back to article Whois is dead as Europe hands DNS overlord ICANN its arse

The Whois public database of domain name registration details is dead. In a letter [PDF] sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force. The letter also has …

  1. John Doe 6

    Actually it is a non-issue: The only GDPR problem in WHOIS is the personal information which may not by displayed - just remove content of those fields from the DB or replace it with the AS#.

    1. Voland's right hand Silver badge

      just remove content of those fields from the DB or replace it with the AS#.

      That is exactly the information which IPR trolls need to throw seize and desist and threat letters.

      They and specifically the entertainment industry lobby are the ones behind the current ICANN position as this will mean that they will now have to use a proper court order to make the SP disclose the end-user information.

      1. John Smith 19 Gold badge
        Unhappy

        "this will..now have to use a proper court order to make the SP disclose the end-user information."

        To which I think many are thinking "Boo f**king hoo."

        Coming for a decade and still not ready.

        Funny how it's the US that thinks it's laws apply everywhere and when other countries or institutions push back you hear that whiny corporate tone "Please don't do that, we can't, we're special."

        I despise corporate whining

  2. Yes Me Silver badge
    Childcatcher

    Unstable operation coming soon...

    "the stable operation of the Internet's unique identifier systems" has been possible for many years because it's possible to discover who is (ab)using any particular registration. And contact them if necessary for operational purposes.

    Changing this will make illicit or ham-fisted operations much harder to stop. It will be ironic if EU privacy rules make criminal activities easier to get away with.

    Don't they need to get all registrants to sign a waiver?

    1. Trollslayer Silver badge

      Re: Unstable operation coming soon...

      Assuming contact details are correct.

      1. Stuart Grout

        Re: Unstable operation coming soon...

        If operator's details are not correct the domain gets suspended as they are in breach of their agreement to provide and maintain correct details.

        1. Doctor Syntax Silver badge

          Re: Unstable operation coming soon...

          If operator's details are found to be not correct the domain gets suspended

          1. Anonymous Coward
            Anonymous Coward

            Re: Unstable operation coming soon...

            > a shutdown of the full Whois will result in a spike in online scams

            Not really, since most scammers (a) give false details, (b) hide behind registrars who obfuscate the details for them, and/or (c) use short-lived domains and discard them when finished.

            > If operator's details are found to be not correct the domain gets suspended

            And with about 140 million domains in dot com alone, how much actual verification is done on each one, apart from sending a confirmation E-mail to the registered contact mailbox and checking it doesn't bounce?

        2. LDS Silver badge

          "If operator's details are not correct the domain gets suspended "

          Is so, many US registrars would be suspend wholly .Many of them hosted a large number of spammers and fake sites without giving a toss about it - as long as they got paid., even with stole credit cards. Most of them decided that it was more profitable to sell a large number of cheap domain names, without checking registration data - of course that means to close both eyes on who registered what.

          ICANN acts the same way, as long as it people are paid handsomely for looking at their bellies buttons, they don't care at all about actual issues and upcoming ones - as we've see in this case.

          GDPR wasn't meant against FB or Google - it was meant to protect citizens' data, regardless who collects and manages them.

          1. Yet Another Anonymous coward Silver badge

            Re: "If operator's details are not correct the domain gets suspended "

            For official purposes the information can still be requested through proper channels

            Who gets to decide who are official ?

            Russian intelligence agency, Somalian warlord, MPAA, Milk Marketing Board ?

        3. Tomato Krill

          Re: Unstable operation coming soon...

          No, as long as they're *plausible* they will be accepted and validated by the automatic processes that verify data.

          They need to be valid data; they need not be *your* valid data.

    2. Doctor Syntax Silver badge

      Re: Unstable operation coming soon...

      "Don't they need to get all registrants to sign a waiver?"

      The authors of GDPR saw that one coming. One aspect of the regulations is that you can't tie provision of a service to a waiver on data that GDPR covers. Breaking that one would just bring bigger fines.

      1. Anonymous Coward
        Anonymous Coward

        Re: Unstable operation coming soon...

        "you can't tie provision of a service to a waiver on data that GDPR covers"

        Citation needed!

        1. SImon Hobson Silver badge

          Re: Unstable operation coming soon...

          "you can't tie provision of a service to a waiver on data that GDPR covers"

          Citation needed!

          Try the ICO guide to GDPR.

          Basically, if you are saying that you won't provide the service without the person giving consent then that consent is't "freely given" - so don't bother.

          However, that doesn't automatically stop you collecting and processing data because you can collect and process information that is REQUIRED for the performance of a contract. In the case of domain registrations and whois, the registrar is entitled to collect certain information for performance of it's contract. BUT, making that publicly available via whois is not required for the performance of the contract and so must only be done with consent and the person must be able to withhold that consent without affecting the ability to have domains registered.

        2. Anonymous Coward
          Anonymous Coward

          Re: Unstable operation coming soon...

          " Citation needed!"

          Consent has to be freely given. Here for example is an explanation of the principal https://www.ivir.nl/publicaties/download/Computerrecht_2017_4.pdf

          1. Anonymous Coward
            Anonymous Coward

            Re: Unstable operation coming soon...

            That's just an opinion piece that borders on wishful thinking. I want to see chapter and verse of law.

            1. the spectacularly refined chap

              Re: Unstable operation coming soon...

              That's just an opinion piece that borders on wishful thinking. I want to see chapter and verse of law.

              Read the bloody regulations yourself then: it's not as if it isn't publicly available. The poster you originally responded to stated GDPR say this and you demanded a citation despite that in itself being one. Now the ICO counts as 'opinion' despite them being one party responsible for enforcing it.

              It's clear enough that your opinion is worth fuck all, your IQ is clearly way too low for you have anything meaningful to contribute and are far happier spouting meaningless tripe than even stopping to read the very references you demand.

              This is law and not subject to alternative facts if you happen not to like it. Yes, you can ignore it if you like but if it comes back to bitch slap you then you only have yourself to blame.

              1. Danny 14 Silver badge

                Re: Unstable operation coming soon...

                businesses are still covered with gdpr. ICANN is a data controller with data. That data might be personal data if an IT manager has his name and email address on there. Business or not, GDPR is about protecting data.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Unstable operation coming soon...

                  > GDPR is about protecting data

                  No. The GDPR is about protecting personal information.

              2. Jamie Jones Silver badge
                Happy

                Re: Unstable operation coming soon...

                It's clear enough that your opinion is worth fuck all, your IQ is clearly way too low for you have anything meaningful to contribute and are far happier spouting meaningless tripe than even stopping to read the very references you demand.

                Blimey! Some-one needs a hug! :-)

        3. Anonymous Coward
          Anonymous Coward

          Re: Unstable operation coming soon...

          GDPR Article 7 (4)

          http://www.privacy-regulation.eu/en/article-7-conditions-for-consent-GDPR.htm

    3. Lusty Silver badge

      Re: Unstable operation coming soon...

      “Changing this will make illicit or ham-fisted operations much harder to stop”

      You’ve completely misunderstood everything about this. Literally nobody is saying ICANN shouldn’t collect and store the information. They should and they will, just like Nominet do. For official purposes the information can still be requested through proper channels. The only difference is that our details won’t be available for anyone to access. They should never have been in the first place, and this case shows why GDPR is so important given how hard people are trying to keep doing things they shouldn’t have done in the first place. It’s always harder to get privacy back than to never let it go.

      1. Yes Me Silver badge

        Re: Unstable operation coming soon...

        "The only difference is that our details won’t be available for anyone to access."

        Exactly. So the public isn't able to discover who registered dodgybusiness.com without expensive and cumbersome due process. That seriously reduces consumer protection. Privacy is a two-edged sword and GDPR doesn't seem to recognise it. Fraudsters are pleased.

        1. John Brown (no body) Silver badge

          Re: Unstable operation coming soon...

          "Exactly. So the public isn't able to discover who registered dodgybusiness.com without expensive and cumbersome due process. "

          You are assuming that dodgybusiness.com was so inept as to register with their correct details. You are also misunderstanding the point of GDPR. Dodgybusiness.com is a business and so must publish it's contact details and is not protected in that way by GDPR. But they probably used a registrat that doesn't care or check the details anyway.

        2. Louis Schreurs BEng

          So the public isn't able to discover who registered dodgybusiness.com

          the public isn't interested in the first place, willing to keep their privacy shunned by F book without changing their privacy settings, much less actively looking up who is doing the rest of the dodgy interwebs hackingdoodledumbsies

      2. Steve 114
        Happy

        Re: Unstable operation coming soon...

        My registrar charges a few dollars a year to keep my ID 'private', standard option. I wonder if I'll get that service free now.

        1. Roland6 Silver badge

          Re: Unstable operation coming soon...

          >My registrar charges a few dollars a year to keep my ID 'private', standard option. I wonder if I'll get that service free now.

          If your registrar had any sense, they would have made 'private' their standard offering.

          There is no discount for positively opting out, because they now have to maintain records of your consent.

          In some respects, I'm a little lost as to why this is such a big issue, the EU registrars seem to already have in place the relevant mechanisms to protect their domain holders data they just seem to be reluctant to use them.

      3. MrXavia

        Re: Unstable operation coming soon...

        "The only difference is that our details won’t be available for anyone to access. They should never have been in the first place"

        Glad that this is being changed.

        I wonder if companies house is allowed to continue under GDPR, I never understood how they were allowed to publish officers addresses without any comeback... Problem is once its published, you cant take it back.

        1. Franco Silver badge

          Re: Unstable operation coming soon...

          MrXavia I was coming here to make that very point. As soon as I setup my own business and people saw it at CH I started getting spammed by IT resellers and dodgy accountants promising 95% take home. I really hope that they have their house in order for GDPR.

        2. Dazed and Confused Silver badge

          Re: Unstable operation coming soon...

          > I wonder if companies house is allowed to continue under GDPR

          I wonder whether the concept of a limited company will be allowed to continue under GDPR.

          The idea of Companies House publishing your details is because you are asking people you do business with to do so on the basis of trust. If you do business with a limited company you have to accept that you may not get paid and that ultimately their liability is limited to the share capital of the company (usually a couple of quid). So you need to be able to find out whether the directors are people you are prepared to trust. Publishing their details at least holds them (me) to a certain amount of accountability. If you aren't allowed to find out who they are why should you trust them? Business people being able to use the right to be forgotten to hide their past illegal behaviour is bad enough. Letting conmen have complete anonymity seems to be an unexpected consequence of the new rules, unless you subscribe to the black helicopter view of things.

          1. Anonymous Coward
            Anonymous Coward

            Re: Unstable operation coming soon...

            "I wonder whether the concept of a limited company will be allowed to continue under GDPR."

            Nope.

            GDPR, exactly like the DPD before it, sets out a series of justifications for processing data. Put into context that means that publishing data is absolutely legal under GDPR as long as you can suitably justify it. In the case of something like companies house, the fact that the law requires the CH register to be public trumps the protections in GDPR. Even if it did not then there would be a strong legitimate interests argument.

            ICANN have made no effort to come up with such a justification. Given that many registries already don't publish, that anyone can already register anonymously (for a fee, funnily enough) and the level of abuse of the public registries, such a justification is likely to simply not exist.

    4. Anonymous Coward
      Anonymous Coward

      Re: Unstable operation coming soon...

      "And contact them if necessary for operational purposes."

      This problem has already been addressed. Any well setup domain has e-mail addresses as per RFC2142, i.e.:

      abuse@example.com

      hostmaster@example.com

      postmaster@example.com

      The solution is as simple as ICANN mandating these addresses are valid and if they're found not to be, you'll forfeit your domain registration, maybe after a few strikes.

      1. Anonymous Coward
        Anonymous Coward

        Re: Unstable operation coming soon...

        1997 called. It wants to know if you are the only person on the planet still following the RFC.

        1. Anonymous Coward
          Anonymous Coward

          Re: Unstable operation coming soon...

          "1997 called. It wants to know if you are the only person on the planet still following the RFC."

          1997 will need to come and ask me on IRC. :-)

          But I suspect so, it is becoming more and more apparent to me that I'm an odd little duck.

      2. Aitor 1 Silver badge

        Re: Unstable operation coming soon...

        of course.

        Yet most abuse@whatever from big companies will either give you the silent treatment or redirect you to a website using an automated mail.

    5. Orv Silver badge

      WHOIS is a relic of an older, friendlier internet

      WHOIS contact details are a relic of the 1990s, when everyone ran fingerd and identd and sysadmins could solve problems by calling each other up for a friendly chat.

      Nowadays putting that kind of personal information publicly on the Internet is just asking to be scammed and abused. Last time I published my real phone number in a WHOIS record, I got about a dozen telemarketing and scammer calls a day for weeks. My phone is still largely unusable for incoming calls (because I just ignore it.) At this point it's just a way for registrars to make more money by selling "domain privacy" packages.

    6. Aitor 1 Silver badge

      Re: Unstable operation coming soon...

      Nope.

      The illegal operators had fishy details.. while law abiding citizens put real data and big companies could throw them under the legal system bus.

      Same as with gun laws.

      I do recognize that some trollish ppl will be harder to stop, but ICANN must respect the law of the land.. even if they think it makes no sense.. as they do with China and Russia... yet dont want to do with the EU..

  3. Trollslayer Silver badge
    Mushroom

    Bunch of petty autocrats

    WIPO, EPO and so many others.

    About time they were woken up.

    1. Tomato42 Silver badge

      Re: Bunch of petty autocrats

      EPO, despite having "European" in the name, has nothing to do with European Union or European Commission

      1. the spectacularly refined chap

        Re: Bunch of petty autocrats

        Or anything at all to do with GDPR...

        1. Danny 14 Silver badge

          Re: Bunch of petty autocrats

          GDPR is hardly new. It has been brewing for 2 years now. Unfortunately some companies just cant be arsed doing anything about it.

  4. Martin Summers Silver badge

    The only use I had of WHOIS having my details is getting a random phone call from a chap wanting to buy my domain name off me, which back in 2003 I made about £600 for. Personally I'll be glad to see the back of it as I think it's completely unnecessary to have those details exposed. It's made a mockery of with privacy services anyway and I balk at the cost of those on top of the domain. It's not going to make any difference to anyone having this shut off, only the registrar and the naming authority need my details.

    What is going to be affected is verified SSL certificates, although I imagine there's an opportunity for registrars to make some money out of a verification API. I'm sure someone will be right on that.

    1. Ole Juul Silver badge

      "It's made a mockery of with privacy services anyway and I balk at the cost of those on top of the domain."

      Many registrars offer it for free.

      1. Tom Chiverton 1

        Gandi for instance

    2. itzman

      I think its fine to not have details public

      ..so long as domains that choose to remain private are clearly flagged by browsers, as potentially 'dodgy'

      And important part of malware email handling consists in finding out who they are from, or who they are redirecting you to.

      1. Spanners Silver badge

        Re: I think its fine to not have details public

        I am unclear why respect for someone's privacy makes their website any more prone to being dodgy.

        If I need to look into a website, for that trait, I see location as much more indicative.

        EU - least likely

        and so on......

        USA - could be. Who knows?

        Russia - bet it is

        I suppose it depends on what you consider dodgy. My criteria there is "takes my money and does not give me what I want/expect". Alternatively "takes my information and may deliberately pass it on to dodgy organisations like mafia, NSA, CIA, FSB or similar outposts of organised crime.

        If I do not know someone's name and home phone number to pass directly to a lawyer, this does not matter. If the laws are broken here, we have a look egalitarian system which can provide warrants in valid cases. This keeps pretend ones out of my hair!

        1. Alumoi

          Re: I think its fine to not have details public

          Alternatively "takes my information and may deliberately pass it on to dodgy organisations like mafia, NSA, CIA, FSB or similar outposts of organised crime.

          So, Google, Facebook & the like, Apple, Microsoft, your bank, your ISP, your utility providers and the list goes on.

          Tinfoil much?

          1. Danny 14 Silver badge

            Re: I think its fine to not have details public

            not with GDPR in may. They will need your permission to do so, and specific permission too not a blanket catchall tick box.

      2. Lee D Silver badge

        Re: I think its fine to not have details public

        "And important part of malware email handling consists in finding out who they are from, or who they are redirecting you to."

        And you rely on the domain names given to be definitive, do you?

        If you want to handle malware, you go for the IP "whois" (e.g. AS lookup), which is an entirely different kettle of fish. But domain names resolve to IPs. What makes you think they can't just change the domain they are using in seconds?

        There's no practical reason to have publicly visible names and addresses (except of abuse contacts at the ISP in question) for anything any more. It used to be there so you COULD call up John Bloggs who worked at X University and talk about a problem with his system. Nowadays, that's just not feasible.

        And a vast, vast, vast portion of domains are now owned by private individuals. It's like requiring me to put my name, home address and phone number inside the front cover of every book I write, song I record, game I create, etc. which is just silly.

        It's outdated. It's illegal (always has been in the EU, which is why Nominet gave the whois opt-out for personal information - the GDPR is nothing more than ratification of DPA case law into written statute). It's stupid. And it's useless, because of the sheer number of ways to put fake information there because it has way less verification than even an SSL certificate. It should have died decades ago.

        1. martinusher Silver badge

          Re: I think its fine to not have details public

          >There's no practical reason to have publicly visible names and addresses (except of abuse contacts at the ISP in question) for anything any more.

          You're probably not old enough to remember something called a "phone directory". These were very handy back in the day, you could look up a person's address and phone number in them.

          They became a nuisance only when the cost of calls dropped to free so they could be used by telemarketers and scammers. Whois type records are the phone directory of the Internet; its useful but easy to abuse because there's no cost to the abuser. So, once again, we fix a problem by not fixing it but by degrading the overall capability of the system.

          1. Ben Tasker Silver badge

            Re: I think its fine to not have details public

            > You're probably not old enough to remember something called a "phone directory". These were very handy back in the day, you could look up a person's address and phone number in them.

            You still can, if they've chosen to have their details published in there. Just like WHOIS will be.

      3. Ole Juul Silver badge

        Re: I think its fine to not have details public

        Would you be so kind as to put your email address in your sig please? Thanks.

  5. Stuart Grout

    All bow to the data protection Gods

    The European data protection bods couldn't care less if they managed to wreck the entire internet, so long as they get to show how important they are.

    Hopefully this won't encourage other governments to pass local laws to demand world wide changes.

    1. Phil Lord

      Re: All bow to the data protection Gods

      Absolutely! Data protection is non-sensical! I mean, what evidence is there of large scale abuse of personal information to control and manipulate people against their wishes? Who are they trying to protect us from? Nanny state! (etc, etc, etc)

      1. Anonymous Coward
        Anonymous Coward

        Re: All bow to the data protection Gods

        What they are trying to protect you from is any counter narrative to their own.

        Freedom of information is a threat to unelected governments.

        1. Dan 55 Silver badge

          Re: All bow to the data protection Gods

          What does this have to do with a fucking counter narrative?

          If you have a domain, why should your personal data be available for everyone in the world to see, use, and misuse as they see fit?

    2. Doctor Syntax Silver badge

      Re: All bow to the data protection Gods

      "The European data protection bods couldn't care less if they managed to wreck the entire internet"

      How would it do that? If the data concerned were essential to the operation of the internet it wouldn't be affected. All that's affected is the publication of certain data fields and, if you bother to read the article you'll notice that some TLD authorities manage this perfectly well. Could it be that ICANN has had its head up its arse for the last several years whilst it gets on with its own governance issues which have been amply reported here?

      "Hopefully this won't encourage other governments to pass local laws to demand world wide changes."

      What other governments did you have in mind? The US for instance?

    3. Frank Zuiderduin

      Re: All bow to the data protection Gods

      Having my name and e-mail address visible in the WHOIS for .org has led to spam, spam and spam (the e-mail address used there is unique, so I know exactly where they got it from). The WHOIS has not been of use to me in any way. So good riddance.

      1. Anonymous Coward
        Anonymous Coward

        Re: All bow to the data protection Gods

        I am in the UK, with a UK registered domain name, with a WHOIS entry, and my name and address have been lawfully kept private by the registrar for about 20 years.

        ICANN, and the USA in general, have been ignoring the problem for that long.

        This is not just a last-minute panic over a two-year lead time, though that's bad enough. It's persistent American exceptionalism, and it is looking as though even the deals they have made in the past are a sham. "Your data is safe with us: we hire the CIA to keep an on-line back-up."

        The internet won't collapse, and just think of all the extra fees the lawyers can charge for going to court to get a warrant. Oh, but that means they would have to work for their money..

        Internet Lawyers: pissing off the world since 12th April 1994

  6. bombastic bob Silver badge
    Unhappy

    so who do you report abuse to, now?

    1. fake rolex/handbag marketing

    2. spammers

    3. blatant violators of the law

    4. defamation and slander/libel

    5. 'copycat' domains

    ALL of these will NOW be made EASIER.

    thank you, gummint overreach.

    "unintended" consequences? or not?

    /me points out that an 'abuse@' e-mail address that is ignored and/or filtered won't be able to receive complaints. A valid mailing address and/or phone number also guarantees that the owner isn't trying to HIDE from authorities. Anonymizing services are available. I use them as well as most domain owners. Why do we need to "GDPR" the domain name registry?

    1. Anonymous Coward
      Anonymous Coward

      Re: so who do you report abuse to, now?

      The same as before? Like, there will still be a company with this info. It's just *you* will not get it.

      Like here. On the Reg. If I or you post, we don't have our addresses and phone numbers exposed. However, if something was required, Reg could provide the info to authorities (not those two as they don't ask for them, but email and ip etc can be).

      Plus, you really thought those people use their *real* name and address on those forms? RIIIIIGHT.

    2. Anonymous Coward
      Anonymous Coward

      Re: so who do you report abuse to, now?

      What happens when you get abusive phone calls? You report it to the police then the police contact the mobile operator and get the details behind the number to perform their duties. Should we have an open online database showing all your details from your phone number?

      This is exactly the same principle, any illegal activity will be reported to the authorities who will then get the information from the domain name registrar and deal with it accordingly. In my opinion this is how it should have been set up in the first place. The only people that will be complaining are the spammers, solicitors that like to send out DMCA notices/fines and all those web service companies that bombard you with phone calls and emails offering to build you a website.

      Anyone registering domains for illegal activity are not going to put their real details anyway unless they are stupid so all your examples are null and void I'm afraid.

    3. katrinab Silver badge

      Re: so who do you report abuse to, now?

      If I see for example that natwestbacs[dot]com is registered to Domains By Proxy LLC, then I know it isn't an official Royal Bank of Scotland Group domain. Likewise, if I see that "The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service", like on my personal domains, then I know it isn't an RBS domain. So I don't see what the problem is.

      1. Anonymous Coward
        Anonymous Coward

        Re: so who do you report abuse to, now?

        Then Natwest can request to have their info shown. I don't see anywhere where the law says they cannot. Just it's that Whois cannot!

        If you need to use Whois info to know if the banking website is secure, you got bigger problems.

        1. katrinab Silver badge

          Re: so who do you report abuse to, now?

          “Then Natwest can request to have their info shown.“

          That is exactly my point.

          1. John Brown (no body) Silver badge

            Re: so who do you report abuse to, now?

            “Then Natwest can request to have their info shown.“

            That is exactly my point.

            Is it? Natwest, as a business, doesn't have personal information in it's domain registration details, it has business contacts which are not personal and so not covered by GDPR anyway. No need to request anything. Just declare on the registration application or renewal that the domain is business or personal and declare that the details are correct. It's not complicated, plenty of registries already do this.

            It's not as if they are being asked to create backdoors that only good guys can access. Maybe it's time to start playing hard-ball with some of these orgs claiming to be too big to fail/block when they are (or will be) breaking the law instead of saying "hey don't do that, you've got a year to fix it"

            1. Danny 14 Silver badge

              Re: so who do you report abuse to, now?

              you misunderstand gdpr. If the visible registrar contact is a person then that IS personal data. Natwest have personal data on its employees. These employe3s data is needed to perform duties, it is reasonable that a registrar needs a contact in Natwest. Natwest are the data controller. They use a registrar as a data processor and will need a GDPR policy agreement with them. By the registrar posting identifiable data publically they are breaking GDPR as a data processor. Natwest will not be liable for the breach as the controlller as they have shown diligence with an agreement with the data processor.

              they do have an agreement right? uh oh. if not that is in the 4% fine bracket if they have not bothered to get agreements. 2% bracket if they have at least some agreements.

    4. LDS Silver badge

      Re: so who do you report abuse to, now?

      Did you ever find a dodgy site with a working abuse address or real telephone number? Even many ISP abuse addresses are utterly useless, because most of them ignore reports - why kick out dodgy but paying customers, as long as you don't face consequences?

      Registrars don't vet registration details, and even criminals buy anonymization, if they see it useful - and be able to extract some more money for each domain is what registrar like.

  7. ThatOne Silver badge

    What's the problem here again?

    I wonder. It's not like they want to introduce 100% anonymous registrations, is it?

    As far as I understood this, the point is that, much like for car registrations, you can't just check the name and address of the owner of some car - if you have a serious reason to want this information, you'll need to go the legal path.

    In which case it won't be very different from what's already happening today: In the recent years I haven't seen many smaller domains which hadn't the owner's information filtered out. Apparently the big difference is it won't depend anymore on the registrar's goodwill, but will be a legal requirement.

    Isn't it? (Genuine question)

    1. Mark 85 Silver badge

      Re: What's the problem here again?

      Exactly. Let's face it, other than some of us techies who do check, most people don't because they don't know about WhoIs or don't care. I find this whole thing is a tempest in a teapot.

      The bigger problem is how corrupt is ICAAN? They rake in the money and have "meetings" in exotic places. Since the US government allowed them to be "private", there's no accountability.

  8. AustinTX
    Pint

    Just give everyone free opt-out anonymity service.

    This has been suggested before and I think it's the best solution. Flip everyone's contact details to anonymized, with the option to switch it off.

  9. Alister Silver badge

    The registry for .uk, Nominet, for example, has long withheld the personal details of domain registrants and provides only technical information publicly.

    This is not true. I've just done a quick blast round some of our company .uk domains and some of my personal .uk domains, and the full registration information is returned by whois.nic.uk.

    1. katrinab Silver badge

      Log in to your Nominet account and change it if you want to.

    2. HieronymusBloggs Silver badge

      "This is not true. I've just done a quick blast round some of our company .uk domains and some of my personal .uk domains, and the full registration information is returned by whois.nic.uk."

      Non-commercial .uk domains don't need your contact details, but you have to ask your registrar (or Nominet) not to show them. Commercial domains need a contact address, even if it's just a PO Box.

      1. simbalion

        All domains need contact information. Otherwise it becomes impossible to perpetuate the healthy operation of the domain pool. Domains which do not have valid contact information are subject to be released back into the pool.

        I don't care if you're being spammed. If you refuse or are not able to provide a valid means of contact you don't deserve to participate in the domain registration system.

        1. Boothy

          All domains need contact information. Otherwise it becomes impossible to perpetuate the healthy operation of the domain pool. Domains which do not have valid contact information are subject to be released back into the pool.

          I don't care if you're being spammed. If you refuse or are not able to provide a valid means of contact you don't deserve to participate in the domain registration system.

          As said several times already, NO ONE is saying that contact details cannot be asked for and stored, IF that is needed to provide the service. This is about who has access to that information. i.e. ICANN having access to your email/phone number in order to let you know your domain is about to expire is a valid business requirement, so is allowed, but some random person on the internet being able to grab your personal contact details in order to spam you is not!

  10. Lorribot

    Typical US centric company that struggles to understand there is a world of 7 bilion other people out there and their opinion does actually matter and their laws do affect you if you want to take their money.

  11. Pascal Monett Silver badge

    "willing to make a special exception for ICANN"

    Fuck that and the horse it road in on.

    ICANN needs no "special exception". It has already had 2 years to pull its finger out and get to the task, but ICANN believes the entire world revolves around it, and has consistently decided everything in its own time and manner, procedures and laws be damned.

    I am looking forward to ICANN being refused and brutally put in its place for once, and apparently there is a good chance of that since it has been warned in no uncertain terms that it had better get to work.

    1. Ben Tasker Silver badge

      Re: "willing to make a special exception for ICANN"

      > decided everything in its own time and manner, procedures and laws

      To be clear it's not just national laws they ignore, it's also their own smegging byelaws and procedures.

      I agree, refuse the exemption, point out just how long ago this was flagged (similar requests pre-date GDPR btw) and fine the fuckers so hard they regress back into the reasonable, almost competent entity that they once were.

      It's been a long time since ICANN could be described as even near fit for purpose. They've wholly brought this mess on themselves

    2. Louis Schreurs BEng

      Re: "willing to make a special exception for ICANN"

      d the horse it road in on.

      now that one I haven't seen before

      your on the wright rode, there shit clings on there shoes and you're shoes stink also

      rode on that road just like you did

  12. Anonymous Coward
    Anonymous Coward

    Stating the obvious.....

    If you want to register a public domain you are automatically acknowledging you must be contactable to report abuse, illicit behaviour or about content. No one is forcing the creation of a public domain, it is done with the intention of communicating with the Internet users.

    For domains that are not involved with commercial activities, taking payments or providing advertising then the minimum information that should be displayed is the owner's name and email address. The owners personal address and telephone number should be private.

    Corporate/Business organisations or domains that are operated as a business with advertising these entities should identify the owner, address, telephone and email address to protect customers or allow redress for those users who experience a problem.

    1. Ben Tasker Silver badge

      Re: Stating the obvious.....

      A simple abuse@ address is more than sufficient for contact. Those who'd ignore it are going to ignore your other contact methods too.

      Registrars will still hold the details so in serious cases the old bill can get the contact data.

      Publicly publishing that information does little to nothing to protect customers.

      1. simbalion

        Re: Stating the obvious.....

        So you're saying instead of publishing contact information, globally require that every single internet entity follow the exact same contact standards (they must have an abuse@ address).

        To keep this short let me just tell you that will never work. Which is why WHOIS exists, which is why organizations can set contact information which is valid for their particular logistical model.

        The problem is people register domains and they never bother to set or check their contact information, or they don't understand that it is public. So because a lot of people started playing with toys they don't know how to use, those of us who live and work in this world have to suffer.

        1. Jamie Jones Silver badge

          Re: Stating the obvious.....

          "Whois" could disappear in it's entirety tomorrow. Nothing will break. It's not related to the technical infrastructure at all.

          And as many people have already pointed out: registrars will still have the registers information, and scammers use false details anyway.

        2. Ben Tasker Silver badge

          Re: Stating the obvious.....

          > Which is why WHOIS exists, which is why organizations can set contact information which is valid for their particular logistical model.

          Which they'll still be able to do post GDPR, it just won't be mandatory for individuals to do so.

          > The problem is MOST PEOPLE don't know how the fuck the internet works and they don't understand this stuff is critically important. Disabling a system like WHOIS is similar to knocking out the support columns of a large bridge and hoping it doesn't collapse.

          Be wary of telling people they know fuck all when you clearly know so little about the subject you're discussing. If WHOIS was turned off tomorrow, everything would keep working.

          It's more like publishing the name, address and telephone number of the bloke who built the bridge on a sign under the bridge. Take that sign away and the bridge won't collapse. If there are issues with the bridge, the council (or DFT) still have that blokes details so he can be contacted, just not by every tom, dick and harry that wants to sell print cartridges to him for specious reasons.

    2. simbalion

      Re: Stating the obvious.....

      I want to point out look how your comment got more downvotes than upvotes. But your comment is 100% right.

      The problem is MOST PEOPLE don't know how the fuck the internet works and they don't understand this stuff is critically important. Disabling a system like WHOIS is similar to knocking out the support columns of a large bridge and hoping it doesn't collapse.

      And all those people who don't have any idea what the fuck is going on are the ones downvoting posts like yours. They're the idiots passing laws like GDPR.

  13. Aqua Marina Silver badge

    Unless ICANN have an EU based office they can’t be fined. The EU based registrars are the ones that can only receive any such fine. The solution is simple, if you have an EU based office, enable anonymisation by default. I have it on my 123-reg account, it works and it has worked since they started to offer it as a chargeable extra.

    1. Ken Hagan Gold badge

      Presumably they won't be able to offer it as a chargeable extra once it becomes a legal requirement. :)

      1. Aqua Marina Silver badge

        Businesses being businesses I'm sure that they would find a way to include it in the price, say increase the cost of domain registration by £4.99 per year. I don't think legislation will have anything to do with it. It's a legal requirement for me to have car insurance, but I still have to pay a business for it.

    2. Danny 14 Silver badge

      I have a feeling their Brussels office might qualify.....

      6 Rond-Point Schuman

      B-1040 Brussels, Belgium

    3. Anonymous Coward
      Anonymous Coward

      "I have it on my 123-reg account"

      You have a 123-reg account? Sorry to hear that...

  14. J. R. Hartley Silver badge

    Sick of the spam calls

    I'm bloody sick of the non stop spam from India asking me if I'd like a webshite built etc. I just try and keep them on the phone as long as possible these days, just for shits and gigs like.

    1. simbalion

      Re: Sick of the spam calls

      try Mr. Number, it's a social spam blocker for smart phones

    2. Jamie Jones Silver badge

      Re: Sick of the spam calls

      "Why yes, I'll certainly answer your questions, as long as it doesn't take long - the traffic is really busy and tricky at the moment, and I shouldn't be on the phone anyway!" (said whilst sitting on the sofa)

      ...

      "Um, yes, I do own a Microsoft computer....... SHIT" *plays screatching brakes and car crash sound effect, then hangs up*

    3. Danny 14 Silver badge

      Re: Sick of the spam calls

      just start screaming "ANTS! ANTS! OH GOD NOT THE ANTS!" before hanging up. I nearly pissed myself with laughter when a colleague did this. It didnt stop the calls but sure lightened the mood in the office.

  15. Anonymous Coward
    Anonymous Coward

    I've used whois to sniff out dodgy websites to see they are who they say they are, I'm not sure this is a good idea.

    1. Dave Bell

      As mentioned above, there are various clues, even in just the domain name. And if the corporate entity chooses to be anonymised, you have to wonder why.

      I started out in this lark via a Fidonet BBS with a usenet gateway, and we reckoned it would be trivial for a phone number anywhere in the UK to connect to a dial-up modem in Cheltenham. I remember one day when most of the sysops in the UK claimed to be running on a UPS because of a thunderstorm, all at the same time.

      If you can't trust your sysop, who can you trust?

    2. Ken Hagan Gold badge

      If it's a dodgy website, you probably can't trust the whois information anyway.

      Registrars ought to check and insist that it is valid, but they've no reason to beyond "being professional" and if they are only charging a few pounds for the domain then there's probably no money in the budget for checking.

    3. Louis Schreurs BEng

      if you feel the need to sniff them out then you should have smelled the stench already and simply stop visiting that dodgy website

  16. Steve Knox Silver badge

    If that level of interest is repeated for other internet addresses under ICANN control, like .com, .org and .net, Neylon says it will be "perfectly manageable" from his business' perspective.

    Which is unlikely.

    Not only is .com itself 13x the size of .uk, but it still holds the sites of most interest to those who would query WHOIS. There's a reason .com accounts for almost half of all existing DNS names and almost 80% of new registrations.

  17. DerekCurrie
    FAIL

    They shall regret GDPR

    "There are some however, including security researcher Brian Krebs and the US government itself, that fear a shutdown of the full Whois will result in a spike in online scams."

    Yes it will.

    Anonymity on the Internet breeds anonymous cowards and their dirty deeds. Anonymity is the solution to nothing. If you have to be an anonymous coward to say something, don't say it.

    1. doublelayer

      Re: They shall regret GDPR

      No, they probably won't. The reason is that I can go and reserve a site and type whatever I like in there. For my personal sites, I entered true information, which I don't really mind being available (neither my phone number nor my email are there, although my postal address is because there doesn't seem to be a good way to avoid it. This hasn't resulted in any spam yet). The registrar checked none of it. No physical mail to the address. No calls or SMS to the phone number. True, they used the email address, so they could see that was true, but those are pretty easy to set up. If I had made a site for scams, I could just put in "Microsoft Support, 1 Microsoft Way, Redmond, WA, 98502, 1-425-882-8080, support[at]microsoft[dot]com". The system wouldn't check, so initial victims would be able to check and see the supposedly correct information. In order to catch me, you'd need to have the authorities contact the registrar and find out the real information.

      Now if I'm running one of those borderline legal scams with real companies, I can still provide accurate but misleading data.

      Finally, I consider the issue unimportant because I don't think people are using whois to determine scams or not. Most people don't know what it is. Whois services are available only through registrars or the whois terminal command. People who fall for that type of scam are usually nontechnical enough not to use whois, while those like us who might check already know we won't get useful data from a scammer. I see no reason the data must be public; just make it a hidden database and let me publish. After all, any company worth anything will have all that information on the contact us page anyway. For personal sites, you don't need the owner's address as they will have provided you the methods you will use to initiate contact if they want to hear from you. I don't see any problem.

    2. Hstubbe

      Re: They shall regret GDPR

      Could I have your phone number, i'd like to discuss your comment in more detail. Maybe your home address as well? Might pop by to continue the conversation over a nice cuppa.

      1. Anonymous Coward
        Anonymous Coward

        Re: They shall regret GDPR

        There's a treasure trove of information out there for you - just look at your local phonebook and electoral role.

        1. Spanners Silver badge
          Holmes

          Re: They shall regret GDPR

          I doubt I am unusual here by not being in my local phone book. I don't have a landline.

          I moved a couple of months ago and when I registered to vote, I was asked if I wanted to be in the publicly available electoral roll. I declined that. From what I have heard, everyone should decline.

          Not showing up in those does not stop the Bill knowing where I live. Neither does it stop me being able to vote. Not being searchable by WHOIS etc keeps the crooks, spammer and "Imaginary Property" scammers away. I does not keep legitimate authorities out. It makes them a little more likely to follow the rules if they want to discuss things with me (I really hope).

    3. Anonymous Coward
      Anonymous Coward

      Re: They shall regret GDPR

      "Anonymity is the solution to nothing. If you have to be an anonymous coward to say something, don't say it."

      Anonymity is the solution to the 'special interest social lynch mob', if you want to express an opinion or belief that not everyone considers 'politically correct'.

  18. mark l 2 Silver badge

    I wonder if you have just registered a domain name with a registrar and paid up front for 12 months of privacy registration whether you will get a refund for the unused portion come 25th May when no doubt they will have to start offering it for free?

    1. Roland6 Silver badge

      > come 25th May when no doubt they will have to start offering it for free?

      Dream on!

      Come 25th May, privacy registration will be mandatory, including whether you have given your consent to opt out, thus the cost of privacy registration will simply be added to the annual fee (helping to cover the cost increases associated with GDPR); so expect the bare domain price to disappear from EU registrars and the bare domain plus privacy registration to become the new bare domain price.

  19. GIRZiM

    250 Years War

    None of this would be happening if Britain had only had the courage of her convictions and fought on after the declaration of independence.

    She should've learned from the Hundred Years War, licked her wounds, put sanctions on the U.S. (Britain was the world in those days, there was no-one else to trade with and the U.S. would've had to capitulate), rebuilding her forces, gone back and reclaimed her territories.

    Then we wouldn't be in this mess, with the U.S. still at war with the entire rest of the world 250 years later.

    It's time we showed the U.S. who's who and what's what. We didn't put up with this nonsense from the Romans. Or the Spanish. Or Napoleon. Or Hitler. Or the EU. Enough footling about, send a gunboat! Give the blackguards a bloody nose, what? Who do they think won the bloody World Cup, eh?

    1. TrumpSlurp the Troll Silver badge
      Trollface

      Re: 250 Years War

      World cup?

      Germans, wasn't it?

      I think they may have almost won WW2 by now as well, looking at who is in charge of Europe.

      1. Boris the Cockroach Silver badge
        Joke

        Re: 250 Years War

        We let the germans win at football.......... because we beat them twice at their national sport last century

      2. GIRZiM

        Re: 250 Years War

        he Germans aren't 'in charge' of Europe. that's a myth promulgated by those in the UK who want to ensure that the mood remains anti-EU, by appealing to xenophobia arising from events that happened long before even I was born.

        Seriously, if it were Spain that were the industrial/economic powerhouse, you can bet we'd all be hearing about how 'we beat the Armada'. If it were France there'd be jingoism about Waterloo all day every day.

        As for who really won the War, yep. And the reason the Germans are where they are is because they didn't fall for the Ayn Rand model of social order but, instead, have industries that actually manufacture things rather than financial services run by crooks; and a form of unionisation that, whilst not without its flaws, ensures that businesses remain going concerns rather than being asset-stripped to the bone and flogged off for a quid once the pension fund is empty.

        As for their national sport, there are only twenty-two countries in the world that Britain didn't invade and 25% of those (Andorra, Lichtenstein, Luxembourg, Monaco and Vatican City) are smaller than my gran's outside toilet and not really countries on anything more than paper. At the peak of the empire years Britain was effectively the entire world not simply in terms of power and influence but geography too. If any nation can be said to have had 'invading other countries' as a national sport then look no further than home for the all-time greatest proponent of that particular pastime. (It did make me smile, nevertheless, so have an upvote : )

        1. Fading Silver badge

          Re: 250 Years War

          You may need to read up a bit on the state of the world during historical times. Empire building was all in vogue (and to some extent it still is today) .

          Germany is the powerhouse of the EU and as such does carry greater influence (to be expected) and the roots of the EU was for this to be the case (German industry plus French agriculture = EU).

          1. GIRZiM

            Re: 250 Years War

            You may need to read up a bit on the state of the world during historical times. Empire building was all in vogue (and to some extent it still is today) .

            I'm really not at all sure what point you're trying to make here.

            The largest empire the world has ever seen was the British Empire. In terms of influence it has to be said, that it has been matched by the U.S. Empire-in-all-but-name since. Geographically, however, nothing has ever matched it.

            Britain invaded all but twenty two countries in the entire world, five of which are tiny and one (Vatican City) barely even a city state on anything more than paper. Those are the historical facts, so I really don't see what I'll learn by 'reading up a bit' - there's nothing else to learn.

            Germany is the powerhouse of the EU and as such does carry greater influence (to be expected) and the roots of the EU was for this to be the case (German industry plus French agriculture = EU)

            No, the origins of the EU were multivariate.

            I have no doubt whatsoever that there was intent to ensure that France and Germany did well out of it - every nation sees to it that, to whatever extent it can, it maintains influence in the world. To imagine, however, that those were the 'roots' of it is simplistic in the extreme and the subtler form of the Little England/Brexit argument that tries to argue that the inherent xenophobia isn't such but rather a rational response to 'economic/political realities of the EU'.

            But, after a thousand years of war and, above all, the events of the Holocaust, it was as much an attempt to ensure no repeat of either in Europe as anything else. Economic superiority could be achieved between France and Germany simply by forming a pact and trading favourably with each other and imposing tariffs (both positive and negative) on other nations that both adhered to.

            Apart from the U.K., precisely which nations in Europe could ever have challenged either France or Germany economically or (as a result) politically since the 1970s? On what occasions were any of Italy, Spain, Austria, Switzerland, Portugal or any of the Scandinavian nations large enough to outperform France agriculturally or had the necessary infrastructure to challenge Germany industrially? That's not to say that France, especially, would have done so well without the EEC/EC/EU - politically and economically, it has frequently not been much less of a 'sick man' than was the UK in the '70s. But at what stage could it not have achieved its current status by entering into the suggested economic/political pact with Germany? At what stage has either nation faced a serious political/economic challenge from anywhere in Europe other than the UK?

  20. Adrian 4 Silver badge

    Phone book

    If you want to be in the telephone directory, you have to make details - your name and your number - available. If GDPR is going to force phonebooks to be empty then it's simply silly. Publishing those details for your own benefit is literally the point of it.

    You can, of course, choose not to be in the phonebook. Or put a business name rather than a personal one. It's then your problem to make the number usable, presumably by advertising it elsewhere or to a closed group.

    Domains should be exactly the same. You want a public advertisement of how to reach you, you permit your contact details to be known. You want a private IP address, that's your problem : you don't need a domain.

    1. ThatOne Silver badge
      Stop

      Re: Phone book

      > If GDPR is going to force phonebooks to be empty then it's simply silly

      You've got it backwards. Actually GDPR is saying that you should be asked if you want to be put in the phonebook, the phonebook editor can't publish your address and number if you don't want it. I don't see which sane person can see that as a problem...

      (BTW I didn't downvote you.)

      1. Sierpinski

        Re: Phone book

        I think you've still got it sideways. GDPR appears to continue allowing your information to be in the phonebook, but it's not allowed to be distributed in full any more. Other people have to fill out the shiny new proper paperwork to view entries. It's a jurisdiction grab.

    2. Richard 12 Silver badge

      Re: Phone book

      My phone number and my name are not in the phone book.

      Yet I still have a phone number and people can still phone me.

      My name and address are not in the public (edited) electoral roll.

      Yet I can still vote.

      My name, addres and phone number do not need to be in the public whois database for my domains to resolve correctly.

      As you said, there is no difference and ICANN simply needs to comply with the law or suffer the consequences. It is neither technically nor politically difficult for them to do so, as most registrars already do offer a service which would comply - at extra cost.

      1. Adrian 4 Silver badge

        Re: Phone book

        You echo my point.

        Your name is not in the phone book, and the only people who contact you are those who you gave it to specifically.

        If you want others who know your name but not your phone number to find you, you put it in the phone book.

        Likewise with domains : if you want a visible one, you publicise the details. If you don't want it visible, you don't need a DNS entry.

    3. doublelayer

      Re: Phone book

      >Domains should be exactly the same. You want a public advertisement of how to reach you, you permit your contact details to be known. You want a private IP address, that's your problem : you don't need a domain.

      Not so. In many cases, I do need a domain, even if I don't choose to publicize it to everyone. Not all systems support directly accessing IP addresses, although most do. Many systems see that as a security problem, as many scammers use the same strategy, so I'm now facing my users seeing warnings or blocks on the way. There's also the obvious fact that susansmith.com is easier for people to remember than 109.251.39.28. I don't see any reason that my information needs to be known for those benefits to accrue to me. I put my info in the phone book for my and others' benefit. I put my information in the whois database for exactly the same reason. Except I get no benefit because it opens me to spam, my nontechnical users get no benefit because nobody checks it, and my technical users get no benefit because I already put the contact information that they should be using on the site. So what if the site is basically useless to those who aren't planning on using it? Maybe those people don't need to contact me.

  21. Cynicalmark
    Happy

    Smirk mode

    Serves the greedy buggers right.

    GDPR is good and will potentially cripple any company playing fast and loose with EU citizens private data. It will also be enshrined in law in the UK following our exit from the EU. Fines, warnings or removal of right to process data-lovely.

    I do wonder how quickly the EU will smack them up. It would be hilarious to see the excuses over the coming weeks.

    Final rant: Who gives a crap? IICANN is a typical corporate dinosaur. I wouldn’t lose sleep if I were you - there is always a way round the possibility of them going down. Night night

  22. Black Betty

    Strictly speaking shouldn't telephone directories be illegal under GDPR?

    Automatic listing, and often a fee charged for the privilege of opting out.

    1. Richard 12 Silver badge

      Re: Strictly speaking shouldn't telephone directories be illegal under GDPR?

      When I last got a new phone number I was asked whether or not I wanted to be in the phone book.

      It made no difference to the contract price either way.

  23. herman Silver badge

    Whois is useless anyway. What is the point of a database filled with fake data?

  24. SImon Hobson Silver badge

    The big problem that many seem to have overloooked is that the EU cannot get at ICANN directly as ICANN doesn't (AFAIK) have an EU presence. However, all the registrars with an EU presence must abide by GDPR - and that means it would be illegal for a registrar to pass any personal data to ICANN unless ICANN abides by the rules of GDPR.

    BUT, ICANN is a US based outfit and must abide by US law - which is incompatible with GDPR. That's going to be interesting once Privacy Shield Figleaf is officially declared incompatible.

    1. Anonymous Coward
      Anonymous Coward

      ICANN :

      6 Rond-Point Schuman

      B-1040 Brussels

      Belgium

      Phone: +32 2 894 7400

      European Commission:

      Rue de la Loi 170

      1040 Brussels

      Belgium

      They could pop round for tea!

  25. fluffybunnyuk

    40 days to go until enforcement of GDPR. We should open a book on which US company gets smacked for 4% first. As for ICANN i dont see why it doesnt operate like our electoral register.

    A full register by default, and an edited register for individuals to be exempted from. Law enforcement can operate by using the full register, as can governments but marketers and spammers, fraudsters cant get access to private data.

    I need to go have a shower now, I feel unclean after defending law enforcement and the government.

  26. Chris Thomas

    I don't understand

    A year ago I registered a domain and was to mean (and stupid) to pay extra for privacy. Since then I have been plagued by offers of web development, logo and picture services both by phone and email. A year later the phone calls have stopped and I only get one email per day now. If I had paid extra then presumably this would not have happened and my personal information would not have been exposed/sold. So a mechanism already exists to preserve privacy, albeit a paid one. So just turn it on for everyone and the problem goes away. What is this two years of development?

  27. carlg

    How many whois queries are really legit?

    My registrar (name isp) displays the number of whois queries and detailed log for my .com domain.

    In just one year my domain has been queried 430 times! No "real" person has reach out to me. Only spammers and scammers. I hope a for new system where only legit requests shall be served with my contact info

  28. simbalion

    First of all, America built the internet. Not Europe. Let's keep that in mind FOREVER please shall we? Thank you. Do not forget this fact until nationalism is extinct and we live under a global flag.

    Next, WHOIS is not Illegal. Europe cannot dictate global law by passing it's own regional codes. Else every nation in the entire world could dictate global policy unilaterally!

    WHOIS is a VITAL and _absolutely necessary_ piece of the domain registration system and the proper function of the internet. The abuse of WHOIS by domain registrars to upsell "privacy" options is a racket which can be shut down without destroying the domain registration system.

    WHOIS operated _just fine for years_ in it's present state without any problems! So let's ask ourselves what changed? I'll tell you, a bunch of people who barely know how to use a computer decided to buy domain names without knowing anything about how the marketplace works. That's what happened. And now those same barely literate people are responsible for this story evolving.

    WHOIS contact information is supposed to be VALID and AUTHORITATIVE. If your personal cell phone is listed in your WHOIS information THEN YOU ARE DOING IT WRONG!!!!!!!!!!!!!!! The problem isn't WHOIS, the problem is you!!!!!

    In a somewhat ironic twist, this is the most important thing happening in the world right now. If Europe can DESTROY THE INTERNET by passing it's own unilateral regional laws then any nation can wreak equal havoc in a similar manner.

    Suggestion, send the monarchies back to the children's table until they join the rest of us in the modern era.

    1. Anonymous Coward
      Anonymous Coward

      lol and i thought mindless jingoistic fervour died years ago...

      You forget the odd contributor along the way like Donald Davies, Tim Berners-Lee. Even that funny overlooked guy Alan Turing, and amusingly for decades americans believed they invented computers too.

      As for your rant about WHOIS, like alot of the original technologies used in the internet , this one is past its sell by date, and needs reform.

      As for your comment "If Europe can DESTROY THE INTERNET by passing it's own unilateral regional laws then any nation can wreak equal havoc in a similar manner" I think you need to go online and order some more medication , clearly your not getting enough lithium. Any protocol or service should be up for examination of suitability at any time, just as laws are subject to revision.

      Your suggestion "Suggestion, send the monarchies back to the children's table until they join the rest of us in the modern era." is frankly absurd. I have access to 5G wireless where i live, we have autonomous robots that do deliveries regularly round here.Do you see robots out on your streets delivering goods? Do you have genuine legitimate 5G? No, well thats because you belong to the country that introduces tech like chip and pin years after other civilized countries.

      theres nothing that amuses me more in life than watching americans shout "USA USA USA" over and over again mindlessly while theyre being battered at a sport like football. Nobody cares about your "me me me" society with its inbred sports, misuse of english, nasally accent, hormone injected medicalised meat products, lack of universal free healthcare, and the ability to buy automatic weapons on street corners. Oh sorry i forgot the chronic opiate addiction rate in the usa too.

    2. Nick Ryan Silver badge

      Wow! Erm, you may need a sponge or something equally absorbent to mop up the foaming.

      The US invented ARPANET, the forerunner of the Internet in order to create a packet based network that linked cities and other sites and was resilient enough to automatically route safely around failing, or failed, routes - in other words, a multi-link network rather than the usual ring or star topology. ARPANET was developed (funded) by the US military and various US academic institutions. From there the non-military (academic) side developed rapidly into an international collaboration and evolved into what is now the Internet, with many of the underlying technologies and protocols transferred over. DNS, for example, only appeared from 1983 - and DNS and the infrastructure and support around it is why the TLD companies exist. Many of the underlying technologies and protocols that we still use had their origin in international academic collaborations - so while you are correct, to a point, that the US (or America in your terms) built the Internet, they only started the process, not created it all.

      Nobody is saying that WHOIS is illegal, what is happening is that the operators of it have to adapt to a changing market. A market, incidentally, where the majority of it exists outside the physical borders of the US. Changes to rules and regulations happen all time, how about a couple of US gems: Sarbanes–Oxley and Dodd-Frank - both far reaching US acts brought in to try and reduce the damage through financial manipulation and corruption. US, and many international, organisations have had to change and adapt their processes to take into account these acts. Are you saying that they shouldn't have to because, in your mind, nothing should ever change? Or that because there wasn't a specific law against it, that it was alright to destroy evidence and falsify information X years ago and therefore is OK to continue doing so now?

      Also, ignore the idiotic "American intelligence" information sites... there are very few monarchies left on the planet and having a titular head of state (compared to a corrupt orang utang) does not make a nation a monarchy. Most are considerably more democratic than the US.

      1. Anonymous Coward
        Anonymous Coward

        upvoted for "corrupt orang utang". Sorry can't stop laughing.

  29. ShelLuser

    Meanwhile in Europe itself...

    All whois databases are fully operational and still showing personal data.

    Try looking up some Dutch (.nl) domains through SIDN.nl. Or check French domains (.fr) through afnic.fr.

    Wouldn't this whole thing make more sense if they had started by sorting out all European whois databases first? Or do those suddenly not count or something?

    1. fluffybunnyuk

      Re: Meanwhile in Europe itself...

      I checked nominet in the UK :- https://www.nominet.uk/nominet-opens-comment-period-gdpr-changes-uk/

      From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.

      Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.

      The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance. Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.

      Seems all reasonable to me. I'm going to be re-registering all my sites/services on May 26th.

  30. Anonymous Coward
    Anonymous Coward

    Government vs. Corporations

    And we're back to the uniquely American view that everything government does is bad, and everything corporations do is brilliant.

    It's funny how some people instantly think that because this is coming down as a law, it means it's a bad thing, it's against freedom, government overreach etc. when in fact it's exactly the opposite. It's regulation to control those corporations whose only loyalty is to the share-holders and bottom-line.

    Sure, most governments have a lot of corruption and need to be called out, but the american paranoia and love affair for corporations is nuts.

    Americans are the most screwed over work-force in the Western world. You have working condtions out of a Dickens novel, no mandated holidays, and have to pay/insure for health cover!

    But hey, as long as the 1% with 99% of the wealth get richer.. After all, it's going to be you too one day, right? Keep living that American Dream.

  31. Anonymous Coward
    Anonymous Coward

    So what will really happen?

    Its funny seeing some of the comments here, specifically those around "breaking the internet" and most can see that this information being public is more harmful than helpful (those that still "need" to access the data will be able to, just a bit slower).

    But in reality what is likely to happen?

    I foresee that ICANN will just implement a block/filter on showing the data on the service in the interim (easy option) with the ability to provide the information on receipt of a suitable request (legal). But then I expect the US players (media orgs in the main) to put pressure on the US gov to implement a law requiring the publication of the data (just like what was mentioned for companies house data in the UK) that would trump GDPR. This will be rushed through and then ICAAN will disable the filter (or give people the opportunity to relinquish domains).

    That's my guess anyway - and as a result I see more fake information being recorded (making the whole thing pretty useless anyway).

    If the data is kept private then there is more chance of people providing real information.

    Would they prefer accurate data or public data - I don't think they will get both.

  32. Safenetting

    GDPR reveals EU's lack of depth of understanding

    After reading each and every comment, it's rather disappointing to be reminded of how naive people can be about the internet, the DNS system and cyber crime.

    I've watched these same conversations for more than two decades. The internet governance has sprawled in such an unorganized and uncontrollable way that today, the comments above are, for the most part, fantasy. There's a thin line between Saturday night and Sunday morning!

    I'm not going to preach. Nobody likes to be preached to -- and we lost that war during the Clinton administration when the Internet was given over to ICANN in the first place.

    Let me just leave a few tidbits of food for thought:

    * GDPR is an exercise in futility. Nobody will win but the lawyers and cyber crime

    * GDPR will be circumvented by the big guys, smiling with false compliance.

    * ICANN is for the most part a self serving band of international rogues who don't follow any rules, much less their own. (Read up on this at http://knujon.com/illicit_domains_icann_graphic.pdf )

    * Nobody can stop, nor regulate the free flow of all known data. Nobody.

    * Cybercrime is always 2 steps ahead of all other technology

    * ICANN could tell GDPR to go whistle Dixie. They can recall IP blocks and DNS at the flick of a switch

    * The WhoIS is 80% incorrect, or masked and fully compromised. You cannot hide.

    * VPN and Cloud masking makes ANY IP address tracking a waste of time.

    * Once IPv6 replaces iPv4 all masking attempts will cease to function (see : http://bit.ly/2F1qFVx)

    * Your "data" and information is already out there. Crimazon has 5.8 billion dossiers

    You don't have to believe any of that. Many of you probably don't. I've spent one to three hours a day since 1997 battling cyber crime. The efforts of an army of Spamcop and Knujon agents are responsible for your relative safety from the cyber crime element. Unless you've been involved, you haven't even seen the tip of the problem.

    When we migrated ALPE to Quantum in 1987, we established a cardinal rule, and predicted it would NEVER change. When the name was changed to America Online we tried to make the forums, chat rooms and IM as secure as possible, but also realized that the criminal element would always get through. Seeing the writing on the wall brought us to the realization that connectivity would eventually rule us all. But the rule remains solid even today, now 30 years later :

    "If you don't want it public, to be seen on millions of screens, don't put it there."

    How simple is that? Wonder why people never learned that lesson?

    We knew from the very beginning that connectivity was NOT secure and would NEVER be secure. Period. Nobody, (let that sink in : NOBODY) who promises you security can guarantee your data will be secure. Just read the fine print in the TOS and you'll see that NOBODY is guaranteeing your data.

    Once the IP system was taken away from the DOD, and privatized to international thugs, all hints of accountability was lost forever. GDPR is a farce. It won't regulate anyone but the honest.

    Those of you who would like to know what's actually going on should read:

    FUTURE CRIMES ... http://amzn.to/2irHG0T

    . . . and thanks for reading.

  33. Anonymous Coward
    Anonymous Coward

    ICANNT

    SORRY, RENAMING TO ICANNT

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019