×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Exposing Personal Information in the Whois Database

CowboyNeal posted more than 10 years ago | from the a-better-way dept.

Privacy 323

rocketjam writes "In a letter to U.S. Representatives Lamar S. Smith and Howard L. Berman, the Center for Democracy and Technology has raised the issue of privacy problems with the Whois Database. Acknowledging the database is uncontroversial for commercial registrations, the letter points that private individuals who register a domain name expose their names, home addresses, home phone numbers, and home e-mail addresses to the world. The letter warns, 'The current Whois regime is on a collision course with public sensitivities and international law. In an era of concern about identity theft and online security, it is unwise to require millions of individual registrants to place their home phone numbers, home addresses, and personal email accounts into a publicly available database that places no restrictions on the use of that data.' Additionally, the letter points out the current policy violates the privacy laws of some nations."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

323 comments

How else... (3, Funny)

TheGreek (2403) | more than 10 years ago | (#6941182)

...am I going to find phone numbers so I can pick up chicks?

Re:How else... (5, Funny)

march (215947) | more than 10 years ago | (#6941225)

If you are looking for chicks in the whois database, it's no wonder you haven't had a date in a while....

Re:How else... (-1)

Anonymous Coward | more than 10 years ago | (#6941265)

Doh! Argh.. some people...

amen (5, Insightful)

Neophytus (642863) | more than 10 years ago | (#6941187)

Registrars under their status of registrars are required to HAVE FULL AND PUBLIC CONTACT INFORMATION for anyone who registers. For big biz this ok but for individuals (such as me) it is a big worry.

Re:amen (0, Funny)

Anonymous Coward | more than 10 years ago | (#6941198)

How is it a big worry? Nobody visits your site anyway.

Re:amen (2, Informative)

Anonymous Coward | more than 10 years ago | (#6941269)

Yeah, but the spammers harvest those email addresses.

Re:amen (0)

Anonymous Coward | more than 10 years ago | (#6941291)

Yeah, but the spammers harvest those email addresses.

If spammers want to send mail to devnull@mydomain.com, feel free.

Remember when... (3, Insightful)

march (215947) | more than 10 years ago | (#6941348)

How is it a big worry?

For some of us, it used to be that the real contact information (at least email address) was needed since Internic did all of its renewals and changes via that email address.

Of course, I could go and change it, but the point is, there are many valid contacts in that database for spammers to use.

Is it a big worry? Nah, probably not, but it is a concern.

Re:amen (1)

gfody (514448) | more than 10 years ago | (#6941209)

and for big biz its usually accurate info and for individuals its usually ""
Nobody Important
1234 Nothing St.
Nowhere NA
(123)456-7890

so whats this story about? think I'll go rtfa

Spammer source (4, Interesting)

alecbrown (66952) | more than 10 years ago | (#6941188)

I certainly getted spamed on the email address I registerd for it.

Re:Spammer source (1)

zaphod_es (613312) | more than 10 years ago | (#6941283)

I also get some spam on the email address I give to registrars . On the other hand I have never had a single piece of snail mail sent to the physical address; nor have I received any phone calls which gave me any hint that they got my number from the whois database.

On the other hand the fact that it has not happened is no guarantee for the future. Maybe I should get a PO Box.

Re:Spammer source (2, Informative)

AchmedHabib (696882) | more than 10 years ago | (#6941362)

Placing your email address in your whois information will ensure that you get at least 100 penis enlargement mails pr day to that account. Which is why all email adr. that I need to publish like in the whois or on websites, are on mail servers that use just about every rbl list and antispam program available.

If there were strong checking (2, Insightful)

Trigun (685027) | more than 10 years ago | (#6941191)

I'd deem this an issue.

However, how many Heywood Jablowmie's are there in the WHOIS database?

Re:If there were strong checking (1)

curtisk (191737) | more than 10 years ago | (#6941210)

Yeah I've seen plenty of bogus contact info, except for the email address maybe, in whois records. Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that

Re:If there were strong checking (2, Insightful)

gfody (514448) | more than 10 years ago | (#6941275)

a lot of "optin" email lists go thru my system.. and judging by the percentage of asdf@asdf.coms and blah@blah.coms I would say most people realize this.

also doesn't take a whole lot of common sense when your filling out a form for an online comic strip registration and its asking you for your home address and phone number. I mean unless your buying something why would you give this info out? people that give out personal info simply because some form is asking for it.. dummies, period

Re:If there were strong checking (1)

curtisk (191737) | more than 10 years ago | (#6941310)

I mean unless your buying something why would you give this info out? people that give out personal info simply because some form is asking for it.. dummies, period

I agree that the "dummy" factor is the main culprit....but then I have to give them some slack here as well...they are buying something, the domain name, and since it's all "official" and on the internet, and they "own" the domain name now, they feel obligied to answer, it's assumed on their part,

And as Benny Hill said, "Never assume...."

Re:If there were strong checking (1)

gfody (514448) | more than 10 years ago | (#6941333)

then perhaps a warning.. "this information is published in the whois database which is accessable to the general public"

which, I think, there already is? depends on the service

Re:If there were strong checking (5, Interesting)

AKnightCowboy (608632) | more than 10 years ago | (#6941307)

Any domain setups that I've done allows you free reign to type in anything you like. I think most people don't realize that

Or they do and realize an enemy could use that to his advantage to snatch away your domain. Providing false information is reason to lose your domain... or at least used to be in the carefree days when .edu domains were actually educational institutions, .com were businesses, .org were non-profit orgs and individuals, and .net were ISPs. *sigh* The good old days 10 years ago.

let's not forget... (4, Insightful)

I Want GNU! (556631) | more than 10 years ago | (#6941195)

that Google has this information from phone books as well (just google for a phone number or address), and there are many reverse phone books online. I think they should focus on solving identity theft in ways that if someone's info is already available (as it is everywhere) it can't be utilized well.

Re:let's not forget... (5, Insightful)

mblase (200735) | more than 10 years ago | (#6941245)

Yes, but Google also gives you the option to remove your information from their searchable database -- there's a link right next to your results if you do a search for your own information. So do most other reverse-phone-lookup sites.

Whois gives you no such option, and would probably actively resist if you even asked.

PO Box (3, Interesting)

intermodal (534361) | more than 10 years ago | (#6941196)

that, my friends, is why I have a PO Box and why I don't volunteer my real phone number.

Re:PO Box (0)

Anonymous Coward | more than 10 years ago | (#6941241)

Exactly. My domains all have a fake name, fake address and fake phone number. The only thing real is my email address. I don't see how any of this is a big deal... Making a mountain out of a molehill.

Re:PO Box (1)

russx2 (572301) | more than 10 years ago | (#6941250)

Yeah but with the current system you're breaking the T&Cs which means if a dispute or hijacking of your domain were to arise, you may well lose the case.

Just something to be aware of, people have lost their domains under similar circumstances.

To keep everything nice and bonified, there's always the 'privacy' domain registrations that companys such as GoDaddy [godaddy.com] offer (basically a proxy registration).

Re:PO Box (0)

Anonymous Coward | more than 10 years ago | (#6941329)

There certainly wasn't anything under any T&C that I've seen that forbids using a PO Box. Many businesses use PO Boxes too you know and they are a valid mailing address. So, pony up. Give us some links to back up your claim that using a PO Box as a mailing address will lose someone a domain. Particularly links where the name was a legal entity (person, corp, etc) and not a fake name and where the PO Box was in current payment status and rented by that legal entity.

Re:PO Box (1)

intermodal (534361) | more than 10 years ago | (#6941338)

it's a legitimate PO Box and phone number, but you'd be hard pressed to get me on that phone. it's my internet line. Any legal dispute can be initiated through the post, so that's not a concern.

Re:PO Box - another approach (1)

Iphtashu Fitz (263795) | more than 10 years ago | (#6941370)

I own two domains and I have all my records using my work address & phone number, not my home ones. No need to rent a PO box or anything else.

Re:PO Box (1)

FlyGirl (11285) | more than 10 years ago | (#6941372)

that, my friends, is why I have a PO Box and why I don't volunteer my real phone number

Ditto for me. Last thing I want is someone seeing an email from me, doing a "whois" on my domain and then showing up at my doorstep EITHER because he "really likes me" or because I "really got him pissed."

AFAIK, PO boxes are okay as long as you are reachable through them

Re:PO Box (3, Informative)

blibbleblobble (526872) | more than 10 years ago | (#6941378)

If anyone's interested, I wrote to the Information Commissioner (formerly the data protection office) in the UK about this, since our data protection laws forbid sharing information with countries with incompatible data protection laws

Their response summarised:
(a) We don't care
(b) We don't care
(c) Domain registration is done in america anyway, where they don't have data-protection law
(d) It's not up to Nominet to inform its customers of their lack of data protection

I could probably find the actual letter somewhere...

(Nominet should have got into trouble because (a) they unilaterally changed their terms and conditions, leaving people with a choice of publishing their home address, or losing their domain name, (b) they have monopoly on UK domain names, (c) anybody who's running a business is obliged by business law to publish their address anyway, and (d) any accusation of illegal activity associated with the domain should wait upon a court-order to disclose a person's home address.

Information commissioner doesn't seem to think so. Some might wonder what he does do.

oral sex with my girlfriend (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6941199)

Greetings, Slashdotters. What follows it the true story of my first sexual experience. Being a typical Slashdot nerd, I never had much luck with females. That all changed my Sophomore year in high school when I met an attractive nerd girl that actually took some interest in me. We dated on and off for a while, but by my Senior year of high school (back in 2000), we had a pretty serious relationship. And so it came to pass that in October of 2000, I had oral sex performed on me for the first time, by my seventeen year old girlfriend.

Now, of course, I had imagined what it would feel like, and I had watched a lot of porno and did a fair amount of masturbation, but the spectacular sensations of oral sex had really surprised me. As she sucked my cock for the first time, I was amazed by how much pleasure the warmth and the wetness gave me. Granted, she was inexperienced at this point and a little nervous, but things improved with time. One of the things that that I really enjoyed was, after sucking for a while, she'd stop for a bit and rub her face on my cock. The sensation of my already moist member rubbing against the smooth skin of her face was absolutely incredible.

Eventually, she became, and still is, quite the eager cocksucker. In fact, she has even swallowed a few times. The first time, we were lying on my bed watching a Twilight Zone marathon. Eventually, she must have gotten a little bored with that because she slipped under the covers and started rubbing her head in my lap, getting me aroused, which didn't take very long. She pulled out my cock, and began sucking vigorously while I watched Twilight Zone... truly a geek's paradise! Anyway, it didn't take long before I felt myself reaching climax, and at this point I reached down to pull her off of my cock, but much to my surprise she pushed my hand away and took my whole load in her mouth. She kept her mouth on my cock for a while, holding my hot load in her mouth, enjoying the role of a cocksucking slut.

An interesting thing about my girlfriend is that she enjoys sexual role-play, in a sense. She often asks me to force her to deep-throat my cock, and to slap her face a bit and tug on her hair. At first, I was a little surprised and even scared to do this, but after a while I found it rather enjoyable to feel so much control over my girlfriend. Besides, it's all play.

Anyway, our relationship is still going strong, as is the cocksucking... she can't seem to get enough of it! I am, however, a little disappointed that she refuses to let me penetrate her virgin cunt. This is mostly due to fear of pregnancy, though. She doesn't seem to trust condoms too much. I guess I can understand her paranoia about the risk, and I certainly don't want children either, but I would really enjoy the feel of my cock inside her tight, moist little cunt (and, despite urban myth, anal sex is NOT an effective form of birth control). Oh well, maybe someday...

Re:oral sex with my girlfriend (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6941332)

Perhaps you could get a life fagbait! I am betting the only oral sex you have had is when you smear peanut butter on your balls and call the dog.

It is kind of irritating. (2, Insightful)

Future Man 3000 (706329) | more than 10 years ago | (#6941201)

If you just want to hook a system to the Internet with DNS, it shouldn't take dumping your information out. The cases where this type of information would be useful it always seems to be faked by the domain holder, and for everybody else we get dumped on by every spammer and telemarketer in the book.

It used to be helpful for looking up abuse information, but that almost always goes ignored nowadays too. Now it's just useful for finding virus writers.

Call me big brother... (2, Interesting)

xtermz (234073) | more than 10 years ago | (#6941296)

...But i think contact info should be required to register for a domain, and I think there should be some sort of authentication mechanism.

How else can we hold scammers and spammers accountable if they make it super hard to track them down. The majority of those "online pharmacies" have bogus WHOIS info and probably take good peoples money.

Bogus WHOIS info sucks, plain and simple

Re:Call me big brother... (4, Insightful)

Future Man 3000 (706329) | more than 10 years ago | (#6941335)

Something like this [domainsbyproxy.com], where contact information is available if you violate best Internet practices (such as by spamming) and people can get in touch with you if they need to let you know that your server has been taken over by a Russian junior high student, but if you are a good netizen you can get by without being hassled.

Caught a scammer with the help of whois (2, Interesting)

ojQj (657924) | more than 10 years ago | (#6941411)

I ordered and payed 100euros for something over ebay.de which never arrived. E-mails to this idiot didn't help. Fortunately, the e-mail address had a domain adwelt.de. Whois, gave me the info I needed to call this guy (Norman Potzsch) and threaten him verbally with reporting him to the police. After that I got the money back. Probably he wasn't a real scanner, just criminally disorganized.

(And don't tell me that his bank information would have been enough to get his contact information. The Sparkasse would never have given it to me. And no I don't buy things through e-bay any more.)

Re:It is kind of irritating. (0)

Anonymous Coward | more than 10 years ago | (#6941308)

Sorry, only irritating for those spammers who don't want to be known and hide on their own little DSL hosted server.

A long time coming. (4, Interesting)

Tinfoil (109794) | more than 10 years ago | (#6941208)

While I normally don't like Berman whatsoever, this is a good thing. I have long disliked the practice of putting personally identifiable info in the WHOIS database.

I just hope they don't dumb it down so much where one can't get email addresses for those controlling the domain for reporting purposes.

knock knock? (0)

Anonymous Coward | more than 10 years ago | (#6941211)

Yes, my name and address appears in the whois database for my domains. It can be a concern to some people obviously.

But I also like to have real names and phone numbers to use when I get hacked. I wouldn't want to have to ask the FBI to get that info from the registrars for me.

Re:knock knock? (2, Interesting)

Future Man 3000 (706329) | more than 10 years ago | (#6941264)

Maybe the rules shouldn't be relaxed for people leasing bandwidth... if you could always get at the ISP that's upstream from the attacking computer, it's likely your situation could be resolved while allowing others who want to host their family's webpage (or whatever) without releasing their address and home phone number into the general pool of IT telemarketing customers to do so.

Obviously a good solution will weigh the need for contact with the likelihood and degree of abuse of said contact information by others.

this is bad... (1)

msh104 (620136) | more than 10 years ago | (#6941215)

imagine a company like microsoft using it for windows registration or something everybody needs (safe me the "there is linux speech"). than your privacy would be lost.

Re:this is bad... (0)

Anonymous Coward | more than 10 years ago | (#6941287)

Could you try to rephrase that in English, please?

RFC-ignorant (1, Interesting)

Anonymous Coward | more than 10 years ago | (#6941216)

So, if a domain is misbehaving, where else should we send complaints other than the info which is available from the whois database? I think the whois.rfc-igorant.org [rfc-ignorant.org]database is going to grow a bit...

Public information on the Internet?!?!?!? (1)

ubrgeek (679399) | more than 10 years ago | (#6941223)

You mean I can check out more than just pr0n? Actually, more than these two are concerned. The GAO, as part of a recent "investigation into security related matters" sent letters to various cabinet-level agencies saying that they have determined that it's possible to get access to public information via the Internet, stuff like where people live... Better get Ashcroft on this whole "electronic white pages" thing ....

Reporting WHOIS abuse? (5, Interesting)

Anonymous Coward | more than 10 years ago | (#6941226)

I get numerous spam from people(?) who have obviously trawled the whois database. Even though there is a strong warning in the whois database against abusing it, how does one report it, or is it just an empty threat?

Re:Reporting WHOIS abuse? (5, Insightful)

Future Man 3000 (706329) | more than 10 years ago | (#6941282)

Proving that a spammer took source addresses from WHOIS would be problematic. Taking a spammer to court over it wouldn't be cost-effective for the maintainers of any WHOIS server. Spammers have already shown themselves as a group to not be overly concerned about warnings, standards, or laws.

It's an empty threat.

And even if it weren't... (2, Insightful)

Channard (693317) | more than 10 years ago | (#6941312)

It's an empty threat.

And even if it weren't, by the time the spammer who harvested your email got a slap on the wrists, your email would be on so many other spam lists you'd never get it off.

Re:Reporting WHOIS abuse? (1)

alecbrown (66952) | more than 10 years ago | (#6941387)

Probably wouldn't be that difficult to if you created an email address specifically for it, and the only spam you get is about buying a domain with one of those newer TLD's. Finding the spammer may be harder.

Its rare to get junk mail from Whois (2, Informative)

acomj (20611) | more than 10 years ago | (#6941228)

I've had a domain for 3 years.. Ive gotten 3 pieces of junk mail from it. I was surprised to get it, and thought it more funny than an annoyance.

Junk Mail (1)

JAgostoni (685117) | more than 10 years ago | (#6941234)

Yeah ... I actually get more junk snail mail than spam. Mostly it's Register.com telling me my domain is about to expires (4 months from now) and I need to call them to stop it. Jerks.

Re:Junk Mail (1)

Anonymous Coward | more than 10 years ago | (#6941261)

Yes, huge jerks wanting to warn you about a renewal (even if it is a bit early). I'm sure you would still call in and bitch if you forgot to renew it too.

Re:Junk Mail (2, Informative)

JAgostoni (685117) | more than 10 years ago | (#6941386)

I should have been more specific. I didn't register it with Register.com. Thanks for the useful comment.

Re:Junk Mail (0)

SMOC (703423) | more than 10 years ago | (#6941289)

Hey, I got mail from some other registrar than the one I registered my domain with, saying my domain was about to expire in 9 years, and would I please hurry before I lost the domain.

Here in Denmark ... (4, Informative)

zonix (592337) | more than 10 years ago | (#6941236)

Here in Denmark, DK Hostmaster A/S is the administrator for the Danish top level domain. You can have your personal contact details hidden from the public WHOIS database - in accordance with Danish Law on protection of personal data, blah blah blah.

I would recommend it!

z

Same applies to Patent Databases as well... (2, Informative)

N Monkey (313423) | more than 10 years ago | (#6941249)

The inventors' home addresses are generally listed which, IMHO, is not something that should be broadcast to the entire world.

Re:Same applies to Patent Databases as well... (1)

forged (206127) | more than 10 years ago | (#6941342)

So are they in RFC's, with telephone numbers, professionnal affiliations and everything.

hell yea... (1)

ruebarb (114845) | more than 10 years ago | (#6941273)

if you run a WHOIS query on the domain of Jeff Parson (the guy who modified the BLASTER virus here in Hopkins, MN) - you'll get his home address...

that info is wide open, man...

RB

UK WhoIS (5, Informative)

ledow (319597) | more than 10 years ago | (#6941274)

The UK WHOIS database (run by Nominet UK) has recently considered this too. Now, private individuals who opt-out can have their personal details removed (obviously Nominet still has access to them). I'm not sure that companies are allowed to do this, it's private individuals only.

Britain and the EU have always had stronger data protection laws than the rest of the world. This is part of the reason the EU are looking at Microsoft's .NET services as they don't follow EU data laws. To be honest, it's about time the US caught up.

Re:UK WhoIS (1)

alanxyzzy (666696) | more than 10 years ago | (#6941352)

Nominet don't supply any contact information, even for entities such as ISPs
$ whois legend.co.uk

Domain Name:
legend.co.uk

Registrant:
The Legend Internet

Registrant's Agent:
Legend Internet LTD [Tag = LEGEND]
URL: http://www.legend.co.uk

Relevant Dates:
Last updated: 06-Feb-2002

Name servers listed in order:
ns1.legend.net.uk 212.69.226.1
ns2.legend.net.uk 212.187.157.218

WHOIS database last updated at 13:25:01 12-Sep-2003
and for this reason, .UK has been listed by RFC-ignorant.org [rfc-ignorant.org]
Nominet, the registrar for all UK domains, has elected not to include any contact information addresses, phone number and e-mail) for domain-holders of .UK domains in violation of the spirit of
RFC954 [rfc-editor.org]

excessive exposition (0)

Anonymous Coward | more than 10 years ago | (#6941279)

they would do well by providing just an email address, a url, or some sort of PIN #, & let the registrant decide how much inf. they are willing to part with.

conversely, somebody needs to know whois registrants really are, just in case they're running some nefarious scammage.

nsi cannot be trusted to behave morally/ethically in any case, as they are falling off/DOWn, on a similar payper liesense stock markup scam, to va lairIE's.

poor J. Public. gets to be both the sucker & the sucked, in all cases. lookout bullow.

Re:excessive exposition (3, Informative)

Future Man 3000 (706329) | more than 10 years ago | (#6941315)

This site [domainsbyproxy.com] has the most enlightened approach, I think. You give them your information, they register the domain for you filling the contact information with their info, and only turn over your information if the law requires it. They'll also forward stuff sent to your contact information to you.

I imagine for most people who just want to run a regular website without the hassle of spam/telemarketers, this is the way to go.

Re:excessive exposition (1)

EnglishTim (9662) | more than 10 years ago | (#6941410)

Yes, but is the domain name legally theirs or legally yours?

Certainly it looks from their site like it would be theirs, with a contract with you to give you control of it.

That's all very well, but what happens if they go bust?

I use my work address as the contact for all my domains - sure, it's not exactly private, but a lot more so than listing my house.

Course, I'll have to think of something else if I decide to go freelance...

Fake information (3, Interesting)

Anonymous Coward | more than 10 years ago | (#6941288)

I carefully misspelled all the information, plausible deniability baby. Two years and no one the wiser.

T.

that might work for some (0)

Anonymous Coward | more than 10 years ago | (#6941360)

but, for example: you buy 'the next big thing' from tnbt.con, & never get it, or your money back. it may be difficult to locate the purveyors of tnbt.con, if they follow your advise about supplying phoney inf., in the whois.

it becomes a trust issue, which is one commodity, the 'net/ecommerce is currently lacking in. you could further trace this to the raping J. took/is still taking, from the felons over at wall street of deceit, dissguised as .com stocks.

just so you know, they're still living large (albiet looking over their shoulders more often now) on what could/should have been yOUR future/dough J..

Exposing Data on the Whois database (5, Interesting)

knghtrider (685985) | more than 10 years ago | (#6941293)

Even exposing contact information for a business is questionable. If you're working on penetrating a company, then this is a stop on the highway. But, without that information, then (as one poster stated) the FBI would have to get us the information we need to prosecute spammers or etc.

I don't know what the answer is either; I don't think it's simple either. This may be one (of many) invasions of our privacy we have to deal with. Banks, Mortgage Companies, Credit Cards--these all sell our information to other companies. It's sad, but this is big business, and it makes money. Utilities provide information to Local, State, and Federal Agencies all of the time; and are required to by law.

Our information is not private anymore, and hasn't been for a long time. Everyone has their hand out for it.

Obstacle to distributing a shareware application (4, Interesting)

SmackCrackandPot (641205) | more than 10 years ago | (#6941298)

This a major concern to me. I've spent some time at home writing an application that I'd consider distributing as freeware/shareware. Setting up the paypal/P.O Box number payment system is no problem, but as every application nearly always has a website, registering a domain name introduces some hassle, not least of all, distributing my name/home phone number/address.

From reading previous Slashdot articles, being able to seen the domain name/IP address of owners and customers has been extremely useful in detecting all sorts of shenanigans with hyping up new products.

However, for someone trying to augment their basic salary through shareware software, this is a disadvantage.

With broadband internet via cable/satellite/telco, I have a permanent Internet connection, but the companies respect my right for privacy. Surely the same could be done for domains registered by home residences?

More of an economic problem than privacy problem (4, Interesting)

snowtigger (204757) | more than 10 years ago | (#6941300)

I don't really worry about having my personal information in the whois database. As most other individuals, I'm in the phonebook too, which can be accessed from the web nowadays.

Having registered a few domain names, I receive a lot of spam telling me how to register new domains, renew when the old are about to expire and so on. I'm sure the registars make a lot of money on this, which surely makes them want to continue.

My personal information is also included in the IP whois database. This database contains info on what ISP uses which IP numbers, etc. - see www.arin.net for more info.

The interesting thing is that I have not received a single spam to the specific email address I supplied. So right now, I see it more like an econimic problem than a privacy problem.
---
If you're not living on the edge, you're taking up space in the middle

Re:More of an economic problem than privacy proble (1)

dbitter1 (411864) | more than 10 years ago | (#6941356)

The interesting thing is that I have not received a single spam to the specific email address I supplied. So right now, I see it more like an econimic problem than a privacy problem.

Having several (~10) domains myself, I would agree that my whois contact email recieves little or no spam directly attributable to the domain registration.

However, where I *DO* see spam is the "generic" addresses at my domains: 'sales', 'info', 'webmaster', etc. I can't really see a dictionary attack on the DNS system (some of my domain names are pretty long) and some of them are not in search engines (yet)... The only logical thing I can think of is the Registry's domain list itself is somehow exploitable...

So? (1)

lylum (659581) | more than 10 years ago | (#6941304)

I think with real estate records, court documents and such being available online to anyone we have MUCH more to worry about than a simlpe address dataabse. In many places I can retrieve building plans, pictures and detailed information online. The first thing I thought when I saw that was: wow... if I would be a burglar then my job would now be much easier....

Go ahead and start a business. (2, Informative)

g0hare (565322) | more than 10 years ago | (#6941313)

You can incorporate for under $500, get a p.o. box and a cheesy voicemail account somewhere. You'll then be prepared to moonlight, which you should be anyway, and you can give out the business info.

And in other news, (4, Insightful)

JUSTONEMORELATTE (584508) | more than 10 years ago | (#6941317)

Late yesterday, privacy activists raised the National Privacy Threat level to Purple, citing the public availability of a "Phone Book" which disclosed personal information for hundreds of thousands of individuals, including full name, home address and home phone number.

(end sarcastic rant)
YAWN! Call me when WHOIS data includes SSN. As it is, this info is already widely available for the vast majority of the population.

--

The other side (0, Offtopic)

Wvyern (701666) | more than 10 years ago | (#6941321)

Ever had to try and track down some company you bought something from on ebay, or the internet in general? It is pretty damn nice to be able to find the contact info in whois, since general practice is NOT to include addresses or phone numbers for contact, for many of the internet based businesses.

Anonymized registrations (3, Informative)

berkeleyjunk (250251) | more than 10 years ago | (#6941339)

If you are concerned about privacy, use a registrar who will anonymize your info in the whois database.
Is $9 worth it? It's your call. Check this out.

https://registrar.godaddy.com/dbp.asp?isc=&se=%2 B& from%5Fapp=&authGuid=&mscssid=2435121

Domains by Proxy -solves the problem (4, Informative)

Chuck Bucket (142633) | more than 10 years ago | (#6941340)

I use Domains by Proxy [domainsbyproxy.com] so my info isn't displayed in a WHOIS; theirs is in it's place. They keep all my info private and serve as a 'proxy' between me and anyone needed to contact me. They'll email if they need me to do something in regards to my domains, it's so nice not having all of my personal details out there. I buy my domains from GoDaddy, and they've partnered with Domains by Proxy and offer it as an option when you're buying domains, that's how I found out about it, but everyone should check it out.

CB

use mydomain.com (0)

Anonymous Coward | more than 10 years ago | (#6941343)

You can change your contact info easily there, while they have true contact info privatley. It is what i do to protect my privacy.

It's a dating service (1)

jabbadabbadoo (599681) | more than 10 years ago | (#6941349)

Look at it from the bright side. Whois is a great dating service for geeks.

Hey, Ladies who are looking for nice, knowledgable dot.com'ers... you know where to look!

And to blonds who may need some guidance: First you look at the whois facts, then the site. If both look good - call him.

(It would be even better, of course, if Whois contained fields such as "married" (not that it matters), "income" (matters big time!), "interests" (err, redundant).

Privacy (3, Insightful)

wulfhound (614369) | more than 10 years ago | (#6941358)

Sorry, I don't buy it.

A domain name is a publicly accessible object, and a responsibility. As a society, we expect that for certain activities, people be publicly registered (running a company is an obvious example) - reasonable privacy is a right, but anonymity - which is what we are really talking about here - is not.

I can only think of a very small minority of legitimate Internet activities that both require a domain name and for which privacy is likely to be a concern; in those cases there are plenty of registration agents who will act as a proxy for registration and take on the responsibilities associated with being the owner of a domain.

Practical Contact Problem (4, Insightful)

billtom (126004) | more than 10 years ago | (#6941381)

This is also a practical problem, in terms of making it hard to contact domain owners.

I have several domains and I use a separate email address for my whois records (separate from my home and business addresses). But I don't monitor emails to that address because it has become completely filled with spam. I just delete all mail to that address.

But that, of course, means that any legitimate attempts to contact the domain owner are lost as well. I could try and filter it (either manually or with software) but the ratio of legitimate email to spam on domain registry emails is thousands to one, so it's really not worth my time.

So, aside from any privacy concerns, the public availability of email addresses on whois records in effect renders them useless as contact information.

Correct contact information is required (3, Insightful)

sa3 (628661) | more than 10 years ago | (#6941384)

How can you prove that you own the domain (if needed) if the contact information is invalid?

What would you do if your registrar goes bust?

All of this information doesn't need to be exposed in the WHOIS database though.

it has taken them this long to figure this out! (0)

Anonymous Coward | more than 10 years ago | (#6941388)

this has been a known problem for many years.
this just in, they also noticed that the world
is round not flat as previously indicated.

Two things: (2, Insightful)

Snaller (147050) | more than 10 years ago | (#6941391)

1. If its such a problem, how come spammers always manged to hide?

2. In Denmark for instance, you can specify you wanted an "unlisted" address, and the whois server doesn't release your information.

Not all registrars require this (1)

Torne (78524) | more than 10 years ago | (#6941397)

Nominet, the UK NIC, don't publish contact details in whois for domains registered by individuals unless you explicitly ask them to. If you are a business, however, you may not remove your details. This seems to be the best solution?

UK Solution (-1, Redundant)

rf0 (159958) | more than 10 years ago | (#6941400)

The UK has come up with a nice half-way house where people can opt-out of having their details published but instead their ISP/Registrar puts up their details. Should any of the details (for police etc) then the ISP can pass them on as needed. However normal people can't find out the details

Rus

More privacy is necessary (3, Interesting)

Pelakh (579592) | more than 10 years ago | (#6941406)

I built a site for a city commission candidate a couple of years ago, and the info on the domain registration was mine - I built the site for free, as a form of campaign contribution. An unwanted side effect of this was late night phone calls to my home number from the supporters of the opposition questioning items posted on the site. I guess next time 'Sudy Nim' will be registering for a domain ...

In the mean time, in Germany... (5, Informative)

yourruinreverse (564043) | more than 10 years ago | (#6941419)

... it is required by law that anyone who publishes even a single web page on the Web (in Germany) enclose an "Impressum", an imprint that notifies visitors whom to contact or hold accountable for the content. I wish this would also be implemented for Whois as a security measure or a basis for trust.

Anyone who still wants to publish anonymously could still do it abroad, of course, as there will always be registrars who and nations that don't care about trust.

I mention trust here, because I can trust a company's products (i.e. a shop selling goods) if I know where I can go, or what number I can call: currently too many (some) web shops (at least locally) do not even mention a telephone number I can call to have an order confirmed or more product information detailed. The same holds for web sites that provide information: if the e-mail address is left out, how can I get any confirmation, more detailed information, conversation or feedback going?

As it should be (5, Informative)

HighOrbit (631451) | more than 10 years ago | (#6941423)

I'm sorry, but you have *NO* right to an anonymous domain, nor should you because the opportunity for fraud on the internet is too high. Having everything out front at least keeps a modicum of openness and honesty (although admittadly not a lot).Besides, if I remember properly, you can update the e-mail address to be admin@your-new-domain if you don't want spam going to your personal email.

If you want relative anonymity, get a hotmail or yahoo account.

Use GoDaddy (2, Informative)

Gudlyf (544445) | more than 10 years ago | (#6941426)

You could always use GoDaddy [godaddy.com] for domain registrations, which gives you the option of keeping registration info private. Not to mention their prices are a hell of a lot better than going through Verisign.

A Few Solutions (4, Interesting)

bmj (230572) | more than 10 years ago | (#6941428)

One is using Dotster [dotster.com]. They obfuscate your email address, so you won't be spammed so easily, but they can still contact you. A friend of mine nearly lost his domain because he used a fake email address with Network Solutions and he never got the "your domain is expiring" email.

The other is a finding a trustworthy ISP/hosting provider who will manage your domain for you. I've been using HostSector [hostsector.com] and it's worked well, plus it's less expensive than buying the domain outright. I'd have to jump through some hoops to purchase the domain from them, but I can do it, and I believe their contract specifies that I can purchase it at any time.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...