit for purpose. They've wholly brought this mess on themselves

15
1

Re: "willing to make a special exception for ICANN"

d the horse it road in on.

now that one I haven't seen before

your on the wright rode, there shit clings on there shoes and you're shoes stink also

rode on that road just like you did

2
0
Anonymous Coward

Stating the obvious.....

If you want to register a public domain you are automatically acknowledging you must be contactable to report abuse, illicit behaviour or about content. No one is forcing the creation of a public domain, it is done with the intention of communicating with the Internet users.

For domains that are not involved with commercial activities, taking payments or providing advertising then the minimum information that should be displayed is the owner's name and email address. The owners personal address and telephone number should be private.

Corporate/Business organisations or domains that are operated as a business with advertising these entities should identify the owner, address, telephone and email address to protect customers or allow redress for those users who experience a problem.

5
22
Silver badge

Re: Stating the obvious.....

A simple abuse@ address is more than sufficient for contact. Those who'd ignore it are going to ignore your other contact methods too.

Registrars will still hold the details so in serious cases the old bill can get the contact data.

Publicly publishing that information does little to nothing to protect customers.

13
2

Re: Stating the obvious.....

I want to point out look how your comment got more downvotes than upvotes. But your comment is 100% right.

The problem is MOST PEOPLE don't know how the fuck the internet works and they don't understand this stuff is critically important. Disabling a system like WHOIS is similar to knocking out the support columns of a large bridge and hoping it doesn't collapse.

And all those people who don't have any idea what the fuck is going on are the ones downvoting posts like yours. They're the idiots passing laws like GDPR.

1
15

Re: Stating the obvious.....

So you're saying instead of publishing contact information, globally require that every single internet entity follow the exact same contact standards (they must have an abuse@ address).

To keep this short let me just tell you that will never work. Which is why WHOIS exists, which is why organizations can set contact information which is valid for their particular logistical model.

The problem is people register domains and they never bother to set or check their contact information, or they don't understand that it is public. So because a lot of people started playing with toys they don't know how to use, those of us who live and work in this world have to suffer.

1
10
Silver badge

Re: Stating the obvious.....

"Whois" could disappear in it's entirety tomorrow. Nothing will break. It's not related to the technical infrastructure at all.

And as many people have already pointed out: registrars will still have the registers information, and scammers use false details anyway.

10
0
Silver badge

Re: Stating the obvious.....

> Which is why WHOIS exists, which is why organizations can set contact information which is valid for their particular logistical model.

Which they'll still be able to do post GDPR, it just won't be mandatory for individuals to do so.

> The problem is MOST PEOPLE don't know how the fuck the internet works and they don't understand this stuff is critically important. Disabling a system like WHOIS is similar to knocking out the support columns of a large bridge and hoping it doesn't collapse.

Be wary of telling people they know fuck all when you clearly know so little about the subject you're discussing. If WHOIS was turned off tomorrow, everything would keep working.

It's more like publishing the name, address and telephone number of the bloke who built the bridge on a sign under the bridge. Take that sign away and the bridge won't collapse. If there are issues with the bridge, the council (or DFT) still have that blokes details so he can be contacted, just not by every tom, dick and harry that wants to sell print cartridges to him for specious reasons.

4
0
Silver badge

Unless ICANN have an EU based office they can’t be fined. The EU based registrars are the ones that can only receive any such fine. The solution is simple, if you have an EU based office, enable anonymisation by default. I have it on my 123-reg account, it works and it has worked since they started to offer it as a chargeable extra.

6
9
Gold badge

Presumably they won't be able to offer it as a chargeable extra once it becomes a legal requirement. :)

10
0
Silver badge

Businesses being businesses I'm sure that they would find a way to include it in the price, say increase the cost of domain registration by £4.99 per year. I don't think legislation will have anything to do with it. It's a legal requirement for me to have car insurance, but I still have to pay a business for it.

1
1
Silver badge

I have a feeling their Brussels office might qualify.....

6 Rond-Point Schuman

B-1040 Brussels, Belgium

8
0
Anonymous Coward

"I have it on my 123-reg account"

You have a 123-reg account? Sorry to hear that...

1
0
Silver badge

Sick of the spam calls

I'm bloody sick of the non stop spam from India asking me if I'd like a webshite built etc. I just try and keep them on the phone as long as possible these days, just for shits and gigs like.

12
0

Re: Sick of the spam calls

try Mr. Number, it's a social spam blocker for smart phones

0
0
Silver badge

Re: Sick of the spam calls

"Why yes, I'll certainly answer your questions, as long as it doesn't take long - the traffic is really busy and tricky at the moment, and I shouldn't be on the phone anyway!" (said whilst sitting on the sofa)

...

"Um, yes, I do own a Microsoft computer....... SHIT" *plays screatching brakes and car crash sound effect, then hangs up*

2
0
Silver badge

Re: Sick of the spam calls

just start screaming "ANTS! ANTS! OH GOD NOT THE ANTS!" before hanging up. I nearly pissed myself with laughter when a colleague did this. It didnt stop the calls but sure lightened the mood in the office.

1
0
Anonymous Coward

I've used whois to sniff out dodgy websites to see they are who they say they are, I'm not sure this is a good idea.

3
7
Silver badge

As mentioned above, there are various clues, even in just the domain name. And if the corporate entity chooses to be anonymised, you have to wonder why.

I started out in this lark via a Fidonet BBS with a usenet gateway, and we reckoned it would be trivial for a phone number anywhere in the UK to connect to a dial-up modem in Cheltenham. I remember one day when most of the sysops in the UK claimed to be running on a UPS because of a thunderstorm, all at the same time.

If you can't trust your sysop, who can you trust?

6
0
Gold badge

If it's a dodgy website, you probably can't trust the whois information anyway.

Registrars ought to check and insist that it is valid, but they've no reason to beyond "being professional" and if they are only charging a few pounds for the domain then there's probably no money in the budget for checking.

14
0

if you feel the need to sniff them out then you should have smelled the stench already and simply stop visiting that dodgy website

1
0
Silver badge

If that level of interest is repeated for other internet addresses under ICANN control, like .com, .org and .net, Neylon says it will be "perfectly manageable" from his business' perspective.

Which is unlikely.

Not only is .com itself 13x the size of .uk, but it still holds the sites of most interest to those who would query WHOIS. There's a reason .com accounts for almost half of all existing DNS names and almost 80% of new registrations.

3
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018