back to article Whois is dead as Europe hands DNS overlord ICANN its arse

The Whois public database of domain name registration details is dead. In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force. The letter also has …

FAIL

They shall regret GDPR

"There are some however, including security researcher Brian Krebs and the US government itself, that fear a shutdown of the full Whois will result in a spike in online scams."

Yes it will.

Anonymity on the Internet breeds anonymous cowards and their dirty deeds. Anonymity is the solution to nothing. If you have to be an anonymous coward to say something, don't say it.

6
17

Re: They shall regret GDPR

No, they probably won't. The reason is that I can go and reserve a site and type whatever I like in there. For my personal sites, I entered true information, which I don't really mind being available (neither my phone number nor my email are there, although my postal address is because there doesn't seem to be a good way to avoid it. This hasn't resulted in any spam yet). The registrar checked none of it. No physical mail to the address. No calls or SMS to the phone number. True, they used the email address, so they could see that was true, but those are pretty easy to set up. If I had made a site for scams, I could just put in "Microsoft Support, 1 Microsoft Way, Redmond, WA, 98502, 1-425-882-8080, support[at]microsoft[dot]com". The system wouldn't check, so initial victims would be able to check and see the supposedly correct information. In order to catch me, you'd need to have the authorities contact the registrar and find out the real information.

Now if I'm running one of those borderline legal scams with real companies, I can still provide accurate but misleading data.

Finally, I consider the issue unimportant because I don't think people are using whois to determine scams or not. Most people don't know what it is. Whois services are available only through registrars or the whois terminal command. People who fall for that type of scam are usually nontechnical enough not to use whois, while those like us who might check already know we won't get useful data from a scammer. I see no reason the data must be public; just make it a hidden database and let me publish. After all, any company worth anything will have all that information on the contact us page anyway. For personal sites, you don't need the owner's address as they will have provided you the methods you will use to initiate contact if they want to hear from you. I don't see any problem.

16
2

Re: They shall regret GDPR

Could I have your phone number, i'd like to discuss your comment in more detail. Maybe your home address as well? Might pop by to continue the conversation over a nice cuppa.

8
1
Anonymous Coward

Re: They shall regret GDPR

There's a treasure trove of information out there for you - just look at your local phonebook and electoral role.

0
0
Silver badge
Holmes

Re: They shall regret GDPR

I doubt I am unusual here by not being in my local phone book. I don't have a landline.

I moved a couple of months ago and when I registered to vote, I was asked if I wanted to be in the publicly available electoral roll. I declined that. From what I have heard, everyone should decline.

Not showing up in those does not stop the Bill knowing where I live. Neither does it stop me being able to vote. Not being searchable by WHOIS etc keeps the crooks, spammer and "Imaginary Property" scammers away. I does not keep legitimate authorities out. It makes them a little more likely to follow the rules if they want to discuss things with me (I really hope).

4
0
Anonymous Coward

Re: They shall regret GDPR

"Anonymity is the solution to nothing. If you have to be an anonymous coward to say something, don't say it."

Anonymity is the solution to the 'special interest social lynch mob', if you want to express an opinion or belief that not everyone considers 'politically correct'.

1
0
Silver badge

I wonder if you have just registered a domain name with a registrar and paid up front for 12 months of privacy registration whether you will get a refund for the unused portion come 25th May when no doubt they will have to start offering it for free?

3
0
Silver badge

> come 25th May when no doubt they will have to start offering it for free?

Dream on!

Come 25th May, privacy registration will be mandatory, including whether you have given your consent to opt out, thus the cost of privacy registration will simply be added to the annual fee (helping to cover the cost increases associated with GDPR); so expect the bare domain price to disappear from EU registrars and the bare domain plus privacy registration to become the new bare domain price.

1
0

250 Years War

None of this would be happening if Britain had only had the courage of her convictions and fought on after the declaration of independence.

She should've learned from the Hundred Years War, licked her wounds, put sanctions on the U.S. (Britain was the world in those days, there was no-one else to trade with and the U.S. would've had to capitulate), rebuilding her forces, gone back and reclaimed her territories.

Then we wouldn't be in this mess, with the U.S. still at war with the entire rest of the world 250 years later.

It's time we showed the U.S. who's who and what's what. We didn't put up with this nonsense from the Romans. Or the Spanish. Or Napoleon. Or Hitler. Or the EU. Enough footling about, send a gunboat! Give the blackguards a bloody nose, what? Who do they think won the bloody World Cup, eh?

9
6
Silver badge
Trollface

Re: 250 Years War

World cup?

Germans, wasn't it?

I think they may have almost won WW2 by now as well, looking at who is in charge of Europe.

4
6
Silver badge
Joke

Re: 250 Years War

We let the germans win at football.......... because we beat them twice at their national sport last century

8
1

Re: 250 Years War

he Germans aren't 'in charge' of Europe. that's a myth promulgated by those in the UK who want to ensure that the mood remains anti-EU, by appealing to xenophobia arising from events that happened long before even I was born.

Seriously, if it were Spain that were the industrial/economic powerhouse, you can bet we'd all be hearing about how 'we beat the Armada'. If it were France there'd be jingoism about Waterloo all day every day.

As for who really won the War, yep. And the reason the Germans are where they are is because they didn't fall for the Ayn Rand model of social order but, instead, have industries that actually manufacture things rather than financial services run by crooks; and a form of unionisation that, whilst not without its flaws, ensures that businesses remain going concerns rather than being asset-stripped to the bone and flogged off for a quid once the pension fund is empty.

As for their national sport, there are only twenty-two countries in the world that Britain didn't invade and 25% of those (Andorra, Lichtenstein, Luxembourg, Monaco and Vatican City) are smaller than my gran's outside toilet and not really countries on anything more than paper. At the peak of the empire years Britain was effectively the entire world not simply in terms of power and influence but geography too. If any nation can be said to have had 'invading other countries' as a national sport then look no further than home for the all-time greatest proponent of that particular pastime. (It did make me smile, nevertheless, so have an upvote : )

21
2
Silver badge

Re: 250 Years War

You may need to read up a bit on the state of the world during historical times. Empire building was all in vogue (and to some extent it still is today) .

Germany is the powerhouse of the EU and as such does carry greater influence (to be expected) and the roots of the EU was for this to be the case (German industry plus French agriculture = EU).

4
0

Re: 250 Years War

You may need to read up a bit on the state of the world during historical times. Empire building was all in vogue (and to some extent it still is today) .

I'm really not at all sure what point you're trying to make here.

The largest empire the world has ever seen was the British Empire. In terms of influence it has to be said, that it has been matched by the U.S. Empire-in-all-but-name since. Geographically, however, nothing has ever matched it.

Britain invaded all but twenty two countries in the entire world, five of which are tiny and one (Vatican City) barely even a city state on anything more than paper. Those are the historical facts, so I really don't see what I'll learn by 'reading up a bit' - there's nothing else to learn.

Germany is the powerhouse of the EU and as such does carry greater influence (to be expected) and the roots of the EU was for this to be the case (German industry plus French agriculture = EU)

No, the origins of the EU were multivariate.

I have no doubt whatsoever that there was intent to ensure that France and Germany did well out of it - every nation sees to it that, to whatever extent it can, it maintains influence in the world. To imagine, however, that those were the 'roots' of it is simplistic in the extreme and the subtler form of the Little England/Brexit argument that tries to argue that the inherent xenophobia isn't such but rather a rational response to 'economic/political realities of the EU'.

But, after a thousand years of war and, above all, the events of the Holocaust, it was as much an attempt to ensure no repeat of either in Europe as anything else. Economic superiority could be achieved between France and Germany simply by forming a pact and trading favourably with each other and imposing tariffs (both positive and negative) on other nations that both adhered to.

Apart from the U.K., precisely which nations in Europe could ever have challenged either France or Germany economically or (as a result) politically since the 1970s? On what occasions were any of Italy, Spain, Austria, Switzerland, Portugal or any of the Scandinavian nations large enough to outperform France agriculturally or had the necessary infrastructure to challenge Germany industrially? That's not to say that France, especially, would have done so well without the EEC/EC/EU - politically and economically, it has frequently not been much less of a 'sick man' than was the UK in the '70s. But at what stage could it not have achieved its current status by entering into the suggested economic/political pact with Germany? At what stage has either nation faced a serious political/economic challenge from anywhere in Europe other than the UK?

3
0
Silver badge

Phone book

If you want to be in the telephone directory, you have to make details - your name and your number - available. If GDPR is going to force phonebooks to be empty then it's simply silly. Publishing those details for your own benefit is literally the point of it.

You can, of course, choose not to be in the phonebook. Or put a business name rather than a personal one. It's then your problem to make the number usable, presumably by advertising it elsewhere or to a closed group.

Domains should be exactly the same. You want a public advertisement of how to reach you, you permit your contact details to be known. You want a private IP address, that's your problem : you don't need a domain.

3
14
Stop

Re: Phone book

> If GDPR is going to force phonebooks to be empty then it's simply silly

You've got it backwards. Actually GDPR is saying that you should be asked if you want to be put in the phonebook, the phonebook editor can't publish your address and number if you don't want it. I don't see which sane person can see that as a problem...

(BTW I didn't downvote you.)

19
0

Re: Phone book

I think you've still got it sideways. GDPR appears to continue allowing your information to be in the phonebook, but it's not allowed to be distributed in full any more. Other people have to fill out the shiny new proper paperwork to view entries. It's a jurisdiction grab.

1
8
Silver badge

Re: Phone book

My phone number and my name are not in the phone book.

Yet I still have a phone number and people can still phone me.

My name and address are not in the public (edited) electoral roll.

Yet I can still vote.

My name, addres and phone number do not need to be in the public whois database for my domains to resolve correctly.

As you said, there is no difference and ICANN simply needs to comply with the law or suffer the consequences. It is neither technically nor politically difficult for them to do so, as most registrars already do offer a service which would comply - at extra cost.

10
0
Silver badge

Re: Phone book

You echo my point.

Your name is not in the phone book, and the only people who contact you are those who you gave it to specifically.

If you want others who know your name but not your phone number to find you, you put it in the phone book.

Likewise with domains : if you want a visible one, you publicise the details. If you don't want it visible, you don't need a DNS entry.

1
1

Re: Phone book

>Domains should be exactly the same. You want a public advertisement of how to reach you, you permit your contact details to be known. You want a private IP address, that's your problem : you don't need a domain.

Not so. In many cases, I do need a domain, even if I don't choose to publicize it to everyone. Not all systems support directly accessing IP addresses, although most do. Many systems see that as a security problem, as many scammers use the same strategy, so I'm now facing my users seeing warnings or blocks on the way. There's also the obvious fact that susansmith.com is easier for people to remember than 109.251.39.28. I don't see any reason that my information needs to be known for those benefits to accrue to me. I put my info in the phone book for my and others' benefit. I put my information in the whois database for exactly the same reason. Except I get no benefit because it opens me to spam, my nontechnical users get no benefit because nobody checks it, and my technical users get no benefit because I already put the contact information that they should be using on the site. So what if the site is basically useless to those who aren't planning on using it? Maybe those people don't need to contact me.

0
1
Happy

Smirk mode

Serves the greedy buggers right.

GDPR is good and will potentially cripple any company playing fast and loose with EU citizens private data. It will also be enshrined in law in the UK following our exit from the EU. Fines, warnings or removal of right to process data-lovely.

I do wonder how quickly the EU will smack them up. It would be hilarious to see the excuses over the coming weeks.

Final rant: Who gives a crap? IICANN is a typical corporate dinosaur. I wouldn’t lose sleep if I were you - there is always a way round the possibility of them going down. Night night

9
2

Strictly speaking shouldn't telephone directories be illegal under GDPR?

Automatic listing, and often a fee charged for the privilege of opting out.

5
2
Silver badge

Re: Strictly speaking shouldn't telephone directories be illegal under GDPR?

When I last got a new phone number I was asked whether or not I wanted to be in the phone book.

It made no difference to the contract price either way.

2
0
Silver badge

Whois is useless anyway. What is the point of a database filled with fake data?

7
1
Silver badge

The big problem that many seem to have overloooked is that the EU cannot get at ICANN directly as ICANN doesn't (AFAIK) have an EU presence. However, all the registrars with an EU presence must abide by GDPR - and that means it would be illegal for a registrar to pass any personal data to ICANN unless ICANN abides by the rules of GDPR.

BUT, ICANN is a US based outfit and must abide by US law - which is incompatible with GDPR. That's going to be interesting once Privacy Shield Figleaf is officially declared incompatible.

4
2
Anonymous Coward

ICANN :

6 Rond-Point Schuman

B-1040 Brussels

Belgium

Phone: +32 2 894 7400

European Commission:

Rue de la Loi 170

1040 Brussels

Belgium

They could pop round for tea!

6
0

40 days to go until enforcement of GDPR. We should open a book on which US company gets smacked for 4% first. As for ICANN i dont see why it doesnt operate like our electoral register.

A full register by default, and an edited register for individuals to be exempted from. Law enforcement can operate by using the full register, as can governments but marketers and spammers, fraudsters cant get access to private data.

I need to go have a shower now, I feel unclean after defending law enforcement and the government.

3
0

I don't understand

A year ago I registered a domain and was to mean (and stupid) to pay extra for privacy. Since then I have been plagued by offers of web development, logo and picture services both by phone and email. A year later the phone calls have stopped and I only get one email per day now. If I had paid extra then presumably this would not have happened and my personal information would not have been exposed/sold. So a mechanism already exists to preserve privacy, albeit a paid one. So just turn it on for everyone and the problem goes away. What is this two years of development?

3
0

How many whois queries are really legit?

My registrar (name isp) displays the number of whois queries and detailed log for my .com domain.

In just one year my domain has been queried 430 times! No "real" person has reach out to me. Only spammers and scammers. I hope a for new system where only legit requests shall be served with my contact info

2
0

First of all, America built the internet. Not Europe. Let's keep that in mind FOREVER please shall we? Thank you. Do not forget this fact until nationalism is extinct and we live under a global flag.

Next, WHOIS is not Illegal. Europe cannot dictate global law by passing it's own regional codes. Else every nation in the entire world could dictate global policy unilaterally!

WHOIS is a VITAL and _absolutely necessary_ piece of the domain registration system and the proper function of the internet. The abuse of WHOIS by domain registrars to upsell "privacy" options is a racket which can be shut down without destroying the domain registration system.

WHOIS operated _just fine for years_ in it's present state without any problems! So let's ask ourselves what changed? I'll tell you, a bunch of people who barely know how to use a computer decided to buy domain names without knowing anything about how the marketplace works. That's what happened. And now those same barely literate people are responsible for this story evolving.

WHOIS contact information is supposed to be VALID and AUTHORITATIVE. If your personal cell phone is listed in your WHOIS information THEN YOU ARE DOING IT WRONG!!!!!!!!!!!!!!! The problem isn't WHOIS, the problem is you!!!!!

In a somewhat ironic twist, this is the most important thing happening in the world right now. If Europe can DESTROY THE INTERNET by passing it's own unilateral regional laws then any nation can wreak equal havoc in a similar manner.

Suggestion, send the monarchies back to the children's table until they join the rest of us in the modern era.

1
20
Anonymous Coward

lol and i thought mindless jingoistic fervour died years ago...

You forget the odd contributor along the way like Donald Davies, Tim Berners-Lee. Even that funny overlooked guy Alan Turing, and amusingly for decades americans believed they invented computers too.

As for your rant about WHOIS, like alot of the original technologies used in the internet , this one is past its sell by date, and needs reform.

As for your comment "If Europe can DESTROY THE INTERNET by passing it's own unilateral regional laws then any nation can wreak equal havoc in a similar manner" I think you need to go online and order some more medication , clearly your not getting enough lithium. Any protocol or service should be up for examination of suitability at any time, just as laws are subject to revision.

Your suggestion "Suggestion, send the monarchies back to the children's table until they join the rest of us in the modern era." is frankly absurd. I have access to 5G wireless where i live, we have autonomous robots that do deliveries regularly round here.Do you see robots out on your streets delivering goods? Do you have genuine legitimate 5G? No, well thats because you belong to the country that introduces tech like chip and pin years after other civilized countries.

theres nothing that amuses me more in life than watching americans shout "USA USA USA" over and over again mindlessly while theyre being battered at a sport like football. Nobody cares about your "me me me" society with its inbred sports, misuse of english, nasally accent, hormone injected medicalised meat products, lack of universal free healthcare, and the ability to buy automatic weapons on street corners. Oh sorry i forgot the chronic opiate addiction rate in the usa too.

12
0
Silver badge

Wow! Erm, you may need a sponge or something equally absorbent to mop up the foaming.

The US invented ARPANET, the forerunner of the Internet in order to create a packet based network that linked cities and other sites and was resilient enough to automatically route safely around failing, or failed, routes - in other words, a multi-link network rather than the usual ring or star topology. ARPANET was developed (funded) by the US military and various US academic institutions. From there the non-military (academic) side developed rapidly into an international collaboration and evolved into what is now the Internet, with many of the underlying technologies and protocols transferred over. DNS, for example, only appeared from 1983 - and DNS and the infrastructure and support around it is why the TLD companies exist. Many of the underlying technologies and protocols that we still use had their origin in international academic collaborations - so while you are correct, to a point, that the US (or America in your terms) built the Internet, they only started the process, not created it all.

Nobody is saying that WHOIS is illegal, what is happening is that the operators of it have to adapt to a changing market. A market, incidentally, where the majority of it exists outside the physical borders of the US. Changes to rules and regulations happen all time, how about a couple of US gems: Sarbanes–Oxley and Dodd-Frank - both far reaching US acts brought in to try and reduce the damage through financial manipulation and corruption. US, and many international, organisations have had to change and adapt their processes to take into account these acts. Are you saying that they shouldn't have to because, in your mind, nothing should ever change? Or that because there wasn't a specific law against it, that it was alright to destroy evidence and falsify information X years ago and therefore is OK to continue doing so now?

Also, ignore the idiotic "American intelligence" information sites... there are very few monarchies left on the planet and having a titular head of state (compared to a corrupt orang utang) does not make a nation a monarchy. Most are considerably more democratic than the US.

6
0
Anonymous Coward

upvoted for "corrupt orang utang". Sorry can't stop laughing.

1
0
Silver badge

Meanwhile in Europe itself...

All whois databases are fully operational and still showing personal data.

Try looking up some Dutch (.nl) domains through SIDN.nl. Or check French domains (.fr) through afnic.fr.

Wouldn't this whole thing make more sense if they had started by sorting out all European whois databases first? Or do those suddenly not count or something?

0
3

Re: Meanwhile in Europe itself...

I checked nominet in the UK :- https://www.nominet.uk/nominet-opens-comment-period-gdpr-changes-uk/

From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.

Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.

The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance. Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.

Seems all reasonable to me. I'm going to be re-registering all my sites/services on May 26th.

6
0
Anonymous Coward

Government vs. Corporations

And we're back to the uniquely American view that everything government does is bad, and everything corporations do is brilliant.

It's funny how some people instantly think that because this is coming down as a law, it means it's a bad thing, it's against freedom, government overreach etc. when in fact it's exactly the opposite. It's regulation to control those corporations whose only loyalty is to the share-holders and bottom-line.

Sure, most governments have a lot of corruption and need to be called out, but the american paranoia and love affair for corporations is nuts.

Americans are the most screwed over work-force in the Western world. You have working condtions out of a Dickens novel, no mandated holidays, and have to pay/insure for health cover!

But hey, as long as the 1% with 99% of the wealth get richer.. After all, it's going to be you too one day, right? Keep living that American Dream.

11
0
Anonymous Coward

So what will really happen?

Its funny seeing some of the comments here, specifically those around "breaking the internet" and most can see that this information being public is more harmful than helpful (those that still "need" to access the data will be able to, just a bit slower).

But in reality what is likely to happen?

I foresee that ICANN will just implement a block/filter on showing the data on the service in the interim (easy option) with the ability to provide the information on receipt of a suitable request (legal). But then I expect the US players (media orgs in the main) to put pressure on the US gov to implement a law requiring the publication of the data (just like what was mentioned for companies house data in the UK) that would trump GDPR. This will be rushed through and then ICAAN will disable the filter (or give people the opportunity to relinquish domains).

That's my guess anyway - and as a result I see more fake information being recorded (making the whole thing pretty useless anyway).

If the data is kept private then there is more chance of people providing real information.

Would they prefer accurate data or public data - I don't think they will get both.

5
0

GDPR reveals EU's lack of depth of understanding

After reading each and every comment, it's rather disappointing to be reminded of how naive people can be about the internet, the DNS system and cyber crime.

I've watched these same conversations for more than two decades. The internet governance has sprawled in such an unorganized and uncontrollable way that today, the comments above are, for the most part, fantasy. There's a thin line between Saturday night and Sunday morning!

I'm not going to preach. Nobody likes to be preached to -- and we lost that war during the Clinton administration when the Internet was given over to ICANN in the first place.

Let me just leave a few tidbits of food for thought:

* GDPR is an exercise in futility. Nobody will win but the lawyers and cyber crime

* GDPR will be circumvented by the big guys, smiling with false compliance.

* ICANN is for the most part a self serving band of international rogues who don't follow any rules, much less their own. (Read up on this at http://knujon.com/illicit_domains_icann_graphic.pdf )

* Nobody can stop, nor regulate the free flow of all known data. Nobody.

* Cybercrime is always 2 steps ahead of all other technology

* ICANN could tell GDPR to go whistle Dixie. They can recall IP blocks and DNS at the flick of a switch

* The WhoIS is 80% incorrect, or masked and fully compromised. You cannot hide.

* VPN and Cloud masking makes ANY IP address tracking a waste of time.

* Once IPv6 replaces iPv4 all masking attempts will cease to function (see : http://bit.ly/2F1qFVx)

* Your "data" and information is already out there. Crimazon has 5.8 billion dossiers

You don't have to believe any of that. Many of you probably don't. I've spent one to three hours a day since 1997 battling cyber crime. The efforts of an army of Spamcop and Knujon agents are responsible for your relative safety from the cyber crime element. Unless you've been involved, you haven't even seen the tip of the problem.

When we migrated ALPE to Quantum in 1987, we established a cardinal rule, and predicted it would NEVER change. When the name was changed to America Online we tried to make the forums, chat rooms and IM as secure as possible, but also realized that the criminal element would always get through. Seeing the writing on the wall brought us to the realization that connectivity would eventually rule us all. But the rule remains solid even today, now 30 years later :

"If you don't want it public, to be seen on millions of screens, don't put it there."

How simple is that? Wonder why people never learned that lesson?

We knew from the very beginning that connectivity was NOT secure and would NEVER be secure. Period. Nobody, (let that sink in : NOBODY) who promises you security can guarantee your data will be secure. Just read the fine print in the TOS and you'll see that NOBODY is guaranteeing your data.

Once the IP system was taken away from the DOD, and privatized to international thugs, all hints of accountability was lost forever. GDPR is a farce. It won't regulate anyone but the honest.

Those of you who would like to know what's actually going on should read:

FUTURE CRIMES ... http://amzn.to/2irHG0T

. . . and thanks for reading.

0
0
Anonymous Coward

ICANNT

SORRY, RENAMING TO ICANNT

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018